Edit tour

Windows Analysis Report
msimg32.dll

Overview

General Information

Sample name:	msimg32.dll
Analysis ID:	1538457
MD5:	b4f2a28b37eaccd3127d0cb4c4fa990f
SHA1:	ebcb32378d1d9795bef11632d83937eb416b6c9b
SHA256:	0c53f398b982342ad9d336bf2a6bfc0d93e5687d1814f3bf761832795df69cd2
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to simulate mouse events

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Extensive use of GetProcAddress (often used to hide API calls)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

Installs a raw input device (often for capturing keystrokes)

PE file contains an invalid checksum

PE file contains more sections than normal

PE file contains sections with non-standard names

Program does not show much activity (idle)

Sample execution stops while process was sleeping (likely an evasion)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

loaddll32.exe (PID: 7824 cmdline: loaddll32.exe "C:\Users\user\Desktop\msimg32.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)

conhost.exe (PID: 7832 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7884 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\msimg32.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

rundll32.exe (PID: 7904 cmdline: rundll32.exe "C:\Users\user\Desktop\msimg32.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 7892 cmdline: rundll32.exe C:\Users\user\Desktop\msimg32.dll,AlphaBlend MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 7988 cmdline: rundll32.exe C:\Users\user\Desktop\msimg32.dll,AppendCaptureDeviceList MD5: 889B99C52A60DD49227C5E485A016679)

rundll32.exe (PID: 8024 cmdline: rundll32.exe C:\Users\user\Desktop\msimg32.dll,AppendDeviceList MD5: 889B99C52A60DD49227C5E485A016679)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: msimg32.dll

Virustotal: Detection: 9%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 92.7% probability

Source: msimg32.dll

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, 32BIT_MACHINE, DLL

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6468724C __PHYSFS_platformEnumerateFiles,__PHYSFS_initSmallAlloc,__PHYSFS_initSmallAlloc,PHYSFS_utf8ToUcs2,__PHYSFS_initSmallAlloc,WideCharToMultiByte,FindFirstFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,__PHYSFS_smallFree,FindNextFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,PHYSFS_utf8FromUcs2,FindClose,FindNextFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,__PHYSFS_setError,		0_2_6468724C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6468724C __PHYSFS_platformEnumerateFiles,__PHYSFS_initSmallAlloc,__PHYSFS_initSmallAlloc,PHYSFS_utf8ToUcs2,__PHYSFS_initSmallAlloc,WideCharToMultiByte,FindFirstFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,__PHYSFS_smallFree,FindNextFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,PHYSFS_utf8FromUcs2,FindClose,FindNextFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,__PHYSFS_setError,		4_2_6468724C

Source: msimg32.dll	String found in binary or memory: http://icculus.org/physfs/
Source: loaddll32.exe, 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.1815870196.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000005.00000002.1817751739.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000006.00000002.1830346417.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000007.00000002.1831068963.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, msimg32.dll	String found in binary or memory: http://icculus.org/physfs/4
Source: loaddll32.exe, 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.1815870196.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000005.00000002.1817751739.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000006.00000002.1830346417.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000007.00000002.1831068963.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, msimg32.dll	String found in binary or memory: http://icculus.org/physfs/T
Source: msimg32.dll	String found in binary or memory: http://icculus.org/physfs/t
Source: msimg32.dll	String found in binary or memory: http://www.3dmm2.com/doom/

Source: loaddll32.exe

Binary or memory string: DirectInput8Create

Source: loaddll32.exe

Binary or memory string: GetRawInputData

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 4_2_647108CC bitreader_read_from_client_,ntohl,ntohl,

4_2_647108CC

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DCC48	0_2_645DCC48
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D7A37	0_2_645D7A37
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D5455	0_2_645D5455
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6473347C	0_2_6473347C
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DA479	0_2_645DA479
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6467E454	0_2_6467E454
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D540F	0_2_645D540F
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DB4D7	0_2_645DB4D7
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D44C0	0_2_645D44C0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DA4C0	0_2_645DA4C0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D24C3	0_2_645D24C3
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DB498	0_2_645DB498
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645E0492	0_2_645E0492
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D2483	0_2_645D2483
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D44B8	0_2_645D44B8
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D54BB	0_2_645D54BB
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D5544	0_2_645D5544
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DC579	0_2_645DC579
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DC505	0_2_645DC505
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D5538	0_2_645D5538
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DA532	0_2_645DA532
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DC528	0_2_645DC528
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D45D8	0_2_645D45D8
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645E45D1	0_2_645E45D1
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DD5CC	0_2_645DD5CC
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D5584	0_2_645D5584
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DD5B7	0_2_645DD5B7
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D95B1	0_2_645D95B1
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645E4621	0_2_645E4621
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_646746E0	0_2_646746E0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_646736E8	0_2_646736E8
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D46E4	0_2_645D46E4
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_646F66A8	0_2_646F66A8
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DC695	0_2_645DC695
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6467A680	0_2_6467A680
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DD759	0_2_645DD759
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D4754	0_2_645D4754
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DD74C	0_2_645DD74C
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DA743	0_2_645DA743
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DC773	0_2_645DC773
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DD76A	0_2_645DD76A
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DA7F0	0_2_645DA7F0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DC7E1	0_2_645DC7E1
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_647197CC	0_2_647197CC
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DD794	0_2_645DD794
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DA791	0_2_645DA791
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DD7B7	0_2_645DD7B7
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DD04B	0_2_645DD04B
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DD07D	0_2_645DD07D
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645E0074	0_2_645E0074
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645E0065	0_2_645E0065
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D6018	0_2_645D6018
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DB005	0_2_645DB005
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D20D0	0_2_645D20D0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DB0F9	0_2_645DB0F9
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D40E4	0_2_645D40E4
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_646590B0	0_2_646590B0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645E5087	0_2_645E5087
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DD0B9	0_2_645DD0B9
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DC0B5	0_2_645DC0B5
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DD0A2	0_2_645DD0A2
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DC147	0_2_645DC147
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645E017F	0_2_645E017F
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645E017A	0_2_645E017A
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DB173	0_2_645DB173
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D0164	0_2_645D0164
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DB12B	0_2_645DB12B
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645EB1D6	0_2_645EB1D6
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D21D7	0_2_645D21D7
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DD1CC	0_2_645DD1CC
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645E51C4	0_2_645E51C4
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D21E0	0_2_645D21E0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645EC195	0_2_645EC195
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D2246	0_2_645D2246
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D2271	0_2_645D2271
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DC217	0_2_645DC217
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D420C	0_2_645D420C
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D4204	0_2_645D4204
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DB220	0_2_645DB220
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D5222	0_2_645D5222
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DB2DD	0_2_645DB2DD
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D22DA	0_2_645D22DA
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D42D4	0_2_645D42D4
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D52FA	0_2_645D52FA
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DA2F2	0_2_645DA2F2
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DF2EA	0_2_645DF2EA
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_646032D8	0_2_646032D8
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DC295	0_2_645DC295
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DA296	0_2_645DA296
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DB286	0_2_645DB286
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DB2B8	0_2_645DB2B8
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DD2BB	0_2_645DD2BB
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D42B4	0_2_645D42B4
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645E02B4	0_2_645E02B4
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645E52A8	0_2_645E52A8
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645E42A1	0_2_645E42A1
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645E034F	0_2_645E034F
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D234F	0_2_645D234F
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645EC377	0_2_645EC377
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6468D35C	0_2_6468D35C
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645E036B	0_2_645E036B
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D2365	0_2_645D2365
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D4318	0_2_645D4318
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DA32B	0_2_645DA32B
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D93CF	0_2_645D93CF
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D23C0	0_2_645D23C0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D5390	0_2_645D5390
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D2386	0_2_645D2386
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D43B4	0_2_645D43B4
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D53B7	0_2_645D53B7
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D43AC	0_2_645D43AC
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D43A4	0_2_645D43A4
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_64677C74	0_2_64677C74
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DAC46	0_2_645DAC46
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D6C6A	0_2_645D6C6A
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D8C1C	0_2_645D8C1C
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645E3C37	0_2_645E3C37
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DACC2	0_2_645DACC2
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_64626CC8	0_2_64626CC8
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D6C99	0_2_645D6C99
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D4CA4	0_2_645D4CA4
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DCD5C	0_2_645DCD5C
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DCD4C	0_2_645DCD4C
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645E0D76	0_2_645E0D76
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DCD74	0_2_645DCD74
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DAD1D	0_2_645DAD1D
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DCD37	0_2_645DCD37
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DAE16	0_2_645DAE16
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DAE07	0_2_645DAE07
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D7E38	0_2_645D7E38
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DAEEE	0_2_645DAEEE
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D5EE0	0_2_645D5EE0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DAEAC	0_2_645DAEAC
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DAF4A	0_2_645DAF4A
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645C8F1C	0_2_645C8F1C
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645E0F0D	0_2_645E0F0D
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DCFD5	0_2_645DCFD5
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DAFFC	0_2_645DAFFC
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DCFE0	0_2_645DCFE0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DAF9A	0_2_645DAF9A
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645E1FA9	0_2_645E1FA9
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DD878	0_2_645DD878
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_64674834	0_2_64674834
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D383F	0_2_645D383F
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645E082D	0_2_645E082D
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D28DF	0_2_645D28DF
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D28EE	0_2_645D28EE
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DA8E7	0_2_645DA8E7
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645E1891	0_2_645E1891
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DD887	0_2_645DD887
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645E1880	0_2_645E1880
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D2975	0_2_645D2975
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D296E	0_2_645D296E
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D5965	0_2_645D5965
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DD919	0_2_645DD919
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DD904	0_2_645DD904
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D2907	0_2_645D2907
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DD930	0_2_645DD930
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D3921	0_2_645D3921
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D89CC	0_2_645D89CC
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_646119C0	0_2_646119C0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_646799C8	0_2_646799C8
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D5993	0_2_645D5993
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D59B5	0_2_645D59B5
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D69AC	0_2_645D69AC
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DA9AF	0_2_645DA9AF
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D6A59	0_2_645D6A59
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D6A4D	0_2_645D6A4D
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DAA48	0_2_645DAA48
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645E1A71	0_2_645E1A71
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D6A14	0_2_645D6A14
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D6A08	0_2_645D6A08
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D5A06	0_2_645D5A06
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_64676A14	0_2_64676A14
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DAACD	0_2_645DAACD
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DAAFF	0_2_645DAAFF
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6467CB64	0_2_6467CB64
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D5B41	0_2_645D5B41
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DAB24	0_2_645DAB24
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D8BD8	0_2_645D8BD8
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DCBD8	0_2_645DCBD8
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D2BC8	0_2_645D2BC8
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_647CBBC4	0_2_647CBBC4
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DBBE4	0_2_645DBBE4
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DCB9A	0_2_645DCB9A
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645D3B8C	0_2_645D3B8C
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645DAB80	0_2_645DAB80
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645E0BA8	0_2_645E0BA8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DCC48	4_2_645DCC48
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D7A37	4_2_645D7A37
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DA479	4_2_645DA479
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6467E454	4_2_6467E454
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_64712400	4_2_64712400
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D44C0	4_2_645D44C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DA4C0	4_2_645DA4C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D24C3	4_2_645D24C3
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645E0492	4_2_645E0492
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D2483	4_2_645D2483
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D44B8	4_2_645D44B8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DC579	4_2_645DC579
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DC505	4_2_645DC505
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DA532	4_2_645DA532
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DC528	4_2_645DC528
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D45D8	4_2_645D45D8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645E45D1	4_2_645E45D1
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645E4621	4_2_645E4621
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_646746E0	4_2_646746E0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D46E4	4_2_645D46E4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_646F66A8	4_2_646F66A8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DC695	4_2_645DC695
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6467A680	4_2_6467A680
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D4754	4_2_645D4754
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DA743	4_2_645DA743
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DC773	4_2_645DC773
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DA7F0	4_2_645DA7F0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DC7E1	4_2_645DC7E1
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DA791	4_2_645DA791
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645E0074	4_2_645E0074
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645E0065	4_2_645E0065
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D6018	4_2_645D6018
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D20D0	4_2_645D20D0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_647200C4	4_2_647200C4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D40E4	4_2_645D40E4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DC0B5	4_2_645DC0B5
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DC147	4_2_645DC147
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645E017F	4_2_645E017F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645E017A	4_2_645E017A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D0164	4_2_645D0164
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D21D7	4_2_645D21D7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_647141D8	4_2_647141D8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D21E0	4_2_645D21E0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6470C1B8	4_2_6470C1B8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D2246	4_2_645D2246
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D2271	4_2_645D2271
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DC217	4_2_645DC217
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D420C	4_2_645D420C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D4204	4_2_645D4204
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D22DA	4_2_645D22DA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D42D4	4_2_645D42D4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DA2F2	4_2_645DA2F2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DC295	4_2_645DC295
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DA296	4_2_645DA296
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D42B4	4_2_645D42B4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645E02B4	4_2_645E02B4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645E42A1	4_2_645E42A1
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645E034F	4_2_645E034F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D234F	4_2_645D234F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645EC377	4_2_645EC377
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645E036B	4_2_645E036B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D2365	4_2_645D2365
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D4318	4_2_645D4318
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DA32B	4_2_645DA32B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D23C0	4_2_645D23C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D2386	4_2_645D2386
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D43B4	4_2_645D43B4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D43AC	4_2_645D43AC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D43A4	4_2_645D43A4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DAC46	4_2_645DAC46
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D6C6A	4_2_645D6C6A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D8C1C	4_2_645D8C1C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DACC2	4_2_645DACC2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_64626CC8	4_2_64626CC8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D6C99	4_2_645D6C99
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D4CA4	4_2_645D4CA4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DCD5C	4_2_645DCD5C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DCD4C	4_2_645DCD4C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645E0D76	4_2_645E0D76
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DCD74	4_2_645DCD74
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DAD1D	4_2_645DAD1D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DCD37	4_2_645DCD37
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DAE16	4_2_645DAE16
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DAE07	4_2_645DAE07
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DAEEE	4_2_645DAEEE
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DAEAC	4_2_645DAEAC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DAF4A	4_2_645DAF4A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645C8F1C	4_2_645C8F1C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645E0F0D	4_2_645E0F0D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DCFD5	4_2_645DCFD5
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_64712FD0	4_2_64712FD0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DAFFC	4_2_645DAFFC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DCFE0	4_2_645DCFE0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DAF9A	4_2_645DAF9A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_64674834	4_2_64674834
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6470E824	4_2_6470E824
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645E082D	4_2_645E082D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_64712804	4_2_64712804
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D28DF	4_2_645D28DF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D28EE	4_2_645D28EE
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DA8E7	4_2_645DA8E7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D2975	4_2_645D2975
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D296E	4_2_645D296E
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D2907	4_2_645D2907
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_64714900	4_2_64714900
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_647109F8	4_2_647109F8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D89CC	4_2_645D89CC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D69AC	4_2_645D69AC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DA9AF	4_2_645DA9AF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D6A59	4_2_645D6A59
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D6A4D	4_2_645D6A4D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DAA48	4_2_645DAA48
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D6A14	4_2_645D6A14
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D6A08	4_2_645D6A08
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_64676A14	4_2_64676A14
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DAACD	4_2_645DAACD
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DAAFF	4_2_645DAAFF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6467CB64	4_2_6467CB64
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DAB24	4_2_645DAB24
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D8BD8	4_2_645D8BD8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DCBD8	4_2_645DCBD8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D2BC8	4_2_645D2BC8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DCB9A	4_2_645DCB9A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DAB80	4_2_645DAB80
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645E0BA8	4_2_645E0BA8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D5455	4_2_645D5455
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6473347C	4_2_6473347C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D540F	4_2_645D540F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DB4D7	4_2_645DB4D7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_647114E8	4_2_647114E8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DB498	4_2_645DB498
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D54BB	4_2_645D54BB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D5544	4_2_645D5544
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D5538	4_2_645D5538
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DD5CC	4_2_645DD5CC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D5584	4_2_645D5584
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DD5B7	4_2_645DD5B7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D95B1	4_2_645D95B1
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_646736E8	4_2_646736E8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_64721770	4_2_64721770
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DD759	4_2_645DD759
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DD74C	4_2_645DD74C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DD76A	4_2_645DD76A
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_647197CC	4_2_647197CC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DD794	4_2_645DD794
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DD7B7	4_2_645DD7B7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DD04B	4_2_645DD04B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DD07D	4_2_645DD07D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DB005	4_2_645DB005
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DB0F9	4_2_645DB0F9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_646590B0	4_2_646590B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645E5087	4_2_645E5087
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DD0B9	4_2_645DD0B9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DD0A2	4_2_645DD0A2
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DB173	4_2_645DB173
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DB12B	4_2_645DB12B
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645EB1D6	4_2_645EB1D6
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DD1CC	4_2_645DD1CC
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645E51C4	4_2_645E51C4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DB220	4_2_645DB220
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D5222	4_2_645D5222
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DB2DD	4_2_645DB2DD
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D52FA	4_2_645D52FA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DF2EA	4_2_645DF2EA
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_646032D8	4_2_646032D8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DB286	4_2_645DB286
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DB2B8	4_2_645DB2B8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DD2BB	4_2_645DD2BB
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645E52A8	4_2_645E52A8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6468D35C	4_2_6468D35C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D93CF	4_2_645D93CF
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D5390	4_2_645D5390
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D53B7	4_2_645D53B7
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_64677C74	4_2_64677C74
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645E3C37	4_2_645E3C37
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D7E38	4_2_645D7E38
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D5EE0	4_2_645D5EE0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_64715F80	4_2_64715F80
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645E1FA9	4_2_645E1FA9
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_64715870	4_2_64715870
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DD878	4_2_645DD878
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D383F	4_2_645D383F
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645E1891	4_2_645E1891
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DD887	4_2_645DD887
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645E1880	4_2_645E1880
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_64711898	4_2_64711898
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D5965	4_2_645D5965
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DD919	4_2_645DD919
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DD904	4_2_645DD904
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DD930	4_2_645DD930
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D3921	4_2_645D3921
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6470B9E0	4_2_6470B9E0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_646119C0	4_2_646119C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_646799C8	4_2_646799C8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D5993	4_2_645D5993
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D59B5	4_2_645D59B5
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645E1A71	4_2_645E1A71
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D5A06	4_2_645D5A06
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D5B41	4_2_645D5B41
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_647CBBC4	4_2_647CBBC4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645DBBE4	4_2_645DBBE4
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_645D3B8C	4_2_645D3B8C

Source: C:\Windows\System32\loaddll32.exe	Code function: String function: 6460BB88 appears 243 times
Source: C:\Windows\System32\loaddll32.exe	Code function: String function: 6460370C appears 59 times
Source: C:\Windows\System32\loaddll32.exe	Code function: String function: 6460BD60 appears 149 times
Source: C:\Windows\System32\loaddll32.exe	Code function: String function: 64603730 appears 125 times
Source: C:\Windows\System32\loaddll32.exe	Code function: String function: 645C478C appears 51 times
Source: C:\Windows\System32\loaddll32.exe	Code function: String function: 646808C4 appears 107 times
Source: C:\Windows\System32\loaddll32.exe	Code function: String function: 647672B0 appears 1948 times
Source: C:\Windows\System32\loaddll32.exe	Code function: String function: 645E6AD4 appears 252 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6460BB88 appears 243 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6460370C appears 59 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 6460BD60 appears 149 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 64603730 appears 125 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 645C478C appears 51 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 646808C4 appears 107 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 647672B0 appears 1948 times
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: String function: 645E6AD4 appears 252 times

Source: msimg32.dll

Static PE information: Number of sections : 20 > 10

Source: msimg32.dll

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, 32BIT_MACHINE, DLL

Source: classification engine

Classification label: mal52.winDLL@12/0@0/0

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7832:120:WilError_03

Source: msimg32.dll

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\msimg32.dll,AlphaBlend

Source: msimg32.dll

Virustotal: Detection: 9%

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\msimg32.dll"
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\msimg32.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\msimg32.dll,AlphaBlend
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\msimg32.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\msimg32.dll,AppendCaptureDeviceList
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\msimg32.dll,AppendDeviceList
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\msimg32.dll",#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\msimg32.dll,AlphaBlend	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\msimg32.dll,AppendCaptureDeviceList	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\msimg32.dll,AppendDeviceList	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\msimg32.dll",#1	Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: opengl32.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Section loaded: glu32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior

Source: msimg32.dll

Static PE information: More than 4564 > 100 exports found

Source: msimg32.dll

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: msimg32.dll

Static PE information: Image base 0x645c0000 > 0x60000000

Source: msimg32.dll

Static file information: File size 3937280 > 1048576

Source: msimg32.dll

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x218600

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_64687C10 __PHYSFS_platformInit,GetVersionExA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetLastError,__PHYSFS_setError,GetProcAddress,PHYSFS_utf8FromUcs2,__PHYSFS_setError,__PHYSFS_setError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_64687C10

Source: msimg32.dll

Static PE information: real checksum: 0x386e1e should be: 0x3cac1d

Source: msimg32.dll	Static PE information: section name: /4
Source: msimg32.dll	Static PE information: section name: /14
Source: msimg32.dll	Static PE information: section name: /29
Source: msimg32.dll	Static PE information: section name: /45
Source: msimg32.dll	Static PE information: section name: /61
Source: msimg32.dll	Static PE information: section name: /73
Source: msimg32.dll	Static PE information: section name: /87
Source: msimg32.dll	Static PE information: section name: /99
Source: msimg32.dll	Static PE information: section name: /112
Source: msimg32.dll	Static PE information: section name: /123
Source: msimg32.dll	Static PE information: section name: /134

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6469C434 push edx; mov dword ptr [esp], 64876604h	0_2_6469C751
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_646884F0 push edi; mov dword ptr [esp], ebx	0_2_6468855B
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_647D25E8 push eax; mov dword ptr [esp], 64877B98h	0_2_647D2649
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_647D25E8 push ecx; mov dword ptr [esp], 647D2698h	0_2_647D2656
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6469A59C push eax; mov dword ptr [esp], 64876604h	0_2_6469A5B1
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6469A59C push ebx; mov dword ptr [esp], 64876604h	0_2_6469A615
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_64688650 push eax; mov dword ptr [esp], ebx	0_2_64688772
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6469A6F4 push eax; mov dword ptr [esp], 64876604h	0_2_6469A709
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6469A6F4 push edx; mov dword ptr [esp], 64876604h	0_2_6469A7D9
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6469977C push eax; mov dword ptr [esp], 64876604h	0_2_64699791
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6469977C push eax; mov dword ptr [esp], 64876604h	0_2_646997E9
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_64699064 push eax; mov dword ptr [esp], 64876604h	0_2_64699079
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_64699064 push eax; mov dword ptr [esp], 64876604h	0_2_646990E9
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_64699140 push edx; mov dword ptr [esp], 64876604h	0_2_646991D9
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6468813C push eax; mov dword ptr [esp], ebx	0_2_646881A4
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6469B20C push eax; mov dword ptr [esp], 64876604h	0_2_6469B8C3
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6469B20C push eax; mov dword ptr [esp], 64876604h	0_2_6469B904
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6469B20C push ecx; mov dword ptr [esp], 64876604h	0_2_6469B944
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6469B20C push eax; mov dword ptr [esp], 64876604h	0_2_6469B984
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6469B20C push ecx; mov dword ptr [esp], 64876604h	0_2_6469B9D6
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6469B20C push eax; mov dword ptr [esp], 64876604h	0_2_6469BA34
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6469B20C push eax; mov dword ptr [esp], 64876604h	0_2_6469BA74
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6469B20C push eax; mov dword ptr [esp], 64876604h	0_2_6469BAB4
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6469B20C push ecx; mov dword ptr [esp], 64876604h	0_2_6469BAF4
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6469B20C push eax; mov dword ptr [esp], 64876604h	0_2_6469BB34
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_64699218 push eax; mov dword ptr [esp], 64876604h	0_2_646992A5
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_645FE2E8 push eax; mov dword ptr [esp], ebp	0_2_645FE328
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6466C3EC push eax; mov dword ptr [esp], esi	0_2_6466C42E
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_64699388 push ecx; mov dword ptr [esp], 64876604h	0_2_646993A0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_64699388 push edi; mov dword ptr [esp], 64876604h	0_2_646994F3
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_64699388 push edx; mov dword ptr [esp], 64876604h	0_2_64699529

Source: C:\Windows\System32\loaddll32.exe

0_2_64687C10

Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	API coverage: 0.0 %
Source: C:\Windows\SysWOW64\rundll32.exe	API coverage: 0.0 %

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6468724C __PHYSFS_platformEnumerateFiles,__PHYSFS_initSmallAlloc,__PHYSFS_initSmallAlloc,PHYSFS_utf8ToUcs2,__PHYSFS_initSmallAlloc,WideCharToMultiByte,FindFirstFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,__PHYSFS_smallFree,FindNextFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,PHYSFS_utf8FromUcs2,FindClose,FindNextFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,__PHYSFS_setError,		0_2_6468724C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6468724C __PHYSFS_platformEnumerateFiles,__PHYSFS_initSmallAlloc,__PHYSFS_initSmallAlloc,PHYSFS_utf8ToUcs2,__PHYSFS_initSmallAlloc,WideCharToMultiByte,FindFirstFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,__PHYSFS_smallFree,FindNextFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,PHYSFS_utf8FromUcs2,FindClose,FindNextFileA,__PHYSFS_smallFree,__PHYSFS_smallFree,__PHYSFS_setError,		4_2_6468724C

Source: C:\Windows\System32\loaddll32.exe

0_2_64687C10

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6460B7CC al_get_mouse_event_source,

0_2_6460B7CC

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\msimg32.dll",#1

Jump to behavior

Source: loaddll32.exe, 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.1815870196.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000005.00000002.1817751739.00000000647E4000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: MbPAd:\Libraries\build\allegro\src\allegro-git\allegro-git\src\win\wunicode.c_al_win_utf16_al_win_utf8d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\win\wwindow.cShell_traywndy
Source: loaddll32.exe, loaddll32.exe, 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, rundll32.exe, 00000004.00000002.1815870196.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000005.00000002.1817751739.00000000647E4000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: Shell_traywnd

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_64681488 PHYSFS_init,__PHYSFS_platformInit,__PHYSFS_platformCreateMutex,__PHYSFS_platformCreateMutex,__PHYSFS_platformCalcBaseDir,__PHYSFS_platformRealPath,__PHYSFS_platformGetUserDir,__PHYSFS_platformRealPath,__PHYSFS_platformGrabMutex,__PHYSFS_platformGetThreadID,__PHYSFS_platformReleaseMutex,__PHYSFS_setError,__PHYSFS_setError,__PHYSFS_platformSetDefaultAllocator,__PHYSFS_setError,__PHYSFS_platformDestroyMutex,__PHYSFS_platformDestroyMutex,__PHYSFS_platformGetUserName,__PHYSFS_platformReleaseMutex,__PHYSFS_setError,__PHYSFS_setError,__PHYSFS_setError,

0_2_64681488

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_64686880 FileTimeToSystemTime,GetTimeZoneInformation,SystemTimeToTzSpecificLocalTime,FileTimeToSystemTime,GetLastError,PHYSFS_utf8FromUcs2,__PHYSFS_setError,GetLastError,GetLastError,__PHYSFS_setError,

0_2_64686880

Source: C:\Windows\System32\loaddll32.exe

0_2_64687C10

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_64602158 _al_parse_key_binding,al_ustr_new,al_ustr_trim_ws,al_ustr_size,al_ustr_find_set_cstr,al_ustr_set_chr,al_cstr,_al_stricmp,_al_stricmp,_al_stricmp,al_ustr_free,al_cstr,_al_stricmp,_al_stricmp,_al_stricmp,_al_stricmp,_al_stricmp,	0_2_64602158
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_64677C74 SzGetNextFolderItem,SzByteBufferCreate,SzReadNumber32,SzReadNumber32,SzCoderInfoInit,SzFolderFindBindPairForInStream,SzReadNumber32,	0_2_64677C74
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6467EAE8 SzFolderFindBindPairForInStream,	0_2_6467EAE8
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6467EB18 SzFolderFindBindPairForOutStream,	0_2_6467EB18
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_646AE03C alGetListener3f,GetContextSuspended,alSetError,alSetError,	4_2_646AE03C
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_64602158 _al_parse_key_binding,al_ustr_new,al_ustr_trim_ws,al_ustr_size,al_ustr_find_set_cstr,al_ustr_set_chr,al_cstr,_al_stricmp,_al_stricmp,_al_stricmp,al_ustr_free,al_cstr,_al_stricmp,_al_stricmp,_al_stricmp,_al_stricmp,_al_stricmp,	4_2_64602158
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_646AE114 alGetListenerfv,GetContextSuspended,alSetError,alSetError,	4_2_646AE114
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_646AE250 alGetListeneri,GetContextSuspended,alSetError,alSetError,	4_2_646AE250
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_646AE2B0 alGetListener3i,GetContextSuspended,alSetError,alSetError,	4_2_646AE2B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_646AE3E8 alGetListeneriv,GetContextSuspended,alSetError,alSetError,	4_2_646AE3E8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6467EAE8 SzFolderFindBindPairForInStream,	4_2_6467EAE8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_6467EB18 SzFolderFindBindPairForOutStream,	4_2_6467EB18
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_64677C74 SzGetNextFolderItem,SzByteBufferCreate,SzReadNumber32,SzReadNumber32,SzCoderInfoInit,SzFolderFindBindPairForInStream,SzReadNumber32,	4_2_64677C74
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_646ADD64 alListeneri,GetContextSuspended,alSetError,	4_2_646ADD64
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_646ADD98 alListener3i,GetContextSuspended,alSetError,GetContextSuspended,alSetError,ProcessContext,ProcessContext,	4_2_646ADD98
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_646ADEC8 alListeneriv,GetContextSuspended,alSetError,ProcessContext,alListenerfv,alListenerfv,alSetError,	4_2_646ADEC8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_646ADFA0 alGetListenerf,GetContextSuspended,alSetError,alSetError,	4_2_646ADFA0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_646AD944 alListenerf,GetContextSuspended,alSetError,alSetError,	4_2_646AD944
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_646ADA10 alListener3f,GetContextSuspended,alSetError,	4_2_646ADA10
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 4_2_646ADAE0 alListenerfv,GetContextSuspended,alSetError,GetContextSuspended,alSetError,ProcessContext,GetContextSuspended,alSetError,ProcessContext,alSetError,alSetError,	4_2_646ADAE0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	12 Process Injection	12 Process Injection	21 Input Capture	1 System Time Discovery	Remote Services	21 Input Capture	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	1 Archive Collected Data	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	2 Obfuscated Files or Information	Security Account Manager	1 Account Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Rundll32	NTDS	1 System Owner/User Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	2 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
msimg32.dll	10%	Virustotal		Browse

Source	Detection	Scanner	Link
http://icculus.org/physfs/T	0%	Virustotal	Browse
http://icculus.org/physfs/4	0%	Virustotal	Browse
http://icculus.org/physfs/	0%	Virustotal	Browse

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.3dmm2.com/doom/	msimg32.dll	false		unknown
http://icculus.org/physfs/	msimg32.dll	false	0%, Virustotal, Browse	unknown
http://icculus.org/physfs/4	loaddll32.exe, 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.1815870196.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000005.00000002.1817751739.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000006.00000002.1830346417.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000007.00000002.1831068963.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, msimg32.dll	false	0%, Virustotal, Browse	unknown
http://icculus.org/physfs/T	loaddll32.exe, 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.1815870196.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000005.00000002.1817751739.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000006.00000002.1830346417.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000007.00000002.1831068963.00000000647E4000.00000002.00000001.01000000.00000003.sdmp, msimg32.dll	false	0%, Virustotal, Browse	unknown
http://icculus.org/physfs/t	msimg32.dll	false		unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1538457
Start date and time:	2024-10-21 10:35:39 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 49s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	msimg32.dll
Detection:	MAL
Classification:	mal52.winDLL@12/0@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .dll Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.

File type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Entropy (8bit):	6.937453453884552
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% VXD Driver (31/22) 0.00% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	msimg32.dll
File size:	3'937'280 bytes
MD5:	b4f2a28b37eaccd3127d0cb4c4fa990f
SHA1:	ebcb32378d1d9795bef11632d83937eb416b6c9b
SHA256:	0c53f398b982342ad9d336bf2a6bfc0d93e5687d1814f3bf761832795df69cd2
SHA512:	f1a218d0b7d7cb7b97c38a089c7b058f6fabce343d8dceb4535b40207a98c688f5a2001eb669cf692d113d57f70ff1eb35f2c993781518bcb8be63f5dd5d2d66
SSDEEP:	98304:oMsztWzaCrAKei53bzXS1qPfipK//umjcvAwuBUc/C8vFI0ICETY:oMsztWzJrAKeyHjc4Cc/C8vFwTY
TLSH:	AD067D1CFB97D8E1D9A705758147F22E92319F154026EBA3FF98295AF833F226879310
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....V.Q.~0..?.....!......!...<.....X.........!...\d..........................>......n8....... .......................+..T.

File Icon


Icon Hash:	7ae282899bbab082

Static PE Info

General

Entrypoint:	0x645c1058
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x645c0000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, 32BIT_MACHINE, DLL
DLL Characteristics:
Time Stamp:	0x51D856A6 [Sat Jul 6 17:40:54 2013 UTC]
TLS Callbacks:	0x647cb2d0, 0x647cb29c
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	8040ee0bc21ce34bd2e2f9a621b7585a

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
push edi
push esi
push ebx
sub esp, 2Ch
mov esi, dword ptr [ebp+08h]
mov ebx, dword ptr [ebp+0Ch]
mov edi, dword ptr [ebp+10h]
cmp ebx, 01h
je 00007F9E4092DD9Fh
mov dword ptr [esp+08h], edi
mov dword ptr [esp+04h], ebx
mov dword ptr [esp], esi
call 00007F9E40B3803Eh
sub esp, 0Ch
test ebx, ebx
jne 00007F9E4092DD7Bh
mov edx, dword ptr [64871000h]
test edx, edx
je 00007F9E4092DDEAh
mov dword ptr [ebp-1Ch], eax
call 00007F9E4092DCC9h
mov eax, dword ptr [ebp-1Ch]
lea esp, dword ptr [ebp-0Ch]
pop ebx
pop esi
pop edi
leave
retn 000Ch
lea esi, dword ptr [esi+00h]
mov dword ptr [esp], 00000080h
call 00007F9E40B40F31h
mov dword ptr [64871000h], eax
test eax, eax
je 00007F9E4092DDC5h
mov dword ptr [eax], 00000000h
mov dword ptr [64871004h], eax
mov eax, dword ptr [648305E0h]
test eax, eax
je 00007F9E4092DD76h
mov dword ptr [esp+08h], edi
mov dword ptr [esp+04h], 00000002h
mov dword ptr [esp], esi
call eax
sub esp, 0Ch
call 00007F9E40B3810Bh
call 00007F9E40B3834Eh
mov dword ptr [esp+08h], edi
mov dword ptr [esp+04h], 00000001h
mov dword ptr [esp], esi
call 00007F9E40B37FB6h
sub esp, 0Ch
test eax, eax
je 00007F9E4092DCE8h
lea esp, dword ptr [ebp-0Ch]
pop ebx
pop esi
pop edi
leave
retn 000Ch
xor eax, eax
lea esp, dword ptr [ebp-0Ch]
pop ebx
pop esi

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x2ba000	0x25412	.edata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2e0000	0x293c	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x31c000	0xcb05c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x2e5000	0x11b54	.tls
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x2e4000	0x18	.tls
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2e070c	0x5cc	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x219000	0x218600	76c7b20a1c25eddc81efdd2acc97b8be	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x21a000	0xa000	0x9200	96632e44c63c1c271bd72837d9cf811e	False	0.22348565924657535	dBase III DBT, version number 0, next free block index 56, 1st item "jS~d"	2.4420702277440887	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x224000	0x4e000	0x4d400	c63939dea53ebb53aac869a6a6660fe5	False	0.4502996055825243	data	6.578340106653787	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
/4	0x272000	0x3f000	0x3ea00	d9e75b64e9b723762e384ffcddfbaa60	False	0.2514424276447106	data	4.98706888477853	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.bss	0x2b1000	0x9000	0x9000	49f487bd5eb9d753b06804d45ce0ca36	False	0.5464138454861112	data	6.609860478725795	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.edata	0x2ba000	0x26000	0x25600	b1fb5cdf212ff15f128896abe19ef1a4	False	0.32970579013377926	data	6.031515284559032	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ
.idata	0x2e0000	0x3000	0x2a00	5d0e3c6a7eb5c89b84d92f0474b07776	False	0.36039806547619047	data	5.2939193300449165	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.CRT	0x2e3000	0x1000	0x200	d86e3ea25221afba83c7218fb93d6a9f	False	0.044921875	data	0.15127132530476972	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x2e4000	0x13000	0x200	27136df563e32e923b2a9e5bb11ea4c7	False	0.05078125	data	0.2764949176589459	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
/14	0x2f7000	0x1000	0x600	49713c24fcc57ad4f0f198a2dabe757b	False	0.2421875	Matlab v4 mat-file (little endian) \203\001, rows 2, columns 262144	1.9890201178218252	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/29	0x2f8000	0x1000	0xa00	97c8f300ccf9482b5ecc612f4d9c82e8	False	0.460546875	data	4.386519181150674	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/45	0x2f9000	0x1000	0xc00	1d2272dc7edab1fe9b9c44d67a481de3	False	0.3785807291666667	data	4.455153048492457	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/61	0x2fa000	0xa000	0x9800	4a91cf731dd8e2d046382288b2d2c60e	False	0.4247275904605263	data	5.865960202924763	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/73	0x304000	0x3000	0x2400	6e278409826502f4ddaaddfc553d9709	False	0.1950954861111111	data	4.429866381420267	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/87	0x307000	0x3000	0x3000	5f0a0cab194cfaba70b1c078c2132981	False	0.5581868489583334	data	6.081183860126673	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/99	0x30a000	0x2000	0x1800	bd97106cf0760a5132ad6adb699edc31	False	0.2947591145833333	data	4.772441293939689	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/112	0x30c000	0x1000	0x400	e3bee82bbde42fa7adef3092fdcc3872	False	0.2646484375	data	3.288015105952697	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/123	0x30d000	0xe000	0xda00	dc0ee375cdb5abd948e31fe26a22c804	False	0.357421875	data	4.308028159748271	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
/134	0x31b000	0x3e8	0x400	80278d9aa246a8e04c55923ffe985327	False	0.3515625	data	2.8907351444719196	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.rsrc	0x31c000	0xcb05c	0xcb200	4f928f79ea3c310d42464982fd49f381	False	0.5934447115384616	data	7.4628232852934335	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_BITMAP	0x31c198	0x55036	PC bitmap, Windows 3.x format, 44247 x 2 x 49, image size 349035, cbSize 348214, bits offset 54	0.7367681942713389
RT_ICON	0x3711d0	0xb263	PC bitmap, Windows 3.x format, 5785 x 2 x 54, image size 45946, cbSize 45667, bits offset 54	0.48888694243107716
RT_ICON	0x37c434	0x7e07	PC bitmap, Windows 3.x format, 4234 x 2 x 41, image size 32382, cbSize 32263, bits offset 54	0.4520348386696835
RT_ICON	0x38423c	0x4678	PC bitmap, Windows 3.x format, 2305 x 2 x 38, image size 18342, cbSize 18040, bits offset 54	0.4402439024390244
RT_ICON	0x3888b4	0x2f747	PC bitmap, Windows 3.x format, 25121 x 2 x 45, image size 194421, cbSize 194375, bits offset 54	0.5136154340836013
RT_ICON	0x3b7ffc	0x2f05d	PC bitmap, Windows 3.x format, 24730 x 2 x 52, image size 193194, cbSize 192605, bits offset 54	0.48222527971755663

Imports

DLL	Import
gdiplus.dll	GdipAlloc, GdipBitmapLockBits, GdipBitmapUnlockBits, GdipCloneImage, GdipCreateBitmapFromScan0, GdipCreateBitmapFromStream, GdipDeleteCachedBitmap, GdipDeleteCustomLineCap, GdipDeletePrivateFontCollection, GdipDisposeImage, GdipFree, GdipGetImageEncoders, GdipGetImageEncodersSize, GdipGetImageHeight, GdipGetImageWidth, GdipSaveImageToStream, GdiplusShutdown, GdiplusStartup
ADVAPI32.DLL	GetUserNameA, OpenProcessToken
COMDLG32.DLL	GetOpenFileNameA, GetSaveFileNameA
GDI32.dll	ChoosePixelFormat, CreateBitmap, CreateCompatibleBitmap, CreateCompatibleDC, CreateFontA, CreateRectRgn, DeleteDC, DeleteObject, DescribePixelFormat, GetRegionData, GetStockObject, SelectObject, SetPixel, SetPixelFormat, StretchDIBits, SwapBuffers
KERNEL32.dll	CloseHandle, CreateDirectoryA, CreateEventA, CreateFileA, CreateMutexA, CreateSemaphoreA, CreateThread, CreateWaitableTimerA, DeleteCriticalSection, DeleteFileA, EnterCriticalSection, ExitThread, FileTimeToSystemTime, FindClose, FindFirstFileA, FindNextFileA, FlushFileBuffers, FormatMessageA, FreeLibrary, GetCommandLineA, GetCurrentDirectoryA, GetCurrentProcess, GetCurrentThread, GetCurrentThreadId, GetDriveTypeA, GetExitCodeThread, GetFileAttributesA, GetFileAttributesW, GetFileSize, GetFileTime, GetLastError, GetModuleFileNameA, GetModuleHandleA, GetProcAddress, GetTempPathA, GetTimeZoneInformation, GetVersionExA, GetVolumeInformationA, InitializeCriticalSection, InterlockedDecrement, InterlockedExchange, InterlockedIncrement, IsBadWritePtr, IsDBCSLeadByteEx, LeaveCriticalSection, LoadLibraryA, MultiByteToWideChar, QueryPerformanceCounter, QueryPerformanceFrequency, ReadFile, ReleaseMutex, ReleaseSemaphore, RemoveDirectoryA, SetErrorMode, SetEvent, SetFilePointer, SetLastError, SetThreadPriority, SetWaitableTimer, Sleep, SystemTimeToTzSpecificLocalTime, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, VirtualProtect, VirtualQuery, WaitForMultipleObjects, WaitForSingleObject, WaitForSingleObjectEx, WideCharToMultiByte, WriteFile
OLE32.dll	CoInitialize, CoUninitialize
OPENGL32.DLL	glBindTexture, glBlendFunc, glClear, glClearColor, glColor4f, glColorPointer, glCopyTexSubImage2D, glDeleteTextures, glDisable, glDisableClientState, glDrawArrays, glDrawElements, glDrawPixels, glEnable, glEnableClientState, glFlush, glGenTextures, glGetBooleanv, glGetError, glGetIntegerv, glGetString, glGetTexImage, glLoadIdentity, glLoadMatrixf, glMatrixMode, glMultMatrixf, glOrtho, glPixelStorei, glPixelTransferi, glPopClientAttrib, glPopMatrix, glPushClientAttrib, glPushMatrix, glRasterPos2f, glReadPixels, glScissor, glTexCoordPointer, glTexImage2D, glTexParameteri, glTexSubImage2D, glTranslatef, glVertexPointer, glViewport, wglCreateContext, wglDeleteContext, wglGetCurrentContext, wglGetCurrentDC, wglGetProcAddress, wglMakeCurrent
PSAPI.DLL	GetModuleFileNameExA
SHELL32.DLL	SHBrowseForFolderA, SHGetFolderPathA, SHGetPathFromIDListA, SHGetSpecialFolderPathA
SHLWAPI.DLL	PathFindOnPathA
WINMM.DLL	timeBeginPeriod, timeEndPeriod, timeGetTime, waveInAddBuffer, waveInClose, waveInGetDevCapsA, waveInGetNumDevs, waveInOpen, waveInPrepareHeader, waveInReset, waveInStart, waveInStop, waveInUnprepareHeader, waveOutClose, waveOutGetDevCapsA, waveOutGetNumDevs, waveOutOpen, waveOutPrepareHeader, waveOutUnprepareHeader, waveOutWrite
WS2_32.dll	ntohl

Exports

Name	Ordinal	Address
AlphaBlend	1	0x6469bd5c
AppendCaptureDeviceList	2	0x6469bcb4
AppendDeviceList	3	0x6469be04
BytesFromDevFmt	4	0x6469c18c
BytesFromFmt	5	0x64698068
BytesFromUserFmt	6	0x6469798c
CLSID_DirectSound	7	0x648038e0
CLSID_DirectSound8	8	0x648038d0
CLSID_DirectSoundCapture	9	0x648038c0
CLSID_DirectSoundCapture8	10	0x648038b0
CLSID_DirectSoundFullDuplex	11	0x648038a0
CalcNonAttnSourceParams	12	0x6469dd24
CalcSourceParams	13	0x6469ebfc
ChannelsFromDevFmt	14	0x6469c1a8
ChannelsFromFmt	15	0x64698084
ChannelsFromUserFmt	16	0x646979a8
CheckSupportedFolder	17	0x64673934
ConeScale	18	0x647dd440
ConfigValueExists	19	0x646a8ae8
CrcCalc	20	0x646737b4
CrcGenerateTable	21	0x646736e8
CrcUpdate	22	0x64673784
CreateRingBuffer	23	0x64709b64
DS3DALG_HRTF_FULL	24	0x648036b0
DS3DALG_HRTF_LIGHT	25	0x648036a0
DS3DALG_NO_VIRTUALIZATION	26	0x648036c0
DSDEVID_DefaultCapture	27	0x64803880
DSDEVID_DefaultPlayback	28	0x64803890
DSDEVID_DefaultVoiceCapture	29	0x64803860
DSDEVID_DefaultVoicePlayback	30	0x64803870
DSoundFuncs	31	0x647dd5c0
DSoundLoad	32	0x646ab2c4
DecomposeDevFormat	33	0x6469c1c4
DecomposeFormat	34	0x646980a0
DecomposeUserFormat	35	0x646979c4
DedicatedDLGCreate	36	0x647059f4
DedicatedLFECreate	37	0x64705a6c
DefaultResampler	38	0x64878f34
DestroyRingBuffer	39	0x64709bcc
DisabledEffects	40	0x64878f38
EAXVerbCreate	41	0x647095cc
EchoCreate	42	0x64709a04
EffectList	43	0x648016c0
FLAC_API_SUPPORTS_OGG_FLAC	44	0x647dd680
FLAC__ChannelAssignmentString	45	0x64804d70
FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE2_ESCAPE_PARAMETER	46	0x64804dfc
FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE2_PARAMETER_LEN	47	0x64804e08
FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE_ESCAPE_PARAMETER	48	0x64804e00
FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE_ORDER_LEN	49	0x64804e10
FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE_PARAMETER_LEN	50	0x64804e0c
FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE_RAW_LEN	51	0x64804e04
FLAC__ENTROPY_CODING_METHOD_TYPE_LEN	52	0x64804e14
FLAC__EntropyCodingMethodTypeString	53	0x64804df4
FLAC__FRAME_FOOTER_CRC_LEN	54	0x64804e18
FLAC__FRAME_HEADER_BITS_PER_SAMPLE_LEN	55	0x64804e24
FLAC__FRAME_HEADER_BLOCKING_STRATEGY_LEN	56	0x64804e34
FLAC__FRAME_HEADER_BLOCK_SIZE_LEN	57	0x64804e30
FLAC__FRAME_HEADER_CHANNEL_ASSIGNMENT_LEN	58	0x64804e28
FLAC__FRAME_HEADER_CRC_LEN	59	0x64804e1c
FLAC__FRAME_HEADER_RESERVED_LEN	60	0x64804e38
FLAC__FRAME_HEADER_SAMPLE_RATE_LEN	61	0x64804e2c
FLAC__FRAME_HEADER_SYNC	62	0x64804e40
FLAC__FRAME_HEADER_SYNC_LEN	63	0x64804e3c
FLAC__FRAME_HEADER_ZERO_PAD_LEN	64	0x64804e20
FLAC__FrameNumberTypeString	65	0x64804d3c
FLAC__MD5Accumulate	66	0x64713880
FLAC__MD5Final	67	0x647137d4
FLAC__MD5Init	68	0x64713794
FLAC__MetadataTypeString	69	0x64804ce0
FLAC__OGG_MAPPING_FIRST_HEADER_PACKET_TYPE	70	0x64805370
FLAC__OGG_MAPPING_MAGIC	71	0x6480536c
FLAC__OGG_MAPPING_NUM_HEADERS_LEN	72	0x64805358
FLAC__OGG_MAPPING_PACKET_TYPE_LEN	73	0x64805374
FLAC__OGG_MAPPING_VERSION_MAJOR_LEN	74	0x64805360
FLAC__OGG_MAPPING_VERSION_MINOR_LEN	75	0x6480535c
FLAC__STREAM_METADATA_APPLICATION_ID_LEN	76	0x64804ecc
FLAC__STREAM_METADATA_CUESHEET_INDEX_NUMBER_LEN	77	0x64804ea4
FLAC__STREAM_METADATA_CUESHEET_INDEX_OFFSET_LEN	78	0x64804ea8
FLAC__STREAM_METADATA_CUESHEET_INDEX_RESERVED_LEN	79	0x64804ea0
FLAC__STREAM_METADATA_CUESHEET_IS_CD_LEN	80	0x64804e78
FLAC__STREAM_METADATA_CUESHEET_LEAD_IN_LEN	81	0x64804e7c
FLAC__STREAM_METADATA_CUESHEET_MEDIA_CATALOG_NUMBER_LEN	82	0x64804e80
FLAC__STREAM_METADATA_CUESHEET_NUM_TRACKS_LEN	83	0x64804e70
FLAC__STREAM_METADATA_CUESHEET_RESERVED_LEN	84	0x64804e74
FLAC__STREAM_METADATA_CUESHEET_TRACK_ISRC_LEN	85	0x64804e94
FLAC__STREAM_METADATA_CUESHEET_TRACK_NUMBER_LEN	86	0x64804e98
FLAC__STREAM_METADATA_CUESHEET_TRACK_NUM_INDICES_LEN	87	0x64804e84
FLAC__STREAM_METADATA_CUESHEET_TRACK_OFFSET_LEN	88	0x64804e9c
FLAC__STREAM_METADATA_CUESHEET_TRACK_PRE_EMPHASIS_LEN	89	0x64804e8c
FLAC__STREAM_METADATA_CUESHEET_TRACK_RESERVED_LEN	90	0x64804e88
FLAC__STREAM_METADATA_CUESHEET_TRACK_TYPE_LEN	91	0x64804e90
FLAC__STREAM_METADATA_IS_LAST_LEN	92	0x64804e4c
FLAC__STREAM_METADATA_LENGTH_LEN	93	0x64804e44
FLAC__STREAM_METADATA_PICTURE_COLORS_LEN	94	0x64804e54
FLAC__STREAM_METADATA_PICTURE_DATA_LENGTH_LEN	95	0x64804e50
FLAC__STREAM_METADATA_PICTURE_DEPTH_LEN	96	0x64804e58
FLAC__STREAM_METADATA_PICTURE_DESCRIPTION_LENGTH_LEN	97	0x64804e64
FLAC__STREAM_METADATA_PICTURE_HEIGHT_LEN	98	0x64804e5c
FLAC__STREAM_METADATA_PICTURE_MIME_TYPE_LENGTH_LEN	99	0x64804e68
FLAC__STREAM_METADATA_PICTURE_TYPE_LEN	100	0x64804e6c
FLAC__STREAM_METADATA_PICTURE_WIDTH_LEN	101	0x64804e60
FLAC__STREAM_METADATA_SEEKPOINT_FRAME_SAMPLES_LEN	102	0x64804ec0
FLAC__STREAM_METADATA_SEEKPOINT_PLACEHOLDER	103	0x64804eb8
FLAC__STREAM_METADATA_SEEKPOINT_SAMPLE_NUMBER_LEN	104	0x64804ec8
FLAC__STREAM_METADATA_SEEKPOINT_STREAM_OFFSET_LEN	105	0x64804ec4
FLAC__STREAM_METADATA_STREAMINFO_BITS_PER_SAMPLE_LEN	106	0x64804ed8
FLAC__STREAM_METADATA_STREAMINFO_CHANNELS_LEN	107	0x64804edc
FLAC__STREAM_METADATA_STREAMINFO_MAX_BLOCK_SIZE_LEN	108	0x64804eec
FLAC__STREAM_METADATA_STREAMINFO_MAX_FRAME_SIZE_LEN	109	0x64804ee4
FLAC__STREAM_METADATA_STREAMINFO_MD5SUM_LEN	110	0x64804ed0
FLAC__STREAM_METADATA_STREAMINFO_MIN_BLOCK_SIZE_LEN	111	0x64804ef0
FLAC__STREAM_METADATA_STREAMINFO_MIN_FRAME_SIZE_LEN	112	0x64804ee8
FLAC__STREAM_METADATA_STREAMINFO_SAMPLE_RATE_LEN	113	0x64804ee0
FLAC__STREAM_METADATA_STREAMINFO_TOTAL_SAMPLES_LEN	114	0x64804ed4
FLAC__STREAM_METADATA_TYPE_LEN	115	0x64804e48
FLAC__STREAM_METADATA_VORBIS_COMMENT_ENTRY_LENGTH_LEN	116	0x64804eb0
FLAC__STREAM_METADATA_VORBIS_COMMENT_NUM_COMMENTS_LEN	117	0x64804eac
FLAC__STREAM_SYNC	118	0x64804ef8
FLAC__STREAM_SYNC_LEN	119	0x64804ef4
FLAC__STREAM_SYNC_STRING	120	0x64804efc
FLAC__SUBFRAME_LPC_QLP_COEFF_PRECISION_LEN	121	0x64804dcc
FLAC__SUBFRAME_LPC_QLP_SHIFT_LEN	122	0x64804dc8
FLAC__SUBFRAME_TYPE_CONSTANT_BYTE_ALIGNED_MASK	123	0x64804db8
FLAC__SUBFRAME_TYPE_FIXED_BYTE_ALIGNED_MASK	124	0x64804db0
FLAC__SUBFRAME_TYPE_LEN	125	0x64804dc0
FLAC__SUBFRAME_TYPE_LPC_BYTE_ALIGNED_MASK	126	0x64804dac
FLAC__SUBFRAME_TYPE_VERBATIM_BYTE_ALIGNED_MASK	127	0x64804db4
FLAC__SUBFRAME_WASTED_BITS_FLAG_LEN	128	0x64804dbc
FLAC__SUBFRAME_ZERO_PAD_LEN	129	0x64804dc4
FLAC__StreamDecoderErrorStatusString	130	0x6480417c
FLAC__StreamDecoderInitStatusString	131	0x64804550
FLAC__StreamDecoderLengthStatusString	132	0x6480426c
FLAC__StreamDecoderReadStatusString	133	0x6480440c
FLAC__StreamDecoderSeekStatusString	134	0x6480437c
FLAC__StreamDecoderStateString	135	0x648046e0
FLAC__StreamDecoderTellStatusString	136	0x648042f4
FLAC__StreamDecoderWriteStatusString	137	0x648041e0
FLAC__StreamMetadata_Picture_TypeString	138	0x64804c40
FLAC__SubframeTypeString	139	0x64804d9c
FLAC__VENDOR_STRING	140	0x647dd684
FLAC__VERSION_STRING	141	0x647dd688
FLAC__bitmath_ilog2	142	0x64712f18
FLAC__bitmath_ilog2_wide	143	0x64712f2c
FLAC__bitmath_silog2	144	0x64712f58
FLAC__bitmath_silog2_wide	145	0x64712f7c
FLAC__bitreader_bits_left_for_byte_alignment	146	0x64711094
FLAC__bitreader_clear	147	0x64710df8
FLAC__bitreader_delete	148	0x64710cd8
FLAC__bitreader_dump	149	0x64710e20
FLAC__bitreader_free	150	0x64710da4
FLAC__bitreader_get_input_bits_unconsumed	151	0x647110a8
FLAC__bitreader_get_read_crc16	152	0x64711010
FLAC__bitreader_init	153	0x64710d34
FLAC__bitreader_is_consumed_byte_aligned	154	0x64711084
FLAC__bitreader_new	155	0x64710cbc
FLAC__bitreader_read_byte_block_aligned_no_crc	156	0x64711408
FLAC__bitreader_read_raw_int32	157	0x647110e4
FLAC__bitreader_read_raw_uint32	158	0x647110c0
FLAC__bitreader_read_raw_uint64	159	0x64711130
FLAC__bitreader_read_rice_signed	160	0x64711808
FLAC__bitreader_read_rice_signed_block	161	0x64711898
FLAC__bitreader_read_uint32_little_endian	162	0x647111c4
FLAC__bitreader_read_unary_unsigned	163	0x647114e8
FLAC__bitreader_read_utf8_uint32	164	0x64711e80
FLAC__bitreader_read_utf8_uint64	165	0x64712000
FLAC__bitreader_reset_read_crc16	166	0x64710ffc
FLAC__bitreader_skip_bits_no_crc	167	0x6471125c
FLAC__bitreader_skip_byte_block_aligned_no_crc	168	0x64711364
FLAC__cpu_info	169	0x6471710c
FLAC__crc16	170	0x64710444
FLAC__crc16_table	171	0x647dd6a0
FLAC__crc8	172	0x64710420
FLAC__crc8_table	173	0x64804f40
FLAC__crc8_update	174	0x647103dc
FLAC__crc8_update_block	175	0x647103f4
FLAC__fixed_compute_best_predictor	176	0x64712400
FLAC__fixed_compute_best_predictor_wide	177	0x64712804
FLAC__fixed_compute_residual	178	0x64712d6c
FLAC__fixed_restore_signal	179	0x64712e48
FLAC__format_cuesheet_is_legal	180	0x6470feb8
FLAC__format_entropy_coding_method_partitioned_rice_contents_clear	181	0x6471031c
FLAC__format_entropy_coding_method_partitioned_rice_contents_ensure_size	182	0x6471035c
FLAC__format_entropy_coding_method_partitioned_rice_contents_init	183	0x64710300
FLAC__format_get_max_rice_partition_order	184	0x64710268
FLAC__format_get_max_rice_partition_order_from_blocksize	185	0x647102ac
FLAC__format_get_max_rice_partition_order_from_blocksize_limited_max_and_predictor_order	186	0x647102d0
FLAC__format_picture_is_legal	187	0x647101f8
FLAC__format_sample_rate_is_subset	188	0x6470fc44
FLAC__format_sample_rate_is_valid	189	0x6470fc30
FLAC__format_seektable_is_legal	190	0x6470fc88
FLAC__format_seektable_sort	191	0x6470fcec
FLAC__format_vorbiscomment_entry_is_legal	192	0x6470fe50
FLAC__format_vorbiscomment_entry_name_is_legal	193	0x6470fdc8
FLAC__format_vorbiscomment_entry_value_is_legal	194	0x6470fdf4
FLAC__lpc_compute_autocorrelation	195	0x64713dbc
FLAC__lpc_compute_best_order	196	0x64716fe0
FLAC__lpc_compute_expected_bits_per_residual_sample	197	0x64716ed0
FLAC__lpc_compute_expected_bits_per_residual_sample_with_error_scale	198	0x64716f60
FLAC__lpc_compute_lp_coefficients	199	0x64713e5c
FLAC__lpc_compute_residual_from_qlp_coefficients	200	0x647141d8
FLAC__lpc_compute_residual_from_qlp_coefficients_wide	201	0x64714900
FLAC__lpc_quantize_coefficients	202	0x64713fac
FLAC__lpc_restore_signal	203	0x64715870
FLAC__lpc_restore_signal_wide	204	0x64715f80
FLAC__lpc_window_data	205	0x64713d90
FLAC__memory_alloc_aligned	206	0x64712200
FLAC__memory_alloc_aligned_int32_array	207	0x64712220
FLAC__memory_alloc_aligned_real_array	208	0x647123a0
FLAC__memory_alloc_aligned_uint32_array	209	0x64712280
FLAC__memory_alloc_aligned_uint64_array	210	0x647122e0
FLAC__memory_alloc_aligned_unsigned_array	211	0x64712340
FLAC__ogg_decoder_aspect_finish	212	0x647104f4
FLAC__ogg_decoder_aspect_flush	213	0x6471053c
FLAC__ogg_decoder_aspect_init	214	0x64710480
FLAC__ogg_decoder_aspect_read_callback_wrapper	215	0x647105c4
FLAC__ogg_decoder_aspect_reset	216	0x64710578
FLAC__ogg_decoder_aspect_set_defaults	217	0x64710530
FLAC__ogg_decoder_aspect_set_serial_number	218	0x6471051c
FLAC__stream_decoder_delete	219	0x6470d7c8
FLAC__stream_decoder_finish	220	0x6470d3f8
FLAC__stream_decoder_flush	221	0x6470dcb4
FLAC__stream_decoder_get_bits_per_sample	222	0x6470dc10
FLAC__stream_decoder_get_blocksize	223	0x6470dc28
FLAC__stream_decoder_get_channel_assignment	224	0x6470dc04
FLAC__stream_decoder_get_channels	225	0x6470dbf8
FLAC__stream_decoder_get_decode_position	226	0x6470dc34
FLAC__stream_decoder_get_input_bytes_unconsumed	227	0x6470f9a4
FLAC__stream_decoder_get_md5_checking	228	0x6470dbc4
FLAC__stream_decoder_get_resolved_state_string	229	0x6470dbb4
FLAC__stream_decoder_get_sample_rate	230	0x6470dc1c
FLAC__stream_decoder_get_state	231	0x6470dba8
FLAC__stream_decoder_get_total_samples	232	0x6470dbd0
FLAC__stream_decoder_init_FILE	233	0x6470e0bc
FLAC__stream_decoder_init_file	234	0x6470e344
FLAC__stream_decoder_init_ogg_FILE	235	0x6470e44c
FLAC__stream_decoder_init_ogg_file	236	0x6470e23c
FLAC__stream_decoder_init_ogg_stream	237	0x6470e194
FLAC__stream_decoder_init_stream	238	0x6470e1e8
FLAC__stream_decoder_new	239	0x6470d1a0
FLAC__stream_decoder_process_single	240	0x6470e524
FLAC__stream_decoder_process_until_end_of_metadata	241	0x6470e618
FLAC__stream_decoder_process_until_end_of_stream	242	0x6470e668
FLAC__stream_decoder_reset	243	0x6470dd28
FLAC__stream_decoder_seek_absolute	244	0x6470e824
FLAC__stream_decoder_set_md5_checking	245	0x6470d8d0
FLAC__stream_decoder_set_metadata_ignore	246	0x6470da48
FLAC__stream_decoder_set_metadata_ignore_all	247	0x6470db68
FLAC__stream_decoder_set_metadata_ignore_application	248	0x6470da90
FLAC__stream_decoder_set_metadata_respond	249	0x6470d8f0
FLAC__stream_decoder_set_metadata_respond_all	250	0x6470da10
FLAC__stream_decoder_set_metadata_respond_application	251	0x6470d938
FLAC__stream_decoder_set_ogg_serial_number	252	0x6470d8a0
FLAC__stream_decoder_skip_single_frame	253	0x6470e74c
FT_Activate_Size	254	0x6476b7a8
FT_Add_Default_Modules	255	0x64774730
FT_Add_Module	256	0x6476bae8
FT_Alloc	257	0x647744d8
FT_Angle_Diff	258	0x647738a8
FT_Atan2	259	0x647731bc
FT_Attach_File	260	0x64769968
FT_Attach_Stream	261	0x64769a6c
FT_CMap_Done	262	0x64773ff0
FT_CMap_New	263	0x64773e98
FT_CeilFix	264	0x64767f74
FT_Cos	265	0x64773064
FT_DivFix	266	0x647682fc
FT_Done_Face	267	0x64769b70
FT_Done_FreeType	268	0x647747d8
FT_Done_GlyphSlot	269	0x64769860
FT_Done_Library	270	0x6476c124
FT_Done_Memory	271	0x647749d4
FT_Done_Size	272	0x64769d84
FT_Face_GetCharVariantIndex	273	0x6476b064
FT_Face_GetCharVariantIsDefault	274	0x6476b138
FT_Face_GetCharsOfVariant	275	0x6476b36c
FT_Face_GetVariantSelectors	276	0x6476b1f8
FT_Face_GetVariantsOfChar	277	0x6476b2ac
FT_FloorFix	278	0x64767f98
FT_Free	279	0x64774708
FT_Get_Advance	280	0x6476daa4
FT_Get_Advances	281	0x6476d8dc
FT_Get_CMap_Format	282	0x6476b750
FT_Get_CMap_Language_ID	283	0x6476b6fc
FT_Get_Char_Index	284	0x6476af50
FT_Get_Charmap_Index	285	0x6476af0c
FT_Get_First_Char	286	0x6476af70
FT_Get_Glyph_Name	287	0x6476b4a4
FT_Get_Kerning	288	0x6476ab7c
FT_Get_Module	289	0x6476be5c
FT_Get_Module_Interface	290	0x6476beb8
FT_Get_Name_Index	291	0x6476b42c
FT_Get_Next_Char	292	0x6476b000
FT_Get_Postscript_Name	293	0x6476b54c
FT_Get_Renderer	294	0x6476b818
FT_Get_Sfnt_Name	295	0x6476f55c
FT_Get_Sfnt_Name_Count	296	0x6476f3d0
FT_Get_Sfnt_Table	297	0x6476b5b4
FT_Get_SubGlyph_Info	298	0x6476c47c
FT_Get_Track_Kerning	299	0x6476acf0
FT_Get_TrueType_Engine_Type	300	0x6476c2ec
FT_GlyphLoader_Add	301	0x647693dc
FT_GlyphLoader_CheckPoints	302	0x64773b3c
FT_GlyphLoader_CheckSubGlyphs	303	0x64773ac0
FT_GlyphLoader_CopyPoints	304	0x64773d3c
FT_GlyphLoader_CreateExtra	305	0x647692bc
FT_GlyphLoader_Done	306	0x64769294
FT_GlyphLoader_New	307	0x64768ce8
FT_GlyphLoader_Prepare	308	0x6476937c
FT_GlyphLoader_Reset	309	0x64768d58
FT_GlyphLoader_Rewind	310	0x64768d2c
FT_Init_FreeType	311	0x64774760
FT_Library_Version	312	0x6476c0e4
FT_List_Add	313	0x64774364
FT_List_Finalize	314	0x6477444c
FT_List_Find	315	0x6477433c
FT_List_Insert	316	0x6477438c
FT_List_Iterate	317	0x6477440c
FT_List_Remove	318	0x647743b0
FT_List_Up	319	0x647743d8
FT_Load_Char	320	0x6476d88c
FT_Load_Glyph	321	0x6476d868
FT_Load_Sfnt_Table	322	0x6476b604
FT_Lookup_Renderer	323	0x6476b7cc
FT_Match_Size	324	0x64769eac
FT_Matrix_Invert	325	0x6476851c
FT_Matrix_Multiply	326	0x647683bc
FT_Matrix_Multiply_Scaled	327	0x64768880
FT_MulDiv	328	0x64768194
FT_MulDiv_No_Round	329	0x647681b4
FT_MulFix	330	0x647682d8
FT_New_Face	331	0x64772564
FT_New_GlyphSlot	332	0x647696c8
FT_New_Library	333	0x6476c018
FT_New_Memory	334	0x647749a0
FT_New_Memory_Face	335	0x64772508
FT_New_Size	336	0x64769c04
FT_Open_Face	337	0x647708a4
FT_Outline_Check	338	0x6476cc30
FT_Outline_Copy	339	0x6476cc98
FT_Outline_Decompose	340	0x6476c4f4
FT_Outline_Done	341	0x6476cd88
FT_Outline_Done_Internal	342	0x6476cd00
FT_Outline_Embolden	343	0x6476e08c
FT_Outline_Get_Bitmap	344	0x6476d09c
FT_Outline_Get_CBox	345	0x6476ce20
FT_Outline_Get_Orientation	346	0x6476db78
FT_Outline_New	347	0x6476cc10
FT_Outline_New_Internal	348	0x6476ca28
FT_Outline_Render	349	0x6476cf98
FT_Outline_Reverse	350	0x6476ceec
FT_Outline_Transform	351	0x6476d1b0
FT_Outline_Translate	352	0x6476ceb4
FT_QAlloc	353	0x64774544
FT_QRealloc	354	0x6477465c
FT_Raccess_Get_DataOffsets	355	0x6476e78c
FT_Raccess_Get_HeaderInfo	356	0x6476fb64
FT_Raccess_Guess	357	0x6476ed68
FT_Realloc	358	0x6477458c
FT_Reference_Face	359	0x64769b60
FT_Reference_Library	360	0x6476c008
FT_Remove_Module	361	0x6476bf90
FT_Render_Glyph	362	0x6476baac
FT_Render_Glyph_Internal	363	0x6476b948
FT_Request_Metrics	364	0x6476a270
FT_Request_Size	365	0x6476a81c
FT_RoundFix	366	0x64767f50
FT_Select_Charmap	367	0x6476ad78
FT_Select_Metrics	368	0x6476a08c
FT_Select_Size	369	0x6476a7bc
FT_Set_Char_Size	370	0x6476a8f8
FT_Set_Charmap	371	0x6476ae60
FT_Set_Debug_Hook	372	0x6476c2c8
FT_Set_Pixel_Sizes	373	0x6476aa28
FT_Set_Renderer	374	0x6476b84c
FT_Set_Transform	375	0x647698c0
FT_Sfnt_Table_Info	376	0x6476b68c
FT_Sin	377	0x647730a0
FT_Sqrt32	378	0x64767fb4
FT_SqrtFixed	379	0x64768b0c
FT_Stream_Close	380	0x6476f41c
FT_Stream_EnterFrame	381	0x6476f7ec
FT_Stream_ExitFrame	382	0x6476f910
FT_Stream_ExtractFrame	383	0x6476f8d8
FT_Stream_Free	384	0x64769544
FT_Stream_GetChar	385	0x6476f94c
FT_Stream_GetULong	386	0x6476f9f4
FT_Stream_GetULongLE	387	0x6476fa34
FT_Stream_GetUOffset	388	0x6476f9bc
FT_Stream_GetUShort	389	0x6476f964
FT_Stream_GetUShortLE	390	0x6476f990
FT_Stream_New	391	0x64769514
FT_Stream_Open	392	0x647748cc
FT_Stream_OpenGzip	393	0x647bcf18
FT_Stream_OpenLZW	394	0x647bd714
FT_Stream_OpenMemory	395	0x6476f3ec
FT_Stream_Pos	396	0x6476f4d8
FT_Stream_Read	397	0x6476f4e0
FT_Stream_ReadAt	398	0x6476f6c8
FT_Stream_ReadChar	399	0x6476fa74
FT_Stream_ReadFields	400	0x64772e40
FT_Stream_ReadULong	401	0x647726c0
FT_Stream_ReadULongLE	402	0x64772dac
FT_Stream_ReadUOffset	403	0x64772638
FT_Stream_ReadUShort	404	0x6476fae4
FT_Stream_ReadUShortLE	405	0x647725b8
FT_Stream_ReleaseFrame	406	0x6476f7b4
FT_Stream_Seek	407	0x6476f434
FT_Stream_Skip	408	0x6476f480
FT_Stream_TryRead	409	0x6476f74c
FT_Tan	410	0x647730e0
FT_Vector_From_Polar	411	0x64773888
FT_Vector_Length	412	0x64773510
FT_Vector_Polarize	413	0x647736d4
FT_Vector_Rotate	414	0x647732ac
FT_Vector_Transform	415	0x6476d0fc
FT_Vector_Transform_Scaled	416	0x64768a38
FT_Vector_Unit	417	0x64773284
FreeALConfig	418	0x646a896c
GUID_All_Objects	419	0x64803800
GUID_DSCFX_CLASS_AEC	420	0x64803600
GUID_DSCFX_CLASS_NS	421	0x648035d0
GUID_DSCFX_MS_AEC	422	0x648035f0
GUID_DSCFX_MS_NS	423	0x648035c0
GUID_DSCFX_SYSTEM_AEC	424	0x648035e0
GUID_DSCFX_SYSTEM_NS	425	0x648035b0
GUID_DSFX_STANDARD_CHORUS	426	0x64803680
GUID_DSFX_STANDARD_COMPRESSOR	427	0x64803640
GUID_DSFX_STANDARD_DISTORTION	428	0x64803650
GUID_DSFX_STANDARD_ECHO	429	0x64803660
GUID_DSFX_STANDARD_FLANGER	430	0x64803670
GUID_DSFX_STANDARD_GARGLE	431	0x64803690
GUID_DSFX_STANDARD_I3DL2REVERB	432	0x64803620
GUID_DSFX_STANDARD_PARAMEQ	433	0x64803630
GUID_DSFX_WAVES_REVERB	434	0x64803610
GUID_NULL	435	0x647e44a4
GetConfigValue	436	0x646a8a08
GetConfigValueBool	437	0x646a8dd4
GetConfigValueFloat	438	0x646a8cd8
GetConfigValueInt	439	0x646a8bd0
GetContextSuspended	440	0x6469cd30
GetSum	441	0x64673ae0
IID_IAdviseSink	442	0x64814708
IID_IAdviseSink2	443	0x64814718
IID_IBindCtx	444	0x648147c8
IID_IClassActivator	445	0x64814848
IID_IClassFactory	446	0x64814668
IID_IClientSecurity	447	0x64814878
IID_IDataAdviseHolder	448	0x64814738
IID_IDataObject	449	0x64814728
IID_IDirectSound	450	0x64803840
IID_IDirectSound3DBuffer	451	0x648037e0
IID_IDirectSound3DListener	452	0x648037f0
IID_IDirectSound8	453	0x64803830
IID_IDirectSoundBuffer	454	0x64803820
IID_IDirectSoundBuffer8	455	0x64803810
IID_IDirectSoundCapture	456	0x648037d0
IID_IDirectSoundCaptureBuffer	457	0x648037c0
IID_IDirectSoundCaptureBuffer8	458	0x648037b0
IID_IDirectSoundCaptureFXAec	459	0x648036f0
IID_IDirectSoundCaptureFXNoiseSuppress	460	0x648036e0
IID_IDirectSoundFXChorus	461	0x64803770
IID_IDirectSoundFXCompressor	462	0x64803730
IID_IDirectSoundFXDistortion	463	0x64803740
IID_IDirectSoundFXEcho	464	0x64803750
IID_IDirectSoundFXFlanger	465	0x64803760
IID_IDirectSoundFXGargle	466	0x64803780
IID_IDirectSoundFXI3DL2Reverb	467	0x64803710
IID_IDirectSoundFXParamEq	468	0x64803720
IID_IDirectSoundFXWavesReverb	469	0x64803700
IID_IDirectSoundFullDuplex	470	0x648036d0
IID_IDirectSoundNotify	471	0x648037a0
IID_IExternalConnection	472	0x648147f8
IID_IFillLockBytes	473	0x64814858
IID_IKsPropertySet	474	0x64803790
IID_ILockBytes	475	0x648147e8
IID_IMalloc	476	0x64814698
IID_IMallocSpy	477	0x64814888
IID_IMarshal	478	0x64814678
IID_IMessageFilter	479	0x648146a8
IID_IMoniker	480	0x648146f8
IID_IPSFactoryBuffer	481	0x648147d8
IID_IPersist	482	0x648146b8
IID_IPersistFile	483	0x648146c8
IID_IPersistStorage	484	0x648146d8
IID_IPersistStream	485	0x648146e8
IID_IProgressNotify	486	0x64814868
IID_IPropertySetStorage	487	0x64814828
IID_IPropertyStorage	488	0x64814838
IID_IROTData	489	0x64814818
IID_IReferenceClock	490	0x64803850
IID_IRootStorage	491	0x64814758
IID_IRpcChannelBuffer	492	0x64814768
IID_IRpcProxyBuffer	493	0x64814778
IID_IRpcStubBuffer	494	0x64814788
IID_IRunnableObject	495	0x64814808
IID_IRunningObjectTable	496	0x648147b8
IID_ISequentialStream	497	0x64814798
IID_IServerSecurity	498	0x64814898
IID_IStdMarshalInfo	499	0x648147a8
IID_IStorage	500	0x64814748
IID_IStream	501	0x64814688
IID_IUnknown	502	0x64814658
InitUIntMap	503	0x6469bf0c
InsertUIntMapEntry	504	0x6469bf54
IsValidChannels	505	0x6469cc94
IsValidType	506	0x6469cc78
KSDATAFORMAT_SUBTYPE_IEEE_FLOAT	507	0x64803590
KSDATAFORMAT_SUBTYPE_PCM	508	0x648035a0
LookupUIntMapKey	509	0x6469c120
LzmaDecode	510	0x6467f3f4
LzmaDecodeProperties	511	0x6467f394
MixSource	512	0x646f66a8
ModulatorCreate	513	0x64705f2c
NoneCreate	514	0x646a6c0c
PHYSFS_addToSearchPath	515	0x64681e90
PHYSFS_close	516	0x64683fb4
PHYSFS_deinit	517	0x64681b78
PHYSFS_delete	518	0x64682588
PHYSFS_enumerateFiles	519	0x64682dc8
PHYSFS_enumerateFilesCallback	520	0x64682b30
PHYSFS_eof	521	0x646842e4
PHYSFS_exists	522	0x6468348c
PHYSFS_fileLength	523	0x646844fc
PHYSFS_flush	524	0x64684654
PHYSFS_freeList	525	0x6468199c
PHYSFS_getBaseDir	526	0x64681a68
PHYSFS_getCdRomDirs	527	0x646819dc
PHYSFS_getCdRomDirsCallback	528	0x64681a60
PHYSFS_getDirSeparator	529	0x646819d4
PHYSFS_getLastError	530	0x646813ec
PHYSFS_getLastModTime	531	0x646834a8
PHYSFS_getLinkedVersion	532	0x64681474
PHYSFS_getMountPoint	533	0x6468210c
PHYSFS_getRealDir	534	0x64682794
PHYSFS_getSearchPath	535	0x6468204c
PHYSFS_getSearchPathCallback	536	0x64680420
PHYSFS_getUserDir	537	0x64681a70
PHYSFS_getWriteDir	538	0x64681a78
PHYSFS_init	539	0x64681488
PHYSFS_isDirectory	540	0x646837b0
PHYSFS_isInit	541	0x6468198c
PHYSFS_isSymbolicLink	542	0x64683a68
PHYSFS_mkdir	543	0x6468231c
PHYSFS_mount	544	0x64681dc4
PHYSFS_openAppend	545	0x64683d30
PHYSFS_openRead	546	0x64683d40
PHYSFS_openWrite	547	0x64683d24
PHYSFS_permitSymbolicLinks	548	0x64682198
PHYSFS_read	549	0x64684050
PHYSFS_readSBE16	550	0x64684918
PHYSFS_readSBE32	551	0x64684ae0
PHYSFS_readSBE64	552	0x64684cc8
PHYSFS_readSLE16	553	0x64684838
PHYSFS_readSLE32	554	0x64684a00
PHYSFS_readSLE64	555	0x64684bd8
PHYSFS_readUBE16	556	0x6468498c
PHYSFS_readUBE32	557	0x64684b5c
PHYSFS_readUBE64	558	0x64684d54
PHYSFS_readULE16	559	0x646848a8
PHYSFS_readULE32	560	0x64684a70
PHYSFS_readULE64	561	0x64684c50
PHYSFS_removeFromSearchPath	562	0x64681f48
PHYSFS_seek	563	0x6468436c
PHYSFS_setAllocator	564	0x646846c4
PHYSFS_setBuffer	565	0x64684510
PHYSFS_setSaneConfig	566	0x64682e3c
PHYSFS_setWriteDir	567	0x64681ab0
PHYSFS_supportedArchiveTypes	568	0x64681994
PHYSFS_swapSBE16	569	0x646847cc
PHYSFS_swapSBE32	570	0x646847e8
PHYSFS_swapSBE64	571	0x64684818
PHYSFS_swapSLE16	572	0x64684790
PHYSFS_swapSLE32	573	0x646847a0
PHYSFS_swapSLE64	574	0x646847b4
PHYSFS_swapUBE16	575	0x646847c0
PHYSFS_swapUBE32	576	0x646847d8
PHYSFS_swapUBE64	577	0x646847f8
PHYSFS_swapULE16	578	0x64684788
PHYSFS_swapULE32	579	0x64684798
PHYSFS_swapULE64	580	0x646847a8
PHYSFS_symbolicLinksPermitted	581	0x646821a4
PHYSFS_tell	582	0x64684318
PHYSFS_utf8FromLatin1	583	0x646857e8
PHYSFS_utf8FromUcs2	584	0x64685788
PHYSFS_utf8FromUcs4	585	0x64685728
PHYSFS_utf8ToUcs2	586	0x646856c8
PHYSFS_utf8ToUcs4	587	0x64685670
PHYSFS_write	588	0x646841e4
PHYSFS_writeSBE16	589	0x64684e90
PHYSFS_writeSBE32	590	0x64684ff0
PHYSFS_writeSBE64	591	0x64685168
PHYSFS_writeSLE16	592	0x64684de0
PHYSFS_writeSLE32	593	0x64684f48
PHYSFS_writeSLE64	594	0x646850b0
PHYSFS_writeUBE16	595	0x64684eec
PHYSFS_writeUBE32	596	0x64685050
PHYSFS_writeUBE64	597	0x646851dc
PHYSFS_writeULE16	598	0x64684e38
PHYSFS_writeULE32	599	0x64684f9c
PHYSFS_writeULE64	600	0x6468510c
ProcessContext	601	0x6469cd1c
ReadALConfig	602	0x646a8860
ReadRingBuffer	603	0x64709cd8
ReleaseALAuxiliaryEffectSlots	604	0x646a6c48
ReleaseALBuffers	605	0x64698c50
ReleaseALDatabuffers	606	0x646a8238
ReleaseALEffects	607	0x646a5fac
ReleaseALFilters	608	0x646a7584
ReleaseALSources	609	0x646903ac
RemoveUIntMapKey	610	0x6469c07c
ResamplerPadding	611	0x647ff534
ResamplerPrePadding	612	0x647ff528
ResetUIntMap	613	0x6469bf28
RingBufferSize	614	0x64709c04
SafeReadDirect	615	0x64674668
SafeReadDirectByte	616	0x646746a4
SafeReadDirectUInt32	617	0x646746e0
SafeReadDirectUInt64	618	0x64674834
SetDefaultChannelOrder	619	0x6469cde0
SetDefaultWFXChannelOrder	620	0x6469cf28
SetRTPriority	621	0x6469beac
StartThread	622	0x64709a98
StopThread	623	0x64709b08
SuspendContext	624	0x6469cd08
SzArDbExFill	625	0x646743c8
SzArDbExFree	626	0x64674364
SzArDbExInit	627	0x64674330
SzArDbGetFolderFullPackSize	628	0x646745ec
SzArDbGetFolderStreamPos	629	0x646745c8
SzArchiveDatabaseFree	630	0x6467ec50
SzArchiveDatabaseInit	631	0x6467ec14
SzArchiveOpen	632	0x6467e8f0
SzArchiveOpen2	633	0x6467e454
SzByteBufferCreate	634	0x646737fc
SzByteBufferFree	635	0x64673834
SzByteBufferInit	636	0x646737e8
SzCoderInfoFree	637	0x6467e98c
SzCoderInfoInit	638	0x6467e980
SzDecode	639	0x64673f40
SzDecode2	640	0x64673b08
SzDecodeLzma	641	0x64673858
SzExtract	642	0x64673fc4
SzFileFree	643	0x6467ebe0
SzFileInit	644	0x6467ebc0
SzFileReadImp	645	0x6466e298
SzFileSeekImp	646	0x6466e2d4
SzFolderFindBindPairForInStream	647	0x6467eae8
SzFolderFindBindPairForOutStream	648	0x6467eb18
SzFolderFree	649	0x6467ea00
SzFolderGetNumOutStreams	650	0x6467eac0
SzFolderGetUnPackSize	651	0x6467eb48
SzFolderInit	652	0x6467e9b4
SzGetNextFolderItem	653	0x64677c74
SzReadAndDecodePackedStreams	654	0x6467e370
SzReadAndDecodePackedStreams2	655	0x6467e158
SzReadArchiveProperties	656	0x6467594c
SzReadBoolVector	657	0x646766c0
SzReadBoolVector2	658	0x64676764
SzReadByte	659	0x64674b60
SzReadBytes	660	0x64674b8c
SzReadFileNames	661	0x6467c880
SzReadHashDigests	662	0x64676838
SzReadHeader	663	0x6467e084
SzReadHeader2	664	0x6467cb64
SzReadID	665	0x64675404
SzReadNumber	666	0x64674c5c
SzReadNumber32	667	0x64675180
SzReadPackInfo	668	0x64676a14
SzReadSize	669	0x64674f14
SzReadStreamsInfo	670	0x6467c44c
SzReadSubStreamsInfo	671	0x6467a680
SzReadSwitch	672	0x64677c48
SzReadUInt32	673	0x64674bd8
SzReadUnPackInfo	674	0x646799c8
SzSkeepData	675	0x646756e4
SzSkeepDataSize	676	0x646756bc
SzWaitAttribute	677	0x64675f9c
TT_New_Context	678	0x6478679c
TT_RunIns	679	0x64783f28
TestSignatureCandidate	680	0x64674b10
VerbCreate	681	0x64709274
WriteRingBuffer	682	0x64709c3c
_Unwind_Backtrace	683	0x6468b238
_Unwind_DeleteException	684	0x6468b218
_Unwind_FindEnclosingFunction	685	0x6468ad70
_Unwind_Find_FDE	686	0x6468d0d0
_Unwind_ForcedUnwind	687	0x6468b030
_Unwind_GetCFA	688	0x6468ace4
_Unwind_GetDataRelBase	689	0x6468ad98
_Unwind_GetGR	690	0x6468aca4
_Unwind_GetIP	691	0x6468ad38
_Unwind_GetIPInfo	692	0x6468ad40
_Unwind_GetLanguageSpecificData	693	0x6468ad60
_Unwind_GetRegionStart	694	0x6468ad68
_Unwind_GetTextRelBase	695	0x6468ada0
_Unwind_RaiseException	696	0x6468ae7c
_Unwind_Resume	697	0x6468b0d0
_Unwind_Resume_or_Rethrow	698	0x6468b170
_Unwind_SetGR	699	0x6468acec
_Unwind_SetIP	700	0x6468ad54
_WinMain	701	0x64668e84
_Z25_al_d3d_prepare_for_resetP19ALLEGRO_DISPLAY_D3D	702	0x6465efec
_Z25_al_save_gdiplus_bitmap_fP12ALLEGRO_FILEPKcP14ALLEGRO_BITMAP	703	0x645d1c2c
_Z47_al_d3d_get_current_ortho_projection_parametersPfS_	704	0x6465ee5c
_ZN20AllegroWindowsStream10LockRegionE15_ULARGE_INTEGERS0_m@24	705	0x647d4ae8
_ZN20AllegroWindowsStream12UnlockRegionE15_ULARGE_INTEGERS0_m@24	706	0x647d4af0
_ZN20AllegroWindowsStream14QueryInterfaceERK5_GUIDPPv@12	707	0x647d4af8
_ZN20AllegroWindowsStream4ReadEPvmPm@16	708	0x647d4b84
_ZN20AllegroWindowsStream4SeekE14_LARGE_INTEGERmP15_ULARGE_INTEGER@20	709	0x647d4bc4
_ZN20AllegroWindowsStream4StatEP10tagSTATSTGm@12	710	0x647d4c40
_ZN20AllegroWindowsStream5CloneEPP7IStream@8	711	0x647d4c7c
_ZN20AllegroWindowsStream5WriteEPKvmPm@16	712	0x647d4c84
_ZN20AllegroWindowsStream6AddRefEv@4	713	0x647d4cc8
_ZN20AllegroWindowsStream6CommitEm@8	714	0x647d4cd4
_ZN20AllegroWindowsStream6CopyToEP7IStream15_ULARGE_INTEGERPS2_S3_@24	715	0x647d4cdc
_ZN20AllegroWindowsStream6RevertEv@4	716	0x647d4ce4
_ZN20AllegroWindowsStream7ReleaseEv@4	717	0x647d4cec
_ZN20AllegroWindowsStream7SetSizeE15_ULARGE_INTEGER@12	718	0x647d4d20
_ZN20AllegroWindowsStreamD0Ev	719	0x647d4d28
_ZN20AllegroWindowsStreamD1Ev	720	0x647d4d40
_ZN7Gdiplus12CachedBitmapD0Ev	721	0x647d4d48
_ZN7Gdiplus12CachedBitmapD1Ev	722	0x647d4d70
_ZN7Gdiplus13CustomLineCapD0Ev	723	0x647d4d8c
_ZN7Gdiplus13CustomLineCapD1Ev	724	0x647d4db4
_ZN7Gdiplus14FontCollectionD0Ev	725	0x647d4dd0
_ZN7Gdiplus14FontCollectionD1Ev	726	0x647d4de8
_ZN7Gdiplus21PrivateFontCollectionD0Ev	727	0x647d4df0
_ZN7Gdiplus21PrivateFontCollectionD1Ev	728	0x647d4e2c
_ZN7Gdiplus23InstalledFontCollectionD0Ev	729	0x647d4e60
_ZN7Gdiplus23InstalledFontCollectionD1Ev	730	0x647d4e78
_ZN7Gdiplus5Image5CloneEv	731	0x647d4e80
_ZN7Gdiplus5ImageD0Ev	732	0x647d4ed0
_ZN7Gdiplus5ImageD1Ev	733	0x647d4ef8
_ZN7Gdiplus6BitmapD0Ev	734	0x647d4f14
_ZN7Gdiplus6BitmapD1Ev	735	0x647d4f3c
_ZTI17ISequentialStream	736	0x64830c00
_ZTI20AllegroWindowsStream	737	0x64830c0c
_ZTI7IStream	738	0x64830c18
_ZTI8IUnknown	739	0x64830c24
_ZTIN7Gdiplus11GdiplusBaseE	740	0x64830c54
_ZTIN7Gdiplus12CachedBitmapE	741	0x64830c5c
_ZTIN7Gdiplus13CustomLineCapE	742	0x64830c68
_ZTIN7Gdiplus14FontCollectionE	743	0x64830c74
_ZTIN7Gdiplus21PrivateFontCollectionE	744	0x64830c80
_ZTIN7Gdiplus23InstalledFontCollectionE	745	0x64830c8c
_ZTIN7Gdiplus5ImageE	746	0x64830c98
_ZTIN7Gdiplus6BitmapE	747	0x64830ca4
_ZTS17ISequentialStream	748	0x64830cfc
_ZTS20AllegroWindowsStream	749	0x64830d10
_ZTS7IStream	750	0x64830d28
_ZTS8IUnknown	751	0x64830d34
_ZTSN7Gdiplus11GdiplusBaseE	752	0x64830e20
_ZTSN7Gdiplus12CachedBitmapE	753	0x64830e38
_ZTSN7Gdiplus13CustomLineCapE	754	0x64830e54
_ZTSN7Gdiplus14FontCollectionE	755	0x64830e70
_ZTSN7Gdiplus21PrivateFontCollectionE	756	0x64830ea0
_ZTSN7Gdiplus23InstalledFontCollectionE	757	0x64830ee0
_ZTSN7Gdiplus5ImageE	758	0x64830f20
_ZTSN7Gdiplus6BitmapE	759	0x64830f34
_ZTV17ISequentialStream	760	0x64831068
_ZTV20AllegroWindowsStream	761	0x648310a0
_ZTV7IStream	762	0x64831100
_ZTV8IUnknown	763	0x64831140
_ZTVN7Gdiplus12CachedBitmapE	764	0x64831220
_ZTVN7Gdiplus13CustomLineCapE	765	0x64831230
_ZTVN7Gdiplus14FontCollectionE	766	0x64831240
_ZTVN7Gdiplus21PrivateFontCollectionE	767	0x64831250
_ZTVN7Gdiplus23InstalledFontCollectionE	768	0x64831260
_ZTVN7Gdiplus5ImageE	769	0x64831270
_ZTVN7Gdiplus6BitmapE	770	0x64831288
__PHYSFS_AllocatorHooks	771	0x64878f20
__PHYSFS_ArchiveInfo_DIR	772	0x647f93bc
__PHYSFS_ArchiveInfo_GRP	773	0x647f9538
__PHYSFS_ArchiveInfo_HOG	774	0x647f9694
__PHYSFS_ArchiveInfo_LZMA	775	0x647f982c
__PHYSFS_ArchiveInfo_MVL	776	0x647f9970
__PHYSFS_ArchiveInfo_QPAK	777	0x647f9acc
__PHYSFS_ArchiveInfo_WAD	778	0x647f9c0c
__PHYSFS_ArchiveInfo_ZIP	779	0x647f9edc
__PHYSFS_Archiver_DIR	780	0x647f9300
__PHYSFS_Archiver_GRP	781	0x647f9480
__PHYSFS_Archiver_HOG	782	0x647f95e0
__PHYSFS_Archiver_LZMA	783	0x647f9780
__PHYSFS_Archiver_MVL	784	0x647f98c0
__PHYSFS_Archiver_QPAK	785	0x647f9a20
__PHYSFS_Archiver_WAD	786	0x647f9b60
__PHYSFS_Archiver_ZIP	787	0x647f9e20
__PHYSFS_convertToDependent	788	0x646821ac
__PHYSFS_initSmallAlloc	789	0x64684724
__PHYSFS_platformCalcBaseDir	790	0x64686c94
__PHYSFS_platformClose	791	0x646884b0
__PHYSFS_platformCreateMutex	792	0x646885d8
__PHYSFS_platformCurrentDir	793	0x6468778c
__PHYSFS_platformCvtToDependent	794	0x6468714c
__PHYSFS_platformDeinit	795	0x6468809c
__PHYSFS_platformDelete	796	0x646884f0
__PHYSFS_platformDestroyMutex	797	0x64688600
__PHYSFS_platformDetectAvailableCDs	798	0x64686bdc
__PHYSFS_platformDirSeparator	799	0x647dd410
__PHYSFS_platformEOF	800	0x646883b0
__PHYSFS_platformEnumerateFiles	801	0x6468724c
__PHYSFS_platformExists	802	0x64686eb4
__PHYSFS_platformFileLength	803	0x6468835c
__PHYSFS_platformFlush	804	0x64688474
__PHYSFS_platformGetLastModTime	805	0x64688650
__PHYSFS_platformGetThreadID	806	0x64686ea4
__PHYSFS_platformGetUserDir	807	0x64686e4c
__PHYSFS_platformGetUserName	808	0x64686cc4
__PHYSFS_platformGrabMutex	809	0x64688614
__PHYSFS_platformInit	810	0x64687c10
__PHYSFS_platformIsDirectory	811	0x64687098
__PHYSFS_platformIsSymLink	812	0x64686f80
__PHYSFS_platformMkDir	813	0x64687b50
__PHYSFS_platformOpenAppend	814	0x6468813c
__PHYSFS_platformOpenRead	815	0x64688104
__PHYSFS_platformOpenWrite	816	0x64688120
__PHYSFS_platformRead	817	0x646881bc
__PHYSFS_platformRealPath	818	0x64687904
__PHYSFS_platformReleaseMutex	819	0x6468863c
__PHYSFS_platformSeek	820	0x64688294
__PHYSFS_platformSetDefaultAllocator	821	0x64688900
__PHYSFS_platformTell	822	0x646882f8
__PHYSFS_platformWrite	823	0x64688228
__PHYSFS_setError	824	0x646808c4
__PHYSFS_smallFree	825	0x6468476c
__PHYSFS_sort	826	0x646808a4
__PHYSFS_stricmpASCII	827	0x64685a04
__PHYSFS_strnicmpASCII	828	0x64685a58
__PHYSFS_utf8strcasecmp	829	0x64685844
__PHYSFS_utf8strnicmp	830	0x64685914
__deregister_frame	831	0x6468d0a8
__deregister_frame_info	832	0x6468d0a0
__deregister_frame_info_bases	833	0x6468cee4
__emutls_get_address	834	0x6468b3e0
__emutls_register_common	835	0x6468b5f4
__frame_state_for	836	0x6468ada8
__register_frame	837	0x6468ca90
__register_frame_info	838	0x6468c910
__register_frame_info_bases	839	0x6468c794
__register_frame_info_table	840	0x6468cd64
__register_frame_info_table_bases	841	0x6468cc18
__register_frame_table	842	0x6468ceb0
_al_aa_delete	843	0x64603b38
_al_aa_free	844	0x64603b80
_al_aa_insert	845	0x64603aac
_al_aa_search	846	0x64603adc
_al_acodec_stop_feed_thread	847	0x645c2130
_al_add_exit_func	848	0x645ff32c
_al_append_native_text_log	849	0x645d583c
_al_balloc	850	0x646042b4
_al_ballocmin	851	0x64604454
_al_bassign	852	0x64605928
_al_bassignblk	853	0x64605b74
_al_bassigncstr	854	0x64605a80
_al_bassignformat	855	0x64609f58
_al_bassigngets	856	0x64607a54
_al_bassignmidstr	857	0x646059bc
_al_bcatblk	858	0x64604d54
_al_bcatcstr	859	0x64604c14
_al_bconcat	860	0x646056cc
_al_bconchar	861	0x64604bc0
_al_bcstrfree	862	0x64604b84
_al_bdelete	863	0x64606824
_al_bdestroy	864	0x646068c0
_al_bfindreplace	865	0x64607690
_al_bfindreplacecaseless	866	0x646076b4
_al_bformat	867	0x6460a244
_al_bformata	868	0x64609d28
_al_bfromcstr	869	0x646044e4
_al_bfromcstralloc	870	0x64604610
_al_bgets	871	0x64607c2c
_al_bgetsa	872	0x64607b40
_al_binchr	873	0x64606b38
_al_binchrr	874	0x64606c1c
_al_binsert	875	0x64607160
_al_binsertch	876	0x646076d8
_al_binstr	877	0x64604060
_al_binstrcaseless	878	0x646041b4
_al_binstrr	879	0x64606948
_al_binstrrcaseless	880	0x646069d4
_al_biseq	881	0x64606414
_al_biseqcaseless	882	0x64605fac
_al_biseqcstr	883	0x646064ec
_al_biseqcstrcaseless	884	0x64606550
_al_bisstemeqblk	885	0x6460648c
_al_bisstemeqcaselessblk	886	0x6460604c
_al_bitmap_d3d_driver	887	0x6465bd30
_al_bitmap_region_is_locked	888	0x645e0c18
_al_bjoin	889	0x646088ac
_al_blend_memory	890	0x645e5e14
_al_blk2bstr	891	0x64604750
_al_bltrimws	892	0x646060e4
_al_bmidstr	893	0x646067c4
_al_bninchr	894	0x64606d1c
_al_bninchrr	895	0x64606e08
_al_bpattern	896	0x646077fc
_al_bread	897	0x64607938
_al_breada	898	0x64607894
_al_breplace	899	0x646073c8
_al_brtrimws	900	0x646061f8
_al_bsbufflength	901	0x64607df8
_al_bsclose	902	0x64607e50
_al_bseof	903	0x64607e20
_al_bsetstr	904	0x64606f08
_al_bsopen	905	0x64607d8c
_al_bspeek	906	0x64608814
_al_bsplit	907	0x64609710
_al_bsplitcb	908	0x64609304
_al_bsplits	909	0x64609bfc
_al_bsplitscb	910	0x64609390
_al_bsplitstr	911	0x64609808
_al_bsplitstrcb	912	0x6460955c
_al_bsread	913	0x6460876c
_al_bsreada	914	0x64608438
_al_bsreadln	915	0x64608650
_al_bsreadlna	916	0x64607f20
_al_bsreadlns	917	0x646086b8
_al_bsreadlnsa	918	0x64608134
_al_bssplitscb	919	0x64608a88
_al_bssplitstrcb	920	0x64608d00
_al_bstr2cstr	921	0x64604b08
_al_bstrListAlloc	922	0x64609158
_al_bstrListAllocMin	923	0x64609270
_al_bstrListCreate	924	0x64608f88
_al_bstrListDestroy	925	0x6460901c
_al_bstrchrp	926	0x64606ab0
_al_bstrcmp	927	0x64606600
_al_bstrcpy	928	0x64604dec
_al_bstricmp	929	0x64605d08
_al_bstrncmp	930	0x646066e4
_al_bstrnicmp	931	0x64605e40
_al_bstrrchrp	932	0x64606b00
_al_bsunread	933	0x646087d4
_al_btolower	934	0x64605cb0
_al_btoupper	935	0x64605c58
_al_btrimws	936	0x646062b4
_al_btrunc	937	0x64605c0c
_al_bvcformata	938	0x6460a3ac
_al_clear_bitmap_by_locking	939	0x646032d8
_al_close_library	940	0x64623da0
_al_close_native_text_log	941	0x645d57ec
_al_cond_broadcast	942	0x6466c618
_al_cond_destroy	943	0x6466c5a4
_al_cond_init	944	0x6466c540
_al_cond_signal	945	0x6466c6b0
_al_cond_timedwait	946	0x6466c5ec
_al_cond_wait	947	0x6466c5d8
_al_convert_bitmap_data	948	0x645e2f18
_al_convert_funcs	949	0x647daba0
_al_convert_to_display_bitmap	950	0x645e2c18
_al_convert_to_memory_bitmap	951	0x645e2d88
_al_count_to_channel_conf	952	0x645c47b8
_al_create_default_shader	953	0x645d6910
_al_create_shader	954	0x645d686c
_al_d3d	955	0x648738a4
_al_d3d_bmp_destroy	956	0x6465b9b8
_al_d3d_bmp_init	957	0x6465b99c
_al_d3d_create_bitmap	958	0x6465d328
_al_d3d_destroy_display_format_list	959	0x6466006c
_al_d3d_format_to_allegro	960	0x6465edf0
_al_d3d_generate_display_format_list	961	0x646600c8
_al_d3d_get_display_mode	962	0x6465fe48
_al_d3d_get_display_settings	963	0x64660ad8
_al_d3d_get_nth_format	964	0x6465ee3c
_al_d3d_get_num_display_modes	965	0x6465fcb0
_al_d3d_init_display	966	0x6465ee80
_al_d3d_lost_device_mutex	967	0x648738a0
_al_d3d_num_display_formats	968	0x6465ee34
_al_d3d_prepare_bitmaps_for_reset	969	0x6465bac0
_al_d3d_recreate_bitmap_textures	970	0x6465bb80
_al_d3d_refresh_texture_memory	971	0x6465bc64
_al_d3d_release_default_pool_textures	972	0x6465ba34
_al_d3d_render_to_texture_supported	973	0x6465ee78
_al_d3d_resort_display_settings	974	0x64660aa8
_al_d3d_score_display_settings	975	0x64660a30
_al_d3d_set_bitmap_clip	976	0x6465f464
_al_d3d_set_blender	977	0x6465f040
_al_d3d_supports_separate_alpha_blend	978	0x6465ec18
_al_deduce_color_format	979	0x645fc288
_al_destroy_display_bitmaps	980	0x645fb5ac
_al_display_d3d_driver	981	0x6465fb84
_al_display_settings_sorter	982	0x645fc248
_al_display_wgl_driver	983	0x64662ce8
_al_draw_bitmap_region_memory	984	0x6460286c
_al_draw_pixel_memory	985	0x64603230
_al_draw_prim_directx	986	0x645de4d0
_al_draw_prim_indexed_directx	987	0x645de534
_al_draw_prim_indexed_opengl	988	0x645ded20
_al_draw_prim_indexed_soft	989	0x645dfce4
_al_draw_prim_opengl	990	0x645dea9c
_al_draw_prim_soft	991	0x645df194
_al_draw_soft_triangle	992	0x646571a8
_al_dtor_list	993	0x64873660
_al_event_queue_push_event	994	0x645fee1c
_al_event_source_emit_event	995	0x645ff128
_al_event_source_free	996	0x645ff01c
_al_event_source_init	997	0x645fefe0
_al_event_source_lock	998	0x645ff064
_al_event_source_needs_to_generate_event	999	0x645ff118
_al_event_source_on_registration_to_queue	1000	0x645ff09c
_al_event_source_on_unregistration_from_queue	1001	0x645ff0d8
_al_event_source_unlock	1002	0x645ff080
_al_file_interface_stdio	1003	0x647e8160
_al_fill_display_settings	1004	0x645fb8e0
_al_fix_acos_tbl	1005	0x647dbb60
_al_fix_cos_tbl	1006	0x647dc780
_al_fix_tan_tbl	1007	0x647dc380
_al_font_vtable_color	1008	0x647daa00
_al_foreach_destructor	1009	0x645fe464
_al_fs_interface_stdio	1010	0x647db760
_al_generate_joystick_event	1011	0x64601ee8
_al_get_new_display_settings	1012	0x64624a18
_al_get_phys_vtable	1013	0x645d5c64
_al_get_real_pixel_format	1014	0x646234b0
_al_get_thread_should_stop	1015	0x64601d78
_al_glAccumxOES	1016	0x64871ff4
_al_glActiveProgramEXT	1017	0x648719f8
_al_glActiveStencilFaceEXT	1018	0x64872300
_al_glActiveTexture	1019	0x6487359c
_al_glActiveTextureARB	1020	0x6487314c
_al_glActiveVaryingNV	1021	0x64871de4
_al_glAlphaFragmentOp1ATI	1022	0x648724d8
_al_glAlphaFragmentOp2ATI	1023	0x648724d4
_al_glAlphaFragmentOp3ATI	1024	0x648724d0
_al_glAlphaFuncxOES	1025	0x64872008
_al_glApplyTextureEXT	1026	0x64872908
_al_glAreProgramsResidentNV	1027	0x64872610
_al_glAreTexturesResidentEXT	1028	0x64872a6c
_al_glArrayElementEXT	1029	0x64872a3c
_al_glArrayObjectATI	1030	0x648724a8
_al_glAsyncMarkerSGIX	1031	0x648728fc
_al_glAttachObjectARB	1032	0x64872eb0
_al_glAttachShader	1033	0x648733d0
_al_glBeginConditionalRender	1034	0x64873220
_al_glBeginConditionalRenderNV	1035	0x64871dd8
_al_glBeginFragmentShaderATI	1036	0x648724f4
_al_glBeginOcclusionQueryNV	1037	0x64872318
_al_glBeginPerfMonitorAMD	1038	0x64871a84
_al_glBeginQuery	1039	0x648733f8
_al_glBeginQueryARB	1040	0x64872ee0
_al_glBeginQueryIndexed	1041	0x64872b48
_al_glBeginTransformFeedback	1042	0x6487323c
_al_glBeginTransformFeedbackEXT	1043	0x64871dd0
_al_glBeginTransformFeedbackNV	1044	0x64871df4
_al_glBeginVertexShaderEXT	1045	0x64872490
_al_glBeginVideoCaptureNV	1046	0x64871a2c
_al_glBindAttribLocation	1047	0x64873294
_al_glBindAttribLocationARB	1048	0x64872e30
_al_glBindBuffer	1049	0x64873430
_al_glBindBufferARB	1050	0x64872f18
_al_glBindBufferBase	1051	0x64873230
_al_glBindBufferBaseEXT	1052	0x64871dc0
_al_glBindBufferBaseNV	1053	0x64871e00
_al_glBindBufferOffsetEXT	1054	0x64871dc4
_al_glBindBufferOffsetNV	1055	0x64871e04
_al_glBindBufferRange	1056	0x64873234
_al_glBindBufferRangeEXT	1057	0x64871dc8
_al_glBindBufferRangeNV	1058	0x64871e08
_al_glBindFragDataLocation	1059	0x648731b8
_al_glBindFragDataLocationEXT	1060	0x64871e78
_al_glBindFragDataLocationIndexed	1061	0x64872d08
_al_glBindFragmentShaderATI	1062	0x648724fc
_al_glBindFramebuffer	1063	0x64872df8
_al_glBindFramebufferEXT	1064	0x64871f80
_al_glBindLightParameterEXT	1065	0x64872428
_al_glBindMaterialParameterEXT	1066	0x64872424
_al_glBindMultiTextureEXT	1067	0x64871cc0
_al_glBindParameterEXT	1068	0x64872418
_al_glBindProgramARB	1069	0x64872f70
_al_glBindProgramNV	1070	0x6487260c
_al_glBindRenderbuffer	1071	0x64872e10
_al_glBindRenderbufferEXT	1072	0x64871f98
_al_glBindSampler	1073	0x64872cf4
_al_glBindTexGenParameterEXT	1074	0x64872420
_al_glBindTextureEXT	1075	0x64872a68
_al_glBindTextureUnitParameterEXT	1076	0x6487241c
_al_glBindTransformFeedback	1077	0x64872b68
_al_glBindTransformFeedbackNV	1078	0x64871ac0
_al_glBindVertexArray	1079	0x64872da4
_al_glBindVertexArrayAPPLE	1080	0x648722c8
_al_glBindVertexShaderEXT	1081	0x64872488
_al_glBindVideoCaptureStreamBufferNV	1082	0x64871a28
_al_glBindVideoCaptureStreamTextureNV	1083	0x64871a24
_al_glBinormal3bEXT	1084	0x64872838
_al_glBinormal3bvEXT	1085	0x64872834
_al_glBinormal3dEXT	1086	0x64872830
_al_glBinormal3dvEXT	1087	0x6487282c
_al_glBinormal3fEXT	1088	0x64872828
_al_glBinormal3fvEXT	1089	0x64872824
_al_glBinormal3iEXT	1090	0x64872820
_al_glBinormal3ivEXT	1091	0x6487281c
_al_glBinormal3sEXT	1092	0x64872818
_al_glBinormal3svEXT	1093	0x64872814
_al_glBinormalPointerEXT	1094	0x6487280c
_al_glBitmapxOES	1095	0x64872038
_al_glBlendColor	1096	0x64873634
_al_glBlendColorEXT	1097	0x64872b3c
_al_glBlendColorxOES	1098	0x64872004
_al_glBlendEquation	1099	0x64873630
_al_glBlendEquationEXT	1100	0x64872a18
_al_glBlendEquationIndexedAMD	1101	0x64871a64
_al_glBlendEquationSeparate	1102	0x648733e4
_al_glBlendEquationSeparateEXT	1103	0x64871fa0
_al_glBlendEquationSeparateIndexedAMD	1104	0x64871a60
_al_glBlendEquationSeparatei	1105	0x64872d30
_al_glBlendEquationi	1106	0x64872d34
_al_glBlendFuncIndexedAMD	1107	0x64871a6c
_al_glBlendFuncSeparate	1108	0x648734e4
_al_glBlendFuncSeparateEXT	1109	0x64872728
_al_glBlendFuncSeparateINGR	1110	0x64872724
_al_glBlendFuncSeparateIndexedAMD	1111	0x64871a68
_al_glBlendFuncSeparatei	1112	0x64872d28
_al_glBlendFunci	1113	0x64872d2c
_al_glBlitFramebuffer	1114	0x64872dd0
_al_glBlitFramebufferEXT	1115	0x64871f50
_al_glBufferAddressRangeNV	1116	0x648719b8
_al_glBufferData	1117	0x64873420
_al_glBufferDataARB	1118	0x64872f08
_al_glBufferParameteriAPPLE	1119	0x64871f38
_al_glBufferSubData	1120	0x6487341c
_al_glBufferSubDataARB	1121	0x64872f04
_al_glCheckFramebufferStatus	1122	0x64872dec
_al_glCheckFramebufferStatusEXT	1123	0x64871f74
_al_glCheckNamedFramebufferStatusEXT	1124	0x64871b18
_al_glClampColor	1125	0x64873224
_al_glClampColorARB	1126	0x64872e20
_al_glClearAccumxOES	1127	0x64871ff8
_al_glClearBufferfi	1128	0x64873174
_al_glClearBufferfv	1129	0x64873178
_al_glClearBufferiv	1130	0x64873180
_al_glClearBufferuiv	1131	0x6487317c
_al_glClearColorxOES	1132	0x64872000
_al_glClearDepthdNV	1133	0x64871e64
_al_glClearDepthfOES	1134	0x64871fac
_al_glClearDepthxOES	1135	0x64871ffc
_al_glClientActiveTexture	1136	0x64873598
_al_glClientActiveTextureARB	1137	0x64873148
_al_glClientActiveVertexStreamATI	1138	0x64872340
_al_glClientAttribDefaultEXT	1139	0x64871db4
_al_glClientWaitSync	1140	0x64872d54
_al_glClipPlanefOES	1141	0x64871fb4
_al_glClipPlanexOES	1142	0x648720a8
_al_glColor3fVertex3fSUN	1143	0x648727b8
_al_glColor3fVertex3fvSUN	1144	0x648727b4
_al_glColor3hNV	1145	0x64872270
_al_glColor3hvNV	1146	0x6487226c
_al_glColor3xOES	1147	0x648720fc
_al_glColor3xvOES	1148	0x648720f4
_al_glColor4fNormal3fVertex3fSUN	1149	0x648727a8
_al_glColor4fNormal3fVertex3fvSUN	1150	0x648727a4
_al_glColor4hNV	1151	0x64872268
_al_glColor4hvNV	1152	0x64872264
_al_glColor4ubVertex2fSUN	1153	0x648727c8
_al_glColor4ubVertex2fvSUN	1154	0x648727c4
_al_glColor4ubVertex3fSUN	1155	0x648727c0
_al_glColor4ubVertex3fvSUN	1156	0x648727bc
_al_glColor4xOES	1157	0x648720f8
_al_glColor4xvOES	1158	0x648720f0
_al_glColorFormatNV	1159	0x648719ac
_al_glColorFragmentOp1ATI	1160	0x648724e4
_al_glColorFragmentOp2ATI	1161	0x648724e0
_al_glColorFragmentOp3ATI	1162	0x648724dc
_al_glColorMaskIndexedEXT	1163	0x64871f24
_al_glColorMaski	1164	0x64873254
_al_glColorP3ui	1165	0x64872c5c
_al_glColorP3uiv	1166	0x64872c58
_al_glColorP4ui	1167	0x64872c54
_al_glColorP4uiv	1168	0x64872c50
_al_glColorPointerEXT	1169	0x64872a38
_al_glColorPointervINTEL	1170	0x648728dc
_al_glColorSubTable	1171	0x6487360c
_al_glColorTable	1172	0x64873628
_al_glColorTableEXT	1173	0x64872994
_al_glColorTableParameterfv	1174	0x64873624
_al_glColorTableParameterfvSGI	1175	0x64872aa8
_al_glColorTableParameteriv	1176	0x64873620
_al_glColorTableParameterivSGI	1177	0x64872aa4
_al_glColorTableSGI	1178	0x64872aac
_al_glCombinerInputNV	1179	0x648726fc
_al_glCombinerOutputNV	1180	0x648726f8
_al_glCombinerParameterfNV	1181	0x64872708
_al_glCombinerParameterfvNV	1182	0x6487270c
_al_glCombinerParameteriNV	1183	0x64872700
_al_glCombinerParameterivNV	1184	0x64872704
_al_glCombinerStageParameterfvNV	1185	0x64872618
_al_glCompileShader	1186	0x648733c4
_al_glCompileShaderARB	1187	0x64872eb8
_al_glCompileShaderIncludeARB	1188	0x64872d18
_al_glCompressedMultiTexImage1DEXT	1189	0x64871c44
_al_glCompressedMultiTexImage2DEXT	1190	0x64871c48
_al_glCompressedMultiTexImage3DEXT	1191	0x64871c4c
_al_glCompressedMultiTexSubImage1DEXT	1192	0x64871c38
_al_glCompressedMultiTexSubImage2DEXT	1193	0x64871c3c
_al_glCompressedMultiTexSubImage3DEXT	1194	0x64871c40
_al_glCompressedTexImage1D	1195	0x648734f8
_al_glCompressedTexImage1DARB	1196	0x648730a8
_al_glCompressedTexImage2D	1197	0x648734fc
_al_glCompressedTexImage2DARB	1198	0x648730ac
_al_glCompressedTexImage3D	1199	0x64873500
_al_glCompressedTexImage3DARB	1200	0x648730b0
_al_glCompressedTexSubImage1D	1201	0x648734ec
_al_glCompressedTexSubImage1DARB	1202	0x6487309c
_al_glCompressedTexSubImage2D	1203	0x648734f0
_al_glCompressedTexSubImage2DARB	1204	0x648730a0
_al_glCompressedTexSubImage3D	1205	0x648734f4
_al_glCompressedTexSubImage3DARB	1206	0x648730a4
_al_glCompressedTextureImage1DEXT	1207	0x64871c60
_al_glCompressedTextureImage2DEXT	1208	0x64871c64
_al_glCompressedTextureImage3DEXT	1209	0x64871c68
_al_glCompressedTextureSubImage1DEXT	1210	0x64871c54
_al_glCompressedTextureSubImage2DEXT	1211	0x64871c58
_al_glCompressedTextureSubImage3DEXT	1212	0x64871c5c
_al_glConvolutionFilter1D	1213	0x648735f8
_al_glConvolutionFilter1DEXT	1214	0x64872ae0
_al_glConvolutionFilter2D	1215	0x648735f4
_al_glConvolutionFilter2DEXT	1216	0x64872adc
_al_glConvolutionParameterf	1217	0x648735f0
_al_glConvolutionParameterfEXT	1218	0x64872ad8
_al_glConvolutionParameterfv	1219	0x648735ec
_al_glConvolutionParameterfvEXT	1220	0x64872ad4
_al_glConvolutionParameteri	1221	0x648735e8
_al_glConvolutionParameteriEXT	1222	0x64872ad0
_al_glConvolutionParameteriv	1223	0x648735e4
_al_glConvolutionParameterivEXT	1224	0x64872acc
_al_glConvolutionParameterxOES	1225	0x6487204c
_al_glConvolutionParameterxvOES	1226	0x64872048
_al_glCopyBufferSubData	1227	0x64872d78
_al_glCopyColorSubTable	1228	0x64873608
_al_glCopyColorSubTableEXT	1229	0x6487299c
_al_glCopyColorTable	1230	0x6487361c
_al_glCopyColorTableSGI	1231	0x64872aa0
_al_glCopyConvolutionFilter1D	1232	0x648735e0
_al_glCopyConvolutionFilter1DEXT	1233	0x64872ac8
_al_glCopyConvolutionFilter2D	1234	0x648735dc
_al_glCopyConvolutionFilter2DEXT	1235	0x64872ac4
_al_glCopyMultiTexImage1DEXT	1236	0x64871cf0
_al_glCopyMultiTexImage2DEXT	1237	0x64871cec
_al_glCopyMultiTexSubImage1DEXT	1238	0x64871ce8
_al_glCopyMultiTexSubImage2DEXT	1239	0x64871ce4
_al_glCopyMultiTexSubImage3DEXT	1240	0x64871cc4
_al_glCopyTexImage1DEXT	1241	0x64872b1c
_al_glCopyTexImage2DEXT	1242	0x64872b18
_al_glCopyTexSubImage1DEXT	1243	0x64872b14
_al_glCopyTexSubImage2DEXT	1244	0x64872b10
_al_glCopyTexSubImage3D	1245	0x648735fc
_al_glCopyTexSubImage3DEXT	1246	0x64872b0c
_al_glCopyTextureImage1DEXT	1247	0x64871d40
_al_glCopyTextureImage2DEXT	1248	0x64871d3c
_al_glCopyTextureSubImage1DEXT	1249	0x64871d38
_al_glCopyTextureSubImage2DEXT	1250	0x64871d34
_al_glCopyTextureSubImage3DEXT	1251	0x64871d14
_al_glCreateProgram	1252	0x648733e0
_al_glCreateProgramObjectARB	1253	0x64872eb4
_al_glCreateShader	1254	0x648733dc
_al_glCreateShaderObjectARB	1255	0x64872ec0
_al_glCreateShaderProgramEXT	1256	0x648719f4
_al_glCullParameterdvEXT	1257	0x6487295c
_al_glCullParameterfvEXT	1258	0x64872958
_al_glCurrentPaletteMatrixARB	1259	0x64873064
_al_glDeformSGIX	1260	0x648729cc
_al_glDeformationMap3dSGIX	1261	0x648729d4
_al_glDeformationMap3fSGIX	1262	0x648729d0
_al_glDeleteAsyncMarkersSGIX	1263	0x648728ec
_al_glDeleteBuffers	1264	0x6487342c
_al_glDeleteBuffersARB	1265	0x64872f14
_al_glDeleteFencesAPPLE	1266	0x648722e4
_al_glDeleteFencesNV	1267	0x64872658
_al_glDeleteFragmentShaderATI	1268	0x648724f8
_al_glDeleteFramebuffers	1269	0x64872df4
_al_glDeleteFramebuffersEXT	1270	0x64871f7c
_al_glDeleteNamedStringARB	1271	0x64872d1c
_al_glDeleteObjectARB	1272	0x64872ecc
_al_glDeleteOcclusionQueriesNV	1273	0x64872320
_al_glDeletePerfMonitorsAMD	1274	0x64871a8c
_al_glDeleteProgram	1275	0x648733d8
_al_glDeleteProgramsARB	1276	0x64872f6c
_al_glDeleteProgramsNV	1277	0x64872608
_al_glDeleteQueries	1278	0x64873400
_al_glDeleteQueriesARB	1279	0x64872ee8
_al_glDeleteRenderbuffers	1280	0x64872e0c
_al_glDeleteRenderbuffersEXT	1281	0x64871f94
_al_glDeleteSamplers	1282	0x64872cfc
_al_glDeleteShader	1283	0x648733d4
_al_glDeleteSync	1284	0x64872d58
_al_glDeleteTexturesEXT	1285	0x64872a64
_al_glDeleteTransformFeedbacks	1286	0x64872b64
_al_glDeleteTransformFeedbacksNV	1287	0x64871abc
_al_glDeleteVertexArrays	1288	0x64872da0
_al_glDeleteVertexArraysAPPLE	1289	0x648722c4
_al_glDeleteVertexShaderEXT	1290	0x64872480
_al_glDepthBoundsEXT	1291	0x64871fa4
_al_glDepthBoundsdNV	1292	0x64871e60
_al_glDepthRangedNV	1293	0x64871e68
_al_glDepthRangefOES	1294	0x64871fc0
_al_glDepthRangexOES	1295	0x648720dc
_al_glDetachObjectARB	1296	0x64872ec4
_al_glDetachShader	1297	0x648733cc
_al_glDetailTexFuncSGIS	1298	0x64872a54
_al_glDisableClientStateIndexedEXT	1299	0x64871cb8
_al_glDisableIndexedEXT	1300	0x64871f14
_al_glDisableVariantClientStateEXT	1301	0x6487242c
_al_glDisableVertexAttribAPPLE	1302	0x64871a50
_al_glDisableVertexAttribArray	1303	0x64873298
_al_glDisableVertexAttribArrayARB	1304	0x64872f78
_al_glDisablei	1305	0x64873244
_al_glDrawArraysEXT	1306	0x64872a34
_al_glDrawArraysIndirect	1307	0x64872c24
_al_glDrawArraysInstanced	1308	0x6487316c
_al_glDrawArraysInstancedARB	1309	0x64872e1c
_al_glDrawArraysInstancedEXT	1310	0x64871f0c
_al_glDrawBuffers	1311	0x64873278
_al_glDrawBuffersARB	1312	0x64872e24
_al_glDrawBuffersATI	1313	0x648722ac
_al_glDrawElementArrayAPPLE	1314	0x648722f8
_al_glDrawElementArrayATI	1315	0x64872330
_al_glDrawElementsBaseVertex	1316	0x64872d74
_al_glDrawElementsIndirect	1317	0x64872c20
_al_glDrawElementsInstanced	1318	0x64873168
_al_glDrawElementsInstancedARB	1319	0x64872e18
_al_glDrawElementsInstancedBaseVertex	1320	0x64872d6c
_al_glDrawElementsInstancedEXT	1321	0x64871f08
_al_glDrawMeshArraysSUN	1322	0x64872328
_al_glDrawRangeElementArrayAPPLE	1323	0x648722f4
_al_glDrawRangeElementArrayATI	1324	0x6487232c
_al_glDrawRangeElements	1325	0x6487362c
_al_glDrawRangeElementsBaseVertex	1326	0x64872d70
_al_glDrawRangeElementsEXT	1327	0x6487290c
_al_glDrawTransformFeedback	1328	0x64872b50
_al_glDrawTransformFeedbackNV	1329	0x64871aa8
_al_glDrawTransformFeedbackStream	1330	0x64872b4c
_al_glEdgeFlagFormatNV	1331	0x648719a0
_al_glEdgeFlagPointerEXT	1332	0x64872a30
_al_glElementPointerAPPLE	1333	0x648722fc
_al_glElementPointerATI	1334	0x64872334
_al_glEnableClientStateIndexedEXT	1335	0x64871cbc
_al_glEnableIndexedEXT	1336	0x64871f18
_al_glEnableVariantClientStateEXT	1337	0x64872430
_al_glEnableVertexAttribAPPLE	1338	0x64871a54
_al_glEnableVertexAttribArray	1339	0x6487329c
_al_glEnableVertexAttribArrayARB	1340	0x64872f7c
_al_glEnablei	1341	0x64873248
_al_glEndConditionalRender	1342	0x6487321c
_al_glEndConditionalRenderNV	1343	0x64871dd4
_al_glEndFragmentShaderATI	1344	0x648724f0
_al_glEndOcclusionQueryNV	1345	0x64872314
_al_glEndPerfMonitorAMD	1346	0x64871a80
_al_glEndQuery	1347	0x648733f4
_al_glEndQueryARB	1348	0x64872edc
_al_glEndQueryIndexed	1349	0x64872b44
_al_glEndTransformFeedback	1350	0x64873238
_al_glEndTransformFeedbackEXT	1351	0x64871dcc
_al_glEndTransformFeedbackNV	1352	0x64871df0
_al_glEndVertexShaderEXT	1353	0x6487248c
_al_glEndVideoCaptureNV	1354	0x64871a20
_al_glEvalCoord1xOES	1355	0x64871fdc
_al_glEvalCoord1xvOES	1356	0x64871fd4
_al_glEvalCoord2xOES	1357	0x64871fd8
_al_glEvalCoord2xvOES	1358	0x64871fd0
_al_glEvalMapsNV	1359	0x6487261c
_al_glExecuteProgramNV	1360	0x64872604
_al_glExtractComponentEXT	1361	0x64872464
_al_glFeedbackBufferxOES	1362	0x64871fcc
_al_glFenceSync	1363	0x64872d60
_al_glFinalCombinerInputNV	1364	0x648726f4
_al_glFinishAsyncSGIX	1365	0x648728f8
_al_glFinishFenceAPPLE	1366	0x648722d4
_al_glFinishFenceNV	1367	0x64872644
_al_glFinishObjectAPPLE	1368	0x648722cc
_al_glFinishTextureSUNX	1369	0x64872808
_al_glFlushMappedBufferRange	1370	0x64872dac
_al_glFlushMappedBufferRangeAPPLE	1371	0x64871f34
_al_glFlushPixelDataRangeNV	1372	0x648721d4
_al_glFlushRasterSGIX	1373	0x648729c0
_al_glFlushVertexArrayRangeAPPLE	1374	0x648722b4
_al_glFlushVertexArrayRangeNV	1375	0x64872714
_al_glFogCoordFormatNV	1376	0x64871998
_al_glFogCoordPointer	1377	0x648734d0
_al_glFogCoordPointerEXT	1378	0x64872864
_al_glFogCoordd	1379	0x648734d8
_al_glFogCoorddEXT	1380	0x6487286c
_al_glFogCoorddv	1381	0x648734d4
_al_glFogCoorddvEXT	1382	0x64872868
_al_glFogCoordf	1383	0x648734e0
_al_glFogCoordfEXT	1384	0x64872874
_al_glFogCoordfv	1385	0x648734dc
_al_glFogCoordfvEXT	1386	0x64872870
_al_glFogCoordhNV	1387	0x64872220
_al_glFogCoordhvNV	1388	0x6487221c
_al_glFogFuncSGIS	1389	0x648729bc
_al_glFogxOES	1390	0x64872014
_al_glFogxvOES	1391	0x64872010
_al_glFragmentColorMaterialSGIX	1392	0x64872954
_al_glFragmentLightModelfSGIX	1393	0x64872940
_al_glFragmentLightModelfvSGIX	1394	0x6487293c
_al_glFragmentLightModeliSGIX	1395	0x64872938
_al_glFragmentLightModelivSGIX	1396	0x64872934
_al_glFragmentLightfSGIX	1397	0x64872950
_al_glFragmentLightfvSGIX	1398	0x6487294c
_al_glFragmentLightiSGIX	1399	0x64872948
_al_glFragmentLightivSGIX	1400	0x64872944
_al_glFragmentMaterialfSGIX	1401	0x64872930
_al_glFragmentMaterialfvSGIX	1402	0x6487292c
_al_glFragmentMaterialiSGIX	1403	0x64872928
_al_glFragmentMaterialivSGIX	1404	0x64872924
_al_glFrameTerminatorGREMEDY	1405	0x64871ddc
_al_glFrameZoomSGIX	1406	0x648729dc
_al_glFramebufferDrawBufferEXT	1407	0x64871af8
_al_glFramebufferDrawBuffersEXT	1408	0x64871af4
_al_glFramebufferReadBufferEXT	1409	0x64871af0
_al_glFramebufferRenderbuffer	1410	0x64872ddc
_al_glFramebufferRenderbufferEXT	1411	0x64871f64
_al_glFramebufferTexture	1412	0x64873150
_al_glFramebufferTexture1D	1413	0x64872de8
_al_glFramebufferTexture1DEXT	1414	0x64871f70
_al_glFramebufferTexture2D	1415	0x64872de4
_al_glFramebufferTexture2DEXT	1416	0x64871f6c
_al_glFramebufferTexture3D	1417	0x64872de0
_al_glFramebufferTexture3DEXT	1418	0x64871f68
_al_glFramebufferTextureARB	1419	0x64872dc0
_al_glFramebufferTextureEXT	1420	0x64871f00
_al_glFramebufferTextureFaceARB	1421	0x64872db8
_al_glFramebufferTextureFaceEXT	1422	0x64871efc
_al_glFramebufferTextureLayer	1423	0x64872dc8
_al_glFramebufferTextureLayerARB	1424	0x64872dbc
_al_glFramebufferTextureLayerEXT	1425	0x64871e70
_al_glFreeObjectBufferATI	1426	0x648724ac
_al_glFrustumfOES	1427	0x64871fbc
_al_glFrustumxOES	1428	0x648720bc
_al_glGenAsyncMarkersSGIX	1429	0x648728f0
_al_glGenBuffers	1430	0x64873428
_al_glGenBuffersARB	1431	0x64872f10
_al_glGenFencesAPPLE	1432	0x648722e8
_al_glGenFencesNV	1433	0x64872654
_al_glGenFragmentShadersATI	1434	0x64872500
_al_glGenFramebuffers	1435	0x64872df0
_al_glGenFramebuffersEXT	1436	0x64871f78
_al_glGenOcclusionQueriesNV	1437	0x64872324
_al_glGenPerfMonitorsAMD	1438	0x64871a90
_al_glGenProgramsARB	1439	0x64872f68
_al_glGenProgramsNV	1440	0x64872600
_al_glGenQueries	1441	0x64873404
_al_glGenQueriesARB	1442	0x64872eec
_al_glGenRenderbuffers	1443	0x64872e08
_al_glGenRenderbuffersEXT	1444	0x64871f90
_al_glGenSamplers	1445	0x64872d00
_al_glGenSymbolsEXT	1446	0x64872460
_al_glGenTexturesEXT	1447	0x64872a60
_al_glGenTransformFeedbacks	1448	0x64872b60
_al_glGenTransformFeedbacksNV	1449	0x64871ab8
_al_glGenVertexArrays	1450	0x64872d9c
_al_glGenVertexArraysAPPLE	1451	0x648722c0
_al_glGenVertexShadersEXT	1452	0x64872484
_al_glGenerateMipmap	1453	0x64872dd4
_al_glGenerateMipmapEXT	1454	0x64871f5c
_al_glGenerateMultiTexMipmapEXT	1455	0x64871afc
_al_glGenerateTextureMipmapEXT	1456	0x64871b00
_al_glGetActiveAttrib	1457	0x64873290
_al_glGetActiveAttribARB	1458	0x64872e2c
_al_glGetActiveSubroutineName	1459	0x64872b80
_al_glGetActiveSubroutineUniformName	1460	0x64872b84
_al_glGetActiveSubroutineUniformiv	1461	0x64872b88
_al_glGetActiveUniform	1462	0x64873340
_al_glGetActiveUniformARB	1463	0x64872e40
_al_glGetActiveUniformBlockName	1464	0x64872d80
_al_glGetActiveUniformBlockiv	1465	0x64872d84
_al_glGetActiveUniformName	1466	0x64872d8c
_al_glGetActiveUniformsiv	1467	0x64872d90
_al_glGetActiveVaryingNV	1468	0x64871de8
_al_glGetArrayObjectfvATI	1469	0x648724a4
_al_glGetArrayObjectivATI	1470	0x648724a0
_al_glGetAttachedObjectsARB	1471	0x64872e48
_al_glGetAttachedShaders	1472	0x64873348
_al_glGetAttribLocation	1473	0x6487328c
_al_glGetAttribLocationARB	1474	0x64872e28
_al_glGetBooleanIndexedvEXT	1475	0x64871f20
_al_glGetBooleani_v	1476	0x64873250
_al_glGetBufferParameteri64v	1477	0x64873158
_al_glGetBufferParameteriv	1478	0x6487340c
_al_glGetBufferParameterivARB	1479	0x64872ef4
_al_glGetBufferParameterui64vNV	1480	0x648719d8
_al_glGetBufferPointerv	1481	0x64873408
_al_glGetBufferPointervARB	1482	0x64872ef0
_al_glGetBufferSubData	1483	0x64873418
_al_glGetBufferSubDataARB	1484	0x64872f00
_al_glGetClipPlanefOES	1485	0x64871fb0
_al_glGetClipPlanexOES	1486	0x648720a4
_al_glGetColorTable	1487	0x64873618
_al_glGetColorTableEXT	1488	0x64872990
_al_glGetColorTableParameterfv	1489	0x64873614
_al_glGetColorTableParameterfvEXT	1490	0x64872988
_al_glGetColorTableParameterfvSGI	1491	0x64872a98
_al_glGetColorTableParameteriv	1492	0x64873610
_al_glGetColorTableParameterivEXT	1493	0x6487298c
_al_glGetColorTableParameterivSGI	1494	0x64872a94
_al_glGetColorTableSGI	1495	0x64872a9c
_al_glGetCombinerInputParameterfvNV	1496	0x648726f0
_al_glGetCombinerInputParameterivNV	1497	0x648726ec
_al_glGetCombinerOutputParameterfvNV	1498	0x648726e8
_al_glGetCombinerOutputParameterivNV	1499	0x648726e4
_al_glGetCombinerStageParameterfvNV	1500	0x64872614
_al_glGetCompressedMultiTexImageEXT	1501	0x64871c34
_al_glGetCompressedTexImage	1502	0x648734e8
_al_glGetCompressedTexImageARB	1503	0x64873098
_al_glGetCompressedTextureImageEXT	1504	0x64871c50
_al_glGetConvolutionFilter	1505	0x648735d8
_al_glGetConvolutionFilterEXT	1506	0x64872ac0
_al_glGetConvolutionParameterfv	1507	0x648735d4
_al_glGetConvolutionParameterfvEXT	1508	0x64872abc
_al_glGetConvolutionParameteriv	1509	0x648735d0
_al_glGetConvolutionParameterivEXT	1510	0x64872ab8
_al_glGetConvolutionParameterxvOES	1511	0x64872044
_al_glGetDetailTexFuncSGIS	1512	0x64872a50
_al_glGetDoubleIndexedvEXT	1513	0x64871c70
_al_glGetFenceivNV	1514	0x64872648
_al_glGetFinalCombinerInputParameterfvNV	1515	0x648726e0
_al_glGetFinalCombinerInputParameterivNV	1516	0x648726dc
_al_glGetFixedvOES	1517	0x64871fc4
_al_glGetFloatIndexedvEXT	1518	0x64871c74
_al_glGetFogFuncSGIS	1519	0x648729b8
_al_glGetFragDataIndex	1520	0x64872d04
_al_glGetFragDataLocation	1521	0x648731b4
_al_glGetFragDataLocationEXT	1522	0x64871e74
_al_glGetFragmentLightfvSGIX	1523	0x64872920
_al_glGetFragmentLightivSGIX	1524	0x6487291c
_al_glGetFragmentMaterialfvSGIX	1525	0x64872918
_al_glGetFragmentMaterialivSGIX	1526	0x64872914
_al_glGetFramebufferAttachmentParameteriv	1527	0x64872dd8
_al_glGetFramebufferAttachmentParameterivEXT	1528	0x64871f60
_al_glGetFramebufferParameterivEXT	1529	0x64871aec
_al_glGetHandleARB	1530	0x64872ec8
_al_glGetHistogram	1531	0x648735c4
_al_glGetHistogramEXT	1532	0x64872b08
_al_glGetHistogramParameterfv	1533	0x648735c0
_al_glGetHistogramParameterfvEXT	1534	0x64872b04
_al_glGetHistogramParameteriv	1535	0x648735bc
_al_glGetHistogramParameterivEXT	1536	0x64872b00
_al_glGetHistogramParameterxvOES	1537	0x64872040
_al_glGetImageTransformParameterfvHP	1538	0x648729a0
_al_glGetImageTransformParameterivHP	1539	0x648729a4
_al_glGetInfoLogARB	1540	0x64872e4c
_al_glGetInstrumentsSGIX	1541	0x648729f4
_al_glGetInteger64i_v	1542	0x6487315c
_al_glGetInteger64v	1543	0x64872d4c
_al_glGetIntegerIndexedvEXT	1544	0x64871f1c
_al_glGetIntegeri_v	1545	0x6487324c
_al_glGetIntegerui64i_vNV	1546	0x6487198c
_al_glGetIntegerui64vNV	1547	0x648719d0
_al_glGetInvariantBooleanvEXT	1548	0x64872400
_al_glGetInvariantFloatvEXT	1549	0x648723f8
_al_glGetInvariantIntegervEXT	1550	0x648723fc
_al_glGetLightxOES	1551	0x64872074
_al_glGetListParameterfvSGIX	1552	0x64872984
_al_glGetListParameterivSGIX	1553	0x64872980
_al_glGetLocalConstantBooleanvEXT	1554	0x648723f4
_al_glGetLocalConstantFloatvEXT	1555	0x648723ec
_al_glGetLocalConstantIntegervEXT	1556	0x648723f0
_al_glGetMapAttribParameterfvNV	1557	0x64872620
_al_glGetMapAttribParameterivNV	1558	0x64872624
_al_glGetMapControlPointsNV	1559	0x64872630
_al_glGetMapParameterfvNV	1560	0x64872628
_al_glGetMapParameterivNV	1561	0x6487262c
_al_glGetMapxvOES	1562	0x64871fe0
_al_glGetMaterialxOES	1563	0x64872080
_al_glGetMinmax	1564	0x648735b8
_al_glGetMinmaxEXT	1565	0x64872afc
_al_glGetMinmaxParameterfv	1566	0x648735b4
_al_glGetMinmaxParameterfvEXT	1567	0x64872af8
_al_glGetMinmaxParameteriv	1568	0x648735b0
_al_glGetMinmaxParameterivEXT	1569	0x64872af4
_al_glGetMultiTexEnvfvEXT	1570	0x64871c88
_al_glGetMultiTexEnvivEXT	1571	0x64871c84
_al_glGetMultiTexGendvEXT	1572	0x64871c80
_al_glGetMultiTexGenfvEXT	1573	0x64871c7c
_al_glGetMultiTexGenivEXT	1574	0x64871c78
_al_glGetMultiTexImageEXT	1575	0x64871ce0
_al_glGetMultiTexLevelParameterfvEXT	1576	0x64871cd4
_al_glGetMultiTexLevelParameterivEXT	1577	0x64871cd0
_al_glGetMultiTexParameterIivEXT	1578	0x64871bd0
_al_glGetMultiTexParameterIuivEXT	1579	0x64871bcc
_al_glGetMultiTexParameterfvEXT	1580	0x64871cdc
_al_glGetMultiTexParameterivEXT	1581	0x64871cd8
_al_glGetMultisamplefv	1582	0x64872d3c
_al_glGetMultisamplefvNV	1583	0x64871acc
_al_glGetNamedBufferParameterivEXT	1584	0x64871b34
_al_glGetNamedBufferParameterui64vNV	1585	0x648719d4
_al_glGetNamedBufferPointervEXT	1586	0x64871b30
_al_glGetNamedBufferSubDataEXT	1587	0x64871b2c
_al_glGetNamedFramebufferAttachmentParameterivEXT	1588	0x64871b04
_al_glGetNamedProgramLocalParameterIivEXT	1589	0x64871bf0
_al_glGetNamedProgramLocalParameterIuivEXT	1590	0x64871bec
_al_glGetNamedProgramLocalParameterdvEXT	1591	0x64871c1c
_al_glGetNamedProgramLocalParameterfvEXT	1592	0x64871c18
_al_glGetNamedProgramStringEXT	1593	0x64871c10
_al_glGetNamedProgramivEXT	1594	0x64871c14
_al_glGetNamedRenderbufferParameterivEXT	1595	0x64871b1c
_al_glGetNamedStringARB	1596	0x64872d10
_al_glGetNamedStringivARB	1597	0x64872d0c
_al_glGetObjectBufferfvATI	1598	0x648724b4
_al_glGetObjectBufferivATI	1599	0x648724b0
_al_glGetObjectParameterfvARB	1600	0x64872e54
_al_glGetObjectParameterivAPPLE	1601	0x64871a30
_al_glGetObjectParameterivARB	1602	0x64872e50
_al_glGetOcclusionQueryivNV	1603	0x64872310
_al_glGetOcclusionQueryuivNV	1604	0x6487230c
_al_glGetPerfMonitorCounterDataAMD	1605	0x64871a7c
_al_glGetPerfMonitorCounterInfoAMD	1606	0x64871a94
_al_glGetPerfMonitorCounterStringAMD	1607	0x64871a98
_al_glGetPerfMonitorCountersAMD	1608	0x64871aa0
_al_glGetPerfMonitorGroupStringAMD	1609	0x64871a9c
_al_glGetPerfMonitorGroupsAMD	1610	0x64871aa4
_al_glGetPixelMapxv	1611	0x64872050
_al_glGetPixelTexGenParameterfvSGIS	1612	0x64872a78
_al_glGetPixelTexGenParameterivSGIS	1613	0x64872a7c
_al_glGetPointerIndexedvEXT	1614	0x64871c6c
_al_glGetPointervEXT	1615	0x64872a2c
_al_glGetProgramEnvParameterIivNV	1616	0x64871e1c
_al_glGetProgramEnvParameterIuivNV	1617	0x64871e18
_al_glGetProgramEnvParameterdvARB	1618	0x64872f44
_al_glGetProgramEnvParameterfvARB	1619	0x64872f40
_al_glGetProgramInfoLog	1620	0x6487334c
_al_glGetProgramLocalParameterIivNV	1621	0x64871e24
_al_glGetProgramLocalParameterIuivNV	1622	0x64871e20
_al_glGetProgramLocalParameterdvARB	1623	0x64872f3c
_al_glGetProgramLocalParameterfvARB	1624	0x64872f38
_al_glGetProgramNamedParameterdvNV	1625	0x64872294
_al_glGetProgramNamedParameterfvNV	1626	0x64872298
_al_glGetProgramParameterdvNV	1627	0x648725fc
_al_glGetProgramParameterfvNV	1628	0x648725f8
_al_glGetProgramStageiv	1629	0x64872b74
_al_glGetProgramStringARB	1630	0x64872f30
_al_glGetProgramStringNV	1631	0x648725f0
_al_glGetProgramfv	1632	0x64873358
_al_glGetProgramiv	1633	0x64873354
_al_glGetProgramivARB	1634	0x64872f34
_al_glGetProgramivNV	1635	0x648725f4
_al_glGetQueryIndexediv	1636	0x64872b40
_al_glGetQueryObjecti64v	1637	0x64872cc4
_al_glGetQueryObjecti64vEXT	1638	0x64871f48
_al_glGetQueryObjectiv	1639	0x648733ec
_al_glGetQueryObjectivARB	1640	0x64872ed4
_al_glGetQueryObjectui64v	1641	0x64872cc0
_al_glGetQueryObjectui64vEXT	1642	0x64871f44
_al_glGetQueryObjectuiv	1643	0x648733e8
_al_glGetQueryObjectuivARB	1644	0x64872ed0
_al_glGetQueryiv	1645	0x648733f0
_al_glGetQueryivARB	1646	0x64872ed8
_al_glGetRenderbufferParameteriv	1647	0x64872e00
_al_glGetRenderbufferParameterivEXT	1648	0x64871f88
_al_glGetSamplerParameterIfv	1649	0x64872ccc
_al_glGetSamplerParameterIiv	1650	0x64872cd4
_al_glGetSamplerParameterfv	1651	0x64872cd0
_al_glGetSamplerParameteriv	1652	0x64872cd8
_al_glGetSeparableFilter	1653	0x648735cc
_al_glGetSeparableFilterEXT	1654	0x64872ab4
_al_glGetShaderInfoLog	1655	0x64873350
_al_glGetShaderSource	1656	0x64873334
_al_glGetShaderSourceARB	1657	0x64872e34
_al_glGetShaderfv	1658	0x64873360
_al_glGetShaderiv	1659	0x6487335c
_al_glGetSharpenTexFuncSGIS	1660	0x64872a48
_al_glGetStringi	1661	0x64873170
_al_glGetSubroutineIndex	1662	0x64872b8c
_al_glGetSubroutineUniformLocation	1663	0x64872b90
_al_glGetSynciv	1664	0x64872d48
_al_glGetTexBumpParameterfvATI	1665	0x64872504
_al_glGetTexBumpParameterivATI	1666	0x64872508
_al_glGetTexEnvxvOES	1667	0x64872018
_al_glGetTexFilterFuncSGIS	1668	0x64872b2c
_al_glGetTexGenxvOES	1669	0x648720ac
_al_glGetTexLevelParameterxvOES	1670	0x64872028
_al_glGetTexParameterIiv	1671	0x64873188
_al_glGetTexParameterIuiv	1672	0x64873184
_al_glGetTexParameterPointervAPPLE	1673	0x64871a58
_al_glGetTexParameterxvOES	1674	0x6487202c
_al_glGetTextureImageEXT	1675	0x64871d30
_al_glGetTextureLevelParameterfvEXT	1676	0x64871d24
_al_glGetTextureLevelParameterivEXT	1677	0x64871d20
_al_glGetTextureParameterIivEXT	1678	0x64871be0
_al_glGetTextureParameterIuivEXT	1679	0x64871bdc
_al_glGetTextureParameterfvEXT	1680	0x64871d2c
_al_glGetTextureParameterivEXT	1681	0x64871d28
_al_glGetTrackMatrixivNV	1682	0x648725ec
_al_glGetTransformFeedbackVarying	1683	0x64873228
_al_glGetTransformFeedbackVaryingEXT	1684	0x64871db8
_al_glGetTransformFeedbackVaryingNV	1685	0x64871de0
_al_glGetUniformBlockIndex	1686	0x64872d88
_al_glGetUniformBufferSizeEXT	1687	0x64871f2c
_al_glGetUniformIndices	1688	0x64872d94
_al_glGetUniformLocation	1689	0x64873344
_al_glGetUniformLocationARB	1690	0x64872e44
_al_glGetUniformOffsetEXT	1691	0x64871f28
_al_glGetUniformSubroutineuiv	1692	0x64872b78
_al_glGetUniformdv	1693	0x64872bd8
_al_glGetUniformfv	1694	0x6487333c
_al_glGetUniformfvARB	1695	0x64872e3c
_al_glGetUniformiv	1696	0x64873338
_al_glGetUniformivARB	1697	0x64872e38
_al_glGetUniformui64vNV	1698	0x648719c4
_al_glGetUniformuiv	1699	0x648731bc
_al_glGetUniformuivEXT	1700	0x64871e7c
_al_glGetVariantArrayObjectfvATI	1701	0x64872498
_al_glGetVariantArrayObjectivATI	1702	0x64872494
_al_glGetVariantBooleanvEXT	1703	0x64872410
_al_glGetVariantFloatvEXT	1704	0x64872408
_al_glGetVariantIntegervEXT	1705	0x6487240c
_al_glGetVariantPointervEXT	1706	0x64872404
_al_glGetVaryingLocationNV	1707	0x64871dec
_al_glGetVertexAttribArrayObjectfvATI	1708	0x648721bc
_al_glGetVertexAttribArrayObjectivATI	1709	0x648721b8
_al_glGetVertexAttribIiv	1710	0x648731c4
_al_glGetVertexAttribIivEXT	1711	0x64871ea4
_al_glGetVertexAttribIuiv	1712	0x648731c0
_al_glGetVertexAttribIuivEXT	1713	0x64871ea0
_al_glGetVertexAttribPointerv	1714	0x6487327c
_al_glGetVertexAttribPointervARB	1715	0x64872f20
_al_glGetVertexAttribPointervNV	1716	0x648725dc
_al_glGetVertexAttribdv	1717	0x64873288
_al_glGetVertexAttribdvARB	1718	0x64872f2c
_al_glGetVertexAttribdvNV	1719	0x648725e8
_al_glGetVertexAttribfv	1720	0x64873284
_al_glGetVertexAttribfvARB	1721	0x64872f28
_al_glGetVertexAttribfvNV	1722	0x648725e4
_al_glGetVertexAttribiv	1723	0x64873280
_al_glGetVertexAttribivARB	1724	0x64872f24
_al_glGetVertexAttribivNV	1725	0x648725e0
_al_glGetVideoCaptureStreamdvNV	1726	0x64871a10
_al_glGetVideoCaptureStreamfvNV	1727	0x64871a14
_al_glGetVideoCaptureStreamivNV	1728	0x64871a18
_al_glGetVideoCaptureivNV	1729	0x64871a1c
_al_glGlobalAlphaFactorbSUN	1730	0x64872804
_al_glGlobalAlphaFactordSUN	1731	0x648727f4
_al_glGlobalAlphaFactorfSUN	1732	0x648727f8
_al_glGlobalAlphaFactoriSUN	1733	0x648727fc
_al_glGlobalAlphaFactorsSUN	1734	0x64872800
_al_glGlobalAlphaFactorubSUN	1735	0x648727f0
_al_glGlobalAlphaFactoruiSUN	1736	0x648727e8
_al_glGlobalAlphaFactorusSUN	1737	0x648727ec
_al_glHintPGI	1738	0x64872998
_al_glHistogram	1739	0x648735ac
_al_glHistogramEXT	1740	0x64872af0
_al_glIglooInterfaceSGIX	1741	0x6487265c
_al_glImageTransformParameterfHP	1742	0x648729b0
_al_glImageTransformParameterfvHP	1743	0x648729a8
_al_glImageTransformParameteriHP	1744	0x648729b4
_al_glImageTransformParameterivHP	1745	0x648729ac
_al_glIndexFormatNV	1746	0x648719a8
_al_glIndexFuncEXT	1747	0x64872968
_al_glIndexMaterialEXT	1748	0x6487296c
_al_glIndexPointerEXT	1749	0x64872a28
_al_glIndexxOES	1750	0x648720ec
_al_glIndexxvOES	1751	0x648720e8
_al_glInsertComponentEXT	1752	0x64872468
_al_glInstrumentsBufferSGIX	1753	0x648729f0
_al_glIsAsyncMarkerSGIX	1754	0x648728e8
_al_glIsBuffer	1755	0x64873424
_al_glIsBufferARB	1756	0x64872f0c
_al_glIsBufferResidentNV	1757	0x648719e8
_al_glIsEnabledIndexedEXT	1758	0x64871f10
_al_glIsEnabledi	1759	0x64873240
_al_glIsFenceAPPLE	1760	0x648722dc
_al_glIsFenceNV	1761	0x64872650
_al_glIsFramebuffer	1762	0x64872dfc
_al_glIsFramebufferEXT	1763	0x64871f84
_al_glIsNamedBufferResidentNV	1764	0x648719dc
_al_glIsNamedStringARB	1765	0x64872d14
_al_glIsObjectBufferATI	1766	0x648724bc
_al_glIsOcclusionQueryNV	1767	0x6487231c
_al_glIsProgram	1768	0x648733c0
_al_glIsProgramARB	1769	0x64872f1c
_al_glIsProgramNV	1770	0x648725d8
_al_glIsQuery	1771	0x648733fc
_al_glIsQueryARB	1772	0x64872ee4
_al_glIsRenderbuffer	1773	0x64872e14
_al_glIsRenderbufferEXT	1774	0x64871f9c
_al_glIsSampler	1775	0x64872cf8
_al_glIsShader	1776	0x648733bc
_al_glIsSync	1777	0x64872d5c
_al_glIsTextureEXT	1778	0x64872a5c
_al_glIsTransformFeedback	1779	0x64872b5c
_al_glIsTransformFeedbackNV	1780	0x64871ab4
_al_glIsVariantEnabledEXT	1781	0x64872414
_al_glIsVertexArray	1782	0x64872d98
_al_glIsVertexArrayAPPLE	1783	0x648722bc
_al_glIsVertexAttribEnabledAPPLE	1784	0x64871a4c
_al_glLightEnviSGIX	1785	0x64872910
_al_glLightModelxOES	1786	0x64872070
_al_glLightModelxvOES	1787	0x6487206c
_al_glLightxOES	1788	0x6487207c
_al_glLightxvOES	1789	0x64872078
_al_glLineWidthxOES	1790	0x64872064
_al_glLinkProgram	1791	0x648733b8
_al_glLinkProgramARB	1792	0x64872eac
_al_glListParameterfSGIX	1793	0x6487297c
_al_glListParameterfvSGIX	1794	0x64872978
_al_glListParameteriSGIX	1795	0x64872974
_al_glListParameterivSGIX	1796	0x64872970
_al_glLoadIdentityDeformationMapSGIX	1797	0x648729c8
_al_glLoadMatrixxOES	1798	0x648720d8
_al_glLoadProgramNV	1799	0x648725d4
_al_glLoadTransposeMatrixd	1800	0x64873510
_al_glLoadTransposeMatrixdARB	1801	0x648730c0
_al_glLoadTransposeMatrixf	1802	0x64873514
_al_glLoadTransposeMatrixfARB	1803	0x648730c4
_al_glLoadTransposeMatrixxOES	1804	0x648720d0
_al_glLockArraysEXT	1805	0x64872964
_al_glMakeBufferNonResidentNV	1806	0x648719ec
_al_glMakeBufferResidentNV	1807	0x648719f0
_al_glMakeNamedBufferNonResidentNV	1808	0x648719e0
_al_glMakeNamedBufferResidentNV	1809	0x648719e4
_al_glMap1xOES	1810	0x64871ff0
_al_glMap2xOES	1811	0x64871fec
_al_glMapBuffer	1812	0x64873414
_al_glMapBufferARB	1813	0x64872efc
_al_glMapBufferRange	1814	0x64872db0
_al_glMapControlPointsNV	1815	0x6487263c
_al_glMapGrid1xOES	1816	0x64871fe8
_al_glMapGrid2xOES	1817	0x64871fe4
_al_glMapNamedBufferEXT	1818	0x64871b3c
_al_glMapObjectBufferATI	1819	0x648721c8
_al_glMapParameterfvNV	1820	0x64872634
_al_glMapParameterivNV	1821	0x64872638
_al_glMapVertexAttrib1dAPPLE	1822	0x64871a48
_al_glMapVertexAttrib1fAPPLE	1823	0x64871a44
_al_glMapVertexAttrib2dAPPLE	1824	0x64871a40
_al_glMapVertexAttrib2fAPPLE	1825	0x64871a3c
_al_glMaterialxOES	1826	0x64872088
_al_glMaterialxvOES	1827	0x64872084
_al_glMatrixFrustumEXT	1828	0x64871d80
_al_glMatrixIndexPointerARB	1829	0x64873054
_al_glMatrixIndexubvARB	1830	0x64873060
_al_glMatrixIndexuivARB	1831	0x64873058
_al_glMatrixIndexusvARB	1832	0x6487305c
_al_glMatrixLoadIdentityEXT	1833	0x64871d9c
_al_glMatrixLoadTransposedEXT	1834	0x64871d6c
_al_glMatrixLoadTransposefEXT	1835	0x64871d70
_al_glMatrixLoaddEXT	1836	0x64871da8
_al_glMatrixLoadfEXT	1837	0x64871dac
_al_glMatrixMultTransposedEXT	1838	0x64871d64
_al_glMatrixMultTransposefEXT	1839	0x64871d68
_al_glMatrixMultdEXT	1840	0x64871da0
_al_glMatrixMultfEXT	1841	0x64871da4
_al_glMatrixOrthoEXT	1842	0x64871d7c
_al_glMatrixPopEXT	1843	0x64871d78
_al_glMatrixPushEXT	1844	0x64871d74
_al_glMatrixRotatedEXT	1845	0x64871d94
_al_glMatrixRotatefEXT	1846	0x64871d98
_al_glMatrixScaledEXT	1847	0x64871d8c
_al_glMatrixScalefEXT	1848	0x64871d90
_al_glMatrixTranslatedEXT	1849	0x64871d84
_al_glMatrixTranslatefEXT	1850	0x64871d88
_al_glMinSampleShading	1851	0x64872d24
_al_glMinmax	1852	0x648735a8
_al_glMinmaxEXT	1853	0x64872aec
_al_glMultMatrixxOES	1854	0x648720d4
_al_glMultTransposeMatrixd	1855	0x64873508
_al_glMultTransposeMatrixdARB	1856	0x648730b8
_al_glMultTransposeMatrixf	1857	0x6487350c
_al_glMultTransposeMatrixfARB	1858	0x648730bc
_al_glMultTransposeMatrixxOES	1859	0x648720cc
_al_glMultiDrawArrays	1860	0x648734cc
_al_glMultiDrawArraysEXT	1861	0x6487287c
_al_glMultiDrawElementArrayAPPLE	1862	0x648722f0
_al_glMultiDrawElements	1863	0x648734c8
_al_glMultiDrawElementsBaseVertex	1864	0x64872d68
_al_glMultiDrawElementsEXT	1865	0x64872878
_al_glMultiDrawRangeElementArrayAPPLE	1866	0x648722ec
_al_glMultiModeDrawArraysIBM	1867	0x64872674
_al_glMultiModeDrawElementsIBM	1868	0x64872670
_al_glMultiTexBufferEXT	1869	0x64871b24
_al_glMultiTexCoord1bOES	1870	0x6487217c
_al_glMultiTexCoord1bvOES	1871	0x6487216c
_al_glMultiTexCoord1d	1872	0x64873594
_al_glMultiTexCoord1dARB	1873	0x64873144
_al_glMultiTexCoord1dv	1874	0x64873590
_al_glMultiTexCoord1dvARB	1875	0x64873140
_al_glMultiTexCoord1f	1876	0x6487358c
_al_glMultiTexCoord1fARB	1877	0x6487313c
_al_glMultiTexCoord1fv	1878	0x64873588
_al_glMultiTexCoord1fvARB	1879	0x64873138
_al_glMultiTexCoord1hNV	1880	0x64872240
_al_glMultiTexCoord1hvNV	1881	0x6487223c
_al_glMultiTexCoord1i	1882	0x64873584
_al_glMultiTexCoord1iARB	1883	0x64873134
_al_glMultiTexCoord1iv	1884	0x64873580
_al_glMultiTexCoord1ivARB	1885	0x64873130
_al_glMultiTexCoord1s	1886	0x6487357c
_al_glMultiTexCoord1sARB	1887	0x6487312c
_al_glMultiTexCoord1sv	1888	0x64873578
_al_glMultiTexCoord1svARB	1889	0x64873128
_al_glMultiTexCoord1xOES	1890	0x6487211c
_al_glMultiTexCoord1xvOES	1891	0x6487210c
_al_glMultiTexCoord2bOES	1892	0x64872178
_al_glMultiTexCoord2bvOES	1893	0x64872168
_al_glMultiTexCoord2d	1894	0x64873574
_al_glMultiTexCoord2dARB	1895	0x64873124
_al_glMultiTexCoord2dv	1896	0x64873570
_al_glMultiTexCoord2dvARB	1897	0x64873120
_al_glMultiTexCoord2f	1898	0x6487356c
_al_glMultiTexCoord2fARB	1899	0x6487311c
_al_glMultiTexCoord2fv	1900	0x64873568
_al_glMultiTexCoord2fvARB	1901	0x64873118
_al_glMultiTexCoord2hNV	1902	0x64872238
_al_glMultiTexCoord2hvNV	1903	0x64872234
_al_glMultiTexCoord2i	1904	0x64873564
_al_glMultiTexCoord2iARB	1905	0x64873114
_al_glMultiTexCoord2iv	1906	0x64873560
_al_glMultiTexCoord2ivARB	1907	0x64873110
_al_glMultiTexCoord2s	1908	0x6487355c
_al_glMultiTexCoord2sARB	1909	0x6487310c
_al_glMultiTexCoord2sv	1910	0x64873558
_al_glMultiTexCoord2svARB	1911	0x64873108
_al_glMultiTexCoord2xOES	1912	0x64872118
_al_glMultiTexCoord2xvOES	1913	0x64872108
_al_glMultiTexCoord3bOES	1914	0x64872174
_al_glMultiTexCoord3bvOES	1915	0x64872164
_al_glMultiTexCoord3d	1916	0x64873554
_al_glMultiTexCoord3dARB	1917	0x64873104
_al_glMultiTexCoord3dv	1918	0x64873550
_al_glMultiTexCoord3dvARB	1919	0x64873100
_al_glMultiTexCoord3f	1920	0x6487354c
_al_glMultiTexCoord3fARB	1921	0x648730fc
_al_glMultiTexCoord3fv	1922	0x64873548
_al_glMultiTexCoord3fvARB	1923	0x648730f8
_al_glMultiTexCoord3hNV	1924	0x64872230
_al_glMultiTexCoord3hvNV	1925	0x6487222c
_al_glMultiTexCoord3i	1926	0x64873544
_al_glMultiTexCoord3iARB	1927	0x648730f4
_al_glMultiTexCoord3iv	1928	0x64873540
_al_glMultiTexCoord3ivARB	1929	0x648730f0
_al_glMultiTexCoord3s	1930	0x6487353c
_al_glMultiTexCoord3sARB	1931	0x648730ec
_al_glMultiTexCoord3sv	1932	0x64873538
_al_glMultiTexCoord3svARB	1933	0x648730e8
_al_glMultiTexCoord3xOES	1934	0x64872114
_al_glMultiTexCoord3xvOES	1935	0x64872104
_al_glMultiTexCoord4bOES	1936	0x64872170
_al_glMultiTexCoord4bvOES	1937	0x64872160
_al_glMultiTexCoord4d	1938	0x64873534
_al_glMultiTexCoord4dARB	1939	0x648730e4
_al_glMultiTexCoord4dv	1940	0x64873530
_al_glMultiTexCoord4dvARB	1941	0x648730e0
_al_glMultiTexCoord4f	1942	0x6487352c
_al_glMultiTexCoord4fARB	1943	0x648730dc
_al_glMultiTexCoord4fv	1944	0x64873528
_al_glMultiTexCoord4fvARB	1945	0x648730d8
_al_glMultiTexCoord4hNV	1946	0x64872228
_al_glMultiTexCoord4hvNV	1947	0x64872224
_al_glMultiTexCoord4i	1948	0x64873524
_al_glMultiTexCoord4iARB	1949	0x648730d4
_al_glMultiTexCoord4iv	1950	0x64873520
_al_glMultiTexCoord4ivARB	1951	0x648730d0
_al_glMultiTexCoord4s	1952	0x6487351c
_al_glMultiTexCoord4sARB	1953	0x648730cc
_al_glMultiTexCoord4sv	1954	0x64873518
_al_glMultiTexCoord4svARB	1955	0x648730c8
_al_glMultiTexCoord4xOES	1956	0x64872110
_al_glMultiTexCoord4xvOES	1957	0x64872100
_al_glMultiTexCoordP1ui	1958	0x64872c84
_al_glMultiTexCoordP1uiv	1959	0x64872c80
_al_glMultiTexCoordP2ui	1960	0x64872c7c
_al_glMultiTexCoordP2uiv	1961	0x64872c78
_al_glMultiTexCoordP3ui	1962	0x64872c74
_al_glMultiTexCoordP3uiv	1963	0x64872c70
_al_glMultiTexCoordP4ui	1964	0x64872c6c
_al_glMultiTexCoordP4uiv	1965	0x64872c68
_al_glMultiTexCoordPointerEXT	1966	0x64871cb4
_al_glMultiTexEnvfEXT	1967	0x64871cb0
_al_glMultiTexEnvfvEXT	1968	0x64871cac
_al_glMultiTexEnviEXT	1969	0x64871ca8
_al_glMultiTexEnvivEXT	1970	0x64871ca4
_al_glMultiTexGendEXT	1971	0x64871ca0
_al_glMultiTexGendvEXT	1972	0x64871c9c
_al_glMultiTexGenfEXT	1973	0x64871c98
_al_glMultiTexGenfvEXT	1974	0x64871c94
_al_glMultiTexGeniEXT	1975	0x64871c90
_al_glMultiTexGenivEXT	1976	0x64871c8c
_al_glMultiTexImage1DEXT	1977	0x64871d00
_al_glMultiTexImage2DEXT	1978	0x64871cfc
_al_glMultiTexImage3DEXT	1979	0x64871ccc
_al_glMultiTexParameterIivEXT	1980	0x64871bd8
_al_glMultiTexParameterIuivEXT	1981	0x64871bd4
_al_glMultiTexParameterfEXT	1982	0x64871d10
_al_glMultiTexParameterfvEXT	1983	0x64871d0c
_al_glMultiTexParameteriEXT	1984	0x64871d08
_al_glMultiTexParameterivEXT	1985	0x64871d04
_al_glMultiTexRenderbufferEXT	1986	0x64871ad0
_al_glMultiTexSubImage1DEXT	1987	0x64871cf8
_al_glMultiTexSubImage2DEXT	1988	0x64871cf4
_al_glMultiTexSubImage3DEXT	1989	0x64871cc8
_al_glNamedBufferDataEXT	1990	0x64871b44
_al_glNamedBufferSubDataEXT	1991	0x64871b40
_al_glNamedFramebufferRenderbufferEXT	1992	0x64871b08
_al_glNamedFramebufferTexture1DEXT	1993	0x64871b14
_al_glNamedFramebufferTexture2DEXT	1994	0x64871b10
_al_glNamedFramebufferTexture3DEXT	1995	0x64871b0c
_al_glNamedFramebufferTextureEXT	1996	0x64871ae0
_al_glNamedFramebufferTextureFaceEXT	1997	0x64871ad8
_al_glNamedFramebufferTextureLayerEXT	1998	0x64871adc
_al_glNamedProgramLocalParameter4dEXT	1999	0x64871c2c
_al_glNamedProgramLocalParameter4dvEXT	2000	0x64871c28
_al_glNamedProgramLocalParameter4fEXT	2001	0x64871c24
_al_glNamedProgramLocalParameter4fvEXT	2002	0x64871c20
_al_glNamedProgramLocalParameterI4iEXT	2003	0x64871c08
_al_glNamedProgramLocalParameterI4ivEXT	2004	0x64871c04
_al_glNamedProgramLocalParameterI4uiEXT	2005	0x64871bfc
_al_glNamedProgramLocalParameterI4uivEXT	2006	0x64871bf8
_al_glNamedProgramLocalParameters4fvEXT	2007	0x64871c0c
_al_glNamedProgramLocalParametersI4ivEXT	2008	0x64871c00
_al_glNamedProgramLocalParametersI4uivEXT	2009	0x64871bf4
_al_glNamedProgramStringEXT	2010	0x64871c30
_al_glNamedRenderbufferStorageEXT	2011	0x64871b20
_al_glNamedRenderbufferStorageMultisampleCoverageEXT	2012	0x64871ae4
_al_glNamedRenderbufferStorageMultisampleEXT	2013	0x64871ae8
_al_glNamedStringARB	2014	0x64872d20
_al_glNewObjectBufferATI	2015	0x648724c0
_al_glNormal3fVertex3fSUN	2016	0x648727b0
_al_glNormal3fVertex3fvSUN	2017	0x648727ac
_al_glNormal3hNV	2018	0x64872278
_al_glNormal3hvNV	2019	0x64872274
_al_glNormal3xOES	2020	0x64872144
_al_glNormal3xvOES	2021	0x64872140
_al_glNormalFormatNV	2022	0x648719b0
_al_glNormalP3ui	2023	0x64872c64
_al_glNormalP3uiv	2024	0x64872c60
_al_glNormalPointerEXT	2025	0x64872a24
_al_glNormalPointervINTEL	2026	0x648728e0
_al_glNormalStream3bATI	2027	0x64872368
_al_glNormalStream3bvATI	2028	0x64872364
_al_glNormalStream3dATI	2029	0x64872348
_al_glNormalStream3dvATI	2030	0x64872344
_al_glNormalStream3fATI	2031	0x64872350
_al_glNormalStream3fvATI	2032	0x6487234c
_al_glNormalStream3iATI	2033	0x64872358
_al_glNormalStream3ivATI	2034	0x64872354
_al_glNormalStream3sATI	2035	0x64872360
_al_glNormalStream3svATI	2036	0x6487235c
_al_glObjectPurgeableAPPLE	2037	0x64871a38
_al_glObjectUnpurgeableAPPLE	2038	0x64871a34
_al_glOrthofOES	2039	0x64871fb8
_al_glOrthoxOES	2040	0x648720b8
_al_glPNTrianglesfATI	2041	0x648724c4
_al_glPNTrianglesiATI	2042	0x648724c8
_al_glPassTexCoordATI	2043	0x648724ec
_al_glPassThroughxOES	2044	0x64871fc8
_al_glPatchParameterfv	2045	0x64872b6c
_al_glPatchParameteri	2046	0x64872b70
_al_glPauseTransformFeedback	2047	0x64872b58
_al_glPauseTransformFeedbackNV	2048	0x64871ab0
_al_glPixelDataRangeNV	2049	0x648721d8
_al_glPixelMapx	2050	0x64872054
_al_glPixelStorex	2051	0x6487205c
_al_glPixelTexGenParameterfSGIS	2052	0x64872a84
_al_glPixelTexGenParameterfvSGIS	2053	0x64872a80
_al_glPixelTexGenParameteriSGIS	2054	0x64872a8c
_al_glPixelTexGenParameterivSGIS	2055	0x64872a88
_al_glPixelTexGenSGIX	2056	0x64872a90
_al_glPixelTransferxOES	2057	0x64872058
_al_glPixelTransformParameterfEXT	2058	0x648728d0
_al_glPixelTransformParameterfvEXT	2059	0x648728c8
_al_glPixelTransformParameteriEXT	2060	0x648728d4
_al_glPixelTransformParameterivEXT	2061	0x648728cc
_al_glPixelZoomxOES	2062	0x6487203c
_al_glPointParameterf	2063	0x648734c4
_al_glPointParameterfARB	2064	0x64873094
_al_glPointParameterfEXT	2065	0x64872a04
_al_glPointParameterfSGIS	2066	0x648729fc
_al_glPointParameterfv	2067	0x648734c0
_al_glPointParameterfvARB	2068	0x64873090
_al_glPointParameterfvEXT	2069	0x64872a00
_al_glPointParameterfvSGIS	2070	0x648729f8
_al_glPointParameteri	2071	0x648734bc
_al_glPointParameteriNV	2072	0x64872308
_al_glPointParameteriv	2073	0x648734b8
_al_glPointParameterivNV	2074	0x64872304
_al_glPointSizexOES	2075	0x64872068
_al_glPollAsyncSGIX	2076	0x648728f4
_al_glPollInstrumentsSGIX	2077	0x648729ec
_al_glPolygonOffsetEXT	2078	0x64872b38
_al_glPolygonOffsetxOES	2079	0x64872060
_al_glPrimitiveRestartIndex	2080	0x64873160
_al_glPrimitiveRestartIndexNV	2081	0x648721cc
_al_glPrimitiveRestartNV	2082	0x648721d0
_al_glPrioritizeTexturesEXT	2083	0x64872a58
_al_glPrioritizeTexturesxOES	2084	0x64872024
_al_glProgramBufferParametersIivNV	2085	0x64871e10
_al_glProgramBufferParametersIuivNV	2086	0x64871e0c
_al_glProgramBufferParametersfvNV	2087	0x64871e14
_al_glProgramEnvParameter4dARB	2088	0x64872f64
_al_glProgramEnvParameter4dvARB	2089	0x64872f60
_al_glProgramEnvParameter4fARB	2090	0x64872f5c
_al_glProgramEnvParameter4fvARB	2091	0x64872f58
_al_glProgramEnvParameterI4iNV	2092	0x64871e3c
_al_glProgramEnvParameterI4ivNV	2093	0x64871e38
_al_glProgramEnvParameterI4uiNV	2094	0x64871e30
_al_glProgramEnvParameterI4uivNV	2095	0x64871e2c
_al_glProgramEnvParameters4fvEXT	2096	0x64871f40
_al_glProgramEnvParametersI4ivNV	2097	0x64871e34
_al_glProgramEnvParametersI4uivNV	2098	0x64871e28
_al_glProgramLocalParameter4dARB	2099	0x64872f54
_al_glProgramLocalParameter4dvARB	2100	0x64872f50
_al_glProgramLocalParameter4fARB	2101	0x64872f4c
_al_glProgramLocalParameter4fvARB	2102	0x64872f48
_al_glProgramLocalParameterI4iNV	2103	0x64871e54
_al_glProgramLocalParameterI4ivNV	2104	0x64871e50
_al_glProgramLocalParameterI4uiNV	2105	0x64871e48
_al_glProgramLocalParameterI4uivNV	2106	0x64871e44
_al_glProgramLocalParameters4fvEXT	2107	0x64871f3c
_al_glProgramLocalParametersI4ivNV	2108	0x64871e4c
_al_glProgramLocalParametersI4uivNV	2109	0x64871e40
_al_glProgramNamedParameter4dNV	2110	0x648722a4
_al_glProgramNamedParameter4dvNV	2111	0x6487229c
_al_glProgramNamedParameter4fNV	2112	0x648722a8
_al_glProgramNamedParameter4fvNV	2113	0x648722a0
_al_glProgramParameter4dNV	2114	0x648725d0
_al_glProgramParameter4dvNV	2115	0x648725cc
_al_glProgramParameter4fNV	2116	0x648725c8
_al_glProgramParameter4fvNV	2117	0x648725c4
_al_glProgramParameteri	2118	0x64873154
_al_glProgramParameteriARB	2119	0x64872dc4
_al_glProgramParameteriEXT	2120	0x64871f04
_al_glProgramParameters4dvNV	2121	0x648725c0
_al_glProgramParameters4fvNV	2122	0x648725bc
_al_glProgramStringARB	2123	0x64872f74
_al_glProgramUniform1dEXT	2124	0x64872bd4
_al_glProgramUniform1dvEXT	2125	0x64872bc4
_al_glProgramUniform1fEXT	2126	0x64871bc8
_al_glProgramUniform1fvEXT	2127	0x64871ba8
_al_glProgramUniform1iEXT	2128	0x64871bb8
_al_glProgramUniform1ivEXT	2129	0x64871b98
_al_glProgramUniform1uiEXT	2130	0x64871b64
_al_glProgramUniform1uivEXT	2131	0x64871b54
_al_glProgramUniform2dEXT	2132	0x64872bd0
_al_glProgramUniform2dvEXT	2133	0x64872bc0
_al_glProgramUniform2fEXT	2134	0x64871bc4
_al_glProgramUniform2fvEXT	2135	0x64871ba4
_al_glProgramUniform2iEXT	2136	0x64871bb4
_al_glProgramUniform2ivEXT	2137	0x64871b94
_al_glProgramUniform2uiEXT	2138	0x64871b60
_al_glProgramUniform2uivEXT	2139	0x64871b50
_al_glProgramUniform3dEXT	2140	0x64872bcc
_al_glProgramUniform3dvEXT	2141	0x64872bbc
_al_glProgramUniform3fEXT	2142	0x64871bc0
_al_glProgramUniform3fvEXT	2143	0x64871ba0
_al_glProgramUniform3iEXT	2144	0x64871bb0
_al_glProgramUniform3ivEXT	2145	0x64871b90
_al_glProgramUniform3uiEXT	2146	0x64871b5c
_al_glProgramUniform3uivEXT	2147	0x64871b4c
_al_glProgramUniform4dEXT	2148	0x64872bc8
_al_glProgramUniform4dvEXT	2149	0x64872bb8
_al_glProgramUniform4fEXT	2150	0x64871bbc
_al_glProgramUniform4fvEXT	2151	0x64871b9c
_al_glProgramUniform4iEXT	2152	0x64871bac
_al_glProgramUniform4ivEXT	2153	0x64871b8c
_al_glProgramUniform4uiEXT	2154	0x64871b58
_al_glProgramUniform4uivEXT	2155	0x64871b48
_al_glProgramUniformMatrix2dvEXT	2156	0x64872bb4
_al_glProgramUniformMatrix2fvEXT	2157	0x64871b88
_al_glProgramUniformMatrix2x3dvEXT	2158	0x64872ba8
_al_glProgramUniformMatrix2x3fvEXT	2159	0x64871b7c
_al_glProgramUniformMatrix2x4dvEXT	2160	0x64872ba4
_al_glProgramUniformMatrix2x4fvEXT	2161	0x64871b74
_al_glProgramUniformMatrix3dvEXT	2162	0x64872bb0
_al_glProgramUniformMatrix3fvEXT	2163	0x64871b84
_al_glProgramUniformMatrix3x2dvEXT	2164	0x64872ba0
_al_glProgramUniformMatrix3x2fvEXT	2165	0x64871b78
_al_glProgramUniformMatrix3x4dvEXT	2166	0x64872b9c
_al_glProgramUniformMatrix3x4fvEXT	2167	0x64871b6c
_al_glProgramUniformMatrix4dvEXT	2168	0x64872bac
_al_glProgramUniformMatrix4fvEXT	2169	0x64871b80
_al_glProgramUniformMatrix4x2dvEXT	2170	0x64872b98
_al_glProgramUniformMatrix4x2fvEXT	2171	0x64871b70
_al_glProgramUniformMatrix4x3dvEXT	2172	0x64872b94
_al_glProgramUniformMatrix4x3fvEXT	2173	0x64871b68
_al_glProgramUniformui64NV	2174	0x648719c0
_al_glProgramUniformui64vNV	2175	0x648719bc
_al_glProgramVertexLimitNV	2176	0x64871e58
_al_glProvokingVertex	2177	0x64872d64
_al_glProvokingVertexEXT	2178	0x64871a70
_al_glPushClientAttribDefaultEXT	2179	0x64871db0
_al_glQueryCounter	2180	0x64872cc8
_al_glQueryMatrixxOES	2181	0x64871fa8
_al_glRasterPos2xOES	2182	0x648720a0
_al_glRasterPos2xvOES	2183	0x64872094
_al_glRasterPos3xOES	2184	0x6487209c
_al_glRasterPos3xvOES	2185	0x64872090
_al_glRasterPos4xOES	2186	0x64872098
_al_glRasterPos4xvOES	2187	0x6487208c
_al_glReadInstrumentsSGIX	2188	0x648729e8
_al_glRectxOES	2189	0x648720e4
_al_glRectxvOES	2190	0x648720e0
_al_glReferencePlaneSGIX	2191	0x648729c4
_al_glRenderbufferStorage	2192	0x64872e04
_al_glRenderbufferStorageEXT	2193	0x64871f8c
_al_glRenderbufferStorageMultisample	2194	0x64872dcc
_al_glRenderbufferStorageMultisampleEXT	2195	0x64871f4c
_al_glRenderbufferStorageMultsampleCoverageNV	2196	0x64871e5c
_al_glReplacementCodePointerSUN	2197	0x648727cc
_al_glReplacementCodeubSUN	2198	0x648727dc
_al_glReplacementCodeubvSUN	2199	0x648727d0
_al_glReplacementCodeuiColor3fVertex3fSUN	2200	0x64872758
_al_glReplacementCodeuiColor3fVertex3fvSUN	2201	0x64872754
_al_glReplacementCodeuiColor4fNormal3fVertex3fSUN	2202	0x64872748
_al_glReplacementCodeuiColor4fNormal3fVertex3fvSUN	2203	0x64872744
_al_glReplacementCodeuiColor4ubVertex3fSUN	2204	0x64872760
_al_glReplacementCodeuiColor4ubVertex3fvSUN	2205	0x6487275c
_al_glReplacementCodeuiNormal3fVertex3fSUN	2206	0x64872750
_al_glReplacementCodeuiNormal3fVertex3fvSUN	2207	0x6487274c
_al_glReplacementCodeuiSUN	2208	0x648727e4
_al_glReplacementCodeuiTexCoord2fColor4fNormal3fVertex3fSUN	2209	0x64872730
_al_glReplacementCodeuiTexCoord2fColor4fNormal3fVertex3fvSUN	2210	0x6487272c
_al_glReplacementCodeuiTexCoord2fNormal3fVertex3fSUN	2211	0x64872738
_al_glReplacementCodeuiTexCoord2fNormal3fVertex3fvSUN	2212	0x64872734
_al_glReplacementCodeuiTexCoord2fVertex3fSUN	2213	0x64872740
_al_glReplacementCodeuiTexCoord2fVertex3fvSUN	2214	0x6487273c
_al_glReplacementCodeuiVertex3fSUN	2215	0x64872768
_al_glReplacementCodeuiVertex3fvSUN	2216	0x64872764
_al_glReplacementCodeuivSUN	2217	0x648727d8
_al_glReplacementCodeusSUN	2218	0x648727e0
_al_glReplacementCodeusvSUN	2219	0x648727d4
_al_glRequestResidentProgramsNV	2220	0x648725b8
_al_glResetHistogram	2221	0x648735a4
_al_glResetHistogramEXT	2222	0x64872ae8
_al_glResetMinmax	2223	0x648735a0
_al_glResetMinmaxEXT	2224	0x64872ae4
_al_glResizeBuffersMESA	2225	0x648726d8
_al_glResumeTransformFeedback	2226	0x64872b54
_al_glResumeTransformFeedbackNV	2227	0x64871aac
_al_glRotatexOES	2228	0x648720c8
_al_glSampleCoverage	2229	0x64873504
_al_glSampleCoverageARB	2230	0x648730b4
_al_glSampleCoverageOES	2231	0x6487200c
_al_glSampleMapATI	2232	0x648724e8
_al_glSampleMaskEXT	2233	0x64872668
_al_glSampleMaskIndexedNV	2234	0x64871ac8
_al_glSampleMaskSGIS	2235	0x64872a44
_al_glSampleMaski	2236	0x64872d38
_al_glSamplePatternEXT	2237	0x64872664
_al_glSamplePatternSGIS	2238	0x64872a40
_al_glSamplerParameterIiv	2239	0x64872ce0
_al_glSamplerParameterIuiv	2240	0x64872cdc
_al_glSamplerParameterf	2241	0x64872ce8
_al_glSamplerParameterfv	2242	0x64872ce4
_al_glSamplerParameteri	2243	0x64872cf0
_al_glSamplerParameteriv	2244	0x64872cec
_al_glScalexOES	2245	0x648720c4
_al_glSecondaryColor3b	2246	0x648734b4
_al_glSecondaryColor3bEXT	2247	0x648728c4
_al_glSecondaryColor3bv	2248	0x648734b0
_al_glSecondaryColor3bvEXT	2249	0x648728c0
_al_glSecondaryColor3d	2250	0x648734ac
_al_glSecondaryColor3dEXT	2251	0x648728bc
_al_glSecondaryColor3dv	2252	0x648734a8
_al_glSecondaryColor3dvEXT	2253	0x648728b8
_al_glSecondaryColor3f	2254	0x648734a4
_al_glSecondaryColor3fEXT	2255	0x648728b4
_al_glSecondaryColor3fv	2256	0x648734a0
_al_glSecondaryColor3fvEXT	2257	0x648728b0
_al_glSecondaryColor3hNV	2258	0x64872218
_al_glSecondaryColor3hvNV	2259	0x64872214
_al_glSecondaryColor3i	2260	0x6487349c
_al_glSecondaryColor3iEXT	2261	0x648728ac
_al_glSecondaryColor3iv	2262	0x64873498
_al_glSecondaryColor3ivEXT	2263	0x648728a8
_al_glSecondaryColor3s	2264	0x64873494
_al_glSecondaryColor3sEXT	2265	0x648728a4
_al_glSecondaryColor3sv	2266	0x64873490
_al_glSecondaryColor3svEXT	2267	0x648728a0
_al_glSecondaryColor3ub	2268	0x6487348c
_al_glSecondaryColor3ubEXT	2269	0x6487289c
_al_glSecondaryColor3ubv	2270	0x64873488
_al_glSecondaryColor3ubvEXT	2271	0x64872898
_al_glSecondaryColor3ui	2272	0x64873484
_al_glSecondaryColor3uiEXT	2273	0x64872894
_al_glSecondaryColor3uiv	2274	0x64873480
_al_glSecondaryColor3uivEXT	2275	0x64872890
_al_glSecondaryColor3us	2276	0x6487347c
_al_glSecondaryColor3usEXT	2277	0x6487288c
_al_glSecondaryColor3usv	2278	0x64873478
_al_glSecondaryColor3usvEXT	2279	0x64872888
_al_glSecondaryColorFormatNV	2280	0x6487199c
_al_glSecondaryColorP3ui	2281	0x64872c4c
_al_glSecondaryColorP3uiv	2282	0x64872c48
_al_glSecondaryColorPointer	2283	0x64873474
_al_glSecondaryColorPointerEXT	2284	0x64872884
_al_glSelectPerfMonitorCountersAMD	2285	0x64871a88
_al_glSeparableFilter2D	2286	0x648735c8
_al_glSeparableFilter2DEXT	2287	0x64872ab0
_al_glSetFenceAPPLE	2288	0x648722e0
_al_glSetFenceNV	2289	0x64872640
_al_glSetFragmentShaderConstantATI	2290	0x648724cc
_al_glSetInvariantEXT	2291	0x6487245c
_al_glSetLocalConstantEXT	2292	0x64872458
_al_glShaderOp1EXT	2293	0x6487247c
_al_glShaderOp2EXT	2294	0x64872478
_al_glShaderOp3EXT	2295	0x64872474
_al_glShaderSource	2296	0x648733c8
_al_glShaderSourceARB	2297	0x64872ebc
_al_glSharpenTexFuncSGIS	2298	0x64872a4c
_al_glSpriteParameterfSGIX	2299	0x64872a14
_al_glSpriteParameterfvSGIX	2300	0x64872a10
_al_glSpriteParameteriSGIX	2301	0x64872a0c
_al_glSpriteParameterivSGIX	2302	0x64872a08
_al_glStartInstrumentsSGIX	2303	0x648729e4
_al_glStencilClearTagEXT	2304	0x64871f54
_al_glStencilFuncSeparate	2305	0x64873270
_al_glStencilOpSeparate	2306	0x64873274
_al_glStopInstrumentsSGIX	2307	0x648729e0
_al_glStringMarkerGREMEDY	2308	0x64871f58
_al_glSwizzleEXT	2309	0x64872470
_al_glTagSampleBufferSGIX	2310	0x648729d8
_al_glTangent3bEXT	2311	0x64872860
_al_glTangent3bvEXT	2312	0x6487285c
_al_glTangent3dEXT	2313	0x64872858
_al_glTangent3dvEXT	2314	0x64872854
_al_glTangent3fEXT	2315	0x64872850
_al_glTangent3fvEXT	2316	0x6487284c
_al_glTangent3iEXT	2317	0x64872848
_al_glTangent3ivEXT	2318	0x64872844
_al_glTangent3sEXT	2319	0x64872840
_al_glTangent3svEXT	2320	0x6487283c
_al_glTangentPointerEXT	2321	0x64872810
_al_glTbufferMask3DFX	2322	0x6487266c
_al_glTessellationFactorAMD	2323	0x64871a78
_al_glTessellationModeAMD	2324	0x64871a74
_al_glTestFenceAPPLE	2325	0x648722d8
_al_glTestFenceNV	2326	0x6487264c
_al_glTestObjectAPPLE	2327	0x648722d0
_al_glTexBuffer	2328	0x64873164
_al_glTexBufferARB	2329	0x64872da8
_al_glTexBufferEXT	2330	0x64871e6c
_al_glTexBumpParameterfvATI	2331	0x6487250c
_al_glTexBumpParameterivATI	2332	0x64872510
_al_glTexCoord1bOES	2333	0x6487219c
_al_glTexCoord1bvOES	2334	0x6487218c
_al_glTexCoord1hNV	2335	0x64872260
_al_glTexCoord1hvNV	2336	0x6487225c
_al_glTexCoord1xOES	2337	0x6487213c
_al_glTexCoord1xvOES	2338	0x6487212c
_al_glTexCoord2bOES	2339	0x64872198
_al_glTexCoord2bvOES	2340	0x64872188
_al_glTexCoord2fColor3fVertex3fSUN	2341	0x64872788
_al_glTexCoord2fColor3fVertex3fvSUN	2342	0x64872784
_al_glTexCoord2fColor4fNormal3fVertex3fSUN	2343	0x64872778
_al_glTexCoord2fColor4fNormal3fVertex3fvSUN	2344	0x64872774
_al_glTexCoord2fColor4ubVertex3fSUN	2345	0x64872790
_al_glTexCoord2fColor4ubVertex3fvSUN	2346	0x6487278c
_al_glTexCoord2fNormal3fVertex3fSUN	2347	0x64872780
_al_glTexCoord2fNormal3fVertex3fvSUN	2348	0x6487277c
_al_glTexCoord2fVertex3fSUN	2349	0x648727a0
_al_glTexCoord2fVertex3fvSUN	2350	0x6487279c
_al_glTexCoord2hNV	2351	0x64872258
_al_glTexCoord2hvNV	2352	0x64872254
_al_glTexCoord2xOES	2353	0x64872138
_al_glTexCoord2xvOES	2354	0x64872128
_al_glTexCoord3bOES	2355	0x64872194
_al_glTexCoord3bvOES	2356	0x64872184
_al_glTexCoord3hNV	2357	0x64872250
_al_glTexCoord3hvNV	2358	0x6487224c
_al_glTexCoord3xOES	2359	0x64872134
_al_glTexCoord3xvOES	2360	0x64872124
_al_glTexCoord4bOES	2361	0x64872190
_al_glTexCoord4bvOES	2362	0x64872180
_al_glTexCoord4fColor4fNormal3fVertex4fSUN	2363	0x64872770
_al_glTexCoord4fColor4fNormal3fVertex4fvSUN	2364	0x6487276c
_al_glTexCoord4fVertex4fSUN	2365	0x64872798
_al_glTexCoord4fVertex4fvSUN	2366	0x64872794
_al_glTexCoord4hNV	2367	0x64872248
_al_glTexCoord4hvNV	2368	0x64872244
_al_glTexCoord4xOES	2369	0x64872130
_al_glTexCoord4xvOES	2370	0x64872120
_al_glTexCoordFormatNV	2371	0x648719a4
_al_glTexCoordP1ui	2372	0x64872ca4
_al_glTexCoordP1uiv	2373	0x64872ca0
_al_glTexCoordP2ui	2374	0x64872c9c
_al_glTexCoordP2uiv	2375	0x64872c98
_al_glTexCoordP3ui	2376	0x64872c94
_al_glTexCoordP3uiv	2377	0x64872c90
_al_glTexCoordP4ui	2378	0x64872c8c
_al_glTexCoordP4uiv	2379	0x64872c88
_al_glTexCoordPointerEXT	2380	0x64872a20
_al_glTexCoordPointervINTEL	2381	0x648728d8
_al_glTexEnvxOES	2382	0x64872020
_al_glTexEnvxvOES	2383	0x6487201c
_al_glTexFilterFuncSGIS	2384	0x64872b28
_al_glTexGenxOES	2385	0x648720b4
_al_glTexGenxvOES	2386	0x648720b0
_al_glTexImage2DMultisample	2387	0x64872d44
_al_glTexImage3D	2388	0x64873604
_al_glTexImage3DEXT	2389	0x64872b34
_al_glTexImage3DMultisample	2390	0x64872d40
_al_glTexImage4DSGIS	2391	0x64872a74
_al_glTexParameterIiv	2392	0x64873190
_al_glTexParameterIuiv	2393	0x6487318c
_al_glTexParameterxOES	2394	0x64872034
_al_glTexParameterxvOES	2395	0x64872030
_al_glTexRenderbufferNV	2396	0x64871ac4
_al_glTexSubImage1DEXT	2397	0x64872b24
_al_glTexSubImage2DEXT	2398	0x64872b20
_al_glTexSubImage3D	2399	0x64873600
_al_glTexSubImage3DEXT	2400	0x64872b30
_al_glTexSubImage4DSGIS	2401	0x64872a70
_al_glTextureBarrierNV	2402	0x64871988
_al_glTextureBufferEXT	2403	0x64871b28
_al_glTextureColorMaskSGIS	2404	0x64872660
_al_glTextureImage1DEXT	2405	0x64871d50
_al_glTextureImage2DEXT	2406	0x64871d4c
_al_glTextureImage3DEXT	2407	0x64871d1c
_al_glTextureLightEXT	2408	0x64872904
_al_glTextureMaterialEXT	2409	0x64872900
_al_glTextureNormalEXT	2410	0x64872880
_al_glTextureParameterIivEXT	2411	0x64871be8
_al_glTextureParameterIuivEXT	2412	0x64871be4
_al_glTextureParameterfEXT	2413	0x64871d60
_al_glTextureParameterfvEXT	2414	0x64871d5c
_al_glTextureParameteriEXT	2415	0x64871d58
_al_glTextureParameterivEXT	2416	0x64871d54
_al_glTextureRangeAPPLE	2417	0x64871a5c
_al_glTextureRenderbufferEXT	2418	0x64871ad4
_al_glTextureSubImage1DEXT	2419	0x64871d48
_al_glTextureSubImage2DEXT	2420	0x64871d44
_al_glTextureSubImage3DEXT	2421	0x64871d18
_al_glTrackMatrixNV	2422	0x648725b4
_al_glTransformFeedbackAttribsNV	2423	0x64871dfc
_al_glTransformFeedbackVaryings	2424	0x6487322c
_al_glTransformFeedbackVaryingsEXT	2425	0x64871dbc
_al_glTransformFeedbackVaryingsNV	2426	0x64871df8
_al_glTranslatexOES	2427	0x648720c0
_al_glUniform1d	2428	0x64872c1c
_al_glUniform1dv	2429	0x64872c0c
_al_glUniform1f	2430	0x648733ac
_al_glUniform1fARB	2431	0x64872ea0
_al_glUniform1fv	2432	0x6487338c
_al_glUniform1fvARB	2433	0x64872e80
_al_glUniform1i	2434	0x6487339c
_al_glUniform1iARB	2435	0x64872e90
_al_glUniform1iv	2436	0x6487337c
_al_glUniform1ivARB	2437	0x64872e70
_al_glUniform1ui	2438	0x648731b0
_al_glUniform1uiEXT	2439	0x64871e9c
_al_glUniform1uiv	2440	0x648731a0
_al_glUniform1uivEXT	2441	0x64871e8c
_al_glUniform2d	2442	0x64872c18
_al_glUniform2dv	2443	0x64872c08
_al_glUniform2f	2444	0x648733a8
_al_glUniform2fARB	2445	0x64872e9c
_al_glUniform2fv	2446	0x64873388
_al_glUniform2fvARB	2447	0x64872e7c
_al_glUniform2i	2448	0x64873398
_al_glUniform2iARB	2449	0x64872e8c
_al_glUniform2iv	2450	0x64873378
_al_glUniform2ivARB	2451	0x64872e6c
_al_glUniform2ui	2452	0x648731ac
_al_glUniform2uiEXT	2453	0x64871e98
_al_glUniform2uiv	2454	0x6487319c
_al_glUniform2uivEXT	2455	0x64871e88
_al_glUniform3d	2456	0x64872c14
_al_glUniform3dv	2457	0x64872c04
_al_glUniform3f	2458	0x648733a4
_al_glUniform3fARB	2459	0x64872e98
_al_glUniform3fv	2460	0x64873384
_al_glUniform3fvARB	2461	0x64872e78
_al_glUniform3i	2462	0x64873394
_al_glUniform3iARB	2463	0x64872e88
_al_glUniform3iv	2464	0x64873374
_al_glUniform3ivARB	2465	0x64872e68
_al_glUniform3ui	2466	0x648731a8
_al_glUniform3uiEXT	2467	0x64871e94
_al_glUniform3uiv	2468	0x64873198
_al_glUniform3uivEXT	2469	0x64871e84
_al_glUniform4d	2470	0x64872c10
_al_glUniform4dv	2471	0x64872c00
_al_glUniform4f	2472	0x648733a0
_al_glUniform4fARB	2473	0x64872e94
_al_glUniform4fv	2474	0x64873380
_al_glUniform4fvARB	2475	0x64872e74
_al_glUniform4i	2476	0x64873390
_al_glUniform4iARB	2477	0x64872e84
_al_glUniform4iv	2478	0x64873370
_al_glUniform4ivARB	2479	0x64872e64
_al_glUniform4ui	2480	0x648731a4
_al_glUniform4uiEXT	2481	0x64871e90
_al_glUniform4uiv	2482	0x64873194
_al_glUniform4uivEXT	2483	0x64871e80
_al_glUniformBlockBinding	2484	0x64872d7c
_al_glUniformBufferEXT	2485	0x64871f30
_al_glUniformMatrix2dv	2486	0x64872bfc
_al_glUniformMatrix2fv	2487	0x6487336c
_al_glUniformMatrix2fvARB	2488	0x64872e60
_al_glUniformMatrix2x3dv	2489	0x64872bf0
_al_glUniformMatrix2x3fv	2490	0x6487326c
_al_glUniformMatrix2x4dv	2491	0x64872bec
_al_glUniformMatrix2x4fv	2492	0x64873264
_al_glUniformMatrix3dv	2493	0x64872bf8
_al_glUniformMatrix3fv	2494	0x64873368
_al_glUniformMatrix3fvARB	2495	0x64872e5c
_al_glUniformMatrix3x2dv	2496	0x64872be8
_al_glUniformMatrix3x2fv	2497	0x64873268
_al_glUniformMatrix3x4dv	2498	0x64872be4
_al_glUniformMatrix3x4fv	2499	0x6487325c
_al_glUniformMatrix4dv	2500	0x64872bf4
_al_glUniformMatrix4fv	2501	0x64873364
_al_glUniformMatrix4fvARB	2502	0x64872e58
_al_glUniformMatrix4x2dv	2503	0x64872be0
_al_glUniformMatrix4x2fv	2504	0x64873260
_al_glUniformMatrix4x3dv	2505	0x64872bdc
_al_glUniformMatrix4x3fv	2506	0x64873258
_al_glUniformSubroutinesuiv	2507	0x64872b7c
_al_glUniformui64NV	2508	0x648719cc
_al_glUniformui64vNV	2509	0x648719c8
_al_glUnlockArraysEXT	2510	0x64872960
_al_glUnmapBuffer	2511	0x64873410
_al_glUnmapBufferARB	2512	0x64872ef8
_al_glUnmapNamedBufferEXT	2513	0x64871b38
_al_glUnmapObjectBufferATI	2514	0x648721c4
_al_glUpdateObjectBufferATI	2515	0x648724b8
_al_glUseProgram	2516	0x648733b4
_al_glUseProgramObjectARB	2517	0x64872ea8
_al_glUseShaderProgramEXT	2518	0x648719fc
_al_glValidateProgram	2519	0x648733b0
_al_glValidateProgramARB	2520	0x64872ea4
_al_glVariantArrayObjectATI	2521	0x6487249c
_al_glVariantPointerEXT	2522	0x64872434
_al_glVariantbvEXT	2523	0x64872454
_al_glVariantdvEXT	2524	0x64872444
_al_glVariantfvEXT	2525	0x64872448
_al_glVariantivEXT	2526	0x6487244c
_al_glVariantsvEXT	2527	0x64872450
_al_glVariantubvEXT	2528	0x64872440
_al_glVariantuivEXT	2529	0x64872438
_al_glVariantusvEXT	2530	0x6487243c
_al_glVertex2bOES	2531	0x648721b4
_al_glVertex2bvOES	2532	0x648721a8
_al_glVertex2hNV	2533	0x64872290
_al_glVertex2hvNV	2534	0x6487228c
_al_glVertex2xOES	2535	0x6487215c
_al_glVertex2xvOES	2536	0x64872150
_al_glVertex3bOES	2537	0x648721b0
_al_glVertex3bvOES	2538	0x648721a4
_al_glVertex3hNV	2539	0x64872288
_al_glVertex3hvNV	2540	0x64872284
_al_glVertex3xOES	2541	0x64872158
_al_glVertex3xvOES	2542	0x6487214c
_al_glVertex4bOES	2543	0x648721ac
_al_glVertex4bvOES	2544	0x648721a0
_al_glVertex4hNV	2545	0x64872280
_al_glVertex4hvNV	2546	0x6487227c
_al_glVertex4xOES	2547	0x64872154
_al_glVertex4xvOES	2548	0x64872148
_al_glVertexArrayParameteriAPPLE	2549	0x648722b0
_al_glVertexArrayRangeAPPLE	2550	0x648722b8
_al_glVertexArrayRangeNV	2551	0x64872710
_al_glVertexAttrib1d	2552	0x64873328
_al_glVertexAttrib1dARB	2553	0x64873010
_al_glVertexAttrib1dNV	2554	0x648725ac
_al_glVertexAttrib1dv	2555	0x648732f4
_al_glVertexAttrib1dvARB	2556	0x6487300c
_al_glVertexAttrib1dvNV	2557	0x648725a8
_al_glVertexAttrib1f	2558	0x64873330
_al_glVertexAttrib1fARB	2559	0x64873008
_al_glVertexAttrib1fNV	2560	0x648725a4
_al_glVertexAttrib1fv	2561	0x648732fc
_al_glVertexAttrib1fvARB	2562	0x64873004
_al_glVertexAttrib1fvNV	2563	0x648725a0
_al_glVertexAttrib1hNV	2564	0x64872208
_al_glVertexAttrib1hvNV	2565	0x64872204
_al_glVertexAttrib1s	2566	0x6487332c
_al_glVertexAttrib1sARB	2567	0x64873000
_al_glVertexAttrib1sNV	2568	0x6487259c
_al_glVertexAttrib1sv	2569	0x648732f8
_al_glVertexAttrib1svARB	2570	0x64872ffc
_al_glVertexAttrib1svNV	2571	0x64872598
_al_glVertexAttrib2d	2572	0x6487331c
_al_glVertexAttrib2dARB	2573	0x64872ff8
_al_glVertexAttrib2dNV	2574	0x64872594
_al_glVertexAttrib2dv	2575	0x648732e8
_al_glVertexAttrib2dvARB	2576	0x64872ff4
_al_glVertexAttrib2dvNV	2577	0x64872590
_al_glVertexAttrib2f	2578	0x64873324
_al_glVertexAttrib2fARB	2579	0x64872ff0
_al_glVertexAttrib2fNV	2580	0x6487258c
_al_glVertexAttrib2fv	2581	0x648732f0
_al_glVertexAttrib2fvARB	2582	0x64872fec
_al_glVertexAttrib2fvNV	2583	0x64872588
_al_glVertexAttrib2hNV	2584	0x64872200
_al_glVertexAttrib2hvNV	2585	0x648721fc
_al_glVertexAttrib2s	2586	0x64873320
_al_glVertexAttrib2sARB	2587	0x64872fe8
_al_glVertexAttrib2sNV	2588	0x64872584
_al_glVertexAttrib2sv	2589	0x648732ec
_al_glVertexAttrib2svARB	2590	0x64872fe4
_al_glVertexAttrib2svNV	2591	0x64872580
_al_glVertexAttrib3d	2592	0x64873310
_al_glVertexAttrib3dARB	2593	0x64872fe0
_al_glVertexAttrib3dNV	2594	0x6487257c
_al_glVertexAttrib3dv	2595	0x648732dc
_al_glVertexAttrib3dvARB	2596	0x64872fdc
_al_glVertexAttrib3dvNV	2597	0x64872578
_al_glVertexAttrib3f	2598	0x64873318
_al_glVertexAttrib3fARB	2599	0x64872fd8
_al_glVertexAttrib3fNV	2600	0x64872574
_al_glVertexAttrib3fv	2601	0x648732e4
_al_glVertexAttrib3fvARB	2602	0x64872fd4
_al_glVertexAttrib3fvNV	2603	0x64872570
_al_glVertexAttrib3hNV	2604	0x648721f8
_al_glVertexAttrib3hvNV	2605	0x648721f4
_al_glVertexAttrib3s	2606	0x64873314
_al_glVertexAttrib3sARB	2607	0x64872fd0
_al_glVertexAttrib3sNV	2608	0x6487256c
_al_glVertexAttrib3sv	2609	0x648732e0
_al_glVertexAttrib3svARB	2610	0x64872fcc
_al_glVertexAttrib3svNV	2611	0x64872568
_al_glVertexAttrib4Nbv	2612	0x648732b8
_al_glVertexAttrib4NbvARB	2613	0x64872fc8
_al_glVertexAttrib4Niv	2614	0x648732b0
_al_glVertexAttrib4NivARB	2615	0x64872fc4
_al_glVertexAttrib4Nsv	2616	0x648732b4
_al_glVertexAttrib4NsvARB	2617	0x64872fc0
_al_glVertexAttrib4Nub	2618	0x64873300
_al_glVertexAttrib4NubARB	2619	0x64872fbc
_al_glVertexAttrib4Nubv	2620	0x648732ac
_al_glVertexAttrib4NubvARB	2621	0x64872fb8
_al_glVertexAttrib4Nuiv	2622	0x648732a4
_al_glVertexAttrib4NuivARB	2623	0x64872fb4
_al_glVertexAttrib4Nusv	2624	0x648732a8
_al_glVertexAttrib4NusvARB	2625	0x64872fb0
_al_glVertexAttrib4bv	2626	0x648732c8
_al_glVertexAttrib4bvARB	2627	0x64872fac
_al_glVertexAttrib4d	2628	0x64873304
_al_glVertexAttrib4dARB	2629	0x64872fa8
_al_glVertexAttrib4dNV	2630	0x64872564
_al_glVertexAttrib4dv	2631	0x648732d0
_al_glVertexAttrib4dvARB	2632	0x64872fa4
_al_glVertexAttrib4dvNV	2633	0x64872560
_al_glVertexAttrib4f	2634	0x6487330c
_al_glVertexAttrib4fARB	2635	0x64872fa0
_al_glVertexAttrib4fNV	2636	0x6487255c
_al_glVertexAttrib4fv	2637	0x648732d8
_al_glVertexAttrib4fvARB	2638	0x64872f9c
_al_glVertexAttrib4fvNV	2639	0x64872558
_al_glVertexAttrib4hNV	2640	0x648721f0
_al_glVertexAttrib4hvNV	2641	0x648721ec
_al_glVertexAttrib4iv	2642	0x648732cc
_al_glVertexAttrib4ivARB	2643	0x64872f98
_al_glVertexAttrib4s	2644	0x64873308
_al_glVertexAttrib4sARB	2645	0x64872f94
_al_glVertexAttrib4sNV	2646	0x64872554
_al_glVertexAttrib4sv	2647	0x648732d4
_al_glVertexAttrib4svARB	2648	0x64872f90
_al_glVertexAttrib4svNV	2649	0x64872550
_al_glVertexAttrib4ubNV	2650	0x6487254c
_al_glVertexAttrib4ubv	2651	0x648732c4
_al_glVertexAttrib4ubvARB	2652	0x64872f8c
_al_glVertexAttrib4ubvNV	2653	0x64872548
_al_glVertexAttrib4uiv	2654	0x648732bc
_al_glVertexAttrib4uivARB	2655	0x64872f88
_al_glVertexAttrib4usv	2656	0x648732c0
_al_glVertexAttrib4usvARB	2657	0x64872f84
_al_glVertexAttribArrayObjectATI	2658	0x648721c0
_al_glVertexAttribDivisor	2659	0x64872db4
_al_glVertexAttribFormatNV	2660	0x64871994
_al_glVertexAttribI1i	2661	0x64873218
_al_glVertexAttribI1iEXT	2662	0x64871ef8
_al_glVertexAttribI1iv	2663	0x648731f8
_al_glVertexAttribI1ivEXT	2664	0x64871ed8
_al_glVertexAttribI1ui	2665	0x64873208
_al_glVertexAttribI1uiEXT	2666	0x64871ee8
_al_glVertexAttribI1uiv	2667	0x648731e8
_al_glVertexAttribI1uivEXT	2668	0x64871ec8
_al_glVertexAttribI2i	2669	0x64873214
_al_glVertexAttribI2iEXT	2670	0x64871ef4
_al_glVertexAttribI2iv	2671	0x648731f4
_al_glVertexAttribI2ivEXT	2672	0x64871ed4
_al_glVertexAttribI2ui	2673	0x64873204
_al_glVertexAttribI2uiEXT	2674	0x64871ee4
_al_glVertexAttribI2uiv	2675	0x648731e4
_al_glVertexAttribI2uivEXT	2676	0x64871ec4
_al_glVertexAttribI3i	2677	0x64873210
_al_glVertexAttribI3iEXT	2678	0x64871ef0
_al_glVertexAttribI3iv	2679	0x648731f0
_al_glVertexAttribI3ivEXT	2680	0x64871ed0
_al_glVertexAttribI3ui	2681	0x64873200
_al_glVertexAttribI3uiEXT	2682	0x64871ee0
_al_glVertexAttribI3uiv	2683	0x648731e0
_al_glVertexAttribI3uivEXT	2684	0x64871ec0
_al_glVertexAttribI4bv	2685	0x648731d8
_al_glVertexAttribI4bvEXT	2686	0x64871eb8
_al_glVertexAttribI4i	2687	0x6487320c
_al_glVertexAttribI4iEXT	2688	0x64871eec
_al_glVertexAttribI4iv	2689	0x648731ec
_al_glVertexAttribI4ivEXT	2690	0x64871ecc
_al_glVertexAttribI4sv	2691	0x648731d4
_al_glVertexAttribI4svEXT	2692	0x64871eb4
_al_glVertexAttribI4ubv	2693	0x648731d0
_al_glVertexAttribI4ubvEXT	2694	0x64871eb0
_al_glVertexAttribI4ui	2695	0x648731fc
_al_glVertexAttribI4uiEXT	2696	0x64871edc
_al_glVertexAttribI4uiv	2697	0x648731dc
_al_glVertexAttribI4uivEXT	2698	0x64871ebc
_al_glVertexAttribI4usv	2699	0x648731cc
_al_glVertexAttribI4usvEXT	2700	0x64871eac
_al_glVertexAttribIFormatNV	2701	0x64871990
_al_glVertexAttribIPointer	2702	0x648731c8
_al_glVertexAttribIPointerEXT	2703	0x64871ea8
_al_glVertexAttribP1ui	2704	0x64872c44
_al_glVertexAttribP1uiv	2705	0x64872c40
_al_glVertexAttribP2ui	2706	0x64872c3c
_al_glVertexAttribP2uiv	2707	0x64872c38
_al_glVertexAttribP3ui	2708	0x64872c34
_al_glVertexAttribP3uiv	2709	0x64872c30
_al_glVertexAttribP4ui	2710	0x64872c2c
_al_glVertexAttribP4uiv	2711	0x64872c28
_al_glVertexAttribPointer	2712	0x648732a0
_al_glVertexAttribPointerARB	2713	0x64872f80
_al_glVertexAttribPointerNV	2714	0x648725b0
_al_glVertexAttribs1dvNV	2715	0x64872544
_al_glVertexAttribs1fvNV	2716	0x64872540
_al_glVertexAttribs1hvNV	2717	0x648721e8
_al_glVertexAttribs1svNV	2718	0x6487253c
_al_glVertexAttribs2dvNV	2719	0x64872538
_al_glVertexAttribs2fvNV	2720	0x64872534
_al_glVertexAttribs2hvNV	2721	0x648721e4
_al_glVertexAttribs2svNV	2722	0x64872530
_al_glVertexAttribs3dvNV	2723	0x6487252c
_al_glVertexAttribs3fvNV	2724	0x64872528
_al_glVertexAttribs3hvNV	2725	0x648721e0
_al_glVertexAttribs3svNV	2726	0x64872524
_al_glVertexAttribs4dvNV	2727	0x64872520
_al_glVertexAttribs4fvNV	2728	0x6487251c
_al_glVertexAttribs4hvNV	2729	0x648721dc
_al_glVertexAttribs4svNV	2730	0x64872518
_al_glVertexAttribs4ubvNV	2731	0x64872514
_al_glVertexBlendARB	2732	0x64873068
_al_glVertexBlendEnvfATI	2733	0x64872338
_al_glVertexBlendEnviATI	2734	0x6487233c
_al_glVertexFormatNV	2735	0x648719b4
_al_glVertexP2ui	2736	0x64872cbc
_al_glVertexP2uiv	2737	0x64872cb8
_al_glVertexP3ui	2738	0x64872cb4
_al_glVertexP3uiv	2739	0x64872cb0
_al_glVertexP4ui	2740	0x64872cac
_al_glVertexP4uiv	2741	0x64872ca8
_al_glVertexPointerEXT	2742	0x64872a1c
_al_glVertexPointervINTEL	2743	0x648728e4
_al_glVertexStream1dATI	2744	0x648723d0
_al_glVertexStream1dvATI	2745	0x648723cc
_al_glVertexStream1fATI	2746	0x648723d8
_al_glVertexStream1fvATI	2747	0x648723d4
_al_glVertexStream1iATI	2748	0x648723e0
_al_glVertexStream1ivATI	2749	0x648723dc
_al_glVertexStream1sATI	2750	0x648723e8
_al_glVertexStream1svATI	2751	0x648723e4
_al_glVertexStream2dATI	2752	0x648723b0
_al_glVertexStream2dvATI	2753	0x648723ac
_al_glVertexStream2fATI	2754	0x648723b8
_al_glVertexStream2fvATI	2755	0x648723b4
_al_glVertexStream2iATI	2756	0x648723c0
_al_glVertexStream2ivATI	2757	0x648723bc
_al_glVertexStream2sATI	2758	0x648723c8
_al_glVertexStream2svATI	2759	0x648723c4
_al_glVertexStream3dATI	2760	0x64872390
_al_glVertexStream3dvATI	2761	0x6487238c
_al_glVertexStream3fATI	2762	0x64872398
_al_glVertexStream3fvATI	2763	0x64872394
_al_glVertexStream3iATI	2764	0x648723a0
_al_glVertexStream3ivATI	2765	0x6487239c
_al_glVertexStream3sATI	2766	0x648723a8
_al_glVertexStream3svATI	2767	0x648723a4
_al_glVertexStream4dATI	2768	0x64872370
_al_glVertexStream4dvATI	2769	0x6487236c
_al_glVertexStream4fATI	2770	0x64872378
_al_glVertexStream4fvATI	2771	0x64872374
_al_glVertexStream4iATI	2772	0x64872380
_al_glVertexStream4ivATI	2773	0x6487237c
_al_glVertexStream4sATI	2774	0x64872388
_al_glVertexStream4svATI	2775	0x64872384
_al_glVertexWeightPointerEXT	2776	0x64872718
_al_glVertexWeightfEXT	2777	0x64872720
_al_glVertexWeightfvEXT	2778	0x6487271c
_al_glVertexWeighthNV	2779	0x64872210
_al_glVertexWeighthvNV	2780	0x6487220c
_al_glVideoCaptureNV	2781	0x64871a0c
_al_glVideoCaptureStreamParameterdvNV	2782	0x64871a00
_al_glVideoCaptureStreamParameterfvNV	2783	0x64871a04
_al_glVideoCaptureStreamParameterivNV	2784	0x64871a08
_al_glWaitSync	2785	0x64872d50
_al_glWeightPointerARB	2786	0x6487306c
_al_glWeightbvARB	2787	0x6487308c
_al_glWeightdvARB	2788	0x6487307c
_al_glWeightfvARB	2789	0x64873080
_al_glWeightivARB	2790	0x64873084
_al_glWeightsvARB	2791	0x64873088
_al_glWeightubvARB	2792	0x64873078
_al_glWeightuivARB	2793	0x64873070
_al_glWeightusvARB	2794	0x64873074
_al_glWindowPos2d	2795	0x64873470
_al_glWindowPos2dARB	2796	0x64873050
_al_glWindowPos2dMESA	2797	0x648726d4
_al_glWindowPos2dv	2798	0x6487346c
_al_glWindowPos2dvARB	2799	0x6487304c
_al_glWindowPos2dvMESA	2800	0x648726d0
_al_glWindowPos2f	2801	0x64873468
_al_glWindowPos2fARB	2802	0x64873048
_al_glWindowPos2fMESA	2803	0x648726cc
_al_glWindowPos2fv	2804	0x64873464
_al_glWindowPos2fvARB	2805	0x64873044
_al_glWindowPos2fvMESA	2806	0x648726c8
_al_glWindowPos2i	2807	0x64873460
_al_glWindowPos2iARB	2808	0x64873040
_al_glWindowPos2iMESA	2809	0x648726c4
_al_glWindowPos2iv	2810	0x6487345c
_al_glWindowPos2ivARB	2811	0x6487303c
_al_glWindowPos2ivMESA	2812	0x648726c0
_al_glWindowPos2s	2813	0x64873458
_al_glWindowPos2sARB	2814	0x64873038
_al_glWindowPos2sMESA	2815	0x648726bc
_al_glWindowPos2sv	2816	0x64873454
_al_glWindowPos2svARB	2817	0x64873034
_al_glWindowPos2svMESA	2818	0x648726b8
_al_glWindowPos3d	2819	0x64873450
_al_glWindowPos3dARB	2820	0x64873030
_al_glWindowPos3dMESA	2821	0x648726b4
_al_glWindowPos3dv	2822	0x6487344c
_al_glWindowPos3dvARB	2823	0x6487302c
_al_glWindowPos3dvMESA	2824	0x648726b0
_al_glWindowPos3f	2825	0x64873448
_al_glWindowPos3fARB	2826	0x64873028
_al_glWindowPos3fMESA	2827	0x648726ac
_al_glWindowPos3fv	2828	0x64873444
_al_glWindowPos3fvARB	2829	0x64873024
_al_glWindowPos3fvMESA	2830	0x648726a8
_al_glWindowPos3i	2831	0x64873440
_al_glWindowPos3iARB	2832	0x64873020
_al_glWindowPos3iMESA	2833	0x648726a4
_al_glWindowPos3iv	2834	0x6487343c
_al_glWindowPos3ivARB	2835	0x6487301c
_al_glWindowPos3ivMESA	2836	0x648726a0
_al_glWindowPos3s	2837	0x64873438
_al_glWindowPos3sARB	2838	0x64873018
_al_glWindowPos3sMESA	2839	0x6487269c
_al_glWindowPos3sv	2840	0x64873434
_al_glWindowPos3svARB	2841	0x64873014
_al_glWindowPos3svMESA	2842	0x64872698
_al_glWindowPos4dMESA	2843	0x64872694
_al_glWindowPos4dvMESA	2844	0x64872690
_al_glWindowPos4fMESA	2845	0x6487268c
_al_glWindowPos4fvMESA	2846	0x64872688
_al_glWindowPos4iMESA	2847	0x64872684
_al_glWindowPos4ivMESA	2848	0x64872680
_al_glWindowPos4sMESA	2849	0x6487267c
_al_glWindowPos4svMESA	2850	0x64872678
_al_glWriteMaskEXT	2851	0x6487246c
_al_import_symbol	2852	0x64623d8c
_al_init_d3d_driver	2853	0x645de3f0
_al_init_destructors	2854	0x645fe274
_al_init_events	2855	0x645fe838
_al_init_gdiplus	2856	0x645d20d0
_al_init_iio_table	2857	0x645e3a0c
_al_init_native_dialog_addon	2858	0x645d4b38
_al_init_pixels	2859	0x6462332c
_al_init_timers	2860	0x646245c0
_al_joydrv_directx	2861	0x647dd260
_al_joystick_driver_list	2862	0x647dd200
_al_kcm_destroy_sample	2863	0x645c6438
_al_kcm_detach_from_parent	2864	0x645c61a0
_al_kcm_driver	2865	0x648710e0
_al_kcm_dsound_driver	2866	0x647da020
_al_kcm_emit_stream_events	2867	0x645cbb58
_al_kcm_feed_stream	2868	0x645cb7a0
_al_kcm_foreach_destructor	2869	0x645c5eac
_al_kcm_get_silence	2870	0x645c47e8
_al_kcm_init_destructors	2871	0x645c5e1c
_al_kcm_mixer_read	2872	0x645c93d0
_al_kcm_mixer_rejig_sample_matrix	2873	0x645c9968
_al_kcm_openal_driver	2874	0x647da080
_al_kcm_refill_stream	2875	0x645cb688
_al_kcm_register_destructor	2876	0x645c5e6c
_al_kcm_set_voice_playing	2877	0x645cc6cc
_al_kcm_shutdown_default_mixer	2878	0x645cac6c
_al_kcm_shutdown_destructors	2879	0x645c5e3c
_al_kcm_stream_set_mutex	2880	0x645c6134
_al_kcm_unregister_destructor	2881	0x645c5e90
_al_key_led_flag	2882	0x647dbb4c
_al_keyboard_common_names	2883	0x647db7c0
_al_keyboard_driver_list	2884	0x647dd2a0
_al_line_2d	2885	0x645dc920
_al_list_at	2886	0x6460ae34
_al_list_back	2887	0x6460ae9c
_al_list_clear	2888	0x6460abf8
_al_list_contains	2889	0x6460ad5c
_al_list_create	2890	0x6460a4c4
_al_list_create_static	2891	0x6460a548
_al_list_destroy	2892	0x6460a5fc
_al_list_erase	2893	0x6460ab80
_al_list_find_after	2894	0x6460add4
_al_list_find_before	2895	0x6460ae00
_al_list_find_first	2896	0x6460ad84
_al_list_find_last	2897	0x6460adac
_al_list_front	2898	0x6460ae84
_al_list_get_dtor	2899	0x6460a6d8
_al_list_get_user_data	2900	0x6460af3c
_al_list_insert_after	2901	0x6460a9b0
_al_list_insert_after_ex	2902	0x6460aa24
_al_list_insert_before	2903	0x6460aa98
_al_list_insert_before_ex	2904	0x6460ab0c
_al_list_is_empty	2905	0x6460ad4c
_al_list_item_data	2906	0x6460af14
_al_list_item_get_dtor	2907	0x6460af28
_al_list_item_set_dtor	2908	0x6460af1c
_al_list_next	2909	0x6460aeb4
_al_list_next_circular	2910	0x6460aedc
_al_list_pop_back	2911	0x6460a928
_al_list_pop_front	2912	0x6460a8a0
_al_list_previous	2913	0x6460aec8
_al_list_previous_circular	2914	0x6460aef8
_al_list_push_back	2915	0x6460a7c0
_al_list_push_back_ex	2916	0x6460a830
_al_list_push_front	2917	0x6460a6e0
_al_list_push_front_ex	2918	0x6460a750
_al_list_remove	2919	0x6460ac90
_al_list_set_dtor	2920	0x6460a6cc
_al_list_set_user_data	2921	0x6460af30
_al_list_size	2922	0x6460ae2c
_al_load_bitmap_font	2923	0x645cf064
_al_load_bmp	2924	0x645d1674
_al_load_bmp_f	2925	0x645d00c0
_al_load_flac	2926	0x645c1f3c
_al_load_flac_audio_stream	2927	0x645c20d8
_al_load_flac_audio_stream_f	2928	0x645c1f7c
_al_load_flac_f	2929	0x645c1de4
_al_load_gdiplus_bitmap	2930	0x645d1bec
_al_load_gdiplus_bitmap_f	2931	0x645d1840
_al_load_it_audio_stream	2932	0x645c2808
_al_load_it_audio_stream_f	2933	0x645c2d9c
_al_load_mod_audio_stream	2934	0x645c2698
_al_load_mod_audio_stream_f	2935	0x645c2c58
_al_load_ogg_vorbis	2936	0x645c3688
_al_load_ogg_vorbis_audio_stream	2937	0x645c3904
_al_load_ogg_vorbis_audio_stream_f	2938	0x645c36c8
_al_load_ogg_vorbis_f	2939	0x645c348c
_al_load_pcx	2940	0x645d2ca0
_al_load_pcx_f	2941	0x645d23c8
_al_load_s3m_audio_stream	2942	0x645c2ae8
_al_load_s3m_audio_stream_f	2943	0x645c3024
_al_load_tga	2944	0x645d3d90
_al_load_tga_f	2945	0x645d2d2c
_al_load_wav	2946	0x645c4074
_al_load_wav_audio_stream	2947	0x645c41e0
_al_load_wav_audio_stream_f	2948	0x645c40b4
_al_load_wav_f	2949	0x645c3f24
_al_load_xm_audio_stream	2950	0x645c2978
_al_load_xm_audio_stream_f	2951	0x645c2ee0
_al_mouse_driver_list	2952	0x647dd300
_al_mutex_destroy	2953	0x6466c4fc
_al_mutex_init	2954	0x6466c464
_al_mutex_init_recursive	2955	0x6466c4b0
_al_mutex_lock	2956	0x64601da4
_al_mutex_unlock	2957	0x64601dc0
_al_ogl_add_drawing_functions	2958	0x64622700
_al_ogl_create_backbuffer	2959	0x64621f00
_al_ogl_create_bitmap	2960	0x646211d8
_al_ogl_create_persistent_fbo	2961	0x646215ac
_al_ogl_create_sub_bitmap	2962	0x64621368
_al_ogl_destroy_backbuffer	2963	0x646220ec
_al_ogl_get_backbuffer	2964	0x64621e94
_al_ogl_look_for_an_extension	2965	0x646118d4
_al_ogl_manage_extensions	2966	0x646119c0
_al_ogl_persist_fbo	2967	0x64621770
_al_ogl_reset_fbo_info	2968	0x6462158c
_al_ogl_resize_backbuffer	2969	0x64621ea4
_al_ogl_set_extensions	2970	0x6460bdf0
_al_ogl_set_target_bitmap	2971	0x64621954
_al_ogl_setup_bitmap_clipping	2972	0x6462187c
_al_ogl_setup_gl	2973	0x64621fc0
_al_ogl_unmanage_extensions	2974	0x6461ffa0
_al_open_library	2975	0x64623d78
_al_open_native_text_log	2976	0x645d52f0
_al_opengl_set_blender	2977	0x64622480
_al_parse_key_binding	2978	0x64602158
_al_pixel_format_has_alpha	2979	0x64623498
_al_pixel_format_is_real	2980	0x646234a4
_al_pixel_format_name	2981	0x64623628
_al_pixel_format_to_d3d	2982	0x6465eda8
_al_point_2d	2983	0x645dcc48
_al_pop_destructor_owner	2984	0x645fe2d8
_al_push_destructor_owner	2985	0x645fe2c8
_al_put_pixel	2986	0x645e4e00
_al_rand	2987	0x64602438
_al_register_destructor	2988	0x645fe3a4
_al_register_system_interfaces	2989	0x64669250
_al_remove_exit_func	2990	0x645ff394
_al_rgb_scale_1	2991	0x648789e0
_al_rgb_scale_4	2992	0x648789a0
_al_rgb_scale_5	2993	0x64878920
_al_rgb_scale_6	2994	0x64878a00
_al_run_destructors	2995	0x645fe2e8
_al_run_exit_funcs	2996	0x645ff3f8
_al_sane_realloc	2997	0x64602338
_al_sane_strncpy	2998	0x646023fc
_al_save_bmp	2999	0x645d16b4
_al_save_bmp_f	3000	0x645d1444
_al_save_gdiplus_bitmap	3001	0x645d1fc8
_al_save_gdiplus_gif_f	3002	0x645d20ac
_al_save_gdiplus_jpg_f	3003	0x645d2064
_al_save_gdiplus_png_f	3004	0x645d2040
_al_save_gdiplus_tif_f	3005	0x645d2088
_al_save_pcx	3006	0x645d2ce0
_al_save_pcx_f	3007	0x645d2864
_al_save_tga	3008	0x645d3dd0
_al_save_tga_f	3009	0x645d3b8c
_al_save_wav	3010	0x645c458c
_al_save_wav_f	3011	0x645c4238
_al_score_display_settings	3012	0x645fbbb4
_al_set_color_components	3013	0x645fc528
_al_set_current_display_only	3014	0x64625124
_al_set_d3d_decl	3015	0x645de56c
_al_set_display_invalidated_callback	3016	0x645fb79c
_al_set_error	3017	0x645c478c
_al_set_new_display_settings	3018	0x64624940
_al_set_physfs_fs_interface	3019	0x645d6018
_al_set_texture_matrix	3020	0x645d6940
_al_setup_default_shader	3021	0x645d69dc
_al_setup_shader	3022	0x645d69ac
_al_show_native_file_dialog	3023	0x645d4b40
_al_show_native_message_box	3024	0x645d50a4
_al_shutdown_d3d_driver	3025	0x645de404
_al_shutdown_destructors	3026	0x645fe360
_al_shutdown_gdiplus	3027	0x645d1818
_al_shutdown_logging	3028	0x645fb184
_al_shutdown_native_dialog_addon	3029	0x645d4b3c
_al_srand	3030	0x6460242c
_al_stricmp	3031	0x646022f8
_al_system_interfaces	3032	0x64878b00
_al_thread_create	3033	0x6466c364
_al_thread_detach	3034	0x6466c440
_al_thread_join	3035	0x6466c3ec
_al_thread_set_should_stop	3036	0x6466c3c4
_al_three_finger_flag	3037	0x647dbb4d
_al_tls_get_dtor_owner_count	3038	0x64626818
_al_tls_init_once	3039	0x6462493c
_al_trace_prefix	3040	0x645fab60
_al_trace_suffix	3041	0x645fb124
_al_transform_is_translation	3042	0x64626cc8
_al_triangle_2d	3043	0x646581c0
_al_u8_to_float	3044	0x64878520
_al_unregister_destructor	3045	0x645fe3fc
_al_user_assert_handler	3046	0x64878504
_al_vector_alloc_back	3047	0x6460b034
_al_vector_alloc_mid	3048	0x6460b0d8
_al_vector_append_array	3049	0x6460af8c
_al_vector_contains	3050	0x6460b238
_al_vector_delete_at	3051	0x6460b2b8
_al_vector_find	3052	0x6460b1bc
_al_vector_find_and_delete	3053	0x6460b318
_al_vector_free	3054	0x6460b42c
_al_vector_init	3055	0x6460af44
_al_vector_is_empty	3056	0x64601de4
_al_vector_is_nonempty	3057	0x64601df4
_al_vector_ref	3058	0x6460af64
_al_vector_ref_back	3059	0x6460af7c
_al_vector_ref_front	3060	0x6460af74
_al_vector_size	3061	0x64601ddc
_al_voice_update	3062	0x645cbeb4
_al_wglAddSwapHintRectWIN	3063	0x6487185c
_al_wglAllocateMemoryNV	3064	0x648718f4
_al_wglAssociateImageBufferEventsI3D	3065	0x64871884
_al_wglBeginFrameTrackingI3D	3066	0x64871868
_al_wglBindDisplayColorTableEXT	3067	0x64871930
_al_wglBindSwapBarrierNV	3068	0x64871830
_al_wglBindTexImageARB	3069	0x64871948
_al_wglBindVideoCaptureDeviceNV	3070	0x648717e4
_al_wglBindVideoDeviceNV	3071	0x64871854
_al_wglBindVideoImageNV	3072	0x64871844
_al_wglBlitContextFramebufferAMD	3073	0x648717e8
_al_wglChoosePixelFormatARB	3074	0x64871968
_al_wglChoosePixelFormatEXT	3075	0x64871900
_al_wglCopyImageSubDataNV	3076	0x648717d0
_al_wglCreateAffinityDCNV	3077	0x64871814
_al_wglCreateAssociatedContextAMD	3078	0x648717fc
_al_wglCreateAssociatedContextAttribsAMD	3079	0x648717f8
_al_wglCreateBufferRegionARB	3080	0x64871984
_al_wglCreateContextAttribsARB	3081	0x6487193c
_al_wglCreateDisplayColorTableEXT	3082	0x64871938
_al_wglCreateImageBufferI3D	3083	0x6487188c
_al_wglCreatePbufferARB	3084	0x6487195c
_al_wglCreatePbufferEXT	3085	0x6487191c
_al_wglDeleteAssociatedContextAMD	3086	0x648717f4
_al_wglDeleteBufferRegionARB	3087	0x64871980
_al_wglDeleteDCNV	3088	0x6487180c
_al_wglDestroyDisplayColorTableEXT	3089	0x6487192c
_al_wglDestroyImageBufferI3D	3090	0x64871888
_al_wglDestroyPbufferARB	3091	0x64871950
_al_wglDestroyPbufferEXT	3092	0x64871910
_al_wglDisableFrameLockI3D	3093	0x64871878
_al_wglDisableGenlockI3D	3094	0x648718b8
_al_wglEnableFrameLockI3D	3095	0x6487187c
_al_wglEnableGenlockI3D	3096	0x648718bc
_al_wglEndFrameTrackingI3D	3097	0x64871864
_al_wglEnumGpuDevicesNV	3098	0x64871818
_al_wglEnumGpusFromAffinityDCNV	3099	0x64871810
_al_wglEnumGpusNV	3100	0x6487181c
_al_wglEnumerateVideoCaptureDevicesNV	3101	0x648717e0
_al_wglEnumerateVideoDevicesNV	3102	0x64871858
_al_wglFreeMemoryNV	3103	0x648718f0
_al_wglGenlockSampleRateI3D	3104	0x648718a0
_al_wglGenlockSourceDelayI3D	3105	0x64871898
_al_wglGenlockSourceEdgeI3D	3106	0x648718a8
_al_wglGenlockSourceI3D	3107	0x648718b0
_al_wglGetContextGPUIDAMD	3108	0x64871800
_al_wglGetCurrentAssociatedContextAMD	3109	0x648717ec
_al_wglGetCurrentReadDCARB	3110	0x64871960
_al_wglGetCurrentReadDCEXT	3111	0x64871920
_al_wglGetDigitalVideoParametersI3D	3112	0x648718d4
_al_wglGetExtensionsStringARB	3113	0x64871974
_al_wglGetExtensionsStringEXT	3114	0x64871928
_al_wglGetFrameUsageI3D	3115	0x6487186c
_al_wglGetGPUIDsAMD	3116	0x64871808
_al_wglGetGPUInfoAMD	3117	0x64871804
_al_wglGetGammaTableI3D	3118	0x648718c4
_al_wglGetGammaTableParametersI3D	3119	0x648718cc
_al_wglGetGenlockSampleRateI3D	3120	0x6487189c
_al_wglGetGenlockSourceDelayI3D	3121	0x64871894
_al_wglGetGenlockSourceEdgeI3D	3122	0x648718a4
_al_wglGetGenlockSourceI3D	3123	0x648718ac
_al_wglGetMscRateOML	3124	0x648718e8
_al_wglGetPbufferDCARB	3125	0x64871958
_al_wglGetPbufferDCEXT	3126	0x64871918
_al_wglGetPixelFormatAttribfvARB	3127	0x6487196c
_al_wglGetPixelFormatAttribfvEXT	3128	0x64871904
_al_wglGetPixelFormatAttribivARB	3129	0x64871970
_al_wglGetPixelFormatAttribivEXT	3130	0x64871908
_al_wglGetSwapIntervalEXT	3131	0x648718f8
_al_wglGetSyncValuesOML	3132	0x648718ec
_al_wglGetVideoDeviceNV	3133	0x6487184c
_al_wglGetVideoInfoNV	3134	0x64871838
_al_wglIsEnabledFrameLockI3D	3135	0x64871874
_al_wglIsEnabledGenlockI3D	3136	0x648718b4
_al_wglJoinSwapGroupNV	3137	0x64871834
_al_wglLoadDisplayColorTableEXT	3138	0x64871934
_al_wglLockVideoCaptureDeviceNV	3139	0x648717dc
_al_wglMakeAssociatedContextCurrentAMD	3140	0x648717f0
_al_wglMakeContextCurrentARB	3141	0x64871964
_al_wglMakeContextCurrentEXT	3142	0x64871924
_al_wglQueryCurrentContextNV	3143	0x64871850
_al_wglQueryFrameCountNV	3144	0x64871824
_al_wglQueryFrameLockMasterI3D	3145	0x64871870
_al_wglQueryFrameTrackingI3D	3146	0x64871860
_al_wglQueryGenlockMaxSourceDelayI3D	3147	0x64871890
_al_wglQueryMaxSwapGroupsNV	3148	0x64871828
_al_wglQueryPbufferARB	3149	0x6487194c
_al_wglQueryPbufferEXT	3150	0x6487190c
_al_wglQuerySwapGroupNV	3151	0x6487182c
_al_wglQueryVideoCaptureDeviceNV	3152	0x648717d8
_al_wglReleaseImageBufferEventsI3D	3153	0x64871880
_al_wglReleasePbufferDCARB	3154	0x64871954
_al_wglReleasePbufferDCEXT	3155	0x64871914
_al_wglReleaseTexImageARB	3156	0x64871944
_al_wglReleaseVideoCaptureDeviceNV	3157	0x648717d4
_al_wglReleaseVideoDeviceNV	3158	0x64871848
_al_wglReleaseVideoImageNV	3159	0x64871840
_al_wglResetFrameCountNV	3160	0x64871820
_al_wglRestoreBufferRegionARB	3161	0x64871978
_al_wglSaveBufferRegionARB	3162	0x6487197c
_al_wglSendPbufferToVideoNV	3163	0x6487183c
_al_wglSetDigitalVideoParametersI3D	3164	0x648718d0
_al_wglSetGammaTableI3D	3165	0x648718c0
_al_wglSetGammaTableParametersI3D	3166	0x648718c8
_al_wglSetPbufferAttribARB	3167	0x64871940
_al_wglSwapBuffersMscOML	3168	0x648718e4
_al_wglSwapIntervalEXT	3169	0x648718fc
_al_wglSwapLayerBuffersMscOML	3170	0x648718e0
_al_wglWaitForMscOML	3171	0x648718dc
_al_wglWaitForSbcOML	3172	0x648718d8
_al_wgl_get_display_mode	3173	0x64662e4c
_al_wgl_get_num_display_modes	3174	0x64662e00
_al_win_create_faux_fullscreen_window	3175	0x6466b6dc
_al_win_create_hidden_window	3176	0x6466b35c
_al_win_create_icon	3177	0x64666edc
_al_win_create_mouse_cursor	3178	0x64667864
_al_win_create_window	3179	0x6466b3cc
_al_win_destroy_mouse_cursor	3180	0x646678e8
_al_win_determine_adapter	3181	0x6466c1bc
_al_win_disable_screensaver	3182	0x64876360
_al_win_fix_modifiers	3183	0x64666930
_al_win_get_path	3184	0x64668cc0
_al_win_get_window_position	3185	0x6466ba40
_al_win_grab_input	3186	0x6466b878
_al_win_hide_mouse_cursor	3187	0x64667ac0
_al_win_init_time	3188	0x646694e0
_al_win_init_window	3189	0x6466b8ac
_al_win_joystick_dinput_grab	3190	0x6466323c
_al_win_joystick_dinput_unacquire	3191	0x64662f4c
_al_win_kbd_handle_key_press	3192	0x6466693c
_al_win_kbd_handle_key_release	3193	0x64666cc4
_al_win_mouse_handle_button	3194	0x6466861c
_al_win_mouse_handle_enter	3195	0x64668230
_al_win_mouse_handle_hwheel	3196	0x64668520
_al_win_mouse_handle_leave	3197	0x64668144
_al_win_mouse_handle_move	3198	0x64668308
_al_win_mouse_handle_wheel	3199	0x64668424
_al_win_msg_call_proc	3200	0x648763a4
_al_win_msg_suicide	3201	0x648763a0
_al_win_safe_load_library	3202	0x64669140
_al_win_set_display_flag	3203	0x6466bb20
_al_win_set_display_icons	3204	0x6466b974
_al_win_set_mouse_cursor	3205	0x646679c0
_al_win_set_system_mouse_cursor	3206	0x64667b00
_al_win_set_window_frameless	3207	0x6466ba80
_al_win_set_window_position	3208	0x6466b9f8
_al_win_set_window_title	3209	0x6466c124
_al_win_show_mouse_cursor	3210	0x64667a10
_al_win_shutdown_time	3211	0x64669578
_al_win_thread_exit	3212	0x646693b0
_al_win_thread_init	3213	0x64669338
_al_win_utf16	3214	0x64669640
_al_win_utf8	3215	0x64669714
_al_win_wnd_call_proc	3216	0x6466c148
_al_win_wnd_schedule_proc	3217	0x6466c178
_al_word_size_to_depth_conf	3218	0x645c47d0
_book_maptype1_quantvals	3219	0x64720f60
_book_unquantize	3220	0x64720ff4
_dumb_it_end_sigrenderer	3221	0x64738cb4
_dumb_it_fix_invalid_orders	3222	0x64742630
_dumb_it_unload_sigdata	3223	0x647426f0
_dumb_it_xm_convert_effect	3224	0x64762498
_dumb_sigtype_it	3225	0x647ddac0
_float32_pack	3226	0x64720c20
_float32_unpack	3227	0x64720ce0
_floor_P	3228	0x648053f4
_get_output_format	3229	0x647d4534
_ilog	3230	0x64720c0c
_make_words	3231	0x64720d24
_mapping_P	3232	0x648053e4
_residue_P	3233	0x648053e8
_ve_envelope_clear	3234	0x64727790
_ve_envelope_init	3235	0x64727588
_ve_envelope_mark	3236	0x64727ae4
_ve_envelope_search	3237	0x64727830
_ve_envelope_shift	3238	0x64727bec
_vi_gpsy_free	3239	0x64723fc4
_vi_psy_free	3240	0x64723fe8
_vorbis_apply_window	3241	0x6472c670
_vorbis_block_alloc	3242	0x6471ee54
_vorbis_block_ripcord	3243	0x6471eec8
_vorbis_window_get	3244	0x6472c664
_vp_ampmax_decay	3245	0x64724fd0
_vp_couple_quantize_normalize	3246	0x64725014
_vp_global_free	3247	0x64723fa0
_vp_global_look	3248	0x64723f64
_vp_noisemask	3249	0x64724954
_vp_offset_and_mix	3250	0x64724e90
_vp_psy_clear	3251	0x64724814
_vp_psy_init	3252	0x6472400c
_vp_tonemask	3253	0x64724a80
adler32	3254	0x64765bec
adler32_combine	3255	0x64765f50
adler32_combine64	3256	0x64765fd4
af_autofitter_service	3257	0x64817884
af_cjk_script_class	3258	0x648178c0
af_dummy_script_class	3259	0x64817900
af_glyph_hints_dump_edges	3260	0x6477bd24
af_glyph_hints_dump_points	3261	0x6477bd14
af_glyph_hints_dump_segments	3262	0x6477bd18
af_glyph_hints_get_num_segments	3263	0x6477bd1c
af_glyph_hints_get_segment_offset	3264	0x6477bd20
af_indic_script_class	3265	0x648178a0
af_latin_script_class	3266	0x648178e0
afm_parser_funcs	3267	0x6481c534
alAuxiliaryEffectSlotf	3268	0x646a6704
alAuxiliaryEffectSlotfv	3269	0x646a67e4
alAuxiliaryEffectSloti	3270	0x646a633c
alAuxiliaryEffectSlotiv	3271	0x646a6668
alBuffer3f	3272	0x64697140
alBuffer3i	3273	0x646972c8
alBufferData	3274	0x64698980
alBufferSamplesSOFT	3275	0x646987e8
alBufferSubDataSOFT	3276	0x64697e30
alBufferSubSamplesSOFT	3277	0x64696cb4
alBufferf	3278	0x646970cc
alBufferfv	3279	0x646971b4
alBufferi	3280	0x64697254
alBufferiv	3281	0x6469733c
alDatabufferDataEXT	3282	0x646a789c
alDatabufferSubDataEXT	3283	0x646a79c4
alDatabufferfEXT	3284	0x646a7b60
alDatabufferfvEXT	3285	0x646a7bd4
alDatabufferiEXT	3286	0x646a7c48
alDatabufferivEXT	3287	0x646a7cbc
alDeleteAuxiliaryEffectSlots	3288	0x646a600c
alDeleteBuffers	3289	0x64696a0c
alDeleteDatabuffersEXT	3290	0x646a75d0
alDeleteEffects	3291	0x646a4a2c
alDeleteFilters	3292	0x646a6c98
alDeleteSources	3293	0x6468d73c
alDisable	3294	0x6469d2e0
alDistanceModel	3295	0x6469dc9c
alDopplerFactor	3296	0x6469db10
alDopplerVelocity	3297	0x6469db94
alEffectf	3298	0x646a4cb4
alEffectfv	3299	0x646a581c
alEffecti	3300	0x646a540c
alEffectiv	3301	0x646a56f4
alEnable	3302	0x6469d264
alFilterf	3303	0x646a70f4
alFilterfv	3304	0x646a71f8
alFilteri	3305	0x646a6f28
alFilteriv	3306	0x646a6ff0
alGenAuxiliaryEffectSlots	3307	0x646a611c
alGenBuffers	3308	0x64696b3c
alGenDatabuffersEXT	3309	0x646a7720
alGenEffects	3310	0x646a4b2c
alGenFilters	3311	0x646a6d94
alGenSources	3312	0x6468d918
alGetAuxiliaryEffectSlotf	3313	0x646a6ab8
alGetAuxiliaryEffectSlotfv	3314	0x646a6b44
alGetAuxiliaryEffectSloti	3315	0x646a68f4
alGetAuxiliaryEffectSlotiv	3316	0x646a69a0
alGetBoolean	3317	0x6469d3ac
alGetBooleanv	3318	0x6469d63c
alGetBuffer3f	3319	0x6469755c
alGetBuffer3i	3320	0x646977e4
alGetBufferSamplesSOFT	3321	0x64696ec4
alGetBufferf	3322	0x646974bc
alGetBufferfv	3323	0x64697608
alGetBufferi	3324	0x646976a8
alGetBufferiv	3325	0x64697890
alGetDatabufferSubDataEXT	3326	0x646a7a94
alGetDatabufferfEXT	3327	0x646a7d30
alGetDatabufferfvEXT	3328	0x646a7dd0
alGetDatabufferiEXT	3329	0x646a7e70
alGetDatabufferivEXT	3330	0x646a7f28
alGetDouble	3331	0x6469d450
alGetDoublev	3332	0x6469d718
alGetEffectf	3333	0x646a5c60
alGetEffectfv	3334	0x646a5e6c
alGetEffecti	3335	0x646a5a24
alGetEffectiv	3336	0x646a5b48
alGetEnumValue	3337	0x6469d1ec
alGetError	3338	0x64690480
alGetFilterf	3339	0x646a73e4
alGetFilterfv	3340	0x646a7494
alGetFilteri	3341	0x646a727c
alGetFilteriv	3342	0x646a730c
alGetFloat	3343	0x6469d4dc
alGetFloatv	3344	0x6469d7fc
alGetInteger	3345	0x6469d568
alGetIntegerv	3346	0x6469d8e0
alGetListener3f	3347	0x646ae03c
alGetListener3i	3348	0x646ae2b0
alGetListenerf	3349	0x646adfa0
alGetListenerfv	3350	0x646ae114
alGetListeneri	3351	0x646ae250
alGetListeneriv	3352	0x646ae3e8
alGetProcAddress	3353	0x6469d1c8
alGetSource3f	3354	0x6468efb0
alGetSource3i	3355	0x6468f5a0
alGetSourcef	3356	0x6468ed64
alGetSourcefv	3357	0x6468f0ec
alGetSourcei	3358	0x6468f27c
alGetSourceiv	3359	0x6468f758
alGetString	3360	0x6469da0c
alIsAuxiliaryEffectSlot	3361	0x646a62f8
alIsBuffer	3362	0x64696c58
alIsBufferFormatSupportedSOFT	3363	0x646983a8
alIsDatabufferEXT	3364	0x646a7844
alIsEffect	3365	0x646a4c58
alIsEnabled	3366	0x6469d35c
alIsExtensionPresent	3367	0x6469d070
alIsFilter	3368	0x646a6ecc
alIsSource	3369	0x6468db54
alListener3f	3370	0x646ada10
alListener3i	3371	0x646add98
alListenerf	3372	0x646ad944
alListenerfv	3373	0x646adae0
alListeneri	3374	0x646add64
alListeneriv	3375	0x646adec8
alMapDatabufferEXT	3376	0x646a80e0
alSelectDatabufferEXT	3377	0x646a8030
alSetError	3378	0x646904b4
alSource3f	3379	0x6468e138
alSource3i	3380	0x6468e938
alSourcePause	3381	0x6468fc5c
alSourcePausev	3382	0x6468fcdc
alSourcePlay	3383	0x6468fc40
alSourcePlayv	3384	0x6468f960
alSourceQueueBuffers	3385	0x64690034
alSourceRewind	3386	0x64690018
alSourceRewindv	3387	0x6468ff14
alSourceStop	3388	0x6468fdb0
alSourceStopv	3389	0x6468fe30
alSourceUnqueueBuffers	3390	0x6469029c
alSourcef	3391	0x6468db98
alSourcefv	3392	0x6468e260
alSourcei	3393	0x6468e478
alSourceiv	3394	0x6468ebbc
alSpeedOfSound	3395	0x6469dc18
alUnmapDatabufferEXT	3396	0x646a81b0
al_acknowledge_resize	3397	0x645fb48c
al_add_config_comment	3398	0x645e694c
al_add_config_section	3399	0x645e6828
al_add_new_bitmap_flag	3400	0x64625b14
al_add_timer_count	3401	0x646248d4
al_append_native_text_log	3402	0x645d46e4
al_append_path_component	3403	0x64622aa8
al_attach_audio_stream_to_mixer	3404	0x645ca0e0
al_attach_audio_stream_to_voice	3405	0x645cc198
al_attach_mixer_to_mixer	3406	0x645ca118
al_attach_mixer_to_voice	3407	0x645cc330
al_attach_sample_instance_to_mixer	3408	0x645ca0a8
al_attach_sample_instance_to_voice	3409	0x645cbffc
al_broadcast_cond	3410	0x646242fc
al_build_transform	3411	0x64626998
al_calculate_arc	3412	0x645d80c4
al_calculate_ribbon	3413	0x645da8c4
al_calculate_spline	3414	0x645dacac
al_calloc_with_context	3415	0x64603780
al_change_directory	3416	0x64600cc4
al_check_inverse	3417	0x64626a78
al_clear_to_color	3418	0x645fe1d4
al_clone_bitmap	3419	0x645e2a9c
al_clone_path	3420	0x64622f40
al_close_directory	3421	0x64600c9c
al_close_native_text_log	3422	0x645d44c0
al_color_cmyk	3423	0x645cdf38
al_color_cmyk_to_rgb	3424	0x645cde70
al_color_hsl	3425	0x645cde0c
al_color_hsl_to_rgb	3426	0x645cd990
al_color_hsv	3427	0x645cd864
al_color_hsv_to_rgb	3428	0x645cd5a8
al_color_html	3429	0x645ce1f4
al_color_html_to_rgb	3430	0x645ce190
al_color_name	3431	0x645cd518
al_color_name_to_rgb	3432	0x645cd3d8
al_color_rgb_to_cmyk	3433	0x645cdea4
al_color_rgb_to_hsl	3434	0x645cdcc4
al_color_rgb_to_hsv	3435	0x645cd728
al_color_rgb_to_html	3436	0x645ce128
al_color_rgb_to_name	3437	0x645cd440
al_color_rgb_to_yuv	3438	0x645ce000
al_color_yuv	3439	0x645ce0a0
al_color_yuv_to_rgb	3440	0x645cdf7c
al_compose_transform	3441	0x64626c48
al_convert_mask_to_alpha	3442	0x645e26b0
al_copy_transform	3443	0x646268dc
al_create_audio_stream	3444	0x645cacf4
al_create_bitmap	3445	0x645e2674
al_create_builtin_font	3446	0x645cf420
al_create_cond	3447	0x64624270
al_create_config	3448	0x645e67f4
al_create_display	3449	0x645fb288
al_create_event_queue	3450	0x645fe860
al_create_file_handle	3451	0x645ff6d0
al_create_fs_entry	3452	0x64600bf4
al_create_mixer	3453	0x645c9eec
al_create_mouse_cursor	3454	0x6460b514
al_create_mutex	3455	0x6462416c
al_create_mutex_recursive	3456	0x646241b4
al_create_native_file_dialog	3457	0x645d4318
al_create_path	3458	0x64622df8
al_create_path_for_directory	3459	0x64622ed4
al_create_sample	3460	0x645ca6b0
al_create_sample_instance	3461	0x645c62d4
al_create_sub_bitmap	3462	0x645e2940
al_create_thread	3463	0x64623ea0
al_create_timer	3464	0x646245e8
al_create_vertex_decl	3465	0x645e0c74
al_create_voice	3466	0x645cbf14
al_cstr	3467	0x646585fc
al_cstr_dup	3468	0x64658660
al_destroy_audio_stream	3469	0x645cafc8
al_destroy_bitmap	3470	0x645e2378
al_destroy_cond	3471	0x646242b0
al_destroy_config	3472	0x645e747c
al_destroy_display	3473	0x645fb3bc
al_destroy_event_queue	3474	0x645fe72c
al_destroy_font	3475	0x645d0088
al_destroy_fs_entry	3476	0x64600c10
al_destroy_mixer	3477	0x645c93a4
al_destroy_mouse_cursor	3478	0x6460b540
al_destroy_mutex	3479	0x64624234
al_destroy_native_file_dialog	3480	0x645d420c
al_destroy_path	3481	0x64622d34
al_destroy_sample	3482	0x645ca3c8
al_destroy_sample_instance	3483	0x645c62a4
al_destroy_thread	3484	0x646240b4
al_destroy_timer	3485	0x646244c0
al_destroy_user_event_source	3486	0x645ff1ac
al_destroy_vertex_decl	3487	0x645e0da4
al_destroy_voice	3488	0x645cc4c8
al_detach_audio_stream	3489	0x645cb5e4
al_detach_mixer	3490	0x645ca3b0
al_detach_sample_instance	3491	0x645c6bdc
al_detach_voice	3492	0x645cc418
al_drain_audio_stream	3493	0x645cb06c
al_draw_arc	3494	0x645d9dc0
al_draw_bitmap	3495	0x645e3528
al_draw_bitmap_region	3496	0x645e35ac
al_draw_circle	3497	0x645d8bd8
al_draw_ellipse	3498	0x645d8648
al_draw_elliptical_arc	3499	0x645d8c58
al_draw_filled_circle	3500	0x645d8c1c
al_draw_filled_ellipse	3501	0x645d89cc
al_draw_filled_pieslice	3502	0x645d83e8
al_draw_filled_rectangle	3503	0x645d7fd8
al_draw_filled_rounded_rectangle	3504	0x645da4ac
al_draw_filled_triangle	3505	0x645d7c48
al_draw_indexed_prim	3506	0x645e0b28
al_draw_justified_text	3507	0x645cfb08
al_draw_justified_textf	3508	0x645cff08
al_draw_justified_ustr	3509	0x645cf750
al_draw_line	3510	0x645d6a08
al_draw_pieslice	3511	0x645d8ff8
al_draw_pixel	3512	0x645fe214
al_draw_prim	3513	0x645e0a38
al_draw_rectangle	3514	0x645d7d10
al_draw_ribbon	3515	0x645db154
al_draw_rotated_bitmap	3516	0x645e37c8
al_draw_rounded_rectangle	3517	0x645d9e14
al_draw_scaled_bitmap	3518	0x645e36b0
al_draw_scaled_rotated_bitmap	3519	0x645e396c
al_draw_soft_line	3520	0x645dbbe4
al_draw_soft_triangle	3521	0x645e09ec
al_draw_spline	3522	0x645daeac
al_draw_text	3523	0x645cf5cc
al_draw_textf	3524	0x645cfb70
al_draw_tinted_bitmap	3525	0x645e34b0
al_draw_tinted_bitmap_region	3526	0x645e343c
al_draw_tinted_rotated_bitmap	3527	0x645e3740
al_draw_tinted_scaled_bitmap	3528	0x645e362c
al_draw_tinted_scaled_rotated_bitmap	3529	0x645e3860
al_draw_tinted_scaled_rotated_bitmap_region	3530	0x645e38dc
al_draw_triangle	3531	0x645d6c3c
al_draw_ustr	3532	0x645cf460
al_drop_next_event	3533	0x645feb2c
al_drop_path_tail	3534	0x64622a68
al_emit_user_event	3535	0x645ff200
al_fclearerr	3536	0x645ff888
al_fclose	3537	0x645ff72c
al_feof	3538	0x645ff864
al_ferror	3539	0x645ff87c
al_fflush	3540	0x645ff7e8
al_fget_ustr	3541	0x646000ac
al_fgetc	3542	0x645ff894
al_fgets	3543	0x64600084
al_filename_exists	3544	0x64600cfc
al_fixacos	3545	0x64601cf8
al_fixadd	3546	0x646019dc
al_fixasin	3547	0x64601d34
al_fixatan	3548	0x64602470
al_fixatan2	3549	0x646024c8
al_fixceil	3550	0x64601c2c
al_fixcos	3551	0x64601ca4
al_fixdiv	3552	0x64601b3c
al_fixfloor	3553	0x64601c18
al_fixhypot	3554	0x64602798
al_fixmul	3555	0x64601a88
al_fixsin	3556	0x64601cc0
al_fixsqrt	3557	0x646026a4
al_fixsub	3558	0x64601a34
al_fixtan	3559	0x64601cdc
al_fixtof	3560	0x646019d0
al_fixtoi	3561	0x64601c78
al_fixtorad_r	3562	0x647e889c
al_flip_display	3563	0x645fb434
al_flush_event_queue	3564	0x645fec1c
al_fopen	3565	0x645ff594
al_fopen_fd	3566	0x646009cc
al_fopen_interface	3567	0x645ff634
al_fopen_slice	3568	0x64600450
al_fputc	3569	0x645ff914
al_fputs	3570	0x64600124
al_fread	3571	0x645ff768
al_fread16be	3572	0x645ffcec
al_fread16le	3573	0x645ff958
al_fread32be	3574	0x645ffd9c
al_fread32le	3575	0x645ffa08
al_free_with_context	3576	0x64603730
al_fs_entry_exists	3577	0x64600c84
al_fseek	3578	0x645ff818
al_fsize	3579	0x6460019c
al_ftell	3580	0x645ff7f4
al_ftofix	3581	0x6460192c
al_fungetc	3582	0x64600170
al_fwrite	3583	0x645ff7d4
al_fwrite16be	3584	0x645ffed4
al_fwrite16le	3585	0x645ffb40
al_fwrite32be	3586	0x645fff68
al_fwrite32le	3587	0x645ffbd4
al_get_allegro_acodec_version	3588	0x645c1254
al_get_allegro_audio_version	3589	0x645c48c4
al_get_allegro_color_version	3590	0x645ce264
al_get_allegro_font_version	3591	0x645ceac4
al_get_allegro_image_version	3592	0x645d23c0
al_get_allegro_memfile_version	3593	0x645d4204
al_get_allegro_native_dialog_version	3594	0x645d44b8
al_get_allegro_physfs_version	3595	0x645d5c84
al_get_allegro_primitives_version	3596	0x645e0c6c
al_get_allegro_ttf_version	3597	0x645e2238
al_get_allegro_version	3598	0x645e2240
al_get_app_name	3599	0x64623d50
al_get_audio_depth_size	3600	0x645c47a0
al_get_audio_stream_attached	3601	0x645cb1a4
al_get_audio_stream_channels	3602	0x645cb174
al_get_audio_stream_depth	3603	0x645cb180
al_get_audio_stream_event_source	3604	0x645cbdcc
al_get_audio_stream_fragment	3605	0x645cb1b4
al_get_audio_stream_fragments	3606	0x645cb114
al_get_audio_stream_frequency	3607	0x645cb0fc
al_get_audio_stream_gain	3608	0x645cb15c
al_get_audio_stream_length	3609	0x645cb108
al_get_audio_stream_length_secs	3610	0x645cbcdc
al_get_audio_stream_pan	3611	0x645cb168
al_get_audio_stream_playing	3612	0x645cb198
al_get_audio_stream_playmode	3613	0x645cb18c
al_get_audio_stream_position_secs	3614	0x645cbc84
al_get_audio_stream_speed	3615	0x645cb150
al_get_available_audio_stream_fragments	3616	0x645cb120
al_get_backbuffer	3617	0x645fb41c
al_get_bitmap_flags	3618	0x645e280c
al_get_bitmap_format	3619	0x645e2804
al_get_bitmap_height	3620	0x645e27fc
al_get_bitmap_width	3621	0x645e27f4
al_get_blender	3622	0x6462574c
al_get_channel_count	3623	0x645c4790
al_get_clipping_rectangle	3624	0x645e28f0
al_get_config_value	3625	0x645e6ad4
al_get_current_directory	3626	0x64600cb4
al_get_current_display	3627	0x64625244
al_get_current_transform	3628	0x64626940
al_get_d3d_device	3629	0x6465fb34
al_get_d3d_system_texture	3630	0x6465fb40
al_get_d3d_texture_position	3631	0x6465fb58
al_get_d3d_video_texture	3632	0x6465fb4c
al_get_default_mixer	3633	0x645ca770
al_get_display_event_source	3634	0x645fb6c8
al_get_display_flags	3635	0x645fb524
al_get_display_format	3636	0x645fb50c
al_get_display_height	3637	0x645fb500
al_get_display_mode	3638	0x64601908
al_get_display_option	3639	0x645fb8d0
al_get_display_refresh_rate	3640	0x645fb518
al_get_display_width	3641	0x645fb4f4
al_get_errno	3642	0x64626688
al_get_event_source_data	3643	0x645ff324
al_get_file_userdata	3644	0x646001b0
al_get_first_config_entry	3645	0x645e75b8
al_get_first_config_section	3646	0x645e7568
al_get_font_ascent	3647	0x645d0010
al_get_font_descent	3648	0x645d001c
al_get_font_line_height	3649	0x645d0004
al_get_fs_entry_atime	3650	0x64600c48
al_get_fs_entry_ctime	3651	0x64600c60
al_get_fs_entry_mode	3652	0x64600c3c
al_get_fs_entry_mtime	3653	0x64600c54
al_get_fs_entry_name	3654	0x64600c24
al_get_fs_entry_size	3655	0x64600c6c
al_get_fs_interface	3656	0x64626428
al_get_joystick	3657	0x64601f44
al_get_joystick_active	3658	0x64601f5c
al_get_joystick_axis_name	3659	0x64601fc4
al_get_joystick_button_name	3660	0x64601ff4
al_get_joystick_event_source	3661	0x64601ed4
al_get_joystick_name	3662	0x64601f68
al_get_joystick_num_axes	3663	0x64601fac
al_get_joystick_num_buttons	3664	0x64601fec
al_get_joystick_num_sticks	3665	0x64601f74
al_get_joystick_state	3666	0x64602010
al_get_joystick_stick_flags	3667	0x64601f7c
al_get_joystick_stick_name	3668	0x64601f94
al_get_keyboard_event_source	3669	0x6460214c
al_get_keyboard_state	3670	0x646020f4
al_get_mixer_attached	3671	0x645ca250
al_get_mixer_channels	3672	0x645ca214
al_get_mixer_depth	3673	0x645ca220
al_get_mixer_frequency	3674	0x645ca208
al_get_mixer_gain	3675	0x645ca238
al_get_mixer_playing	3676	0x645ca244
al_get_mixer_quality	3677	0x645ca22c
al_get_monitor_info	3678	0x6460b4a0
al_get_mouse_cursor_position	3679	0x6460b748
al_get_mouse_event_source	3680	0x6460b7cc
al_get_mouse_num_axes	3681	0x6460b67c
al_get_mouse_num_buttons	3682	0x6460b670
al_get_mouse_state	3683	0x6460b6f0
al_get_mouse_state_axis	3684	0x6460b6fc
al_get_native_file_dialog_count	3685	0x645d43ac
al_get_native_file_dialog_path	3686	0x645d43b4
al_get_native_text_log_event_source	3687	0x645d4754
al_get_new_bitmap_flags	3688	0x64625ca4
al_get_new_bitmap_format	3689	0x64625bdc
al_get_new_display_adapter	3690	0x64624eac
al_get_new_display_flags	3691	0x64624b9c
al_get_new_display_option	3692	0x645fb84c
al_get_new_display_refresh_rate	3693	0x64624d24
al_get_new_file_interface	3694	0x64626290
al_get_new_window_position	3695	0x6462503c
al_get_next_config_entry	3696	0x645e7640
al_get_next_config_section	3697	0x645e7590
al_get_next_event	3698	0x645fea0c
al_get_num_display_modes	3699	0x646018f4
al_get_num_joysticks	3700	0x64601f30
al_get_num_video_adapters	3701	0x6460b478
al_get_opengl_extension_list	3702	0x6461ff78
al_get_opengl_fbo	3703	0x646214d8
al_get_opengl_proc_address	3704	0x64611988
al_get_opengl_texture	3705	0x64621444
al_get_opengl_texture_position	3706	0x6462156c
al_get_opengl_texture_size	3707	0x64621534
al_get_opengl_variant	3708	0x6460bdec
al_get_opengl_version	3709	0x6460bdc4
al_get_org_name	3710	0x64623d48
al_get_parent_bitmap	3711	0x645e2a90
al_get_path_basename	3712	0x64623190
al_get_path_component	3713	0x6462294c
al_get_path_drive	3714	0x6462307c
al_get_path_extension	3715	0x646230c8
al_get_path_filename	3716	0x646230b8
al_get_path_num_components	3717	0x64622944
al_get_path_tail	3718	0x64622a34
al_get_pixel	3719	0x645e424c
al_get_pixel_format_bits	3720	0x6462348c
al_get_pixel_size	3721	0x64623480
al_get_sample	3722	0x645c6e34
al_get_sample_channels	3723	0x645cac5c
al_get_sample_data	3724	0x645cac64
al_get_sample_depth	3725	0x645cac54
al_get_sample_frequency	3726	0x645cac44
al_get_sample_instance_attached	3727	0x645c66cc
al_get_sample_instance_channels	3728	0x645c6688
al_get_sample_instance_depth	3729	0x645c667c
al_get_sample_instance_frequency	3730	0x645c65f0
al_get_sample_instance_gain	3731	0x645c6640
al_get_sample_instance_length	3732	0x645c65fc
al_get_sample_instance_pan	3733	0x645c664c
al_get_sample_instance_playing	3734	0x645c66a0
al_get_sample_instance_playmode	3735	0x645c6694
al_get_sample_instance_position	3736	0x645c6608
al_get_sample_instance_speed	3737	0x645c6634
al_get_sample_instance_time	3738	0x645c6658
al_get_sample_length	3739	0x645cac4c
al_get_separate_blender	3740	0x64625844
al_get_standard_path	3741	0x64623be8
al_get_system_config	3742	0x64623bd4
al_get_system_driver	3743	0x64623bcc
al_get_target_bitmap	3744	0x6462549c
al_get_text_dimensions	3745	0x645d0034
al_get_text_width	3746	0x645cffd4
al_get_thread_should_stop	3747	0x64624088
al_get_time	3748	0x646694d8
al_get_timer_count	3749	0x64624860
al_get_timer_event_source	3750	0x64624934
al_get_timer_speed	3751	0x646247f0
al_get_timer_started	3752	0x646247e4
al_get_ustr_dimensions	3753	0x645d0028
al_get_ustr_width	3754	0x645cffc8
al_get_voice_channels	3755	0x645cc578
al_get_voice_depth	3756	0x645cc580
al_get_voice_frequency	3757	0x645cc528
al_get_voice_playing	3758	0x645cc588
al_get_voice_position	3759	0x645cc530
al_get_win_window_handle	3760	0x6466c1a8
al_get_window_position	3761	0x645fb618
al_grab_font_from_bitmap	3762	0x645cec50
al_grab_mouse	3763	0x6460b784
al_have_d3d_non_pow2_texture_support	3764	0x6465ec24
al_have_d3d_non_square_texture_support	3765	0x6465ed20
al_have_opengl_extension	3766	0x64611954
al_hide_mouse_cursor	3767	0x6460b5c4
al_hold_bitmap_drawing	3768	0x645fb6d0
al_identity_transform	3769	0x64626958
al_inhibit_screensaver	3770	0x64623d58
al_init_acodec_addon	3771	0x645c125c
al_init_font_addon	3772	0x645ce6a4
al_init_image_addon	3773	0x645d2154
al_init_native_dialog_addon	3774	0x645d42d4
al_init_primitives_addon	3775	0x645e0a08
al_init_timeout	3776	0x646695d8
al_init_ttf_addon	3777	0x645e2164
al_init_user_event_source	3778	0x645ff170
al_insert_path_component	3779	0x646229f8
al_install_audio	3780	0x645c4800
al_install_joystick	3781	0x64601e30
al_install_keyboard	3782	0x64602048
al_install_mouse	3783	0x6460b608
al_install_system	3784	0x6462391c
al_invert_transform	3785	0x64626a1c
al_is_audio_installed	3786	0x645c48b8
al_is_bitmap_drawing_held	3787	0x645fb77c
al_is_bitmap_locked	3788	0x645e4244
al_is_compatible_bitmap	3789	0x645fb4c8
al_is_d3d_device_lost	3790	0x6465fb78
al_is_event_queue_empty	3791	0x645fe9fc
al_is_joystick_installed	3792	0x64601ea4
al_is_keyboard_installed	3793	0x6460203c
al_is_mouse_installed	3794	0x6460b5fc
al_is_sub_bitmap	3795	0x645e2a80
al_is_system_installed	3796	0x64623bb8
al_itofix	3797	0x64601c70
al_join_paths	3798	0x64622ad0
al_join_thread	3799	0x64623fe4
al_key_down	3800	0x64602100
al_keycode_to_name	3801	0x646020c4
al_load_audio_stream	3802	0x645c50c4
al_load_audio_stream_f	3803	0x645c5190
al_load_bitmap	3804	0x645e3d78
al_load_bitmap_f	3805	0x645e3e80
al_load_bitmap_font	3806	0x645cf1ac
al_load_config_file	3807	0x645e7088
al_load_config_file_f	3808	0x645e6b68
al_load_font	3809	0x645ce9d8
al_load_sample	3810	0x645c4f84
al_load_sample_f	3811	0x645c502c
al_load_ttf_font	3812	0x645e20cc
al_load_ttf_font_f	3813	0x645e2098
al_load_ttf_font_stretch	3814	0x645e2118
al_load_ttf_font_stretch_f	3815	0x645e1de0
al_lock_bitmap	3816	0x645e4134
al_lock_bitmap_region	3817	0x645e3f60
al_lock_mutex	3818	0x646241fc
al_make_directory	3819	0x64600ce0
al_make_path_canonical	3820	0x646231fc
al_make_temp_file	3821	0x64600a40
al_malloc_with_context	3822	0x6460370c
al_map_rgb	3823	0x64623684
al_map_rgb_f	3824	0x646236e0
al_map_rgba	3825	0x64623640
al_map_rgba_f	3826	0x646236c0
al_merge_config	3827	0x645e71d4
al_merge_config_into	3828	0x645e71c4
al_mouse_button_down	3829	0x6460b730
al_open_directory	3830	0x64600c90
al_open_fs_entry	3831	0x64600d34
al_open_memfile	3832	0x645d40e4
al_open_native_text_log	3833	0x645d45d8
al_path_cstr	3834	0x64622cac
al_peek_next_event	3835	0x645fea7c
al_play_sample	3836	0x645caab8
al_play_sample_instance	3837	0x645c6474
al_print	3838	0x6469bbd8
al_put_blended_pixel	3839	0x645e5db4
al_put_pixel	3840	0x645e5d7c
al_radtofix_r	3841	0x647e8898
al_read_directory	3842	0x64600ca8
al_realloc_with_context	3843	0x64603754
al_rebase_path	3844	0x64622b88
al_reconfigure_joysticks	3845	0x64601eb0
al_ref_buffer	3846	0x646586d8
al_ref_cstr	3847	0x6465869c
al_ref_ustr	3848	0x646586f4
al_register_assert_handler	3849	0x645fb27c
al_register_audio_stream_loader	3850	0x645c4d54
al_register_audio_stream_loader_f	3851	0x645c4e6c
al_register_bitmap_loader	3852	0x645e3a28
al_register_bitmap_loader_f	3853	0x645e3bd0
al_register_bitmap_saver	3854	0x645e3afc
al_register_bitmap_saver_f	3855	0x645e3ca4
al_register_event_source	3856	0x645fe908
al_register_font_loader	3857	0x645ce930
al_register_sample_loader	3858	0x645c48f4
al_register_sample_loader_f	3859	0x645c4a0c
al_register_sample_saver	3860	0x645c4b24
al_register_sample_saver_f	3861	0x645c4c3c
al_release_joystick	3862	0x64601f50
al_remove_filename	3863	0x64600d18
al_remove_fs_entry	3864	0x64600c78
al_remove_opengl_fbo	3865	0x6462145c
al_remove_path_component	3866	0x646229b8
al_replace_path_component	3867	0x6462297c
al_reserve_samples	3868	0x645ca870
al_reset_clipping_rectangle	3869	0x645e288c
al_reset_new_display_options	3870	0x645fbba0
al_resize_display	3871	0x645fb4ac
al_rest	3872	0x6466958c
al_restore_default_mixer	3873	0x645ca9ac
al_restore_state	3874	0x64625ff0
al_rewind_audio_stream	3875	0x645cbbc0
al_rotate_transform	3876	0x64626b50
al_run_detached_thread	3877	0x64623f24
al_run_main	3878	0x645e2248
al_save_bitmap	3879	0x645e3df4
al_save_bitmap_f	3880	0x645e3ee8
al_save_config_file	3881	0x645e7178
al_save_config_file_f	3882	0x645e70c8
al_save_sample	3883	0x645c5248
al_save_sample_f	3884	0x645c5300
al_scale_transform	3885	0x64626bdc
al_seek_audio_stream_secs	3886	0x645cbc18
al_set_app_name	3887	0x64623cbc
al_set_audio_stream_fragment	3888	0x645cb604
al_set_audio_stream_gain	3889	0x645cb360
al_set_audio_stream_loop_secs	3890	0x645cbd34
al_set_audio_stream_pan	3891	0x645cb3fc
al_set_audio_stream_playing	3892	0x645cb53c
al_set_audio_stream_playmode	3893	0x645cb4f4
al_set_audio_stream_speed	3894	0x645cb244
al_set_blender	3895	0x64625560
al_set_clipping_rectangle	3896	0x645e2814
al_set_config_value	3897	0x645e68e4
al_set_current_opengl_context	3898	0x64621834
al_set_default_mixer	3899	0x645ca778
al_set_display_flag	3900	0x645fb650
al_set_display_icon	3901	0x645fb558
al_set_display_icons	3902	0x645fb590
al_set_errno	3903	0x64626750
al_set_event_source_data	3904	0x645ff318
al_set_exe_name	3905	0x64623c58
al_set_fs_interface	3906	0x646264f8
al_set_keyboard_leds	3907	0x646020b0
al_set_memory_interface	3908	0x64603700
al_set_mixer_frequency	3909	0x645ca260
al_set_mixer_gain	3910	0x645ca314
al_set_mixer_playing	3911	0x645ca39c
al_set_mixer_postprocess_callback	3912	0x645ca1a4
al_set_mixer_quality	3913	0x645ca29c
al_set_mouse_axis	3914	0x6460b6d4
al_set_mouse_cursor	3915	0x6460b568
al_set_mouse_w	3916	0x6460b6b4
al_set_mouse_xy	3917	0x6460b688
al_set_mouse_z	3918	0x6460b694
al_set_new_bitmap_flags	3919	0x64625a40
al_set_new_bitmap_format	3920	0x64625978
al_set_new_display_adapter	3921	0x64624de8
al_set_new_display_flags	3922	0x64624ad8
al_set_new_display_option	3923	0x645fb7ac
al_set_new_display_refresh_rate	3924	0x64624c60
al_set_new_file_interface	3925	0x64626360
al_set_new_window_position	3926	0x64624f70
al_set_org_name	3927	0x64623c8c
al_set_path_drive	3928	0x64623050
al_set_path_extension	3929	0x64623120
al_set_path_filename	3930	0x6462308c
al_set_physfs_file_interface	3931	0x645d5c6c
al_set_sample	3932	0x645c6bf4
al_set_sample_instance_gain	3933	0x645c68dc
al_set_sample_instance_length	3934	0x645c6750
al_set_sample_instance_pan	3935	0x645c6978
al_set_sample_instance_playing	3936	0x645c6b10
al_set_sample_instance_playmode	3937	0x645c6a70
al_set_sample_instance_position	3938	0x645c66dc
al_set_sample_instance_speed	3939	0x645c6790
al_set_separate_blender	3940	0x64625654
al_set_standard_file_interface	3941	0x64600a2c
al_set_standard_fs_interface	3942	0x646265c0
al_set_system_mouse_cursor	3943	0x6460b588
al_set_target_backbuffer	3944	0x64625480
al_set_target_bitmap	3945	0x64625308
al_set_thread_should_stop	3946	0x64624080
al_set_timer_count	3947	0x64624874
al_set_timer_speed	3948	0x646247fc
al_set_voice_playing	3949	0x645cc62c
al_set_voice_position	3950	0x645cc5d4
al_set_window_position	3951	0x645fb5ec
al_set_window_title	3952	0x645fb6a8
al_show_mouse_cursor	3953	0x6460b5ac
al_show_native_file_dialog	3954	0x645d43a4
al_show_native_message_box	3955	0x645d43dc
al_shutdown_font_addon	3956	0x645ce8cc
al_shutdown_image_addon	3957	0x645d214c
al_shutdown_native_dialog_addon	3958	0x645d42b4
al_shutdown_primitives_addon	3959	0x645e09f4
al_shutdown_ttf_addon	3960	0x645e21fc
al_signal_cond	3961	0x64624304
al_start_thread	3962	0x64623f9c
al_start_timer	3963	0x64624680
al_stop_sample	3964	0x645cabc0
al_stop_sample_instance	3965	0x645c6524
al_stop_samples	3966	0x645cac0c
al_stop_timer	3967	0x64624730
al_store_state	3968	0x64625d6c
al_toggle_display_flag	3969	0x645fb67c
al_transform_coordinates	3970	0x64626c18
al_translate_transform	3971	0x64626b34
al_ungrab_mouse	3972	0x6460b7ac
al_uninstall_audio	3973	0x645c45d8
al_uninstall_joystick	3974	0x64601e04
al_uninstall_keyboard	3975	0x6460201c
al_uninstall_mouse	3976	0x6460b5dc
al_uninstall_system	3977	0x64623854
al_unlock_bitmap	3978	0x645e4178
al_unlock_mutex	3979	0x64624218
al_unmap_rgb	3980	0x64623790
al_unmap_rgb_f	3981	0x64623834
al_unmap_rgba	3982	0x64623700
al_unmap_rgba_f	3983	0x64623808
al_unref_user_event	3984	0x645fef68
al_unregister_event_source	3985	0x645fe970
al_update_display_region	3986	0x645fb450
al_update_fs_entry	3987	0x64600c30
al_use_transform	3988	0x646268f0
al_ustr_append	3989	0x64658cf0
al_ustr_append_chr	3990	0x64658d30
al_ustr_append_cstr	3991	0x64658d10
al_ustr_appendf	3992	0x64658ed0
al_ustr_assign	3993	0x6465903c
al_ustr_assign_cstr	3994	0x64659090
al_ustr_assign_substr	3995	0x6465905c
al_ustr_compare	3996	0x64659b80
al_ustr_dup	3997	0x6465867c
al_ustr_dup_substr	3998	0x64658684
al_ustr_empty_string	3999	0x64658694
al_ustr_encode_utf16	4000	0x6465a498
al_ustr_equal	4001	0x64659b60
al_ustr_find_chr	4002	0x646593e0
al_ustr_find_cset	4003	0x646597e0
al_ustr_find_cset_cstr	4004	0x64659968
al_ustr_find_cstr	4005	0x646599c0
al_ustr_find_replace	4006	0x64659aac
al_ustr_find_replace_cstr	4007	0x64659adc
al_ustr_find_set	4008	0x64659618
al_ustr_find_set_cstr	4009	0x64659790
al_ustr_find_str	4010	0x646599b8
al_ustr_free	4011	0x646585f4
al_ustr_get	4012	0x646588dc
al_ustr_get_next	4013	0x64658a1c
al_ustr_has_prefix	4014	0x64659f00
al_ustr_has_prefix_cstr	4015	0x64659f34
al_ustr_has_suffix	4016	0x64659f9c
al_ustr_has_suffix_cstr	4017	0x6465a03c
al_ustr_insert	4018	0x64658b14
al_ustr_insert_chr	4019	0x64658ba0
al_ustr_insert_cstr	4020	0x64658b44
al_ustr_length	4021	0x64658774
al_ustr_ltrim_ws	4022	0x64658ff4
al_ustr_ncompare	4023	0x64659d38
al_ustr_new	4024	0x646585e4
al_ustr_new_from_buffer	4025	0x646585ec
al_ustr_new_from_utf16	4026	0x6465a24c
al_ustr_newf	4027	0x64658ef8
al_ustr_next	4028	0x6465884c
al_ustr_offset	4029	0x646587c0
al_ustr_prev	4030	0x6465889c
al_ustr_prev_get	4031	0x64658ac0
al_ustr_remove_chr	4032	0x64658f30
al_ustr_remove_range	4033	0x64658fa8
al_ustr_replace_range	4034	0x646593a4
al_ustr_rfind_chr	4035	0x646594f4
al_ustr_rfind_cstr	4036	0x64659a44
al_ustr_rfind_str	4037	0x64659a10
al_ustr_rtrim_ws	4038	0x6465900c
al_ustr_set_chr	4039	0x646590b0
al_ustr_size	4040	0x64658760
al_ustr_size_utf16	4041	0x6465a400
al_ustr_to_buffer	4042	0x6465860c
al_ustr_trim_ws	4043	0x64659024
al_ustr_truncate	4044	0x64658fd4
al_ustr_vappendf	4045	0x64658e80
al_utf16_encode	4046	0x6465a204
al_utf16_width	4047	0x6465a1e4
al_utf8_encode	4048	0x6465a140
al_utf8_width	4049	0x6465a100
al_wait_cond	4050	0x646242ec
al_wait_cond_until	4051	0x646242f4
al_wait_for_event	4052	0x645fed2c
al_wait_for_event_timed	4053	0x645fedb0
al_wait_for_event_until	4054	0x645fee08
al_wait_for_vsync	4055	0x645fb530
alcCaptureCloseDevice	4056	0x64699b88
alcCaptureOpenDevice	4057	0x6469ca44
alcCaptureSamples	4058	0x64698ea4
alcCaptureStart	4059	0x64699064
alcCaptureStop	4060	0x64698f8c
alcCloseDevice	4061	0x6469977c
alcCreateContext	4062	0x6469a920
alcDSoundDeinit	4063	0x646ab5c4
alcDSoundInit	4064	0x646ab5ac
alcDSoundProbe	4065	0x646ab634
alcDestroyContext	4066	0x64699388
alcGetContextsDevice	4067	0x6469a59c
alcGetCurrentContext	4068	0x64699854
alcGetEnumValue	4069	0x6469a650
alcGetError	4070	0x64698ca0
alcGetIntegerv	4071	0x6469b20c
alcGetProcAddress	4072	0x646992e4
alcGetString	4073	0x64699fc0
alcGetThreadContext	4074	0x64698df8
alcIsExtensionPresent	4075	0x64699e18
alcIsRenderFormatSupported	4076	0x6469a6f4
alcLoopbackOpenDevice	4077	0x6469993c
alcMakeContextCurrent	4078	0x64699140
alcOpenDevice	4079	0x6469c434
alcProcessContext	4080	0x64698d10
alcRenderSamples	4081	0x64699cd0
alcSetError	4082	0x6469cca4
alcSetThreadContext	4083	0x64699218
alcSuspendContext	4084	0x64698d84
alcWinMMDeinit	4085	0x646aca90
alcWinMMInit	4086	0x646aca78
alcWinMMProbe	4087	0x646acb24
alc_loopback_deinit	4088	0x646ad93c
alc_loopback_init	4089	0x646ad924
alc_loopback_probe	4090	0x646ad940
alc_null_deinit	4091	0x646acf20
alc_null_init	4092	0x646acf08
alc_null_probe	4093	0x646acf24
alc_wave_deinit	4094	0x646ad890
alc_wave_init	4095	0x646ad878
alc_wave_probe	4096	0x646ad894
allocate_sample_buffer	4097	0x64736130
aluCart2LUTpos	4098	0x646a947c
aluHandleDisconnect	4099	0x646a4988
aluInitPanning	4100	0x646a951c
aluMixData	4101	0x646a09a0
autofit_module_class	4102	0x64817860
bdf_cmap_class	4103	0x6482cb60
bdf_driver_class	4104	0x6482cae0
bitreader_read_from_client_	4105	0x647108cc
bs2b_clear	4106	0x646aa8e4
bs2b_cross_feed	4107	0x646aa91c
bs2b_get_level	4108	0x646aa8b8
bs2b_get_srate	4109	0x646aa8dc
bs2b_is_clear	4110	0x646aa8fc
bs2b_set_level	4111	0x646aa8a0
bs2b_set_srate	4112	0x646aa8c0
buffer_mod_dfs	4113	0x647de4c0
cff_cmap_encoding_class_rec	4114	0x64819700
cff_cmap_unicode_class_rec	4115	0x648196c0
cff_driver_class	4116	0x64819740
crc32	4117	0x64765908
crc32_combine	4118	0x64765bc4
crc32_combine64	4119	0x64765bd8
create_sample_buffer	4120	0x647360c4
destroy_sample_buffer	4121	0x647361a4
drft_backward	4122	0x6472c0f8
drft_clear	4123	0x6472c628
drft_forward	4124	0x6472bed4
drft_init	4125	0x6472c398
duh_encapsulate_it_sigrenderer	4126	0x6473f3ec
duh_encapsulate_raw_sigrenderer	4127	0x64735934
duh_end_renderer	4128	0x64735130
duh_end_sigrenderer	4129	0x647358fc
duh_get_it_sigdata	4130	0x647621f0
duh_get_it_sigrenderer	4131	0x6473f418
duh_get_length	4132	0x64735f84
duh_get_raw_sigdata	4133	0x647626a8
duh_get_raw_sigrenderer	4134	0x647359a8
duh_render	4135	0x64734fe0
duh_render_signal	4136	0x6473565c
duh_renderer_decompose_to_sigrenderer	4137	0x64735148
duh_renderer_encapsulate_sigrenderer	4138	0x64735138
duh_renderer_get_n_channels	4139	0x64735120
duh_renderer_get_position	4140	0x64735128
duh_renderer_get_sigrenderer	4141	0x64735140
duh_set_length	4142	0x64735f94
duh_sigrenderer_generate_samples	4143	0x647352e8
duh_sigrenderer_get_current_sample	4144	0x647358e0
duh_sigrenderer_get_n_channels	4145	0x64735298
duh_sigrenderer_get_position	4146	0x647352a8
duh_sigrenderer_get_samples	4147	0x647353dc
duh_sigrenderer_set_analyser_callback	4148	0x64735250
duh_sigrenderer_set_callback	4149	0x64735220
duh_sigrenderer_set_sample_analyser_callback	4150	0x64735280
duh_sigrenderer_set_sigparam	4151	0x647352bc
duh_start_renderer	4152	0x64734fb4
duh_start_sigrenderer	4153	0x64735150
dumb_atexit	4154	0x64735fa4
dumb_click_remover_get_offset	4155	0x64742d7c
dumb_click_remover_get_offset_array	4156	0x64743060
dumb_create_click_remover	4157	0x64742b24
dumb_create_click_remover_array	4158	0x64742dc8
dumb_destroy_click_remover	4159	0x64742d8c
dumb_destroy_click_remover_array	4160	0x64743090
dumb_end_resampler	4161	0x64756d68
dumb_end_resampler_16	4162	0x6475c370
dumb_end_resampler_8	4163	0x64761b74
dumb_end_resampler_n	4164	0x647621d8
dumb_exit	4165	0x64736000
dumb_it_build_checkpoints	4166	0x6473f5b4
dumb_it_callback_midi_block	4167	0x6473f5ac
dumb_it_callback_terminate	4168	0x64738838
dumb_it_do_initial_runthrough	4169	0x6473f9ec
dumb_it_max_to_mix	4170	0x647ddae0
dumb_it_sd_get_initial_channel_volume	4171	0x64762344
dumb_it_sd_get_initial_global_volume	4172	0x647622c4
dumb_it_sd_get_initial_speed	4173	0x64762304
dumb_it_sd_get_initial_tempo	4174	0x64762324
dumb_it_sd_get_instrument_filename	4175	0x647622a4
dumb_it_sd_get_instrument_name	4176	0x64762284
dumb_it_sd_get_mixing_volume	4177	0x647622e4
dumb_it_sd_get_n_instruments	4178	0x64762244
dumb_it_sd_get_n_orders	4179	0x64762224
dumb_it_sd_get_n_samples	4180	0x64762234
dumb_it_sd_get_sample_filename	4181	0x6476226c
dumb_it_sd_get_sample_name	4182	0x64762254
dumb_it_sd_get_song_message	4183	0x64762214
dumb_it_sd_set_initial_channel_volume	4184	0x64762360
dumb_it_sd_set_initial_global_volume	4185	0x647622d4
dumb_it_sd_set_initial_speed	4186	0x64762314
dumb_it_sd_set_initial_tempo	4187	0x64762334
dumb_it_sd_set_mixing_volume	4188	0x647622f4
dumb_it_set_loop_callback	4189	0x6473f308
dumb_it_set_midi_callback	4190	0x6473f344
dumb_it_set_xm_speed_zero_callback	4191	0x6473f324
dumb_it_sr_get_channel_muted	4192	0x64762478
dumb_it_sr_get_channel_state	4193	0x6473f434
dumb_it_sr_get_channel_volume	4194	0x64762418
dumb_it_sr_get_current_order	4195	0x64762378
dumb_it_sr_get_current_row	4196	0x64762390
dumb_it_sr_get_global_volume	4197	0x647623a8
dumb_it_sr_get_speed	4198	0x647623f0
dumb_it_sr_get_tempo	4199	0x647623cc
dumb_it_sr_set_channel_muted	4200	0x64762450
dumb_it_sr_set_channel_volume	4201	0x64762434
dumb_it_sr_set_global_volume	4202	0x647623bc
dumb_it_sr_set_speed	4203	0x64762404
dumb_it_sr_set_tempo	4204	0x647623e0
dumb_it_start_at_order	4205	0x6473f364
dumb_read_it	4206	0x64736034
dumb_read_it_quick	4207	0x64738660
dumb_read_mod	4208	0x647360a0
dumb_read_mod_quick	4209	0x64741aa4
dumb_read_s3m	4210	0x6473607c
dumb_read_s3m_quick	4211	0x64740c6c
dumb_read_xm	4212	0x64736058
dumb_read_xm_quick	4213	0x6473fa20
dumb_record_click	4214	0x64742b50
dumb_record_click_array	4215	0x64742e34
dumb_record_click_negative_array	4216	0x64742ed8
dumb_remove_clicks	4217	0x64742ba4
dumb_remove_clicks_array	4218	0x64742f7c
dumb_resample_16_1_1	4219	0x64756ec4
dumb_resample_16_1_2	4220	0x6475717c
dumb_resample_16_2_1	4221	0x64759310
dumb_resample_16_2_2	4222	0x64759718
dumb_resample_1_1	4223	0x64750cb4
dumb_resample_1_2	4224	0x64750fe0
dumb_resample_2_1	4225	0x64753604
dumb_resample_2_2	4226	0x64753b0c
dumb_resample_8_1_1	4227	0x6475c4c8
dumb_resample_8_1_2	4228	0x6475c77c
dumb_resample_8_2_1	4229	0x6475e8ac
dumb_resample_8_2_2	4230	0x6475ecc4
dumb_resample_get_current_sample_16_1_1	4231	0x64756f00
dumb_resample_get_current_sample_16_1_2	4232	0x6475905c
dumb_resample_get_current_sample_16_2_1	4233	0x64759358
dumb_resample_get_current_sample_16_2_2	4234	0x6475bf90
dumb_resample_get_current_sample_1_1	4235	0x64750cf0
dumb_resample_get_current_sample_1_2	4236	0x647532bc
dumb_resample_get_current_sample_2_1	4237	0x6475364c
dumb_resample_get_current_sample_2_2	4238	0x64756878
dumb_resample_get_current_sample_8_1_1	4239	0x6475c504
dumb_resample_get_current_sample_8_1_2	4240	0x6475e608
dumb_resample_get_current_sample_8_2_1	4241	0x6475e8f4
dumb_resample_get_current_sample_8_2_2	4242	0x6476179c
dumb_resample_get_current_sample_n_1_1	4243	0x647620d0
dumb_resample_get_current_sample_n_1_2	4244	0x6476210c
dumb_resample_get_current_sample_n_2_1	4245	0x64762150
dumb_resample_get_current_sample_n_2_2	4246	0x64762194
dumb_resample_n_1_1	4247	0x64761ec8
dumb_resample_n_1_2	4248	0x64761f68
dumb_resample_n_2_1	4249	0x64761fc0
dumb_resample_n_2_2	4250	0x64762078
dumb_resampling_quality	4251	0x647de4d4
dumb_reset_resampler	4252	0x64750bb8
dumb_reset_resampler_16	4253	0x64756d7c
dumb_reset_resampler_8	4254	0x6475c384
dumb_reset_resampler_n	4255	0x64761b88
dumb_silence	4256	0x647361d0
dumb_start_resampler	4257	0x64750c2c
dumb_start_resampler_16	4258	0x64756e14
dumb_start_resampler_8	4259	0x6475c41c
dumb_start_resampler_n	4260	0x64761ce8
dumbfile_cgetsl	4261	0x64735e4c
dumbfile_cgetul	4262	0x64735df0
dumbfile_close	4263	0x64735f54
dumbfile_error	4264	0x64735f48
dumbfile_getc	4265	0x64735b6c
dumbfile_getnc	4266	0x64735eb4
dumbfile_igetl	4267	0x64735c88
dumbfile_igetw	4268	0x64735ba8
dumbfile_mgetl	4269	0x64735d3c
dumbfile_mgetw	4270	0x64735c18
dumbfile_open	4271	0x64735a64
dumbfile_open_ex	4272	0x64735aac
dumbfile_pos	4273	0x64735af8
dumbfile_skip	4274	0x64735b00
floor0_exportbundle	4275	0x648135e0
floor1_encode	4276	0x64731578
floor1_exportbundle	4277	0x64813620
floor1_fit	4278	0x64730b64
floor1_interpolate_fit	4279	0x647314d8
ft_corner_is_flat	4280	0x64768c74
ft_corner_orientation	4281	0x64768b64
ft_glyphslot_alloc_bitmap	4282	0x64769628
ft_glyphslot_free_bitmap	4283	0x64769584
ft_glyphslot_set_bitmap	4284	0x647695d8
ft_grays_raster	4285	0x6482c8dc
ft_highpow2	4286	0x647744c4
ft_lzwstate_done	4287	0x647bda0c
ft_lzwstate_init	4288	0x647bd98c
ft_lzwstate_io	4289	0x647bda90
ft_lzwstate_reset	4290	0x647bd950
ft_mem_alloc	4291	0x647738d8
ft_mem_dup	4292	0x64774208
ft_mem_free	4293	0x647741f0
ft_mem_qalloc	4294	0x64773948
ft_mem_qrealloc	4295	0x64774104
ft_mem_realloc	4296	0x6477398c
ft_mem_strcpyn	4297	0x64774300
ft_mem_strdup	4298	0x6477427c
ft_module_get_service	4299	0x6476bf18
ft_raster1_renderer_class	4300	0x6482bf40
ft_raster5_renderer_class	4301	0x6482bee0
ft_service_list_lookup	4302	0x64769480
ft_smooth_lcd_renderer_class	4303	0x6482c840
ft_smooth_lcdv_renderer_class	4304	0x6482c7e0
ft_smooth_renderer_class	4305	0x6482c8a0
ft_standard_raster	4306	0x6482bf7c
ft_stub_set_char_sizes	4307	0x6476c3a4
ft_stub_set_pixel_sizes	4308	0x6476c41c
ft_synthesize_vertical_metrics	4309	0x6476a024
ft_validator_error	4310	0x647694f0
ft_validator_init	4311	0x647694c8
ft_validator_run	4312	0x647694e8
g_CrcTable	4313	0x64878b20
get_crc_table	4314	0x64765900
inflate	4315	0x64762fa8
inflateCopy	4316	0x647655a8
inflateEnd	4317	0x64765170
inflateGetHeader	4318	0x647652a8
inflateInit2_	4319	0x64762d50
inflateInit_	4320	0x64762e4c
inflateMark	4321	0x64765720
inflatePrime	4322	0x64762f48
inflateReset	4323	0x64762b4c
inflateReset2	4324	0x64762bfc
inflateSetDictionary	4325	0x647651c8
inflateSync	4326	0x647652d8
inflateSyncPoint	4327	0x6476557c
inflateUndermine	4328	0x647656f8
inflate_copyright	4329	0x648174a0
inflate_fast	4330	0x647668c8
inflate_table	4331	0x64766058
k7zSignature	4332	0x647dd374
kMaskToAllowedStatus	4333	0x647f9f68
kMaskToBitNumber	4334	0x647f9f60
kUtf8Limits	4335	0x647dd37c
make_duh	4336	0x64742804
mapping0_exportbundle	4337	0x64813520
mdct_backward	4338	0x64728b14
mdct_clear	4339	0x64728ad8
mdct_forward	4340	0x64728e44
mdct_init	4341	0x64728888
null_funcs	4342	0x647dd600
ogg_packet_clear	4343	0x64733f74
ogg_page_bos	4344	0x64732b9c
ogg_page_checksum_set	4345	0x64732e34
ogg_page_continued	4346	0x64732b8c
ogg_page_eos	4347	0x64732bac
ogg_page_granulepos	4348	0x64732bbc
ogg_page_packets	4349	0x64732c94
ogg_page_pageno	4350	0x64732c6c
ogg_page_serialno	4351	0x64732c44
ogg_page_version	4352	0x64732b80
ogg_stream_check	4353	0x64732d78
ogg_stream_clear	4354	0x64732d94
ogg_stream_destroy	4355	0x64732de0
ogg_stream_eos	4356	0x647332f4
ogg_stream_flush	4357	0x64733220
ogg_stream_init	4358	0x64732cbc
ogg_stream_iovecin	4359	0x64732ee0
ogg_stream_packetin	4360	0x647331d4
ogg_stream_packetout	4361	0x64733d74
ogg_stream_packetpeek	4362	0x64733e78
ogg_stream_pagein	4363	0x647336d4
ogg_stream_pageout	4364	0x6473323c
ogg_stream_pageout_fill	4365	0x64733298
ogg_stream_reset	4366	0x64733c48
ogg_stream_reset_serialno	4367	0x64733cd4
ogg_sync_buffer	4368	0x647333a0
ogg_sync_check	4369	0x64733394
ogg_sync_clear	4370	0x6473332c
ogg_sync_destroy	4371	0x6473335c
ogg_sync_init	4372	0x64733314
ogg_sync_pageout	4373	0x64733684
ogg_sync_pageseek	4374	0x6473347c
ogg_sync_reset	4375	0x64733c0c
ogg_sync_wrote	4376	0x64733458
oggpackB_adv	4377	0x64734bc8
oggpackB_adv1	4378	0x64734c44
oggpackB_bits	4379	0x64734f94
oggpackB_bytes	4380	0x64734f74
oggpackB_get_buffer	4381	0x64734fac
oggpackB_look	4382	0x64734a60
oggpackB_look1	4383	0x64734b44
oggpackB_read	4384	0x64734d70
oggpackB_read1	4385	0x64734ee8
oggpackB_readinit	4386	0x64734980
oggpackB_reset	4387	0x647348dc
oggpackB_write	4388	0x6473404c
oggpackB_writealign	4389	0x64734360
oggpackB_writecheck	4390	0x647342ac
oggpackB_writeclear	4391	0x6473492c
oggpackB_writecopy	4392	0x64734680
oggpackB_writeinit	4393	0x64734254
oggpackB_writetrunc	4394	0x64734300
oggpack_adv	4395	0x64734b6c
oggpack_adv1	4396	0x64734c24
oggpack_bits	4397	0x64734f64
oggpack_bytes	4398	0x64734f44
oggpack_get_buffer	4399	0x64734fa4
oggpack_look	4400	0x647349a8
oggpack_look1	4401	0x64734b20
oggpack_read	4402	0x64734c64
oggpack_read1	4403	0x64734e94
oggpack_readinit	4404	0x64734958
oggpack_reset	4405	0x647348b8
oggpack_write	4406	0x647340e4
oggpack_writealign	4407	0x64734334
oggpack_writecheck	4408	0x6473428c
oggpack_writeclear	4409	0x64734900
oggpack_writecopy	4410	0x647343fc
oggpack_writeinit	4411	0x6473421c
oggpack_writetrunc	4412	0x647342cc
ov_bitrate	4413	0x6471c3f4
ov_bitrate_instant	4414	0x6471c13c
ov_clear	4415	0x6471b9f0
ov_comment	4416	0x6471c744
ov_crosslap	4417	0x6471cd40
ov_fopen	4418	0x6471be10
ov_halfrate	4419	0x6471bee0
ov_halfrate_p	4420	0x6471c030
ov_info	4421	0x6471c70c
ov_open	4422	0x6471bd6c
ov_open_callbacks	4423	0x6471bce0
ov_pcm_seek	4424	0x6471afc8
ov_pcm_seek_lap	4425	0x6471d04c
ov_pcm_seek_page	4426	0x6471a108
ov_pcm_seek_page_lap	4427	0x6471d068
ov_pcm_tell	4428	0x6471c594
ov_pcm_total	4429	0x6471c2cc
ov_raw_seek	4430	0x647191fc
ov_raw_seek_lap	4431	0x6471d030
ov_raw_tell	4432	0x6471c574
ov_raw_total	4433	0x6471c204
ov_read	4434	0x6471cc20
ov_read_filter	4435	0x6471c77c
ov_read_float	4436	0x6471cc74
ov_seekable	4437	0x6471c134
ov_serialnumber	4438	0x6471c1c0
ov_streams	4439	0x6471c12c
ov_test	4440	0x6471c080
ov_test_callbacks	4441	0x6471c04c
ov_test_open	4442	0x6471c0cc
ov_time_seek	4443	0x6471b21c
ov_time_seek_lap	4444	0x6471d084
ov_time_seek_page	4445	0x6471b0c8
ov_time_seek_page_lap	4446	0x6471d09c
ov_time_tell	4447	0x6471c5b4
ov_time_total	4448	0x6471c360
pcf_cmap_class	4449	0x6481bd60
pcf_driver_class	4450	0x6481bce0
pfr_cmap_class_rec	4451	0x6481b2a0
pfr_driver_class	4452	0x6481b220
pfr_metrics_service_rec	4453	0x6481b288
ps_hints_apply	4454	0x647a6e20
ps_parser_funcs	4455	0x6481c580
ps_table_funcs	4456	0x6481c5b4
psaux_module_class	4457	0x6481c500
pshinter_module_class	4458	0x6482be80
psnames_module_class	4459	0x6481cb00
register_dumbfile_system	4460	0x64735a58
res0_free_info	4461	0x6472ec90
res0_free_look	4462	0x6472ec04
res0_inverse	4463	0x6472e7cc
res0_look	4464	0x6472e834
res0_pack	4465	0x6472eaa0
res0_unpack	4466	0x6472f0ec
res1_class	4467	0x6472e290
res1_forward	4468	0x6472efb0
res1_inverse	4469	0x6472e764
res2_class	4470	0x6472e0b0
res2_forward	4471	0x6472f020
res2_inverse	4472	0x6472de98
residue0_exportbundle	4473	0x648135a0
residue1_exportbundle	4474	0x64813580
residue2_exportbundle	4475	0x64813560
sfnt_module_class	4476	0x6482c0c0
t1_builder_funcs	4477	0x6481c560
t1_cmap_classes	4478	0x6481c524
t1_cmap_custom_class_rec	4479	0x6481c440
t1_cmap_expert_class_rec	4480	0x6481c480
t1_cmap_standard_class_rec	4481	0x6481c4c0
t1_cmap_unicode_class_rec	4482	0x6481c400
t1_decoder_funcs	4483	0x6481c540
t1_driver_class	4484	0x64818a40
t1cid_driver_class	4485	0x6481a780
t42_driver_class	4486	0x6481b480
tt_cmap0_class_rec	4487	0x6482c300
tt_cmap10_class_rec	4488	0x6482c1c0
tt_cmap12_class_rec	4489	0x6482c180
tt_cmap13_class_rec	4490	0x6482c140
tt_cmap14_class_rec	4491	0x6482c100
tt_cmap2_class_rec	4492	0x6482c2c0
tt_cmap4_class_rec	4493	0x6482c280
tt_cmap6_class_rec	4494	0x6482c240
tt_cmap8_class_rec	4495	0x6482c200
tt_default_graphics_state	4496	0x64818280
tt_driver_class	4497	0x648182e0
unload_duh	4498	0x647359c4
vorbis_analysis_blockout	4499	0x6471fa28
vorbis_analysis_buffer	4500	0x6471f7e0
vorbis_analysis_headerout	4501	0x6471e494
vorbis_analysis_init	4502	0x6471f75c
vorbis_analysis_wrote	4503	0x6471f8b8
vorbis_bitrate_addblock	4504	0x64729328
vorbis_bitrate_clear	4505	0x647292f8
vorbis_bitrate_flushpacket	4506	0x64729850
vorbis_bitrate_init	4507	0x647291b8
vorbis_bitrate_managed	4508	0x64729308
vorbis_block_clear	4509	0x6471ef44
vorbis_block_init	4510	0x6471edb8
vorbis_book_clear	4511	0x64721540
vorbis_book_codelen	4512	0x64721d38
vorbis_book_codeword	4513	0x64721d1c
vorbis_book_decode	4514	0x647260a4
vorbis_book_decodev_add	4515	0x647264bc
vorbis_book_decodev_set	4516	0x64726a80
vorbis_book_decodevs_add	4517	0x6472623c
vorbis_book_decodevv_add	4518	0x64726cb0
vorbis_book_encode	4519	0x64726048
vorbis_book_init_decode	4520	0x64721770
vorbis_book_init_encode	4521	0x647215a8
vorbis_comment_add	4522	0x6471d658
vorbis_comment_add_tag	4523	0x6471d6f4
vorbis_comment_clear	4524	0x6471d92c
vorbis_comment_init	4525	0x6471d648
vorbis_comment_query	4526	0x6471d76c
vorbis_comment_query_count	4527	0x6471d850
vorbis_commentheader_out	4528	0x6471e400
vorbis_dsp_clear	4529	0x6471f024
vorbis_granule_time	4530	0x6471ec34
vorbis_info_blocksize	4531	0x6471d9a0
vorbis_info_clear	4532	0x6471d9f0
vorbis_info_init	4533	0x6471d9bc
vorbis_lpc_from_data	4534	0x64726f0c
vorbis_lpc_predict	4535	0x6472711c
vorbis_lpc_to_lsp	4536	0x64732270
vorbis_lsp_to_curve	4537	0x6473208c
vorbis_packet_blocksize	4538	0x6471d3c4
vorbis_staticbook_destroy	4539	0x647214f0
vorbis_staticbook_pack	4540	0x647258d0
vorbis_staticbook_unpack	4541	0x64725ca8
vorbis_synthesis	4542	0x6471d0b4
vorbis_synthesis_blockin	4543	0x647200c4
vorbis_synthesis_halfrate	4544	0x6471d444
vorbis_synthesis_halfrate_p	4545	0x6471d474
vorbis_synthesis_headerin	4546	0x6471dc48
vorbis_synthesis_idheader	4547	0x6471db4c
vorbis_synthesis_init	4548	0x64720018
vorbis_synthesis_lapout	4549	0x6472099c
vorbis_synthesis_pcmout	4550	0x647208f4
vorbis_synthesis_read	4551	0x64720974
vorbis_synthesis_restart	4552	0x6471ff98
vorbis_synthesis_trackonly	4553	0x6471d2bc
vorbis_version_string	4554	0x6471ec7c
vorbis_window	4555	0x64720bbc
wave_funcs	4556	0x647dd640
winfnt_driver_class	4557	0x6481b980
x86_2_Decode	4558	0x6467f028
x86_Convert	4559	0x6467ee24
zError	4560	0x64765778
z_errmsg	4561	0x64815460
zcalloc	4562	0x6476578c
zcfree	4563	0x647657a0
zlibCompileFlags	4564	0x64765770
zlibVersion	4565	0x64765768

Target ID:	0
Start time:	04:36:41
Start date:	21/10/2024
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe "C:\Users\user\Desktop\msimg32.dll"
Imagebase:	0x500000
File size:	126'464 bytes
MD5 hash:	51E6071F9CBA48E79F10C84515AAE618
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	04:36:41
Start date:	21/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6ee680000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	04:36:41
Start date:	21/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\msimg32.dll",#1
Imagebase:	0xa40000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	04:36:41
Start date:	21/10/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\msimg32.dll,AlphaBlend
Imagebase:	0xce0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	04:36:41
Start date:	21/10/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Users\user\Desktop\msimg32.dll",#1
Imagebase:	0xce0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	04:36:45
Start date:	21/10/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\msimg32.dll,AppendCaptureDeviceList
Imagebase:	0xce0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	04:36:48
Start date:	21/10/2024
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\msimg32.dll,AppendDeviceList
Imagebase:	0xce0000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	6
Total number of Limit Nodes:	0

Executed Functions

Function 645DC217 Relevance: 69.0, APIs: 1, Strings: 38, Instructions: 710
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
r, xrefs: 645F5278
i, xrefs: 645DC43C
r, xrefs: 645DC44A
L, xrefs: 645F5255
^S, xrefs: 645DC1D2
W, xrefs: 645F5286
a, xrefs: 645F5247
a, xrefs: 645DC451
s, xrefs: 645F4DAF
s, xrefs: 645F4DB6
r, xrefs: 645DC458
b, xrefs: 645F5263
y, xrefs: 645DC45F
d, xrefs: 645DC42E
L, xrefs: 645DC419
i, xrefs: 645F4D7E
o, xrefs: 645F5240
r, xrefs: 645F526A
W, xrefs: 645DC466
P, xrefs: 645F4D8C
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
b, xrefs: 645DC443
L, xrefs: 645DC435
o, xrefs: 645DC420
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
~]d, xrefs: 645DC1E7, 645DC1F6, 645DC267, 645DC26F
a, xrefs: 645F5271
a, xrefs: 645DC427
o, xrefs: 645F4D9A
y, xrefs: 645F527F
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$L$L$P$W$W$YR$^S$a$a$a$a$b$b$c$d$d$e$i$i$i$o$o$o$r$r$r$r$r$s$s$t$x$y$y$~]d
API String ID: 0-3984222101
Opcode ID: 47f6b4bc5ab92c7813d100e51dd825c0d338a5bd54d020660f2f2d47ece8de33
Instruction ID: df2f069a39be54bc8376b03479c7c396bc627ff70ff015c5ff2dd006e99073c5
Opcode Fuzzy Hash: 47f6b4bc5ab92c7813d100e51dd825c0d338a5bd54d020660f2f2d47ece8de33
Instruction Fuzzy Hash: 2F52BDA1E042688AFB24CB28DC94BEAB775EF55304F0040FAD40CA7691E77A5FC58F56

Function 645DC147 Relevance: 68.9, APIs: 1, Strings: 38, Instructions: 693
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
r, xrefs: 645F5278
i, xrefs: 645DC43C
r, xrefs: 645DC44A
L, xrefs: 645F5255
^S, xrefs: 645DC1D2
W, xrefs: 645F5286
a, xrefs: 645F5247
a, xrefs: 645DC451
s, xrefs: 645F4DAF
s, xrefs: 645F4DB6
r, xrefs: 645DC458
b, xrefs: 645F5263
y, xrefs: 645DC45F
d, xrefs: 645DC42E
L, xrefs: 645DC419
i, xrefs: 645F4D7E
o, xrefs: 645F5240
r, xrefs: 645F526A
W, xrefs: 645DC466
P, xrefs: 645F4D8C
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
b, xrefs: 645DC443
L, xrefs: 645DC435
o, xrefs: 645DC420
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
~]d, xrefs: 645DC1E7, 645DC1F6, 645DC267, 645DC26F
a, xrefs: 645F5271
a, xrefs: 645DC427
o, xrefs: 645F4D9A
y, xrefs: 645F527F
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$L$L$P$W$W$YR$^S$a$a$a$a$b$b$c$d$d$e$i$i$i$o$o$o$r$r$r$r$r$s$s$t$x$y$y$~]d
API String ID: 0-3984222101
Opcode ID: 879c24533f95b8d724e53b7d44d81c95c7c33131e763fcf2552f372f5a29676d
Instruction ID: 269dbd597942f2b66dd67166a935faddbbb146f067bcd5ff109307ec24d1e6f9
Opcode Fuzzy Hash: 879c24533f95b8d724e53b7d44d81c95c7c33131e763fcf2552f372f5a29676d
Instruction Fuzzy Hash: 3A52BD61E042688AFB24CB28DC94BEAB775EF55304F0041FAD40CA7691E77A5FC58F16

Function 645DC295 Relevance: 65.4, APIs: 1, Strings: 36, Instructions: 618
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
r, xrefs: 645F5278
i, xrefs: 645DC43C
r, xrefs: 645DC44A
L, xrefs: 645F5255
W, xrefs: 645F5286
a, xrefs: 645F5247
a, xrefs: 645DC451
s, xrefs: 645F4DAF
s, xrefs: 645F4DB6
r, xrefs: 645DC458
b, xrefs: 645F5263
y, xrefs: 645DC45F
d, xrefs: 645DC42E
L, xrefs: 645DC419
i, xrefs: 645F4D7E
o, xrefs: 645F5240
r, xrefs: 645F526A
W, xrefs: 645DC466
P, xrefs: 645F4D8C
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
b, xrefs: 645DC443
L, xrefs: 645DC435
o, xrefs: 645DC420
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
a, xrefs: 645F5271
a, xrefs: 645DC427
o, xrefs: 645F4D9A
y, xrefs: 645F527F
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$L$L$P$W$W$YR$a$a$a$a$b$b$c$d$d$e$i$i$i$o$o$o$r$r$r$r$r$s$s$t$x$y$y
API String ID: 0-254419091
Opcode ID: 0fe77eb30240e2316b4f97faae6737ae57d6aff8b5d742bf45017944256340d7
Instruction ID: d328a2139b3b5319e022dfed5ee5f178a0d02bca347422cbf6a8e7a99afe3739
Opcode Fuzzy Hash: 0fe77eb30240e2316b4f97faae6737ae57d6aff8b5d742bf45017944256340d7
Instruction Fuzzy Hash: C742BC61E082688AFB24CB28DC98BDAB775EF55304F0040FAD50CA7291E77A5FC58F16

Function 645DC0B5 Relevance: 65.4, APIs: 1, Strings: 36, Instructions: 615
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
r, xrefs: 645F5278
i, xrefs: 645DC43C
r, xrefs: 645DC44A
L, xrefs: 645F5255
W, xrefs: 645F5286
a, xrefs: 645F5247
a, xrefs: 645DC451
s, xrefs: 645F4DAF
s, xrefs: 645F4DB6
r, xrefs: 645DC458
b, xrefs: 645F5263
y, xrefs: 645DC45F
d, xrefs: 645DC42E
L, xrefs: 645DC419
i, xrefs: 645F4D7E
o, xrefs: 645F5240
r, xrefs: 645F526A
W, xrefs: 645DC466
P, xrefs: 645F4D8C
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
b, xrefs: 645DC443
L, xrefs: 645DC435
o, xrefs: 645DC420
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
a, xrefs: 645F5271
a, xrefs: 645DC427
o, xrefs: 645F4D9A
y, xrefs: 645F527F
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$L$L$P$W$W$YR$a$a$a$a$b$b$c$d$d$e$i$i$i$o$o$o$r$r$r$r$r$s$s$t$x$y$y
API String ID: 0-254419091
Opcode ID: 976fc5251061d57a23bfa5ee00b9821c9c215fc497ba302f54c0bf3618f5c65e
Instruction ID: ae85faa66528204c795f0c4e01fc2b1752d220b749ac473e47a2e2f1352ca6be
Opcode Fuzzy Hash: 976fc5251061d57a23bfa5ee00b9821c9c215fc497ba302f54c0bf3618f5c65e
Instruction Fuzzy Hash: 8842CC61E082688AFB24CB28DC98BDAB775EF55304F0040FAD50CA7291E77A5FC58F16

Function 645DC579 Relevance: 47.9, APIs: 1, Strings: 26, Instructions: 604
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
r, xrefs: 645F5278
L, xrefs: 645F5255
3@33, xrefs: 645DC579
W, xrefs: 645F5286
a, xrefs: 645F5247
IODE, xrefs: 645DC642
s, xrefs: 645F4DAF
s, xrefs: 645F4DB6
b, xrefs: 645F5263
i, xrefs: 645F4D7E
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
a, xrefs: 645F5271
o, xrefs: 645F4D9A
y, xrefs: 645F527F
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: 3@33$E$IODE$L$L$P$W$YR$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-125561071
Opcode ID: bd9563057e12f63972e1073f9ae26f7488d698d4c12bc339b27873998df85fb5
Instruction ID: 727aea5d55ac788efed7305464dd4354521ce100bf84bd0e09d34036e9711a91
Opcode Fuzzy Hash: bd9563057e12f63972e1073f9ae26f7488d698d4c12bc339b27873998df85fb5
Instruction Fuzzy Hash: B942CC71E042688AFB24CB28DC88BEAB775EF55304F1081FAD40CA7691D77A5AC5CF16

Function 645DCC48 Relevance: 47.8, APIs: 1, Strings: 26, Instructions: 579
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ea1f13ecb28e7ae9258b2ec95b73fd10f0c15b18b4b39499562fdb724735eb2
Instruction ID: 5af0a3b6284406140789fbca3795c99f957a6097954fc8511da56f396e04c97d
Opcode Fuzzy Hash: 0ea1f13ecb28e7ae9258b2ec95b73fd10f0c15b18b4b39499562fdb724735eb2
Instruction Fuzzy Hash: 7B32BBB1E082688AFB24CB28DC98BDAB775EF55304F0041FAD40CA7291D77A5BC58F56

Function 645DC773 Relevance: 46.1, APIs: 1, Strings: 25, Instructions: 619
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
r, xrefs: 645F5278
L, xrefs: 645F5255
W, xrefs: 645F5286
a, xrefs: 645F5247
IODE, xrefs: 645DC642
s, xrefs: 645F4DAF
s, xrefs: 645F4DB6
b, xrefs: 645F5263
i, xrefs: 645F4D7E
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
a, xrefs: 645F5271
o, xrefs: 645F4D9A
y, xrefs: 645F527F
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$IODE$L$L$P$W$YR$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-276509008
Opcode ID: b5571cea624ac53d6687829472b3b40b8f49386cbb59b051c015572b0b22f1df
Instruction ID: 72ab2995e83b65ee4bc0d515d0bbe8506ea5600e241ce2513b756170b00fd3b2
Opcode Fuzzy Hash: b5571cea624ac53d6687829472b3b40b8f49386cbb59b051c015572b0b22f1df
Instruction Fuzzy Hash: D142DD71E042688AFB24CB28DC88BEAB775EF95304F1041FAD40CA7691D77A5AC5CF16

Function 645DC695 Relevance: 46.1, APIs: 1, Strings: 25, Instructions: 606
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
r, xrefs: 645F5278
L, xrefs: 645F5255
W, xrefs: 645F5286
a, xrefs: 645F5247
IODE, xrefs: 645DC642
s, xrefs: 645F4DAF
s, xrefs: 645F4DB6
b, xrefs: 645F5263
i, xrefs: 645F4D7E
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
a, xrefs: 645F5271
o, xrefs: 645F4D9A
y, xrefs: 645F527F
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$IODE$L$L$P$W$YR$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-276509008
Opcode ID: 3ec71e24b61dbbd82df5d0c46b0c19b57f05ccc6d4897f3cdf3d99edc627a0c6
Instruction ID: 9cc9a67521f3556c089334cfbd09470a2a2d8266f2d662ae78ae2c4571325fd5
Opcode Fuzzy Hash: 3ec71e24b61dbbd82df5d0c46b0c19b57f05ccc6d4897f3cdf3d99edc627a0c6
Instruction Fuzzy Hash: D442CB71E042688AFB24CB28DC98BEAB775EF55304F0081FAD40CA7691D77A5AC5CF16

Function 645DCD74 Relevance: 44.4, APIs: 1, Strings: 24, Instructions: 674COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$YR$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-3181954315
Opcode ID: d42b9712af4b1fc99926e985f71da7defe5d9f8ed09d9d72542de25c62c71cd7
Instruction ID: 16b79006267f1c7094da1559ff749179aa33439eca0bdde9ff11aef4b153f752
Opcode Fuzzy Hash: d42b9712af4b1fc99926e985f71da7defe5d9f8ed09d9d72542de25c62c71cd7
Instruction Fuzzy Hash: 3B52BC71E042688AFB24CB28DC94BEAB775EF95304F1041FAD40CA7290E67A5EC5CF56

Function 645DCD4C Relevance: 44.4, APIs: 1, Strings: 24, Instructions: 628
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$YR$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-3181954315
Opcode ID: 3319b205b2b2351be969b68bf7c9597ae05d973c8e14b336f848a6205554034f
Instruction ID: eced0e65d3ca787094751c0a92ca2c3edf965daebf30f76f019ff893b81d97da
Opcode Fuzzy Hash: 3319b205b2b2351be969b68bf7c9597ae05d973c8e14b336f848a6205554034f
Instruction Fuzzy Hash: 6442CC71E042688AFB24CB28DC98BDAB775EF95304F0041FAD40CA7291E67A5EC5CF16

Function 645DCD5C Relevance: 44.4, APIs: 1, Strings: 24, Instructions: 627
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$YR$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-3181954315
Opcode ID: 91e1e9f0f747a8ff5f0fdcce77e680e54f7ef57cadc23f8e8b948480653fd4c9
Instruction ID: bdc530de6f89c57a3c4d387b390b7dce731b83eb85a084c3a94af9341df488ce
Opcode Fuzzy Hash: 91e1e9f0f747a8ff5f0fdcce77e680e54f7ef57cadc23f8e8b948480653fd4c9
Instruction Fuzzy Hash: E642CC71E042688AFB24CB28DC98BDAB775EF95304F0041FAD40CA7291E67A5EC5CF16

Function 645DD0B9 Relevance: 44.3, APIs: 1, Strings: 24, Instructions: 595
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$YR$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-3181954315
Opcode ID: bf7ab73d43efd611ccb85e316f883ae39200c1677546c5c3a846161b881747e9
Instruction ID: e6736ef8d4afdcd6f1a2588e3de28bfd722dfb8c008777872257e37ca9843b2d
Opcode Fuzzy Hash: bf7ab73d43efd611ccb85e316f883ae39200c1677546c5c3a846161b881747e9
Instruction Fuzzy Hash: B3429971E082688AFB24CB28DC94BEAB7B5EF55304F1041EAD40CA7291D77A5EC5CF16

Function 645DD1CC Relevance: 44.3, APIs: 1, Strings: 24, Instructions: 560
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$YR$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-3181954315
Opcode ID: 7f34ad0c0b0dd4ecc5e3e54d9228ee805e3eee0023805964b6b07774e6ca3a69
Instruction ID: 4ac78a3db1e37c6fae5ab60f355e56cf7c37488e5152de50a1046f84f2ff30d4
Opcode Fuzzy Hash: 7f34ad0c0b0dd4ecc5e3e54d9228ee805e3eee0023805964b6b07774e6ca3a69
Instruction Fuzzy Hash: E032AB71E082688AFB24CB28DC98BEAB775EF55304F1041FAD40CA7291D77A5EC58F16

Function 645DC505 Relevance: 44.3, APIs: 1, Strings: 24, Instructions: 537
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$YR$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-3181954315
Opcode ID: 74e7f2c5464f9401695eb44d60e8af8869c1e22af1dd4ff7d6eafa25fbdf12f4
Instruction ID: ee053554936798f67350e290192ffb3250f17a884696c57a694a60169b06bfbf
Opcode Fuzzy Hash: 74e7f2c5464f9401695eb44d60e8af8869c1e22af1dd4ff7d6eafa25fbdf12f4
Instruction Fuzzy Hash: C122BC71E082688AFB24CA28DC98BDAB775EF55304F0081FAD40CA7291D77A5FC58F56

Function 645DCD37 Relevance: 44.3, APIs: 1, Strings: 24, Instructions: 530
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$YR$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-3181954315
Opcode ID: 8cc1a0d55985d26308d60cbc2783bc9aeed0416cc3f027bc077c105baa8d75bf
Instruction ID: 8df3b13a922734a7b52007e019699a3116a17d3e95577f65f18764f883138626
Opcode Fuzzy Hash: 8cc1a0d55985d26308d60cbc2783bc9aeed0416cc3f027bc077c105baa8d75bf
Instruction Fuzzy Hash: C622B971E082688AFB24CB28DC98BDAB775EF55304F1041FAD40CAB291D77A5BC58F16

Function 645DCB9A Relevance: 44.3, APIs: 1, Strings: 24, Instructions: 528
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$YR$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-3181954315
Opcode ID: d51e04d47602c6907f6bc2039c6858623209c11f27eb3bf8573f3ccc258636b7
Instruction ID: a7b85e071afac64dd5f5d4290b021466083e5ebab3ded13a2fa44ec7bfad3f16
Opcode Fuzzy Hash: d51e04d47602c6907f6bc2039c6858623209c11f27eb3bf8573f3ccc258636b7
Instruction Fuzzy Hash: E722BAB1E082689AFB24CB28DC98BDAB775EF55304F0041FAD40CA7291D77A5BC58F16

Function 645DC528 Relevance: 44.3, APIs: 1, Strings: 24, Instructions: 524COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$YR$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-3181954315
Opcode ID: c1e7137cf711bb9ae0a2fbd7956ff783574d7e1d3ba7e7ef5ebf79d61ef6a5fd
Instruction ID: 26f1acd0eac210a0a5e7b367c652da433357192852d171906618964c3f372559
Opcode Fuzzy Hash: c1e7137cf711bb9ae0a2fbd7956ff783574d7e1d3ba7e7ef5ebf79d61ef6a5fd
Instruction Fuzzy Hash: E622BA71E082688AFB24CA28DC98BDAB775EF55304F0081FAD40CA7291D77A5EC58F56

Function 645DCBD8 Relevance: 44.3, APIs: 1, Strings: 24, Instructions: 518COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$YR$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-3181954315
Opcode ID: 52d1c3332bbf6392e2642dd844f3028a76e485b5d8564b4e15b1c0ec4c24a3b6
Instruction ID: ba8fdc8404281e2ae26def3a371f21a9e821d6e3a030ca936fbad254d7df55f7
Opcode Fuzzy Hash: 52d1c3332bbf6392e2642dd844f3028a76e485b5d8564b4e15b1c0ec4c24a3b6
Instruction Fuzzy Hash: F422A971E082688AFB24CB28DC98BDAB775EF55304F0081FAD40CA7291D77A5BC58F16

Function 645DCFD5 Relevance: 44.3, APIs: 1, Strings: 24, Instructions: 508COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$YR$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-3181954315
Opcode ID: 7fe409cb462fe79841b39981d83fcf87530ec206f6df890d7ccb8727030960bb
Instruction ID: bb71637a3f5e2e1a65413eb4d85195c347a09e97b9f4957af30d8ed6b9d0203d
Opcode Fuzzy Hash: 7fe409cb462fe79841b39981d83fcf87530ec206f6df890d7ccb8727030960bb
Instruction Fuzzy Hash: A422A871E182688AFB24CB28DC98BDAB775EF55304F0041EAD40CAB291D77A5FC58F16

Function 645DD2BB Relevance: 44.3, APIs: 1, Strings: 24, Instructions: 506COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$YR$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-3181954315
Opcode ID: ed9425c2dde8ad84a9d56b083438e96f10ae6884809cecb4ed66661db1a89d8a
Instruction ID: bba144055d13c7471d27940f510b3d0e5cbc2c15fe653d1bacb02baf5481ca7c
Opcode Fuzzy Hash: ed9425c2dde8ad84a9d56b083438e96f10ae6884809cecb4ed66661db1a89d8a
Instruction Fuzzy Hash: 8022A971E082688AFB24CB28DC98BDAB775EF55304F1081EAD40CA7291D77A5FC58F16

Function 645DCFE0 Relevance: 44.3, APIs: 1, Strings: 24, Instructions: 506COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$YR$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-3181954315
Opcode ID: b31949e1a739996ccc2a1283dbaf6bd5df80907bda2c9f76ad91cddf7684fa8a
Instruction ID: 57283f4c436dbadb13ecfcb7dcc3e581670bdbc14e8712d7a67caed2516e66d3
Opcode Fuzzy Hash: b31949e1a739996ccc2a1283dbaf6bd5df80907bda2c9f76ad91cddf7684fa8a
Instruction Fuzzy Hash: B422A871E182688AFB24CB28DC98BDAB775EF55304F0041EAD40CAB291D77A5FC58F16

Function 645DC7E1 Relevance: 44.2, APIs: 1, Strings: 24, Instructions: 497COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$YR$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-3181954315
Opcode ID: e31fcf3387fe01c2bac1b7d3e771678f419a8b61fbb94d59ae2f1f73c17b5f26
Instruction ID: 5e49df03d6b7d46f15af2568b7222895c7572752690310cd411fd2828b554d2e
Opcode Fuzzy Hash: e31fcf3387fe01c2bac1b7d3e771678f419a8b61fbb94d59ae2f1f73c17b5f26
Instruction Fuzzy Hash: A422AA71E182688AFB24CB28DC98BDAB775EF55304F0041FAD40CAB291D77A5BC58F16

Function 645DD04B Relevance: 44.2, APIs: 1, Strings: 24, Instructions: 489COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$YR$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-3181954315
Opcode ID: 22b417ea5c1c71b10dc9c1b553e00e8a1c1105a1bded556d8c7519421e4af847
Instruction ID: c2654edce7f815658c97cfb1187a289f38b65475f85ef0ecdbf5adedfc3cccd7
Opcode Fuzzy Hash: 22b417ea5c1c71b10dc9c1b553e00e8a1c1105a1bded556d8c7519421e4af847
Instruction Fuzzy Hash: 3D229971E182688AFB24CB28DC98BDAB775EF55304F0041EAD40CA7291D77A5FC58F16

Function 645DD07D Relevance: 44.2, APIs: 1, Strings: 24, Instructions: 489COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$YR$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-3181954315
Opcode ID: 3cf2ab02110f1070abaeffca59d84ceb434261e707f8460f129a518e3cf1c8b0
Instruction ID: fed7a637b12dc3b946950f429b3263000bbc981190348ebae9c2a0c5a96a9128
Opcode Fuzzy Hash: 3cf2ab02110f1070abaeffca59d84ceb434261e707f8460f129a518e3cf1c8b0
Instruction Fuzzy Hash: 30229971E182688AFB24CB28DC98BDAB775EF55304F0041EAD40CA7291D77A5FC58F16

Function 645DD0A2 Relevance: 44.2, APIs: 1, Strings: 24, Instructions: 489COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
YR, xrefs: 645DD55A
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$YR$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-3181954315
Opcode ID: 879047cfc4591317f3c19dbf23ae36618bb3532fbe900d323b37235ef734e58a
Instruction ID: f5bfac02a1ebd19feab979383608edfe5b238830536a9ea39e4a6c636b7ddb69
Opcode Fuzzy Hash: 879047cfc4591317f3c19dbf23ae36618bb3532fbe900d323b37235ef734e58a
Instruction Fuzzy Hash: 8D22A971E182688AFB24CB28DC98BDAB775EF55304F0081EAD40CA7291D77A5FC58F16

Function 645DD5B7 Relevance: 42.4, APIs: 1, Strings: 23, Instructions: 367COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: d5b21cd91310ec686f862ff2fd6a04e9c951da63967b00cc4bb8ee4609fc9fa4
Instruction ID: cb859dbe298792cc602fb052884df2143f4160b3cb93f66b520dc4787e33b8cf
Opcode Fuzzy Hash: d5b21cd91310ec686f862ff2fd6a04e9c951da63967b00cc4bb8ee4609fc9fa4
Instruction Fuzzy Hash: 40E1D2B1D482689EFB24CA28DC98BDABBB5EF51304F0441FAD40CA6281D7795BC5CF52

Function 645DD5CC Relevance: 42.4, APIs: 1, Strings: 23, Instructions: 361COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: 3fa91d91cd9cc52aa438b76155d5e0f06575a4ed24fe4abdd860776930165f6a
Instruction ID: e5050ac277913ffdb7e2f640889db0165276d8119d6b9b3452278cfc3c1b4bd4
Opcode Fuzzy Hash: 3fa91d91cd9cc52aa438b76155d5e0f06575a4ed24fe4abdd860776930165f6a
Instruction Fuzzy Hash: CFE1C1B1D482689AFB24CB28DC98BDABBB5EF51304F0441FAD40CA6281D7795BC5CF52

Function 645DD794 Relevance: 42.4, APIs: 1, Strings: 23, Instructions: 354COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: 9a2473676d914fa1f29a1e3ac7f2b562cbd3419c6f787efa98cc1b298503bdcd
Instruction ID: 217425ed5e9551cbe541d2c69130ab9ff887f2d4e928454502a9c2f91cf0c317
Opcode Fuzzy Hash: 9a2473676d914fa1f29a1e3ac7f2b562cbd3419c6f787efa98cc1b298503bdcd
Instruction Fuzzy Hash: 6DE1F2B1D482689AF724CB28DC98BDA7BB5EF51304F0441FAD40CA6281D77A5BC5CF62

Function 645DD919 Relevance: 42.4, APIs: 1, Strings: 23, Instructions: 352COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: 07ab6a9c335498ad40e543930ed880df281ca107366a4f7f35a412bf7c133edf
Instruction ID: 6e4fd7528d106110a74dbb0bf68219309ca3b0e3919073d9ce9a67bd689ee2e1
Opcode Fuzzy Hash: 07ab6a9c335498ad40e543930ed880df281ca107366a4f7f35a412bf7c133edf
Instruction Fuzzy Hash: ACE1F4B1E482689EF724CB28DC94BDABBB5EF51304F0440FAD44866281D77A5BC5CF16

Function 645DD74C Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 348COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: d34bac0e2c15a2fcb6234040fceb175b717d221a323f5a77d947f21b5c82ba9e
Instruction ID: aa47ded6723339e50e696ffae5a1049c9e0d1823007444016a4750e6066cec7e
Opcode Fuzzy Hash: d34bac0e2c15a2fcb6234040fceb175b717d221a323f5a77d947f21b5c82ba9e
Instruction Fuzzy Hash: 76D1E3B1D482689AF724CA28DC98BDB7BB5EF51304F0441F9D40C96281D77A5BC9CF62

Function 645DD759 Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 343COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: 9e89f973fecd2c1bfff85378c0215b29f06031abe6b477291fd95432e783a8de
Instruction ID: d3efcedb5a6809a2d4fb9f2247b8380e8562f576b8abfbd5bb26da872f9f1d5a
Opcode Fuzzy Hash: 9e89f973fecd2c1bfff85378c0215b29f06031abe6b477291fd95432e783a8de
Instruction Fuzzy Hash: 29D1F2B1D482588AF724CA28DC98BDB7BB5EF51314F0441F9D40C96281D77A5BC9CF62

Function 645DD76A Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 338COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: b92e64a3a0a55250e591a7ffda3ece178d191c1fdb73b9608a51b3e356b7a7ff
Instruction ID: 5b1a3b7538ad282a48e33445786c8d545ab2b75e7992e9b20cc7f35a1fdeca5a
Opcode Fuzzy Hash: b92e64a3a0a55250e591a7ffda3ece178d191c1fdb73b9608a51b3e356b7a7ff
Instruction Fuzzy Hash: 23D1E471D482588AF724CA28DC98BDB7BB5EF51304F0441F9D44C96282D77A5BC5CF62

Function 645DD887 Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 324COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: 5ccf615543054cc5d63a7473b70be87ae620c4797fdc94608e4cd8144f17ee3e
Instruction ID: ca694a85b7676fdb8d48685cc71c63e07d664a862ee0364bab7fed4a246f6220
Opcode Fuzzy Hash: 5ccf615543054cc5d63a7473b70be87ae620c4797fdc94608e4cd8144f17ee3e
Instruction Fuzzy Hash: 9DD1F471D482688AF724CB28DC98BDA7BB5EF51308F0441FAD44CA6281D77A5BC5CF62

Function 645DD878 Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 323COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: 574cf5199c69b3aaecec09374c28b93b9184bc850284faaf993638f4f44a3adc
Instruction ID: 9f3feb5a05b03c9625e94d761bcb9b2246e90caf114f1462ce4a5e65331658cd
Opcode Fuzzy Hash: 574cf5199c69b3aaecec09374c28b93b9184bc850284faaf993638f4f44a3adc
Instruction Fuzzy Hash: 7AD11571D482688AF724CB28DC98BDA7BB5EF51308F0441FAD44CA6281D77A5BC5CF62

Function 645DD7B7 Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 313COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: 2952912c33ec8f49a54be1cb196be22913b4a448c7aea49b2bb64023abfe74ce
Instruction ID: bc0ae06d0c09246b66e7461a0738aef0526fd6b6eba8eb5448b418e6fa197b68
Opcode Fuzzy Hash: 2952912c33ec8f49a54be1cb196be22913b4a448c7aea49b2bb64023abfe74ce
Instruction Fuzzy Hash: A4C1E271D482688AF724CA28DC98BDA7BB5EF51308F0441FAD40CA6281D77E5BC5CF62

Function 645DD904 Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 311COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: f886792f4192bfb5fbc359eeaad1b63ad0497c8eb93376b42d6b8a3fcabdfdff
Instruction ID: 56c183d9d3747aa25dc67e4bb09b476b2b085c78f1468c6596dc2e48626445fe
Opcode Fuzzy Hash: f886792f4192bfb5fbc359eeaad1b63ad0497c8eb93376b42d6b8a3fcabdfdff
Instruction Fuzzy Hash: 23C1D371D482688AF724CA28DC98BDA7BB5EF51308F0441FAD44C66281D77A5FC5CF62

Function 645DD930 Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 297COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: 03ec7ec7a615d70be1646840b748d99bf925f32d742d1826c3e2e928416ec882
Instruction ID: c7a786a15678b7c19f238556ed1580708a7aba4fb3d45b03d610792d0ec45fb7
Opcode Fuzzy Hash: 03ec7ec7a615d70be1646840b748d99bf925f32d742d1826c3e2e928416ec882
Instruction Fuzzy Hash: 2EC1D471D482A88AF724CA28DC98BDA7BB5EF51308F0441F9C44C66281D77A5BC5CF62

Function 645D7A37 Relevance: 1.8, APIs: 1, Instructions: 334COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: f1ac2bda0ba195055c4c68640282637ce9c1cd6c3c980edbdf3177193350732b
Instruction ID: 954878ced6f85af0aac8f486c577d284134af06c152537f43c686cd6f3970152
Opcode Fuzzy Hash: f1ac2bda0ba195055c4c68640282637ce9c1cd6c3c980edbdf3177193350732b
Instruction Fuzzy Hash: D0D19AB1E041698FEB24DA18CC94AEABBB5FF85304F1441EAD84DA7241D7749EC2CF91

Function 645D7E38 Relevance: 1.7, APIs: 1, Instructions: 178memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,645D81E7,?,?,?,?,?,?,?,?,?,?,00000000), ref: 645D861E

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: f4b9ea8f9e43f4e9f75ca1279c09720b8a9f7bf4fbecd5a233cbcb576f6f056e
Instruction ID: 5a519244418fff3787a04bda3f2c23c46de85c9dbac961aedeb1945fc7e39afb
Opcode Fuzzy Hash: f4b9ea8f9e43f4e9f75ca1279c09720b8a9f7bf4fbecd5a233cbcb576f6f056e
Instruction Fuzzy Hash: 0451F3B2D042659BF7209A28DC44AEBBB78EF81314F1541FAD84D97281D7385EC6CE92

Function 645DD657 Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 335COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: 44a8597a7b9e7f84c72de9b52854abe7bb7fc4c7d095caafcfc83792481d2e97
Instruction ID: 8370fdc16a384684c6c6deedd8d6b3a8f486d41a49509c51507437f2df79e34a
Opcode Fuzzy Hash: 44a8597a7b9e7f84c72de9b52854abe7bb7fc4c7d095caafcfc83792481d2e97
Instruction Fuzzy Hash: 1FD1F4B1D482689AF724CA28DC98BDA7BB4EF51304F0441FAD40CA6281D77E5BC5CF22

Function 645DD66F Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 326COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: 25893981e267dc79eaa26bbe2985f8ce7819c7e77ef3f749bf1ff59015017c52
Instruction ID: 8ffe73888f50d3866a2c2deeb9a5006ea5f632ac3eaebb26c61bd927c8878479
Opcode Fuzzy Hash: 25893981e267dc79eaa26bbe2985f8ce7819c7e77ef3f749bf1ff59015017c52
Instruction Fuzzy Hash: A7D1D371D482688AF724CA28DC98BDA7BB5EF51304F0441F9D40DA6281D77E5BC5CF62

Function 645DD747 Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 298COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: 4fc2c8762cbbbca0639737643eebde7a518b7482baf0aa7a00f92cfc2762dcab
Instruction ID: 1eb9939349e71ad20074dec82a5322de0a3a60c85e612f36ea1aa7377fae4547
Opcode Fuzzy Hash: 4fc2c8762cbbbca0639737643eebde7a518b7482baf0aa7a00f92cfc2762dcab
Instruction Fuzzy Hash: EFC1D371D482A88AF724CB28DC98BDA7BB5EF51308F0441F9D44CA6281D77A5BC5CF62

Function 645DD734 Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 290COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: acc130cb89f68326730aa166797e0d10515e812d4578496e6303a5664a3b6f55
Instruction ID: 6a7a04f36d0562395c970ee233689450e5d0c6c88bb65e57c41ee984b80a08be
Opcode Fuzzy Hash: acc130cb89f68326730aa166797e0d10515e812d4578496e6303a5664a3b6f55
Instruction Fuzzy Hash: 89C1D471D482A88AF724CA28DC98FDA7BB5EF51308F0441F9D44C66282D77A5BC5CF62

Function 645DD72F Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 290COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: dc89991482d0b1adccdeaa70c0f0c8b1a5f2a8f966ba5788d5a86e50c4c1c87c
Instruction ID: 6a7a04f36d0562395c970ee233689450e5d0c6c88bb65e57c41ee984b80a08be
Opcode Fuzzy Hash: dc89991482d0b1adccdeaa70c0f0c8b1a5f2a8f966ba5788d5a86e50c4c1c87c
Instruction Fuzzy Hash: 89C1D471D482A88AF724CA28DC98FDA7BB5EF51308F0441F9D44C66282D77A5BC5CF62

Function 645DD943 Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 290COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: 12f6a62fa0f649d1349e53db1769fdac417d4c58bb41c58451e7e952403ccd8d
Instruction ID: 6a7a04f36d0562395c970ee233689450e5d0c6c88bb65e57c41ee984b80a08be
Opcode Fuzzy Hash: 12f6a62fa0f649d1349e53db1769fdac417d4c58bb41c58451e7e952403ccd8d
Instruction Fuzzy Hash: 89C1D471D482A88AF724CA28DC98FDA7BB5EF51308F0441F9D44C66282D77A5BC5CF62

Function 645DD98A Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 290COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: 6e0ae04e5a7a31a6545d72c64cb55be97ab6ab83c185959e6519e4fcc21a0bfb
Instruction ID: 6a7a04f36d0562395c970ee233689450e5d0c6c88bb65e57c41ee984b80a08be
Opcode Fuzzy Hash: 6e0ae04e5a7a31a6545d72c64cb55be97ab6ab83c185959e6519e4fcc21a0bfb
Instruction Fuzzy Hash: 89C1D471D482A88AF724CA28DC98FDA7BB5EF51308F0441F9D44C66282D77A5BC5CF62

Function 645DD6F7 Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 288COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: b21c57195eaf893541b455ae6450f60d65da35f129aeb0bddec1a7ed2a38c87c
Instruction ID: 78b9d1be66af38e055f90a49de26dc15b6abffc114b101d2a08d5de2fce47685
Opcode Fuzzy Hash: b21c57195eaf893541b455ae6450f60d65da35f129aeb0bddec1a7ed2a38c87c
Instruction Fuzzy Hash: 20C1D471D482A88AF724CA28DC98BDA7BB5EF51308F0441F9C44D66282D77E5BC5CF62

Function 645DD870 Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 288COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: 9fab31fd5cc19ed9fff2c7663954c92eb1ac418fbf555f2224a791a87a2ab61c
Instruction ID: 78b9d1be66af38e055f90a49de26dc15b6abffc114b101d2a08d5de2fce47685
Opcode Fuzzy Hash: 9fab31fd5cc19ed9fff2c7663954c92eb1ac418fbf555f2224a791a87a2ab61c
Instruction Fuzzy Hash: 20C1D471D482A88AF724CA28DC98BDA7BB5EF51308F0441F9C44D66282D77E5BC5CF62

Function 645DD802 Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 288COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: 44f076d20cd11aeb76d230f8ffb23da5bfeab51fffd7c45f80d5c7ecd5ca472b
Instruction ID: 78b9d1be66af38e055f90a49de26dc15b6abffc114b101d2a08d5de2fce47685
Opcode Fuzzy Hash: 44f076d20cd11aeb76d230f8ffb23da5bfeab51fffd7c45f80d5c7ecd5ca472b
Instruction Fuzzy Hash: 20C1D471D482A88AF724CA28DC98BDA7BB5EF51308F0441F9C44D66282D77E5BC5CF62

Function 645DD838 Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 288COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: e76e2bea61f5b89e9ab821aacc163c3eb1027d34404ae4c9dc47b98b921006fd
Instruction ID: 78b9d1be66af38e055f90a49de26dc15b6abffc114b101d2a08d5de2fce47685
Opcode Fuzzy Hash: e76e2bea61f5b89e9ab821aacc163c3eb1027d34404ae4c9dc47b98b921006fd
Instruction Fuzzy Hash: 20C1D471D482A88AF724CA28DC98BDA7BB5EF51308F0441F9C44D66282D77E5BC5CF62

Function 645DDAC7 Relevance: 42.3, APIs: 1, Strings: 23, Instructions: 257COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 0-215400123
Opcode ID: 7a457b2db29c83e382ec41893625cc988b0f9d8b519e55848c46cd642baf7169
Instruction ID: 60c3e275dd0a543559d4a64fc53872e14cef2cf64024a076c522d84a7b52839a
Opcode Fuzzy Hash: 7a457b2db29c83e382ec41893625cc988b0f9d8b519e55848c46cd642baf7169
Instruction Fuzzy Hash: C7A1D371D482A88EF764CA28DC98BDA7BB5EF51308F0441F9C44C96282D77A5FC58F62

Function 645DDBA5 Relevance: 42.2, APIs: 1, Strings: 23, Instructions: 202COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ExitProcess
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 621844428-215400123
Opcode ID: 89365db0fac53e72b9749426d3475e145a8b08176ea4a9d352e9758925a8b5ec
Instruction ID: a570174a80e308fd2801cadfbe8dcdc2db43d1a0581f11702359f157a0a5ba86
Opcode Fuzzy Hash: 89365db0fac53e72b9749426d3475e145a8b08176ea4a9d352e9758925a8b5ec
Instruction Fuzzy Hash: 5F81F561D482A88AF760C628DC58BDA7BB5EF11308F0445F9C54C57282D77E5FC58F62

Function 645DDBB8 Relevance: 42.2, APIs: 1, Strings: 23, Instructions: 194COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ExitProcess
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 621844428-215400123
Opcode ID: 6f7cba1156a5c64a46d0b69240c9faef46dcf80a06ace5333d1287e4d70c5345
Instruction ID: 413c8ec7b07b50bfb92d060794c4b1162bdebfd481fb4213034ed40b8acc7fbc
Opcode Fuzzy Hash: 6f7cba1156a5c64a46d0b69240c9faef46dcf80a06ace5333d1287e4d70c5345
Instruction Fuzzy Hash: 2981D261D492A88AFB60CA28DC58BDA7BB5EB11308F0444F9C54C67282D77E5FC58F62

Function 645EC84D Relevance: 42.2, APIs: 1, Strings: 23, Instructions: 192COMMON

Download Yara Rule

Strings

t, xrefs: 645F4D85
x, xrefs: 645F4D77
i, xrefs: 645F4D7E
r, xrefs: 645F5278
o, xrefs: 645F5240
r, xrefs: 645F526A
P, xrefs: 645F4D8C
L, xrefs: 645F5255
E, xrefs: 645F4D70
d, xrefs: 645F524E
i, xrefs: 645F525C
c, xrefs: 645F4DA1
W, xrefs: 645F5286
a, xrefs: 645F5247
r, xrefs: 645F4D93
s, xrefs: 645F4DAF
a, xrefs: 645F5271
s, xrefs: 645F4DB6
o, xrefs: 645F4D9A
y, xrefs: 645F527F
b, xrefs: 645F5263
L, xrefs: 645F5239
e, xrefs: 645F4DA8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ExitProcess
String ID: E$L$L$P$W$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
API String ID: 621844428-215400123
Opcode ID: 1758f0670723a33093edca0a1a90b63a7977debf9e9204559475201af98905ee
Instruction ID: 68c65db06a4b0b5b75e3eec9c370abce550a49c709f2d934c326a74fb5c27471
Opcode Fuzzy Hash: 1758f0670723a33093edca0a1a90b63a7977debf9e9204559475201af98905ee
Instruction Fuzzy Hash: 9181E361D492A8CAFB64CA28DC58BDA7BB5EB11308F0440F9C54C67282D77E5FC58F62

Function 645D81E8 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 154memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,645D81E7,?,?,?,?,?,?,?,?,?,?,00000000), ref: 645D861E

Strings

<LI2, xrefs: 645D81E9

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ProtectVirtual
String ID: <LI2
API String ID: 544645111-190138733
Opcode ID: fcfaf93ba43542e9b13291d145d0327e74b361cdfa6dd7f58e887b12a2089fa1
Instruction ID: 249bd2ecfc4c9e0246306ada19e08e2394455d03d21662037277e53ff6294f8d
Opcode Fuzzy Hash: fcfaf93ba43542e9b13291d145d0327e74b361cdfa6dd7f58e887b12a2089fa1
Instruction Fuzzy Hash: EE51CEB2D105659FEB248B18DC55AEAB779EF84300F1494FAD80DA7280DA785EC1CF91

Function 645D80C4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dbcda267e235da5493f9c2f2f7af25782a08067f001b81b4148866202872851
Instruction ID: 20ae67acb4c908a7facb9901fbde2e70f9bbbe3452cb5635e5acfc423ffaccaf
Opcode Fuzzy Hash: 7dbcda267e235da5493f9c2f2f7af25782a08067f001b81b4148866202872851
Instruction Fuzzy Hash: 0A4103B2D041669BE7208B68DC54AFFB7B8EF81314F1455FAD84CA7281D6384EC5CB92

Function 645D80D2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

CM;I, xrefs: 645D80E1

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: CM;I
API String ID: 0-3809812560
Opcode ID: ed79147b7551f7de9b626f30c0ac7a4f33f85e501fe858478f0355a6d6fdf3fa
Instruction ID: 0e39aa127da28684d2c815ca3f10ec2625eaf977a835e52bd279bc1e5e5a13c9
Opcode Fuzzy Hash: ed79147b7551f7de9b626f30c0ac7a4f33f85e501fe858478f0355a6d6fdf3fa
Instruction Fuzzy Hash: 4F4126B2D041659FE7248A6CDC44AEBBBB8EF85310F0555FAD84CA7281D6384EC5CF92

Function 645D81AC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 87memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,645D81E7,?,?,?,?,?,?,?,?,?,?,00000000), ref: 645D861E

Strings

8P7X, xrefs: 645D81AE

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ProtectVirtual
String ID: 8P7X
API String ID: 544645111-2379241488
Opcode ID: 148d220bec110594a1ed96adb7047c82e1be633ec37061732a636a38df11d05b
Instruction ID: ed1a28ffdc455523349e2265de84842c08cf92cdcace1643dc8d4fb8720f3670
Opcode Fuzzy Hash: 148d220bec110594a1ed96adb7047c82e1be633ec37061732a636a38df11d05b
Instruction Fuzzy Hash: 2C31E2B2E141269FF7248A18DC44AEBB779EF84314F1054FAD84CA7280D6385EC6CF92

Function 645D7E61 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,645D81E7,?,?,?,?,?,?,?,?,?,?,00000000), ref: 645D861E

Strings

:J8:, xrefs: 645D7E61

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ProtectVirtual
String ID: :J8:
API String ID: 544645111-307014278
Opcode ID: d8fce04861fa2efe80094b485c9e18e8388a5ea0fc71876e049cf195f916f707
Instruction ID: 78bfa535850a80306f1550e536e3dc5dd4bc4bb86c46b6a8f320cd481be61a33
Opcode Fuzzy Hash: d8fce04861fa2efe80094b485c9e18e8388a5ea0fc71876e049cf195f916f707
Instruction Fuzzy Hash: DC1159B3E056656AF310866CDD84ADFBB7CDB85314F1505B6E80CE3141D63C5FC58A92

Function 645D7D35 Relevance: 1.7, APIs: 1, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df3147b1024b01f65b4c2605f42df542eb3b75e934e800704e2f3d9e48b8db72
Instruction ID: 758d826630bd496239123374901e3239beba46239519749c301f61c01c96ec42
Opcode Fuzzy Hash: df3147b1024b01f65b4c2605f42df542eb3b75e934e800704e2f3d9e48b8db72
Instruction Fuzzy Hash: DF5116B2E046A95FE7119A28DD94AEEB778FF82304F1405FBD80D96181C6385EC28A52

Function 645D83E8 Relevance: 1.7, APIs: 1, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,645D81E7,?,?,?,?,?,?,?,?,?,?,00000000), ref: 645D861E

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 2560165bc0bfbb087b8409baceae59ed5600e3189c282fb357cbee7f1a4a43c2
Instruction ID: d7f80eeb0fecfb40f14229273e93864f1efef1edfde1022edc951e4acb4ef5b9
Opcode Fuzzy Hash: 2560165bc0bfbb087b8409baceae59ed5600e3189c282fb357cbee7f1a4a43c2
Instruction Fuzzy Hash: 865101B19045A89BE714CA18DDA0BEE7BB5BF41309F1485FBC82DA6140D7385FC18F42

Function 645D8131 Relevance: 1.6, APIs: 1, Instructions: 145memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,645D81E7,?,?,?,?,?,?,?,?,?,?,00000000), ref: 645D861E

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: ab0615b1a9a1bbb209b1fd675f81be3f0871adc7dd7868cb08814222907ec600
Instruction ID: 26fbb0c34ae6b7ad1dcaf7ed1151ca9280d42e7362f47fc1e7c7f214fcff0502
Opcode Fuzzy Hash: ab0615b1a9a1bbb209b1fd675f81be3f0871adc7dd7868cb08814222907ec600
Instruction Fuzzy Hash: AF51F0B2D141259AEB208F28DC44AEBB778EF84310F0451FAD84CA7280DA384EC5CF92

Function 645D7ABC Relevance: 1.6, APIs: 1, Instructions: 124memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,645D81E7,?,?,?,?,?,?,?,?,?,?,00000000), ref: 645D861E

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 2c85aee6313e95379d4da13be0fdd3f54e5aee923143d24acc83fdd02d853624
Instruction ID: cef686a0b46c10533e98be6436a40d3664818ae04c877817d3eb935e1f59f725
Opcode Fuzzy Hash: 2c85aee6313e95379d4da13be0fdd3f54e5aee923143d24acc83fdd02d853624
Instruction Fuzzy Hash: 174129B2E055689FF7108A28DC54AEBB778EF85304F1401FAD44C97241D7385EC6CB92

Function 645D7E25 Relevance: 1.6, APIs: 1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: aa6a98c4cb6d398f6f9746e4dbd4775891006fb56202bce95d1b9b7dde5890ad
Instruction ID: f29d6dfc0b4d8db2c3afe758ea0acfe7ffa28ae6399620636e6b801ac44189ee
Opcode Fuzzy Hash: aa6a98c4cb6d398f6f9746e4dbd4775891006fb56202bce95d1b9b7dde5890ad
Instruction Fuzzy Hash: AC3147B2E042656BF3109668DC88DEFB77CEFC1304F1805BAD80D97141D6395EC6CAA2

Function 645D7F3B Relevance: 1.6, APIs: 1, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,645D81E7,?,?,?,?,?,?,?,?,?,?,00000000), ref: 645D861E

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 0435bea631c40379a9b7316314cb62d5400dc64d4f4c366f0e84e8e8396b4e62
Instruction ID: 0616cd3107ce368519ac86f0c680fea96823d8c186f208d2149cd00f507153a7
Opcode Fuzzy Hash: 0435bea631c40379a9b7316314cb62d5400dc64d4f4c366f0e84e8e8396b4e62
Instruction Fuzzy Hash: A131F0B2D541259FF7248A28DC55AEB7778EF80314F0154FAD84CA7280D7785EC68E92

Function 645D7F65 Relevance: 1.6, APIs: 1, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,645D81E7,?,?,?,?,?,?,?,?,?,?,00000000), ref: 645D861E

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 66a1c86db34cf96c09d21d6413e79b9f6f8ae21d5c0e2e5e80d7be83e03cb6df
Instruction ID: 76a51cee99cb4e6b72857fa73f3261472d273a647cc1133765fd7ea97368ebec
Opcode Fuzzy Hash: 66a1c86db34cf96c09d21d6413e79b9f6f8ae21d5c0e2e5e80d7be83e03cb6df
Instruction Fuzzy Hash: 0F31F3B2D142659BF7208A28DC54AEB7778EF84314F0454FAD84CA7281D6384EC5CE92

Function 645D7FCF Relevance: 1.6, APIs: 1, Instructions: 84memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,645D81E7,?,?,?,?,?,?,?,?,?,?,00000000), ref: 645D861E

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 80b1e9d918721f8eb8fa78c35a58db48ccafdda6d79b19356b488a63b76c741e
Instruction ID: a1898bc05438e69041aa7498a73011b5ed8fa43c464bd79bdc10c9bf0243e3a0
Opcode Fuzzy Hash: 80b1e9d918721f8eb8fa78c35a58db48ccafdda6d79b19356b488a63b76c741e
Instruction Fuzzy Hash: 5131E1B2E142259BF7208A18DC44AEBB779EF84314F0554FAD85CA7280D7385EC5CE92

Function 645D8256 Relevance: 1.6, APIs: 1, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,645D81E7,?,?,?,?,?,?,?,?,?,?,00000000), ref: 645D861E

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 3f55b1f40636b35bdc1e159b6670f8b5c0e7f84003e6e3cea6ec88776888abd2
Instruction ID: cabe58a2151ba8283f300c6d9f316e0877f05e0b4bb2b5689d26d1305de301d9
Opcode Fuzzy Hash: 3f55b1f40636b35bdc1e159b6670f8b5c0e7f84003e6e3cea6ec88776888abd2
Instruction Fuzzy Hash: 0821F1B2D142269FFB248A18CC54AEAB778EB84315F1054FAD84CA7281DB385EC1CF51

Function 645D852D Relevance: 1.6, APIs: 1, Instructions: 71memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,645D81E7,?,?,?,?,?,?,?,?,?,?,00000000), ref: 645D861E

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 91c7a058c01e42941ab83db50d018aaff26257f7e7ec093986076b512d7563bd
Instruction ID: 856fc8089fad084559546a1fe5ae5006e277215d5c110b29f487fd739837d392
Opcode Fuzzy Hash: 91c7a058c01e42941ab83db50d018aaff26257f7e7ec093986076b512d7563bd
Instruction Fuzzy Hash: A22137B2E045A96BE724CA18DC90AEF7779AF81315F1059FAD46CE6180C7384FC18E51

Function 645D84DA Relevance: 1.6, APIs: 1, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,645D81E7,?,?,?,?,?,?,?,?,?,?,00000000), ref: 645D861E

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: c0ec43a11bfc36a9ac8b3306c56bf7e0dd36b036c532a501405443d92a34a2d0
Instruction ID: 3b48ebfbed761cb7a883ee167091a01d6753b787491055104eb26b342a117a03
Opcode Fuzzy Hash: c0ec43a11bfc36a9ac8b3306c56bf7e0dd36b036c532a501405443d92a34a2d0
Instruction Fuzzy Hash: 0521FFB2D041A9AFE720CA08DD90BEF77B8AB84304F1045FAD85DA6240DA385EC18E51

Function 645D8555 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,645D81E7,?,?,?,?,?,?,?,?,?,?,00000000), ref: 645D861E

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 1d7a7c0c894fa811a198634e8fe5b04ac345c3b73864352f5d67ef6c6da3c0e8
Instruction ID: 648f5bebd48e11d134796a52ec6df99b01826242987dc28fd8a883122b90ec18
Opcode Fuzzy Hash: 1d7a7c0c894fa811a198634e8fe5b04ac345c3b73864352f5d67ef6c6da3c0e8
Instruction Fuzzy Hash: 001136B1E045A99BEB24CA18DC90AEF7778AF85305F1055FAD46CA7180C7381EC1CF41

Function 645D7A88 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,645D81E7,?,?,?,?,?,?,?,?,?,?,00000000), ref: 645D861E

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 756476c9cbbf495627d2e295b0ae2ea43d7711b038c99ffa3d27b1d0b9de3e49
Instruction ID: 97904ece0550017022373fc34687adea80cdd10dd9ae93cb5640fa90ed21126f
Opcode Fuzzy Hash: 756476c9cbbf495627d2e295b0ae2ea43d7711b038c99ffa3d27b1d0b9de3e49
Instruction Fuzzy Hash: D8114CB2D041556FE3109668DD54AEF7778EF84304F1405BAE40C97041CB385AC58A92

Function 645D7EBE Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,645D81E7,?,?,?,?,?,?,?,?,?,?,00000000), ref: 645D861E

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 970114d5314431691f347de658544521aa0cb7889f698bf49656186d074a27a5
Instruction ID: ac6d77496cbf07680cbab55fd5998474464ba9b2643fd71a86aa3aa388f43326
Opcode Fuzzy Hash: 970114d5314431691f347de658544521aa0cb7889f698bf49656186d074a27a5
Instruction Fuzzy Hash: E90126A3E144266AF310855CED84BEF766DDBC4318F1545B6E91CE7040CA3C4EC28AA2

Function 645D82E3 Relevance: 1.5, APIs: 1, Instructions: 44memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,645D81E7,?,?,?,?,?,?,?,?,?,?,00000000), ref: 645D861E

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 4beb70950c69b536084da9ce32e89506686041f8e41172c272588c28d5be7d88
Instruction ID: a018570867488de92a27b5a4b5e60a2fc451ec219fa3cebc0e339a00b1b7319d
Opcode Fuzzy Hash: 4beb70950c69b536084da9ce32e89506686041f8e41172c272588c28d5be7d88
Instruction Fuzzy Hash: 870124B2E00169AFE724CA58DD40AEF7738EB84304F1014F9E45CA3240DB385EC18E91

Function 645D8315 Relevance: 1.5, APIs: 1, Instructions: 44memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,645D81E7,?,?,?,?,?,?,?,?,?,?,00000000), ref: 645D861E

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 7cbb3205fc1acdfe75843381df5ab31ac420dd0df5531d899ba29ed72d3df17f
Instruction ID: a7a9cc789de584a8c6437fab068b4bc2473e602e4ef2a6fb157a079aab25f66a
Opcode Fuzzy Hash: 7cbb3205fc1acdfe75843381df5ab31ac420dd0df5531d899ba29ed72d3df17f
Instruction Fuzzy Hash: 6401D4B2E04169AFE720CA58DD40AEF7778EB84314F1555F9E45CA7240DB385EC18EA1

Function 645D833A Relevance: 1.5, APIs: 1, Instructions: 44memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,645D81E7,?,?,?,?,?,?,?,?,?,?,00000000), ref: 645D861E

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 761c467e506c3d66c57d55c4051a57492d4ae7125ae7d8f0cae13dfcd9b22685
Instruction ID: ae58037a1ef9de357738f1e3f78551bc99449c5029e623a06b6a48e9497cd1ed
Opcode Fuzzy Hash: 761c467e506c3d66c57d55c4051a57492d4ae7125ae7d8f0cae13dfcd9b22685
Instruction Fuzzy Hash: AC0124B2E00169AFE720CA58DD40AEF7738EB84304F1055F9E45CA3240DB385EC18E91

Non-executed Functions

Function 64681488 Relevance: 51.1, APIs: 21, Strings: 8, Instructions: 332memorythreadCOMMON

Download Yara Rule

APIs

__PHYSFS_platformInit.MSIMG32 ref: 646814BD
__PHYSFS_platformCreateMutex.MSIMG32 ref: 646814CA
__PHYSFS_platformCreateMutex.MSIMG32 ref: 646814DC
__PHYSFS_platformCalcBaseDir.MSIMG32 ref: 646814F5
__PHYSFS_platformRealPath.MSIMG32 ref: 6468150A
__PHYSFS_platformGetUserDir.MSIMG32 ref: 6468156A
__PHYSFS_platformRealPath.MSIMG32 ref: 6468157C
__PHYSFS_platformGrabMutex.MSIMG32 ref: 646815ED
__PHYSFS_platformGetThreadID.MSIMG32 ref: 646815FF
__PHYSFS_platformSetDefaultAllocator.MSIMG32 ref: 646816D3
__PHYSFS_setError.MSIMG32 ref: 6468171F
__PHYSFS_platformReleaseMutex.MSIMG32 ref: 646818BC

Strings

default, xrefs: 646818CD
Out of memory, xrefs: 64681948, 64681969
argv0 is NULL, xrefs: 6468197A
Already initialized, xrefs: 64681718
ctSound8, xrefs: 646814AA
%susers%s%s, xrefs: 6468182C
Invalid argument, xrefs: 646816A7
irectSoundCapture, xrefs: 64681519, 64681586, 6468183F, 6468191A, 6468192F, 6468193D, 64681957

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: S_platform$Mutex$CreatePathReal$AllocatorBaseCalcDefaultErrorGrabInitReleaseS_setThreadUser
String ID: %susers%s%s$Already initialized$Invalid argument$Out of memory$argv0 is NULL$ctSound8$default$irectSoundCapture
API String ID: 973777366-2150709888
Opcode ID: fdb4ac3336be18cde5b4ca0b9f5c88f1ee8fb9500870aee5f3ee62a15e618d13
Instruction ID: 20d3578f1ff358a18e868d9295c16047bcddcfeef9eedf9ccb6ae49a2263859b
Opcode Fuzzy Hash: fdb4ac3336be18cde5b4ca0b9f5c88f1ee8fb9500870aee5f3ee62a15e618d13
Instruction Fuzzy Hash: 61C15CB46583158FEB009F79C59825EBBE4FF55358F01892DE8A4D7380EB74D881CBA2

Function 645DA532 Relevance: 40.6, Strings: 32, Instructions: 590COMMON

Download Yara Rule

Strings

e, xrefs: 645DB680
=MZ, xrefs: 645DB599
l, xrefs: 645DB641
r, xrefs: 645DA695
XS, xrefs: 645DA9E0
i, xrefs: 645DB656
N, xrefs: 645DB66B
L, xrefs: 645DA672
l, xrefs: 645DB65D
a, xrefs: 645DA68E
m, xrefs: 645DB679
F, xrefs: 645DB64F
d, xrefs: 645DB633
i, xrefs: 645DA679
W, xrefs: 645DA6A3
u, xrefs: 645DB63A
M, xrefs: 645DB625
b, xrefs: 645DA680
r, xrefs: 645DA687
e, xrefs: 645DB617
d, xrefs: 645DA66B
e, xrefs: 645DB648
a, xrefs: 645DA664
t, xrefs: 645DB61E
y, xrefs: 645DA69C
L, xrefs: 645DA656
G, xrefs: 645DB610
o, xrefs: 645DB62C
W, xrefs: 645DB687
a, xrefs: 645DB672
e, xrefs: 645DB664
o, xrefs: 645DA65D

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: =MZ$F$G$L$L$M$N$W$W$XS$a$a$a$b$d$d$e$e$e$e$i$i$l$l$m$o$o$r$r$t$u$y
API String ID: 0-2426704164
Opcode ID: ddd1097e119fc2dcd3ca8a6fba4a18a32c21926d8bdb0251ae2540255b71580c
Instruction ID: 3316eb97deaa466aaf242cad6c9a2ffcf62d621ad96facd0fbecb52f2ea2af05
Opcode Fuzzy Hash: ddd1097e119fc2dcd3ca8a6fba4a18a32c21926d8bdb0251ae2540255b71580c
Instruction Fuzzy Hash: 69420531E286A986DB28CB39DC516DFB6B2EF58300F0494FDD50DE7250E7B44A858F1A

Function 645DA479 Relevance: 40.5, Strings: 32, Instructions: 509COMMON

Download Yara Rule

Strings

e, xrefs: 645DB680
=MZ, xrefs: 645DB599
l, xrefs: 645DB641
r, xrefs: 645DA695
XS, xrefs: 645DA9E0
i, xrefs: 645DB656
N, xrefs: 645DB66B
L, xrefs: 645DA672
l, xrefs: 645DB65D
a, xrefs: 645DA68E
m, xrefs: 645DB679
F, xrefs: 645DB64F
d, xrefs: 645DB633
i, xrefs: 645DA679
W, xrefs: 645DA6A3
u, xrefs: 645DB63A
M, xrefs: 645DB625
b, xrefs: 645DA680
r, xrefs: 645DA687
e, xrefs: 645DB617
d, xrefs: 645DA66B
e, xrefs: 645DB648
a, xrefs: 645DA664
t, xrefs: 645DB61E
y, xrefs: 645DA69C
L, xrefs: 645DA656
G, xrefs: 645DB610
o, xrefs: 645DB62C
W, xrefs: 645DB687
a, xrefs: 645DB672
e, xrefs: 645DB664
o, xrefs: 645DA65D

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: =MZ$F$G$L$L$M$N$W$W$XS$a$a$a$b$d$d$e$e$e$e$i$i$l$l$m$o$o$r$r$t$u$y
API String ID: 0-2426704164
Opcode ID: 185ddee043cfd147c7f70a270a2f8bbf3c189f40dc01b17d1dccd37047205952
Instruction ID: 37366b7b2caf72b6f9e6d6b131fe8632e6a63f879d1bdef34f878b09c046708a
Opcode Fuzzy Hash: 185ddee043cfd147c7f70a270a2f8bbf3c189f40dc01b17d1dccd37047205952
Instruction Fuzzy Hash: 2732F535A286A886DB28CB39DC116DFB6B3EF59300F0494FD950DE7250E7B44A858B1A

Function 645DA4C0 Relevance: 40.5, Strings: 32, Instructions: 497COMMON

Download Yara Rule

Strings

e, xrefs: 645DB680
=MZ, xrefs: 645DB599
l, xrefs: 645DB641
r, xrefs: 645DA695
XS, xrefs: 645DA9E0
i, xrefs: 645DB656
N, xrefs: 645DB66B
L, xrefs: 645DA672
l, xrefs: 645DB65D
a, xrefs: 645DA68E
m, xrefs: 645DB679
F, xrefs: 645DB64F
d, xrefs: 645DB633
i, xrefs: 645DA679
W, xrefs: 645DA6A3
u, xrefs: 645DB63A
M, xrefs: 645DB625
b, xrefs: 645DA680
r, xrefs: 645DA687
e, xrefs: 645DB617
d, xrefs: 645DA66B
e, xrefs: 645DB648
a, xrefs: 645DA664
t, xrefs: 645DB61E
y, xrefs: 645DA69C
L, xrefs: 645DA656
G, xrefs: 645DB610
o, xrefs: 645DB62C
W, xrefs: 645DB687
a, xrefs: 645DB672
e, xrefs: 645DB664
o, xrefs: 645DA65D

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: =MZ$F$G$L$L$M$N$W$W$XS$a$a$a$b$d$d$e$e$e$e$i$i$l$l$m$o$o$r$r$t$u$y
API String ID: 0-2426704164
Opcode ID: eaeac23f253199cb75b33416572f50730be65b50d47701170897c6742f6cfc62
Instruction ID: e470da9bc3119697cd2849ae82151196c0eecca058b43aebd7d3a05cf1bba69e
Opcode Fuzzy Hash: eaeac23f253199cb75b33416572f50730be65b50d47701170897c6742f6cfc62
Instruction Fuzzy Hash: E932E535E2869886DB28CB39DC116DFB6B3EF59300F04D4FD950DE7260E7B44A858B1A

Function 645E45D1 Relevance: 36.7, Strings: 29, Instructions: 434COMMON

Download Yara Rule

Strings

Q, xrefs: 645E4423
W, xrefs: 645E5B65
a, xrefs: 645E475A
r, xrefs: 645E4753
r, xrefs: 645E4761
o, xrefs: 645E5B1F
X, xrefs: 645E5AFA
y, xrefs: 645E4768
b, xrefs: 645E474C
L26B, xrefs: 645E5EC7
W, xrefs: 645E476F
L, xrefs: 645E5B34
S, xrefs: 645E43C4, 645E4608
d, xrefs: 645E4737
b, xrefs: 645E5B42
i, xrefs: 645E5B3B
a, xrefs: 645E5B26
d, xrefs: 645E5B2D
P, xrefs: 645E5AE6
a, xrefs: 645E4730
o, xrefs: 645E4729
a, xrefs: 645E5B50
L, xrefs: 645E5B18
i, xrefs: 645E4745
L, xrefs: 645E4722
r, xrefs: 645E5B49
r, xrefs: 645E5B57
L, xrefs: 645E473E
y, xrefs: 645E5B5E

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: L$L$L$L$L26B$P$Q$S$W$W$X$a$a$a$a$b$b$d$d$i$i$o$o$r$r$r$r$y$y
API String ID: 0-1254823171
Opcode ID: 773658ae9cfdec7883e4c92e9d1c1cac2900bada75cbf72fe43656fb695a2548
Instruction ID: 0f1dcc075f5879b44159abed6d80742a50dc893d7b2a9d7f323ccef467aaa11f
Opcode Fuzzy Hash: 773658ae9cfdec7883e4c92e9d1c1cac2900bada75cbf72fe43656fb695a2548
Instruction Fuzzy Hash: 1302F3B1E186A88AE724CB24DC547EA7B75EF52310F0440F9D54DA7681E3B94FC1CB62

Function 645E4621 Relevance: 34.1, Strings: 27, Instructions: 318COMMON

Download Yara Rule

Strings

W, xrefs: 645E5B65
a, xrefs: 645E475A
r, xrefs: 645E4753
r, xrefs: 645E4761
o, xrefs: 645E5B1F
X, xrefs: 645E5AFA
y, xrefs: 645E4768
b, xrefs: 645E474C
L26B, xrefs: 645E5EC7
W, xrefs: 645E476F
L, xrefs: 645E5B34
d, xrefs: 645E4737
b, xrefs: 645E5B42
i, xrefs: 645E5B3B
a, xrefs: 645E5B26
d, xrefs: 645E5B2D
P, xrefs: 645E5AE6
a, xrefs: 645E4730
o, xrefs: 645E4729
a, xrefs: 645E5B50
L, xrefs: 645E5B18
i, xrefs: 645E4745
L, xrefs: 645E4722
r, xrefs: 645E5B49
r, xrefs: 645E5B57
L, xrefs: 645E473E
y, xrefs: 645E5B5E

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: L$L$L$L$L26B$P$W$W$X$a$a$a$a$b$b$d$d$i$i$o$o$r$r$r$r$y$y
API String ID: 0-3736276490
Opcode ID: 52b51ec6a886e140a43fa1546eccafd0aa2afeb93e4570272d2029de4e32a98d
Instruction ID: 65e5261cb0534463c85ab03b0dc42f61c36fee3029be9f4056877913a3383274
Opcode Fuzzy Hash: 52b51ec6a886e140a43fa1546eccafd0aa2afeb93e4570272d2029de4e32a98d
Instruction Fuzzy Hash: E2D1E1A1E186A88EF7248B24DC547EA7A75EF52314F0441F9C04D9B681E3BE4EC5CB62

Function 645DA791 Relevance: 25.5, Strings: 20, Instructions: 497COMMON

Download Yara Rule

Strings

e, xrefs: 645DB680
t, xrefs: 645DB61E
G, xrefs: 645DB610
=MZ, xrefs: 645DB599
l, xrefs: 645DB641
XS, xrefs: 645DA9E0
i, xrefs: 645DB656
N, xrefs: 645DB66B
o, xrefs: 645DB62C
l, xrefs: 645DB65D
m, xrefs: 645DB679
F, xrefs: 645DB64F
d, xrefs: 645DB633
W, xrefs: 645DB687
u, xrefs: 645DB63A
M, xrefs: 645DB625
a, xrefs: 645DB672
e, xrefs: 645DB664
e, xrefs: 645DB617
e, xrefs: 645DB648

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: =MZ$F$G$M$N$W$XS$a$d$e$e$e$e$i$l$l$m$o$t$u
API String ID: 0-631836822
Opcode ID: f040fc1b1ceefa8c3e22fe5aaff0c52c075260d7bb8bf48c043dcc52a0da3fc7
Instruction ID: 9bdcd3bdaa87f3222466e1fbb355c3ea2d350f5841786019114f53b0b754e762
Opcode Fuzzy Hash: f040fc1b1ceefa8c3e22fe5aaff0c52c075260d7bb8bf48c043dcc52a0da3fc7
Instruction Fuzzy Hash: 1422D635E2469986DB28CB39DC515DFB2B2AF58300F04D5FDD80DE7260E7B04A858F1A

Function 645DA7F0 Relevance: 25.5, Strings: 20, Instructions: 476COMMON

Download Yara Rule

Strings

e, xrefs: 645DB680
t, xrefs: 645DB61E
G, xrefs: 645DB610
=MZ, xrefs: 645DB599
l, xrefs: 645DB641
XS, xrefs: 645DA9E0
i, xrefs: 645DB656
N, xrefs: 645DB66B
o, xrefs: 645DB62C
l, xrefs: 645DB65D
m, xrefs: 645DB679
F, xrefs: 645DB64F
d, xrefs: 645DB633
W, xrefs: 645DB687
u, xrefs: 645DB63A
M, xrefs: 645DB625
a, xrefs: 645DB672
e, xrefs: 645DB664
e, xrefs: 645DB617
e, xrefs: 645DB648

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: =MZ$F$G$M$N$W$XS$a$d$e$e$e$e$i$l$l$m$o$t$u
API String ID: 0-631836822
Opcode ID: a7bc7a0a9f92f0a46198a887fd342772283fd6eada57ac732167ba01015e9fda
Instruction ID: e2ac67340669fe7dc0e3d4a94570565d20b9e1db74117272b863f336df0a5045
Opcode Fuzzy Hash: a7bc7a0a9f92f0a46198a887fd342772283fd6eada57ac732167ba01015e9fda
Instruction Fuzzy Hash: C022C535A246A986DB68CB39DC515DFB2B3AF58300F04D5FDD80DE7260E7B04A858B1A

Function 645DA743 Relevance: 25.4, Strings: 20, Instructions: 404COMMON

Download Yara Rule

Strings

e, xrefs: 645DB680
t, xrefs: 645DB61E
G, xrefs: 645DB610
=MZ, xrefs: 645DB599
l, xrefs: 645DB641
XS, xrefs: 645DA9E0
i, xrefs: 645DB656
N, xrefs: 645DB66B
o, xrefs: 645DB62C
l, xrefs: 645DB65D
m, xrefs: 645DB679
F, xrefs: 645DB64F
d, xrefs: 645DB633
W, xrefs: 645DB687
u, xrefs: 645DB63A
M, xrefs: 645DB625
a, xrefs: 645DB672
e, xrefs: 645DB664
e, xrefs: 645DB617
e, xrefs: 645DB648

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: =MZ$F$G$M$N$W$XS$a$d$e$e$e$e$i$l$l$m$o$t$u
API String ID: 0-631836822
Opcode ID: f14c6a6b304d15982bcc645e1031f3dbc280c4f8a2a8c86288841342b2cf9d81
Instruction ID: c9471ecf2500d5390cf7799ca73ebf8c053bf8fb0bde27cf027343df6a85b068
Opcode Fuzzy Hash: f14c6a6b304d15982bcc645e1031f3dbc280c4f8a2a8c86288841342b2cf9d81
Instruction Fuzzy Hash: 5412A835E2469986DB68CB39DC515DFA2B3AF58304F04D4FD980DE7264F7B04A898F0A

Function 645DB005 Relevance: 24.2, Strings: 19, Instructions: 466COMMON

Download Yara Rule

Strings

e, xrefs: 645DB680
t, xrefs: 645DB61E
G, xrefs: 645DB610
=MZ, xrefs: 645DB599
l, xrefs: 645DB641
i, xrefs: 645DB656
N, xrefs: 645DB66B
o, xrefs: 645DB62C
l, xrefs: 645DB65D
m, xrefs: 645DB679
F, xrefs: 645DB64F
d, xrefs: 645DB633
W, xrefs: 645DB687
u, xrefs: 645DB63A
M, xrefs: 645DB625
a, xrefs: 645DB672
e, xrefs: 645DB664
e, xrefs: 645DB617
e, xrefs: 645DB648

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: =MZ$F$G$M$N$W$a$d$e$e$e$e$i$l$l$m$o$t$u
API String ID: 0-3517196457
Opcode ID: 4a72ca80a5898bedfcfec54d247d636213a6dd87e6d0c2b7c3704d231e5d25e5
Instruction ID: 25749a44004dfbda671d992ce3cb56ce6f6267f2362c2814b83da223f9973ac7
Opcode Fuzzy Hash: 4a72ca80a5898bedfcfec54d247d636213a6dd87e6d0c2b7c3704d231e5d25e5
Instruction Fuzzy Hash: 2222C535E246A986DB28CB39DC415DFB6B3AF59300F04D4FDD80DE7260E7B04A858B1A

Function 645DB0F9 Relevance: 24.2, Strings: 19, Instructions: 423COMMON

Download Yara Rule

Strings

e, xrefs: 645DB680
t, xrefs: 645DB61E
G, xrefs: 645DB610
=MZ, xrefs: 645DB599
l, xrefs: 645DB641
i, xrefs: 645DB656
N, xrefs: 645DB66B
o, xrefs: 645DB62C
l, xrefs: 645DB65D
m, xrefs: 645DB679
F, xrefs: 645DB64F
d, xrefs: 645DB633
W, xrefs: 645DB687
u, xrefs: 645DB63A
M, xrefs: 645DB625
a, xrefs: 645DB672
e, xrefs: 645DB664
e, xrefs: 645DB617
e, xrefs: 645DB648

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: =MZ$F$G$M$N$W$a$d$e$e$e$e$i$l$l$m$o$t$u
API String ID: 0-3517196457
Opcode ID: 0ea0671903a478860ef13e711031dec5ba6a1e4e6c9a96cba29109451189e64e
Instruction ID: 0954fe185faa12d0578e69141b9ecd072a71bd87198a4748c6c5758a58ddf2bf
Opcode Fuzzy Hash: 0ea0671903a478860ef13e711031dec5ba6a1e4e6c9a96cba29109451189e64e
Instruction Fuzzy Hash: 3312B735E245A986DB28DB39DC415DFB2B3AF59304F04D4FD980DE7260E7B04A858F0A

Function 645DB4D7 Relevance: 24.1, Strings: 19, Instructions: 385COMMON

Download Yara Rule

Strings

e, xrefs: 645DB680
t, xrefs: 645DB61E
G, xrefs: 645DB610
=MZ, xrefs: 645DB599
l, xrefs: 645DB641
i, xrefs: 645DB656
N, xrefs: 645DB66B
o, xrefs: 645DB62C
l, xrefs: 645DB65D
m, xrefs: 645DB679
F, xrefs: 645DB64F
d, xrefs: 645DB633
W, xrefs: 645DB687
u, xrefs: 645DB63A
M, xrefs: 645DB625
a, xrefs: 645DB672
e, xrefs: 645DB664
e, xrefs: 645DB617
e, xrefs: 645DB648

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: =MZ$F$G$M$N$W$a$d$e$e$e$e$i$l$l$m$o$t$u
API String ID: 0-3517196457
Opcode ID: 02f8df7090725330c6e42bdcdea392cf619451a86e1c1682367f18b08b9d3d4a
Instruction ID: 1ad274fb6b62647d08e13d091594f49f38776d39e5af54889665963b3c7e8985
Opcode Fuzzy Hash: 02f8df7090725330c6e42bdcdea392cf619451a86e1c1682367f18b08b9d3d4a
Instruction Fuzzy Hash: 57029735A246A986DB28DB39DC515DFA2F3AF58304F04D5FD980DE7260E7B04A858F0A

Function 645DB498 Relevance: 24.1, Strings: 19, Instructions: 378COMMON

Download Yara Rule

Strings

e, xrefs: 645DB680
t, xrefs: 645DB61E
G, xrefs: 645DB610
=MZ, xrefs: 645DB599
l, xrefs: 645DB641
i, xrefs: 645DB656
N, xrefs: 645DB66B
o, xrefs: 645DB62C
l, xrefs: 645DB65D
m, xrefs: 645DB679
F, xrefs: 645DB64F
d, xrefs: 645DB633
W, xrefs: 645DB687
u, xrefs: 645DB63A
M, xrefs: 645DB625
a, xrefs: 645DB672
e, xrefs: 645DB664
e, xrefs: 645DB617
e, xrefs: 645DB648

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: =MZ$F$G$M$N$W$a$d$e$e$e$e$i$l$l$m$o$t$u
API String ID: 0-3517196457
Opcode ID: d93c4e0ca418501e396ff54445ae0e1110e3851f7b52024ef11150b9b0cd99ea
Instruction ID: 0403b9b1d73c9a4ee8e022b08fd4d6891e86f9b52f546d2171b4c9be8313433e
Opcode Fuzzy Hash: d93c4e0ca418501e396ff54445ae0e1110e3851f7b52024ef11150b9b0cd99ea
Instruction Fuzzy Hash: E1029835A285A986DB28DB39DC515DFB2B3AF58304F04D4FD980DE7260E7B04A858F0A

Function 645E5087 Relevance: 20.3, Strings: 16, Instructions: 325COMMON

Download Yara Rule

Strings

d, xrefs: 645E5B2D
P, xrefs: 645E5AE6
W, xrefs: 645E5B65
a, xrefs: 645E5B50
L, xrefs: 645E5B18
o, xrefs: 645E5B1F
X, xrefs: 645E5AFA
r, xrefs: 645E5B49
r, xrefs: 645E5B57
L26B, xrefs: 645E5EC7
y, xrefs: 645E5B5E
L, xrefs: 645E5B34
b, xrefs: 645E5B42
i, xrefs: 645E5B3B
a, xrefs: 645E5B26
57K[, xrefs: 645E5089

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: 57K[$L$L$L26B$P$W$X$a$a$b$d$i$o$r$r$y
API String ID: 0-2972370436
Opcode ID: a0670ca4b8dd819b6a046314425bb8d96a41e30e144971c85469be7b10ab588b
Instruction ID: 28b7150194c37e08f0f644bcb3a36495f4e86d4ed9d29c016fb86337dd508fb7
Opcode Fuzzy Hash: a0670ca4b8dd819b6a046314425bb8d96a41e30e144971c85469be7b10ab588b
Instruction Fuzzy Hash: BDD1BEB2E146A88EE7248B24DC147EABB75EF95310F0400FAD54D9B681E3795EC5CF12

Function 6467E454 Relevance: 16.8, APIs: 11, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1404234fe335408f74247475c3702457d985ac8cee8814b3f70f2f05912fdc8a
Instruction ID: fd0cb057eb75de93ca267f8da870684cca46eb0e678d04678a17abea7268f6a7
Opcode Fuzzy Hash: 1404234fe335408f74247475c3702457d985ac8cee8814b3f70f2f05912fdc8a
Instruction Fuzzy Hash: 71D1CEB460C7549FE320DF29C58469ABBF1AF8A344F00892EE9D987311E375D849CF46

Function 6467A680 Relevance: 15.9, APIs: 2, Strings: 6, Instructions: 1858COMMON

Download Yara Rule

Strings

, xrefs: 6467B5F6
, xrefs: 6467B3BE
(, xrefs: 6467A966
(, xrefs: 6467B103
(, xrefs: 6467B84C
, xrefs: 6467AEE3

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: $ $ $($($(
API String ID: 0-721555338
Opcode ID: 5daca47ad72b58a1ddc7a84ced5d744ee440a16d36838470820a88dc8637b80c
Instruction ID: d33436b60f70ee665b676abd0645ca9b49701b0485f311226f870a2b78c20d9d
Opcode Fuzzy Hash: 5daca47ad72b58a1ddc7a84ced5d744ee440a16d36838470820a88dc8637b80c
Instruction Fuzzy Hash: FC0324B59083958BD324CF19C09039AFBE1BFC9744F15896EE9E89B351D7B1E805CB82

Function 645E0065 Relevance: 15.2, Strings: 12, Instructions: 213COMMON

Download Yara Rule

Strings

L, xrefs: 645E0098
b, xrefs: 645E00A6
d, xrefs: 645E0091
a, xrefs: 645E00B4
a, xrefs: 645E008A
o, xrefs: 645E0083
r, xrefs: 645E00AD
y, xrefs: 645E00C2
r, xrefs: 645E00BB
i, xrefs: 645E009F
W, xrefs: 645E00C9
L, xrefs: 645E007C

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: L$L$W$a$a$b$d$i$o$r$r$y
API String ID: 0-4069139063
Opcode ID: a9fee5cf925e68e554388337692e2cda912650e07ca0c55dc517c90eee7f847a
Instruction ID: c7c1ca6788bbbaa4bf1088fb096f5b5abbfdbbc74a28740fb9b23a20ae5de2ef
Opcode Fuzzy Hash: a9fee5cf925e68e554388337692e2cda912650e07ca0c55dc517c90eee7f847a
Instruction Fuzzy Hash: C581B3A1E082649EF7258B24DC44BEB7B79EF92710F0440FAD44D97681E7794EC5CB22

Function 645D6018 Relevance: 15.2, Strings: 12, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b1337446496e9c41b79cc917f4922fd1446a8c7c90269b4ddb14d3d9de821c2
Instruction ID: a76abfe854526680fafcfad502bee7e43e464ba02b716878063f9692c443fae1
Opcode Fuzzy Hash: 4b1337446496e9c41b79cc917f4922fd1446a8c7c90269b4ddb14d3d9de821c2
Instruction Fuzzy Hash: 7E91AEB1E196688AE7208B28DC44BDBB7B5EF55304F0440F9D40CA7681E7BA5EC1CB66

Function 645E0074 Relevance: 15.2, Strings: 12, Instructions: 193COMMON

Download Yara Rule

Strings

L, xrefs: 645E0098
b, xrefs: 645E00A6
d, xrefs: 645E0091
a, xrefs: 645E00B4
a, xrefs: 645E008A
o, xrefs: 645E0083
r, xrefs: 645E00AD
y, xrefs: 645E00C2
r, xrefs: 645E00BB
i, xrefs: 645E009F
W, xrefs: 645E00C9
L, xrefs: 645E007C

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: L$L$W$a$a$b$d$i$o$r$r$y
API String ID: 0-4069139063
Opcode ID: 3c9bce32a931c712ba117c291a31e0b6b9fbbbf1e0e8706c0d267598cb2360fa
Instruction ID: ce311ec0e27ecac432fc5f4d6d7f9d5334a9897412eac2d845516db30f962c61
Opcode Fuzzy Hash: 3c9bce32a931c712ba117c291a31e0b6b9fbbbf1e0e8706c0d267598cb2360fa
Instruction Fuzzy Hash: 2A71AFA2E082648EF7258B24DC44BEB7B75EF96710F0440FAD44D97681E7B94EC5CB22

Function 647197CC Relevance: 9.5, APIs: 6, Instructions: 495COMMON

Download Yara Rule

APIs

ogg_sync_reset.MSIMG32 ref: 6471996B
ogg_sync_pageseek.MSIMG32 ref: 6471997F
ogg_sync_buffer.MSIMG32 ref: 647199C1
ogg_sync_wrote.MSIMG32 ref: 647199F5
ogg_sync_reset.MSIMG32 ref: 64719C57

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ogg_sync_reset$ogg_sync_bufferogg_sync_pageseekogg_sync_wrote
String ID:
API String ID: 632350164-0
Opcode ID: 92a936b52b7522ce8d2612016793d0b627fc50d7c21d1a1dad2587165fb270ab
Instruction ID: f61f2d4419897228a8fdd87f39eae92743ea70b66b62c284f0ce67d03c751ab3
Opcode Fuzzy Hash: 92a936b52b7522ce8d2612016793d0b627fc50d7c21d1a1dad2587165fb270ab
Instruction Fuzzy Hash: 4432D2B5A08340CFD764CF29C18064ABBE5BFD9714F18896EE9989B315D770E846CF82

Function 645D40E4 Relevance: 5.6, Strings: 4, Instructions: 634COMMON

Download Yara Rule

Strings

n, xrefs: 645D4515
8, xrefs: 645D4501
n, xrefs: 645D451F
x, xrefs: 645D4529

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: 8$n$n$x
API String ID: 0-2129689772
Opcode ID: 2c69cec9663df8044043cd5f9ba91e2764da172e4b9032e7ded2e00df08e3c54
Instruction ID: 5aaa57143d4bacb1274f32a247d54ad3a5f28d0f3a37418616ba36a66d037d00
Opcode Fuzzy Hash: 2c69cec9663df8044043cd5f9ba91e2764da172e4b9032e7ded2e00df08e3c54
Instruction Fuzzy Hash: D93215B2D011554FF728CB28CE99AEEBBB9EF91300F0481FAD40D9A990D7785BC58E41

Function 645D20D0 Relevance: 5.6, Strings: 4, Instructions: 565COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8d0eb588c6d1fab9daa668e1bb90d9baa58ec6742406e2e04034729d53f2aeb
Instruction ID: 1f0c1ac1bd4803dced24c9c5168632f5537fc0ac37363043f6e6d6f735f7f5b9
Opcode Fuzzy Hash: f8d0eb588c6d1fab9daa668e1bb90d9baa58ec6742406e2e04034729d53f2aeb
Instruction Fuzzy Hash: 582257B2D041558FE728CB28CD99AEABBB9EF81304F0481FED40DA6690D7785AC5CF51

Function 645D44C0 Relevance: 5.4, Strings: 4, Instructions: 395COMMON

Download Yara Rule

Strings

n, xrefs: 645D4515
8, xrefs: 645D4501
n, xrefs: 645D451F
x, xrefs: 645D4529

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: 8$n$n$x
API String ID: 0-2129689772
Opcode ID: 97265be358c4b0becbda3c2f5296819fbc79d5d5780f777e745c19af7d0ebfcd
Instruction ID: ab1586359abf7d02ebc8eba4cfd914812f5e18a5eca07e94a0a8ca78262c0a97
Opcode Fuzzy Hash: 97265be358c4b0becbda3c2f5296819fbc79d5d5780f777e745c19af7d0ebfcd
Instruction Fuzzy Hash: FCE148B2C011554FF728CB28CD99BABBB79EF81304F0481FAC40D9A590D7796BC98E41

Function 645D44B8 Relevance: 5.4, Strings: 4, Instructions: 395COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b78b094ffd19e0c92e4f6dbe88441d03148eb63550fa9591d98e56b0493746b
Instruction ID: 1a9ef9bc9fd8a033e46732ecf318cc482e62a718be2e8d278b0f073519042b31
Opcode Fuzzy Hash: 4b78b094ffd19e0c92e4f6dbe88441d03148eb63550fa9591d98e56b0493746b
Instruction Fuzzy Hash: 01E137B2D011555FF728CB28CD99BABBBB9EF81300F0481FAD40D96590D7796BC98E41

Function 645D2483 Relevance: 5.3, Strings: 4, Instructions: 341COMMON

Download Yara Rule

Strings

n, xrefs: 645D24FE
x, xrefs: 645D2512
n, xrefs: 645D2508
8, xrefs: 645D24EA

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: 8$n$n$x
API String ID: 0-2129689772
Opcode ID: de2833d41ffebf8aec1fca4c0b2b0f8b8d6e75bc7f41af26f8b61cfba1b3aee9
Instruction ID: 7d3088db5ba3cc101ca1f6d6a0a81b98bd4d193ed386a3dec0d62f0ffaeb9e59
Opcode Fuzzy Hash: de2833d41ffebf8aec1fca4c0b2b0f8b8d6e75bc7f41af26f8b61cfba1b3aee9
Instruction Fuzzy Hash: 77C153B2D041654FF728CB28CD99AEABBB9EF81304F0441FED40966990D7785AC98A51

Function 645D24C3 Relevance: 5.3, Strings: 4, Instructions: 319COMMON

Download Yara Rule

Strings

n, xrefs: 645D24FE
x, xrefs: 645D2512
n, xrefs: 645D2508
8, xrefs: 645D24EA

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: 8$n$n$x
API String ID: 0-2129689772
Opcode ID: 8102311bc6637adb87f8ee11ea4be85a8c1ca76ee701976bbd67efe60959dda7
Instruction ID: 165333222c6f09a174eb44ab8e2389408f0a1195c520a56a7bbcf813fda11d4c
Opcode Fuzzy Hash: 8102311bc6637adb87f8ee11ea4be85a8c1ca76ee701976bbd67efe60959dda7
Instruction Fuzzy Hash: 36C142B2D041654FF728CA28DD99BEABBB9EF81304F0441FED40D66990D7785BC98E41

Function 646590B0 Relevance: 4.7, APIs: 3, Instructions: 202COMMON

Download Yara Rule

APIs

al_ustr_get.MSIMG32 ref: 646590C6

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_ustr_get
String ID:
API String ID: 661181409-0
Opcode ID: 3f3c1d4a04ad4ee4bbe194a05c9358800438f558a66e36147e4a5d84b67933ca
Instruction ID: 9a78e0702d8eb39bc839aba3c879c7656446eb3ce33b423e90603bde720557c2
Opcode Fuzzy Hash: 3f3c1d4a04ad4ee4bbe194a05c9358800438f558a66e36147e4a5d84b67933ca
Instruction Fuzzy Hash: 6461A6716187008BD728CA2CC48434BBBE2DBD6368F24877DE5648B2F9C276D99DD742

Function 646F66A8 Relevance: 3.7, APIs: 2, Instructions: 732COMMON

Download Yara Rule

APIs

ChannelsFromFmt.MSIMG32(?,?,?,?,646A0A83), ref: 646F708D
BytesFromFmt.MSIMG32(?,?,?,?,646A0A83), ref: 646F709E

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: From$BytesChannels
String ID:
API String ID: 89695956-0
Opcode ID: eeb2a50bed4e018c7ee4b4e83facf1b38d3fc53300caa03c18d2e3c635b5ff2c
Instruction ID: e571b18fbfea6735f251555c75b4a1540d31a9ea8cbdea51741d71ec14d41113
Opcode Fuzzy Hash: eeb2a50bed4e018c7ee4b4e83facf1b38d3fc53300caa03c18d2e3c635b5ff2c
Instruction Fuzzy Hash: F8720475608391CBD7B4CF29C9847CAB7E2BBD8301F548A2ED98D8B315D770A846CB46

Function 6473347C Relevance: 2.7, Strings: 2, Instructions: 173COMMON

Download Yara Rule

Strings

O, xrefs: 647335F8
OggS, xrefs: 647334CB

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: O$OggS
API String ID: 0-767359038
Opcode ID: 87a212e4b37c45c6524d88bac3c767231b7b6cccdcaaabfe23f68e603d07ced3
Instruction ID: 5e6b7c69554020dffc256769307fc82b1ea7e55e8d68007e295aee005801b3d1
Opcode Fuzzy Hash: 87a212e4b37c45c6524d88bac3c767231b7b6cccdcaaabfe23f68e603d07ced3
Instruction Fuzzy Hash: 71619F716086628FDB15CF69C580317BBF1BF99304F04856DD8849B706E374E999CBD2

Function 645D5544 Relevance: 1.4, Strings: 1, Instructions: 171COMMON

Download Yara Rule

Strings

A3<Y, xrefs: 645D5546

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: A3<Y
API String ID: 0-1166355234
Opcode ID: 880a5a927a4a19420221ecaceff1111e8cc362ecfc152d11fafc9e145dbdd67d
Instruction ID: 608a9f72789443d1e1b46de8c63416dabebca456a280ec852963ab981234b8de
Opcode Fuzzy Hash: 880a5a927a4a19420221ecaceff1111e8cc362ecfc152d11fafc9e145dbdd67d
Instruction Fuzzy Hash: 76517BF2C1455CAFF314862CEC94AFB776CDF82324F2485BED90995180E9385EC14A66

Function 645D45D8 Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18c6ed04cc5e12aa055bc81dce74bdb9fd94940b766b396505ee6a7f3288f075
Instruction ID: 2f47d35045638aad141d389dc6aa03b0fbb9da6d7cffe5f8f38f5fdbd2d97dbb
Opcode Fuzzy Hash: 18c6ed04cc5e12aa055bc81dce74bdb9fd94940b766b396505ee6a7f3288f075
Instruction Fuzzy Hash: 28C114B2D011554FF728CB28CD99AAFBBB9EF91300F1481FAC40D969A0D7786BC58E41

Function 645D46E4 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7565a3566d757948ddb7c2b7aac3dc001e6823964670f391099807d889e04cd
Instruction ID: c7d36a10719b25c4f6f08c46a2423b4d25c025518e1103fb9dae937aa5bcc58e
Opcode Fuzzy Hash: a7565a3566d757948ddb7c2b7aac3dc001e6823964670f391099807d889e04cd
Instruction Fuzzy Hash: 4F9137B2D011554FF728CB28CD98AAFBBB9EF91300F0481FAC40D965A0D7796BC68E41

Function 645E0492 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ee2fcf2bfc76cfaf233f00851046546ca1012537dcf2748276b78b468563af8
Instruction ID: 4267a31f18a7d650b32aa2f065631babc37a54bc9a24b1c911f4e26b45b37abd
Opcode Fuzzy Hash: 6ee2fcf2bfc76cfaf233f00851046546ca1012537dcf2748276b78b468563af8
Instruction Fuzzy Hash: A7B18FB1E052698FEB64CF14CC90BAAB7B1BB86705F1481EAD84D67242DB349EC5CF41

Function 645D4754 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1d14d626a237bc38311e4429103bb49a975839afd8ff95d0e65263d5db61685
Instruction ID: d9f99942193995c5eb5195c8a34cd4fdbb284ff4938503dc54d3a9152bc8834c
Opcode Fuzzy Hash: b1d14d626a237bc38311e4429103bb49a975839afd8ff95d0e65263d5db61685
Instruction Fuzzy Hash: 0D814AB2D011555FF728CB28CD98EAFBBB8EF92300F0481FAC40996590D7796BC58E51

Function 645E017A Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2278b5742f6883bde83d08543079f3910fccee75930b95bd46bc7467451b24a
Instruction ID: f2cd062524dfbf552494f7ded1437eb923eb926eef084215fb89f46ceabef872
Opcode Fuzzy Hash: d2278b5742f6883bde83d08543079f3910fccee75930b95bd46bc7467451b24a
Instruction Fuzzy Hash: E881DFA2D142249AF728CB24DD54BFAB779EF94310F0040FED50A97681EB795EC1DB12

Function 645D540F Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6cdd7867e7f02e6b236f4308d4ac05692bb38f8632489b928ab546feebbf124
Instruction ID: faec2a152998f80f4ed265e815bf7d937553b4b6be27fab766e27b8e747af0a1
Opcode Fuzzy Hash: a6cdd7867e7f02e6b236f4308d4ac05692bb38f8632489b928ab546feebbf124
Instruction Fuzzy Hash: C2515BE3D541486FF314822CED4AEFB3B2CDBD2324F28467EE84E85680E52D5AC64567

Function 645D5455 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf68aea1e06a90108e7b7e437ccc306902c961b540d1615cbd96925eefa9a9ae
Instruction ID: 0fdc408677d32c9c40a251c6bab62984937b1d2304615de466e8a8b1cb22ef71
Opcode Fuzzy Hash: bf68aea1e06a90108e7b7e437ccc306902c961b540d1615cbd96925eefa9a9ae
Instruction Fuzzy Hash: 845159E3D540486FF304822CED45EFB3B1CDBC2324F24467EE84E86680E52D6AC64667

Function 645D5538 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 802da0ea343f0fc2ab910f09d1e1afce025497b291ce9d5772f3f1e9379b360b
Instruction ID: 41c8916d9584ae9cb98f0343bd7c89e3438a6b9731b212c59169584e6086869a
Opcode Fuzzy Hash: 802da0ea343f0fc2ab910f09d1e1afce025497b291ce9d5772f3f1e9379b360b
Instruction Fuzzy Hash: 59518BE2C1415CAFF314862CEC95AFB7768DF82324F2485BED90995180E9395EC14B67

Function 645E017F Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70892f136e76b8925008122da2e214e9f0f981d51084b54776ffacaaa6d5bb43
Instruction ID: 9ba1cc5f0e5857a31239465669bdc72c2f1527dfe7a9eb477c4982ca54fbdfbd
Opcode Fuzzy Hash: 70892f136e76b8925008122da2e214e9f0f981d51084b54776ffacaaa6d5bb43
Instruction Fuzzy Hash: BB5100A2E146249BF7248B24DD04BFB7779EF94710F0080BED50D97681EB794EC29B22

Function 645D54BB Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79c9708d363da6681dc96212cac583c1767ac22817a3d9be119f6c3e06254c9b
Instruction ID: c5901230589b6dd4e00fc0f2d522d0b645103a1b9b1400e72c517a15afa22756
Opcode Fuzzy Hash: 79c9708d363da6681dc96212cac583c1767ac22817a3d9be119f6c3e06254c9b
Instruction Fuzzy Hash: EF4166E3D540486FF304863CED49EFB371CCBC2324F24467EE84A865C4E92D6AC64662

Function 645D5584 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a212d99e8e568ffb15bc569eb31c61cc894e93018160f00176cf71a0a5adfce
Instruction ID: 33f4a3ac0afbd850df8c729359e9221927aca475cf10085fb3ea6c5d29410dc9
Opcode Fuzzy Hash: 4a212d99e8e568ffb15bc569eb31c61cc894e93018160f00176cf71a0a5adfce
Instruction Fuzzy Hash: A8416BE2D1844CAFF3148638ED559FB3768DF92324F2445BED94989180E5285EC24677

Function 645D95B1 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aba5c34345dc99295672e92228156dcfe14868be48136e1284a03f9cf85b76d9
Instruction ID: 0cdbeae3b7da7291b6c738627a529a8b7ac4af1557c7a4ad5f485a0f6cca37c4
Opcode Fuzzy Hash: aba5c34345dc99295672e92228156dcfe14868be48136e1284a03f9cf85b76d9
Instruction Fuzzy Hash: 6F51DCB2D44169CBE754CB28DCA0AEBB3B4FF45304F0081BAD849A7644E7386E85CF95

Function 646746E0 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33c7ba789cc3a44fb3259bc729746acbffbd1e40639ac0b14d81c4dc71631467
Instruction ID: c72baf29eb9cb79a79708df9095788476e379200d5d5017b9e43f021a0e2ca0b
Opcode Fuzzy Hash: 33c7ba789cc3a44fb3259bc729746acbffbd1e40639ac0b14d81c4dc71631467
Instruction Fuzzy Hash: 814110B45083228FD714CF2AC89825ABBF1EFCA349F14882DE6D487354D679E585CF52

Function 646736E8 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41ec367d26308969154536732934ad7c6188dab42ab7262c86c47480d5b2974a
Instruction ID: d3018f83aa0d9d99184a75f76a23396ea45edccd7195982d10fb9cbfb534acf4
Opcode Fuzzy Hash: 41ec367d26308969154536732934ad7c6188dab42ab7262c86c47480d5b2974a
Instruction Fuzzy Hash: 4201E47B3B4D0B035B4C8078ED3767910D2A3C62157C8AA3DF9BBC96C2E62DC4A58245

Function 6460B7CC Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86f409e129d6956a5292e8e537a2118996d0084b31a598e7e5425b5e0cc4f27f
Instruction ID: 8b3f944b1aba00a58df5423fc17527eeefcffd5516f0c6f95bda4eab1b02e1db
Opcode Fuzzy Hash: 86f409e129d6956a5292e8e537a2118996d0084b31a598e7e5425b5e0cc4f27f
Instruction Fuzzy Hash: B5A00238298111CF8608CF08C0A4C0477F4E7157403115481E800C7B65C330EC40CB80

Function 645FC528 Relevance: 97.9, APIs: 65, Instructions: 443COMMON

Download Yara Rule

APIs

_al_get_new_display_settings.MSIMG32 ref: 645FC539

Part of subcall function 64624A18: __emutls_get_address.MSIMG32(?,?,?,00000000,645FBB25), ref: 64624A24

_al_set_new_display_settings.MSIMG32 ref: 645FC557

Part of subcall function 64624940: __emutls_get_address.MSIMG32(?,?,?,?,645FC55C), ref: 6462494C

_al_get_new_display_settings.MSIMG32 ref: 645FC55C
_al_get_new_display_settings.MSIMG32 ref: 645FC56F
_al_get_new_display_settings.MSIMG32 ref: 645FC582
_al_get_new_display_settings.MSIMG32 ref: 645FC595
_al_get_new_display_settings.MSIMG32 ref: 645FC5A8
_al_get_new_display_settings.MSIMG32 ref: 645FC5BB
_al_get_new_display_settings.MSIMG32 ref: 645FC5CE
_al_get_new_display_settings.MSIMG32 ref: 645FC5E1
_al_get_new_display_settings.MSIMG32 ref: 645FC5FA
_al_get_new_display_settings.MSIMG32 ref: 645FC640
_al_get_new_display_settings.MSIMG32 ref: 645FC666
_al_get_new_display_settings.MSIMG32 ref: 645FC748
_al_get_new_display_settings.MSIMG32 ref: 645FC76E
_al_get_new_display_settings.MSIMG32 ref: 645FC788
_al_get_new_display_settings.MSIMG32 ref: 645FC7AE
_al_get_new_display_settings.MSIMG32 ref: 645FC7E0
_al_get_new_display_settings.MSIMG32 ref: 645FC806
_al_get_new_display_settings.MSIMG32 ref: 645FC828
_al_get_new_display_settings.MSIMG32 ref: 645FC84E
_al_get_new_display_settings.MSIMG32 ref: 645FC884
_al_get_new_display_settings.MSIMG32 ref: 645FC8B1

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: _al_get_new_display_settings$__emutls_get_address$_al_set_new_display_settings
String ID:
API String ID: 2701111176-0
Opcode ID: 333ba2134ab1155d0400ab9fb5bfc92140532ce45d99b6e7c77781cd2cc4d19d
Instruction ID: c237c2c5b0fc49d0299789c70c7d3d83d0b2129367fd3cb528ed1d6ed747b603
Opcode Fuzzy Hash: 333ba2134ab1155d0400ab9fb5bfc92140532ce45d99b6e7c77781cd2cc4d19d
Instruction Fuzzy Hash: DB1219B14167429FE3619FA89948B167AA0BF1233BF038398C5691B1F1C771C50ADF6B

Function 6469C434 Relevance: 86.1, APIs: 18, Strings: 31, Instructions: 336COMMON

Download Yara Rule

APIs

GetConfigValueInt.MSIMG32 ref: 6469C509
GetConfigValue.MSIMG32 ref: 6469C533
DecomposeDevFormat.MSIMG32 ref: 6469C570
GetConfigValueInt.MSIMG32 ref: 6469C59E
GetConfigValueInt.MSIMG32 ref: 6469C5C6
GetConfigValueInt.MSIMG32 ref: 6469C5ED
GetConfigValueInt.MSIMG32 ref: 6469C614
GetConfigValueInt.MSIMG32 ref: 6469C649
GetConfigValueInt.MSIMG32 ref: 6469C671
GetConfigValueBool.MSIMG32 ref: 6469C690
EnterCriticalSection.KERNEL32 ref: 6469C6A6
LeaveCriticalSection.KERNEL32 ref: 6469C71D

Strings

AL_FORMAT_51CHN8, xrefs: 6469C9BE
sources, xrefs: 6469C5DE
AL_FORMAT_QUAD8, xrefs: 6469C9A0
:-, xrefs: 6469C6FF, 6469C70A, 6469C75E, 6469C863
AL_FORMAT_MONO32, xrefs: 6469C544
sends, xrefs: 6469C63A
AL_FORMAT_61CHN32, xrefs: 6469C838
periods, xrefs: 6469C58F
AL_FORMAT_61CHN8, xrefs: 6469C9DC
slots, xrefs: 6469C605
AL_FORMAT_MONO8, xrefs: 6469C964
stereodup, xrefs: 6469C681
cf_level, xrefs: 6469C662
AL_FORMAT_71CHN32, xrefs: 6469C892
AL_FORMAT_51CHN16, xrefs: 6469C90A
AL_FORMAT_STEREO16, xrefs: 6469C51C, 6469C8CE
period_size, xrefs: 6469C5B7
format, xrefs: 6469C524
d:\Libraries\build\allegro\src\openal-soft-1.14\Alc\ALc.c, xrefs: 6469CA2C
AL_FORMAT_71CHN16, xrefs: 6469C946
AL_FORMAT_51CHN32, xrefs: 6469C81A
frequency, xrefs: 6469C4FA
H-, xrefs: 6469C710
Unknown format: "%s", xrefs: 6469CA1C
AL_FORMAT_61CHN16, xrefs: 6469C928
AL_FORMAT_71CHN8, xrefs: 6469C9FA
AL_FORMAT_QUAD16, xrefs: 6469C8EC
AL_FORMAT_QUAD32, xrefs: 6469C7FC
AL_FORMAT_STEREO32, xrefs: 6469C7B8
AL_FORMAT_MONO16, xrefs: 6469C8B0
AL_FORMAT_STEREO8, xrefs: 6469C982

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ConfigValue$CriticalSection$BoolDecomposeEnterFormatLeave
String ID: :-$AL_FORMAT_51CHN16$AL_FORMAT_51CHN32$AL_FORMAT_51CHN8$AL_FORMAT_61CHN16$AL_FORMAT_61CHN32$AL_FORMAT_61CHN8$AL_FORMAT_71CHN16$AL_FORMAT_71CHN32$AL_FORMAT_71CHN8$AL_FORMAT_MONO16$AL_FORMAT_MONO32$AL_FORMAT_MONO8$AL_FORMAT_QUAD16$AL_FORMAT_QUAD32$AL_FORMAT_QUAD8$AL_FORMAT_STEREO16$AL_FORMAT_STEREO32$AL_FORMAT_STEREO8$H-$Unknown format: "%s"$cf_level$d:\Libraries\build\allegro\src\openal-soft-1.14\Alc\ALc.c$format$frequency$period_size$periods$sends$slots$sources$stereodup
API String ID: 1041631076-3192723699
Opcode ID: 65699e8f251668f35234266f86d6813a5a512d7acccac1da22adcef7ec825d8d
Instruction ID: d744bb4841797a4554716d022e43b2c82bf1ed625a96b236a80117dea83d4e87
Opcode Fuzzy Hash: 65699e8f251668f35234266f86d6813a5a512d7acccac1da22adcef7ec825d8d
Instruction Fuzzy Hash: 75E15AB02187069FE7419F14CA4479E7BE4EF52B08F41891DE8999B351D7B8C888DF87

Function 645D00C0 Relevance: 63.2, APIs: 31, Strings: 5, Instructions: 180COMMON

Download Yara Rule

APIs

al_ftell.MSIMG32 ref: 645D00DA
al_fread16le.MSIMG32 ref: 645D00EA
al_fread32le.MSIMG32 ref: 645D00F4
al_fread16le.MSIMG32 ref: 645D00FC
al_fread16le.MSIMG32 ref: 645D0104
al_fread32le.MSIMG32 ref: 645D010C
al_feof.MSIMG32 ref: 645D011F
al_ferror.MSIMG32 ref: 645D012B
al_ftell.MSIMG32 ref: 645D0137
al_fread32le.MSIMG32 ref: 645D013F
al_feof.MSIMG32 ref: 645D0149
al_ferror.MSIMG32 ref: 645D0155
al_fread32le.MSIMG32 ref: 645D01A3
al_fread32le.MSIMG32 ref: 645D01AF
al_fread16le.MSIMG32 ref: 645D01BB
al_fread16le.MSIMG32 ref: 645D01C3
al_fread32le.MSIMG32 ref: 645D01D0
al_fread32le.MSIMG32 ref: 645D01DA
al_fread32le.MSIMG32 ref: 645D01E2
al_fread32le.MSIMG32 ref: 645D01EA
al_fread32le.MSIMG32 ref: 645D01F2
al_fread32le.MSIMG32 ref: 645D01FC
al_feof.MSIMG32 ref: 645D0204
al_ferror.MSIMG32 ref: 645D0214

Strings

, xrefs: 645D0245
, xrefs: 645D0E56
8, xrefs: 645D015E
3, xrefs: 645D026A
BM, xrefs: 645D0115

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_fread32le$al_fread16le$al_feofal_ferror$al_ftell
String ID: $ $3$8$BM
API String ID: 3127332396-3340244431
Opcode ID: 43ff3c68a6091717a3984d213873f6e4f366cbcc15c2f660d75932fc7b07e170
Instruction ID: b976409fd360ec7c59d41a39e8ac69595a0a0c83bf949ad038802689cae8f4b3
Opcode Fuzzy Hash: 43ff3c68a6091717a3984d213873f6e4f366cbcc15c2f660d75932fc7b07e170
Instruction Fuzzy Hash: EF7106B1108744DFE790AF68D88432EBBF1AF86748F41481EE8C947651C7B98885EF0B

Function 645CE6A4 Relevance: 57.9, APIs: 27, Strings: 6, Instructions: 132COMMON

Download Yara Rule

APIs

_al_vector_init.MSIMG32 ref: 645CE6C4
_al_vector_alloc_back.MSIMG32 ref: 645CE70E
_al_vector_alloc_back.MSIMG32 ref: 645CE76E
_al_vector_alloc_back.MSIMG32 ref: 645CE7CE
_al_vector_alloc_back.MSIMG32 ref: 645CE82E
_al_vector_alloc_back.MSIMG32 ref: 645CE88E
_al_add_exit_func.MSIMG32 ref: 645CE8B9

Strings

font_shutdown, xrefs: 645CE8AA
.tga, xrefs: 645CE870, 645CE895
.bmp, xrefs: 645CE6F0, 645CE715
.jpg, xrefs: 645CE750, 645CE775
.pcx, xrefs: 645CE7B0, 645CE7D5
.png, xrefs: 645CE810, 645CE835

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: _al_vector_alloc_back$_al_add_exit_func_al_vector_init
String ID: .bmp$.jpg$.pcx$.png$.tga$font_shutdown
API String ID: 1624829513-671147614
Opcode ID: 8929e4df9c90d4a6b115fdabe90a7785b09c402d518d258809645199e22a1ce6
Instruction ID: e6eb4e25100621b73d591ab3a310c695cd30d211453559a80372fd75e24fa0ff
Opcode Fuzzy Hash: 8929e4df9c90d4a6b115fdabe90a7785b09c402d518d258809645199e22a1ce6
Instruction Fuzzy Hash: 5B51F6B4468781CFDB55EFA4925621DBBE0AF26B44F428A6CC6D4CB720E730C850EB57

Function 645D145B Relevance: 47.4, APIs: 25, Strings: 2, Instructions: 130COMMON

Download Yara Rule

APIs

al_get_bitmap_height.MSIMG32 ref: 645D1466
al_set_errno.MSIMG32 ref: 645D148B

Part of subcall function 64626750: __emutls_get_address.MSIMG32 ref: 6462675C

al_fwrite16le.MSIMG32 ref: 645D149B
al_fwrite32le.MSIMG32 ref: 645D14AA
al_fwrite16le.MSIMG32 ref: 645D14BA
al_fwrite16le.MSIMG32 ref: 645D14CA
al_fwrite32le.MSIMG32 ref: 645D14DA
al_fwrite32le.MSIMG32 ref: 645D14EA
al_fwrite32le.MSIMG32 ref: 645D14FA
al_fwrite32le.MSIMG32 ref: 645D1506
al_fwrite16le.MSIMG32 ref: 645D1516
al_fwrite16le.MSIMG32 ref: 645D1526
al_fwrite32le.MSIMG32 ref: 645D1536
al_fwrite32le.MSIMG32 ref: 645D1542
al_fwrite32le.MSIMG32 ref: 645D1552
al_fwrite32le.MSIMG32 ref: 645D1562
al_fwrite32le.MSIMG32 ref: 645D1572
al_fwrite32le.MSIMG32 ref: 645D1582
al_lock_bitmap.MSIMG32 ref: 645D159E
al_fputc.MSIMG32 ref: 645D15E9
al_fputc.MSIMG32 ref: 645D15FB
al_fputc.MSIMG32 ref: 645D160D
al_fputc.MSIMG32 ref: 645D163B
al_unlock_bitmap.MSIMG32 ref: 645D165B
al_get_errno.MSIMG32 ref: 645D1660

Strings

BM, xrefs: 645D1490
(, xrefs: 645D14DF

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_fwrite32le$al_fwrite16le$al_fputc$__emutls_get_addressal_get_bitmap_heightal_get_errnoal_lock_bitmapal_set_errnoal_unlock_bitmap
String ID: ($BM
API String ID: 2110601859-2980357723
Opcode ID: 4e889934865886193c0b9eee20781bff5e1e01e90d6a75077e1f37caa7e9b363
Instruction ID: 28a5f9835eeb2cce3372936fd13efdd9bc0323633059bcb191afe13ffd76f7b4
Opcode Fuzzy Hash: 4e889934865886193c0b9eee20781bff5e1e01e90d6a75077e1f37caa7e9b363
Instruction Fuzzy Hash: BE51DFB24197409BE340AF28CA9022EFBE1BF84748F05992EE4C99B641C778D945EF43

Function 6462272C Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

al_ref_cstr.MSIMG32 ref: 64622748
al_ref_cstr.MSIMG32 ref: 64622760
al_ustr_has_prefix_cstr.MSIMG32 ref: 64622782

Part of subcall function 64659F34: _al_bstrncmp.MSIMG32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,64622787), ref: 64659F73

al_ustr_find_chr.MSIMG32 ref: 646227A2

Part of subcall function 646593E0: _al_binstr.MSIMG32(?,?,?,?,?,?,?,645FADE7), ref: 64659438

al_ustr_assign_substr.MSIMG32 ref: 646227FB
al_cstr.MSIMG32 ref: 64622803
_al_vector_alloc_back.MSIMG32 ref: 64622813
al_ustr_find_chr.MSIMG32 ref: 6462283B
al_ustr_size.MSIMG32 ref: 6462284A
al_ustr_assign_substr.MSIMG32 ref: 6462285E
al_ustr_equal.MSIMG32 ref: 6462286E
al_ustr_equal.MSIMG32 ref: 64622882
al_cstr.MSIMG32 ref: 6462288E
_al_vector_alloc_back.MSIMG32 ref: 6462289F
al_ustr_assign_substr.MSIMG32 ref: 646227D4

Part of subcall function 6465905C: _al_bassignmidstr.MSIMG32 ref: 64659080

al_ustr_offset.MSIMG32 ref: 646228CF
al_ustr_get.MSIMG32 ref: 646228E1

Strings

/, xrefs: 6462282C

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_ustr_assign_substr$_al_vector_alloc_backal_cstral_ref_cstral_ustr_equalal_ustr_find_chr$_al_bassignmidstr_al_binstr_al_bstrncmpal_ustr_getal_ustr_has_prefix_cstral_ustr_offsetal_ustr_size
String ID: /
API String ID: 727739981-2043925204
Opcode ID: 253bcaa927f376b69060b5dc267dca8eb1ef064f632c0c618c3c0d3b99bfaa2b
Instruction ID: c594037b72f9bb7a089462cc0368faa79502c93b4d992d46df02fc78e76ad4f1
Opcode Fuzzy Hash: 253bcaa927f376b69060b5dc267dca8eb1ef064f632c0c618c3c0d3b99bfaa2b
Instruction Fuzzy Hash: 6251D3B0519700DFD745EF29C18026EBBE0AF88758F01895EE4988B320D739C9A5DF4B

Function 645CB7A0 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 244COMMON

Download Yara Rule

APIs

al_create_event_queue.MSIMG32 ref: 645CB7B1

Part of subcall function 645FE860: al_malloc_with_context.MSIMG32 ref: 645FE884
Part of subcall function 645FE860: _al_vector_init.MSIMG32 ref: 645FE89A
Part of subcall function 645FE860: _al_vector_init.MSIMG32 ref: 645FE8AD
Part of subcall function 645FE860: _al_vector_alloc_back.MSIMG32 ref: 645FE8B5
Part of subcall function 645FE860: _al_mutex_init.MSIMG32 ref: 645FE8D5
Part of subcall function 645FE860: _al_cond_init.MSIMG32 ref: 645FE8E0
Part of subcall function 645FE860: _al_register_destructor.MSIMG32 ref: 645FE8F9

al_register_event_source.MSIMG32 ref: 645CB7BF

Part of subcall function 645FE908: _al_vector_contains.MSIMG32(?,?,?,?,?,645CB7C4), ref: 645FE91B

al_wait_for_event.MSIMG32 ref: 645CB7E1

Part of subcall function 645FED2C: EnterCriticalSection.KERNEL32 ref: 645FED40
Part of subcall function 645FED2C: _al_cond_wait.MSIMG32 ref: 645FED5B
Part of subcall function 645FED2C: _al_vector_ref.MSIMG32 ref: 645FED7A
Part of subcall function 645FED2C: LeaveCriticalSection.KERNEL32(?), ref: 645FEDA2

al_get_time.MSIMG32 ref: 645CB811
al_emit_user_event.MSIMG32 ref: 645CB82D
al_destroy_event_queue.MSIMG32 ref: 645CB835
al_lock_mutex.MSIMG32 ref: 645CB863
al_unlock_mutex.MSIMG32 ref: 645CB8C7
al_get_channel_count.MSIMG32 ref: 645CB8E7
al_get_audio_depth_size.MSIMG32 ref: 645CB8F7
al_lock_mutex.MSIMG32 ref: 645CB90F
al_unlock_mutex.MSIMG32 ref: 645CB93C
al_lock_mutex.MSIMG32 ref: 645CB99F
al_unlock_mutex.MSIMG32 ref: 645CB9BC
al_lock_mutex.MSIMG32 ref: 645CB9CE

Strings

Attempted to set a stream buffer with a full pending list, xrefs: 645CBA5C

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_lock_mutex$al_unlock_mutex$CriticalSection_al_vector_init$EnterLeave_al_cond_init_al_cond_wait_al_mutex_init_al_register_destructor_al_vector_alloc_back_al_vector_contains_al_vector_refal_create_event_queueal_destroy_event_queueal_emit_user_evental_get_audio_depth_sizeal_get_channel_countal_get_timeal_malloc_with_contextal_register_event_sourceal_wait_for_event
String ID: Attempted to set a stream buffer with a full pending list
API String ID: 4016002539-402962720
Opcode ID: 1432cc67f7a063353009d8c735722129563887f82e5b30c3d155b66820dc3a1e
Instruction ID: 84801bf62ce76a059d7961f1b9633c97ba303647f5e57be146805ba1c53169f9
Opcode Fuzzy Hash: 1432cc67f7a063353009d8c735722129563887f82e5b30c3d155b66820dc3a1e
Instruction Fuzzy Hash: 31A138707087429BE704EFB9E4847AAFBE4BF45704F00892DD8A897201E775E855DBA3

Function 645CD034 Relevance: 36.9, APIs: 15, Strings: 6, Instructions: 156COMMON

Download Yara Rule

APIs

al_calloc_with_context.MSIMG32 ref: 645CD07B
al_free_with_context.MSIMG32 ref: 645CD0C6

Strings

AL_FORMAT_QUAD16, xrefs: 645CD160
AL_FORMAT_51CHN_16, xrefs: 645CD118
AL_FORMAT_71CHN_16, xrefs: 645CD1D4
d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\audio\openal.c, xrefs: 645CD05C, 645CD0B3, 645CD13C, 645CD184, 645CD1B0, 645CD1FC, 645CD248, 645CD289, 645CD2B3, 645CD2DD, 645CD307
_openal_allocate_voice, xrefs: 645CD054, 645CD0AB, 645CD134, 645CD17C, 645CD1A8, 645CD1F4, 645CD240, 645CD281, 645CD2AB, 645CD2D5, 645CD2FF
AL_FORMAT_61CHN_16, xrefs: 645CD220

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_calloc_with_contextal_free_with_context
String ID: AL_FORMAT_51CHN_16$AL_FORMAT_61CHN_16$AL_FORMAT_71CHN_16$AL_FORMAT_QUAD16$_openal_allocate_voice$d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\audio\openal.c
API String ID: 973425427-3490697798
Opcode ID: a0ca966a34b10fd87a03d13f773bd8d6813b1508070940b666003902a4b7aa91
Instruction ID: 819e879949897b6df6e83c3d7ab535b47a8efbdab479c9cf2b44c847fdfd23fa
Opcode Fuzzy Hash: a0ca966a34b10fd87a03d13f773bd8d6813b1508070940b666003902a4b7aa91
Instruction Fuzzy Hash: EB61FBB0548705DBE7119F98EA4132EBBE0EF92704F11C91DE0A48B340E379C58ADB47

Function 64717554 Relevance: 34.8, APIs: 23, Instructions: 310COMMON

Download Yara Rule

APIs

vorbis_info_init.MSIMG32 ref: 6471758E
vorbis_comment_init.MSIMG32 ref: 6471759A
ogg_page_bos.MSIMG32 ref: 647175B3
ogg_page_serialno.MSIMG32 ref: 647175E4
ogg_page_serialno.MSIMG32 ref: 64717611
ogg_page_serialno.MSIMG32 ref: 6471766C
ogg_stream_reset_serialno.MSIMG32 ref: 6471767C
ogg_stream_pagein.MSIMG32 ref: 6471768C
ogg_stream_packetout.MSIMG32 ref: 647176A0
vorbis_synthesis_idheader.MSIMG32 ref: 647176B0
vorbis_info_clear.MSIMG32 ref: 64717713
vorbis_comment_clear.MSIMG32 ref: 6471771F
ogg_stream_packetout.MSIMG32 ref: 6471790B
ogg_page_serialno.MSIMG32 ref: 6471792E
ogg_page_bos.MSIMG32 ref: 6471793E

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ogg_page_serialno$ogg_page_bosogg_stream_packetout$ogg_stream_pageinogg_stream_reset_serialnovorbis_comment_clearvorbis_comment_initvorbis_info_clearvorbis_info_initvorbis_synthesis_idheader
String ID:
API String ID: 2971266059-0
Opcode ID: 1816f66976aef612d5ca3e05874293728bd30f1c8f22a3c6c6eec228dcf02d1a
Instruction ID: c161479530c39844e9bc93666295b355e034790a2c60be6d2e430151e807523b
Opcode Fuzzy Hash: 1816f66976aef612d5ca3e05874293728bd30f1c8f22a3c6c6eec228dcf02d1a
Instruction Fuzzy Hash: D5D1597420C3408FE705EF29C68461EB7F6BF89718F18892DE8998B355DB34E945CB82

Function 645CF750 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 233COMMON

Download Yara Rule

APIs

al_ref_ustr.MSIMG32 ref: 645CF78F
al_ustr_find_cset_cstr.MSIMG32 ref: 645CF7BA

Part of subcall function 64659968: al_ustr_find_cset.MSIMG32 ref: 646599A7

al_ustr_size.MSIMG32 ref: 645CF7E4
al_ustr_find_set_cstr.MSIMG32 ref: 645CF7D5

Part of subcall function 64659790: al_ustr_find_set.MSIMG32 ref: 646597CF

al_ustr_find_cset_cstr.MSIMG32 ref: 645CF968
al_ustr_find_set_cstr.MSIMG32 ref: 645CF987
al_ref_ustr.MSIMG32 ref: 645CF9AA

Strings

, xrefs: 645CF7AB, 645CF7C6, 645CF959, 645CF978

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_ref_ustral_ustr_find_cset_cstral_ustr_find_set_cstr$al_ustr_find_csetal_ustr_find_setal_ustr_size
String ID:
API String ID: 554529905-184147866
Opcode ID: d5d4e575275401a9a47f1b7e49dd748187b5b353a784c539888ca8894ce8eaa8
Instruction ID: c531a9af17464b8295539ba31ffa38355c86d599cb6b5eb0f44e0036b35319c6
Opcode Fuzzy Hash: d5d4e575275401a9a47f1b7e49dd748187b5b353a784c539888ca8894ce8eaa8
Instruction Fuzzy Hash: 66A1D8B1A09341EFC310AF24D18429EBBE1EF85754F519D1EE9D9A7290D3318861CF8B

Function 645CA494 Relevance: 33.4, APIs: 12, Strings: 7, Instructions: 136COMMON

Download Yara Rule

APIs

al_get_system_config.MSIMG32(?,?,00000000,00064270,?,?,645CA989), ref: 645CA49B
al_get_config_value.MSIMG32 ref: 645CA4BD
al_get_config_value.MSIMG32 ref: 645CA4E7
al_get_config_value.MSIMG32 ref: 645CA511
al_get_config_value.MSIMG32 ref: 645CA53B
al_attach_mixer_to_voice.MSIMG32 ref: 645CA574
al_destroy_mixer.MSIMG32 ref: 645CA589
al_destroy_voice.MSIMG32 ref: 645CA5A8

Strings

, xrefs: 645CA688
audio, xrefs: 645CA4B2, 645CA4DC, 645CA506, 645CA530
primary_mixer_frequency, xrefs: 645CA4D4
primary_voice_frequency, xrefs: 645CA4AA
primary_mixer_depth, xrefs: 645CA528
int16, xrefs: 645CA5EC, 645CA62C
primary_voice_depth, xrefs: 645CA4FE

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_get_config_value$al_attach_mixer_to_voiceal_destroy_mixeral_destroy_voiceal_get_system_config
String ID: $audio$int16$primary_mixer_depth$primary_mixer_frequency$primary_voice_depth$primary_voice_frequency
API String ID: 1331222334-1213999577
Opcode ID: 19381b1225fb801865036e9b104a302066316657941a357dcbc9194b7d86750a
Instruction ID: f4f21c0655e19585d597a1baf0c428b7068563a68be863e0b8239cf0524adc6c
Opcode Fuzzy Hash: 19381b1225fb801865036e9b104a302066316657941a357dcbc9194b7d86750a
Instruction Fuzzy Hash: 54419EB1A083419BEB009FB5E59432A7FE0EB81754F018A2DD5A88B751E739CC80FB53

Function 645C460C Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 61COMMON

Download Yara Rule

APIs

al_get_system_config.MSIMG32 ref: 645C4610
al_get_config_value.MSIMG32(?,?,?,?,?,00000001,645C4845), ref: 645C462C
_al_stricmp.MSIMG32(?,?,?,?,?,00000001,645C4845), ref: 645C4653

Strings

audio, xrefs: 645C4621
DIRECTSOUND, xrefs: 645C46D9
driver, xrefs: 645C4619
ALSA, xrefs: 645C4648
PULSEAUDIO, xrefs: 645C46A0
OPENAL, xrefs: 645C4668
DSOUND, xrefs: 645C46BB
OSS, xrefs: 645C4684

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: _al_stricmpal_get_config_valueal_get_system_config
String ID: ALSA$DIRECTSOUND$DSOUND$OPENAL$OSS$PULSEAUDIO$audio$driver
API String ID: 474537536-4036240856
Opcode ID: a0ef5467fef17fec983015561252fb3cd64916372a85e6a0c9ed2f6088c24eee
Instruction ID: 8e74ccebb95b0ccf216052d2afb9f81c74504ff0e23991d4962c0d34bd2cc514
Opcode Fuzzy Hash: a0ef5467fef17fec983015561252fb3cd64916372a85e6a0c9ed2f6088c24eee
Instruction Fuzzy Hash: 0A1130A024970086E701AFF4EB8175EB7A49F52709F419E2C98859B305E734C8D0FF03

Function 645FE72C Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 78COMMON

Download Yara Rule

APIs

_al_unregister_destructor.MSIMG32 ref: 645FE741

Part of subcall function 645FE3FC: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,645C5EA8,?,?,?,?,?,?,645C93B8), ref: 645FE414
Part of subcall function 645FE3FC: _al_vector_ref.MSIMG32(?,?,?,?,?,?,645C5EA8,?,?,?,?,?,?,645C93B8), ref: 645FE435
Part of subcall function 645FE3FC: _al_vector_delete_at.MSIMG32(?,?,?,?,?,?,645C5EA8,?,?,?,?,?,?,645C93B8), ref: 645FE445
Part of subcall function 645FE3FC: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,645C5EA8,?,?,?,?,?,?,645C93B8), ref: 645FE453

_al_vector_ref_back.MSIMG32 ref: 645FE75A
EnterCriticalSection.KERNEL32 ref: 645FE76F
_al_vector_find_and_delete.MSIMG32 ref: 645FE77C
LeaveCriticalSection.KERNEL32 ref: 645FE78F
_al_event_source_on_unregistration_from_queue.MSIMG32 ref: 645FE7A8
EnterCriticalSection.KERNEL32(00000000), ref: 645FE7B7
LeaveCriticalSection.KERNEL32(00000000), ref: 645FE7D6
_al_vector_free.MSIMG32 ref: 645FE7EA
_al_vector_free.MSIMG32 ref: 645FE7F5
_al_cond_destroy.MSIMG32 ref: 645FE800
_al_mutex_destroy.MSIMG32 ref: 645FE80B
al_free_with_context.MSIMG32 ref: 645FE82B

Strings

al_destroy_event_queue, xrefs: 645FE810
d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\events.c, xrefs: 645FE818

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$EnterLeave$_al_vector_free$_al_cond_destroy_al_event_source_on_unregistration_from_queue_al_mutex_destroy_al_unregister_destructor_al_vector_delete_at_al_vector_find_and_delete_al_vector_ref_al_vector_ref_backal_free_with_context
String ID: al_destroy_event_queue$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\events.c
API String ID: 132139030-553640495
Opcode ID: d885eb87bd575a60004045c72a4f08f991209202a143ff132001dacfb32179ef
Instruction ID: 5412a670c8503f65cc39c35431896f8f71f7c2250379050834f41f43e57b014a
Opcode Fuzzy Hash: d885eb87bd575a60004045c72a4f08f991209202a143ff132001dacfb32179ef
Instruction Fuzzy Hash: 8231F4B45097408FEB40EF79D8C4A2ABBE4AF58608F01886DE8988B305D734D846DF57

Function 64682588 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 166COMMON

Download Yara Rule

APIs

__PHYSFS_platformGrabMutex.MSIMG32 ref: 64682688
__PHYSFS_platformReleaseMutex.MSIMG32 ref: 646826CD
__PHYSFS_setError.MSIMG32 ref: 6468273C
__PHYSFS_setError.MSIMG32 ref: 64682787

Strings

Insecure filename, xrefs: 64682708
Write directory is not set, xrefs: 64682760
Out of memory, xrefs: 64682735
Invalid argument, xrefs: 64682780
irectSoundCapture, xrefs: 64682724

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ErrorMutexS_platformS_set$GrabRelease
String ID: Insecure filename$Invalid argument$Out of memory$Write directory is not set$irectSoundCapture
API String ID: 932224727-3624582895
Opcode ID: dc2e6a73f31fa8c0b4aae088b5d393d23dfb27f4736e2ac59cfeef04cc7991f0
Instruction ID: 9b8107c92f50013cd7612d2f3ce2df05dfbdbcbdfac2a54d2bcf78184d310970
Opcode Fuzzy Hash: dc2e6a73f31fa8c0b4aae088b5d393d23dfb27f4736e2ac59cfeef04cc7991f0
Instruction Fuzzy Hash: 8351BFB5A092498FDB00DF79D4C46EEBBF2FF5A324F508529E8509B341D7319885CBA2

Function 6469A6F4 Relevance: 22.6, APIs: 14, Strings: 1, Instructions: 138COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 6469A703
EnterCriticalSection.KERNEL32(00000000), ref: 6469A710
LeaveCriticalSection.KERNEL32(00000000,00000000), ref: 6469A73D
EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 6469A78A
LeaveCriticalSection.KERNEL32(00000000,00000000), ref: 6469A7D3
EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 6469A7E0
LeaveCriticalSection.KERNEL32(00000000,?,00000000,00000000), ref: 6469A7F7
LeaveCriticalSection.KERNEL32(00000000,?,00000000,00000000), ref: 6469A821
LeaveCriticalSection.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 6469A83B
LeaveCriticalSection.KERNEL32(00000000,?,00000000,00000000), ref: 6469A8A7

Strings

:-, xrefs: 6469A716, 6469A790, 6469A7E6, 6469A8CB

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$Leave$Enter
String ID: :-
API String ID: 2978645861-2031694841
Opcode ID: da6fc5e2b7e612a2e00fc7ffea3760ad3ded8e4ca7d8dbd269eacc56af7ff418
Instruction ID: 2c9a76989d838447e652b289f092e6c30fd1643fb1d4946799429eb657b22d60
Opcode Fuzzy Hash: da6fc5e2b7e612a2e00fc7ffea3760ad3ded8e4ca7d8dbd269eacc56af7ff418
Instruction Fuzzy Hash: B251C370A19287EEE7919F7886D9A1E77F4AF26358F81586DE0D0DA300D7B4C089CB53

Function 64688650 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 188memorytimeCOMMON

Download Yara Rule

APIs

__PHYSFS_initSmallAlloc.MSIMG32 ref: 646886AB
PHYSFS_utf8ToUcs2.MSIMG32 ref: 646886CC
__PHYSFS_smallFree.MSIMG32 ref: 646886F7
GetFileTime.KERNEL32 ref: 64688755
CloseHandle.KERNEL32 ref: 6468876C
__PHYSFS_initSmallAlloc.MSIMG32 ref: 64688811
WideCharToMultiByte.KERNEL32 ref: 64688850
__PHYSFS_smallFree.MSIMG32 ref: 6468887B

Strings

irectSoundCapture, xrefs: 64688775

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: AllocFreeS_initS_smallSmall$ByteCharCloseFileHandleMultiS_utf8TimeUcs2Wide
String ID: irectSoundCapture
API String ID: 2920675050-4189381426
Opcode ID: adf465d0680a9306455b40610d381c2fde3241bb56aaa9173746d13060d002c5
Instruction ID: eebf20657be96547f9aecdacdaa6cab0a9c14a7d6603a60842500d14db963ecb
Opcode Fuzzy Hash: adf465d0680a9306455b40610d381c2fde3241bb56aaa9173746d13060d002c5
Instruction Fuzzy Hash: F2618D71A083058FEB00EF79C49436EBBF5EF84354F108A2DE49897390EB74D4448BA2

Function 645FE58C Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 128COMMON

Download Yara Rule

APIs

_al_vector_ref.MSIMG32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,645FE9E7), ref: 645FE5C6
_al_vector_init.MSIMG32 ref: 645FE5EE
_al_vector_ref.MSIMG32 ref: 645FE640
EnterCriticalSection.KERNEL32(?), ref: 645FE66F
LeaveCriticalSection.KERNEL32(00000000,?), ref: 645FE68D
al_free_with_context.MSIMG32 ref: 645FE6BB

Strings

d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\events.c, xrefs: 645FE6A8
al_unref_user_event, xrefs: 645FE6A0
@, xrefs: 645FE5E3

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection_al_vector_ref$EnterLeave_al_vector_inital_free_with_context
String ID: @$al_unref_user_event$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\events.c
API String ID: 259631193-3120285636
Opcode ID: 9d1917ea2e833c00678e88d592aa4577954fd909508a69bcab96235d6ee5a152
Instruction ID: a065d3a781433c4c2d0037d644f77b1ad7cfbf5ed013e796f413b2afe1a25df4
Opcode Fuzzy Hash: 9d1917ea2e833c00678e88d592aa4577954fd909508a69bcab96235d6ee5a152
Instruction Fuzzy Hash: A2414DB06097098FD744DF68D98461EBBE2FF98744F12896DD8989B301E734E846DF82

Function 64669140 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 66libraryCOMMON

Download Yara Rule

APIs

al_is_system_installed.MSIMG32 ref: 64669148
al_get_standard_path.MSIMG32 ref: 6466915C

Part of subcall function 64623BE8: al_clone_path.MSIMG32(?,?,?,?,?,?,?,?,?,?,64600A5D), ref: 64623C08
Part of subcall function 64623BE8: al_set_path_filename.MSIMG32 ref: 64623C1C

al_path_cstr.MSIMG32 ref: 6466917A

Part of subcall function 64622CAC: al_ustr_assign.MSIMG32 ref: 64622CC8
Part of subcall function 64622CAC: _al_vector_ref.MSIMG32 ref: 64622CEB
Part of subcall function 64622CAC: al_ustr_append.MSIMG32 ref: 64622CF9
Part of subcall function 64622CAC: al_ustr_append_chr.MSIMG32 ref: 64622D05
Part of subcall function 64622CAC: al_ustr_append.MSIMG32 ref: 64622D1A

_al_sane_strncpy.MSIMG32 ref: 646691A9
PathFindOnPathA.SHLWAPI ref: 646691B9
LoadLibraryA.KERNEL32 ref: 646691C8
al_destroy_path.MSIMG32 ref: 646691D7
al_destroy_path.MSIMG32 ref: 646691E3
GetModuleFileNameA.KERNEL32 ref: 6466920B

Strings

\, xrefs: 6466916F

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: Pathal_destroy_pathal_ustr_append$FileFindLibraryLoadModuleName_al_sane_strncpy_al_vector_refal_clone_pathal_get_standard_pathal_is_system_installedal_path_cstral_set_path_filenameal_ustr_append_chral_ustr_assign
String ID: \
API String ID: 2760430602-2967466578
Opcode ID: 8a2591a58453cdb9936ec075eee996b4326a1a0f145a4a8ee0db9ef2ed5de582
Instruction ID: 4a82effa172e9f07c054f94cfa0879069423be9daa0f8869197bdc623ddedd16
Opcode Fuzzy Hash: 8a2591a58453cdb9936ec075eee996b4326a1a0f145a4a8ee0db9ef2ed5de582
Instruction Fuzzy Hash: 252113B05187419AE740AF34D58439FBAE4AF45348F414C2DE8D68B380D778854CCBA7

Function 646244C0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 60COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 646244EA
_al_vector_find_and_delete.MSIMG32 ref: 646244FF
LeaveCriticalSection.KERNEL32 ref: 6462452A
_al_thread_join.MSIMG32 ref: 64624537
al_free_with_context.MSIMG32 ref: 64624557
_al_unregister_destructor.MSIMG32 ref: 64624568
_al_event_source_free.MSIMG32 ref: 64624570
al_free_with_context.MSIMG32 ref: 64624590

Strings

al_stop_timer, xrefs: 6462453C
d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\timernu.c, xrefs: 64624544, 6462457D
al_destroy_timer, xrefs: 64624575

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSectional_free_with_context$EnterLeave_al_event_source_free_al_thread_join_al_unregister_destructor_al_vector_find_and_delete
String ID: al_destroy_timer$al_stop_timer$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\timernu.c
API String ID: 3369986114-2851958027
Opcode ID: 820285ceafd9928bfc0972f74fa487bbcdda3cf3c7abbdf99c90573aaa0e05df
Instruction ID: efafbc867a1af8bf84fc38356435359b146e0bdf8060357448eef8dac3d5149d
Opcode Fuzzy Hash: 820285ceafd9928bfc0972f74fa487bbcdda3cf3c7abbdf99c90573aaa0e05df
Instruction Fuzzy Hash: 552134B0518351AFEB41AF24D68475FBBE8AB51708F01882CE8D89B301D774C885DF9B

Function 645C36C8 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

al_malloc_with_context.MSIMG32 ref: 645C373E
al_malloc_with_context.MSIMG32 ref: 645C3773
_al_count_to_channel_conf.MSIMG32 ref: 645C37F0
_al_word_size_to_depth_conf.MSIMG32 ref: 645C37FE
al_create_audio_stream.MSIMG32 ref: 645C381E

Part of subcall function 645CACF4: al_get_channel_count.MSIMG32(?,?,?,?,?,?,00000000,?,00000000,?,645C1FF0), ref: 645CAD26
Part of subcall function 645CACF4: al_get_audio_depth_size.MSIMG32(?,?,?,?,?,?,00000000,?,00000000,?,645C1FF0), ref: 645CAD34
Part of subcall function 645CACF4: al_calloc_with_context.MSIMG32 ref: 645CAD6C
Part of subcall function 645CACF4: al_calloc_with_context.MSIMG32 ref: 645CAE19
Part of subcall function 645CACF4: al_calloc_with_context.MSIMG32 ref: 645CAE62
Part of subcall function 645CACF4: al_init_user_event_source.MSIMG32 ref: 645CAE97

al_create_thread.MSIMG32 ref: 645C3862

Part of subcall function 64623EA0: al_malloc_with_context.MSIMG32 ref: 64623EC3
Part of subcall function 64623EA0: _al_mutex_init.MSIMG32 ref: 64623EE9
Part of subcall function 64623EA0: _al_cond_init.MSIMG32 ref: 64623EF4
Part of subcall function 64623EA0: _al_thread_create.MSIMG32 ref: 64623F16

al_start_thread.MSIMG32 ref: 645C38BD

Part of subcall function 64623F9C: EnterCriticalSection.KERNEL32 ref: 64623FB5
Part of subcall function 64623F9C: _al_cond_broadcast.MSIMG32 ref: 64623FC8
Part of subcall function 64623F9C: LeaveCriticalSection.KERNEL32 ref: 64623FD7

al_free_with_context.MSIMG32 ref: 645C38FC

Strings

_al_load_ogg_vorbis_audio_stream_f, xrefs: 645C371F, 645C3754, 645C38E1
d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\acodec\ogg.c, xrefs: 645C3727, 645C375C, 645C38E9

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_calloc_with_contextal_malloc_with_context$CriticalSection$EnterLeave_al_cond_broadcast_al_cond_init_al_count_to_channel_conf_al_mutex_init_al_thread_create_al_word_size_to_depth_confal_create_audio_streamal_create_threadal_free_with_contextal_get_audio_depth_sizeal_get_channel_countal_init_user_event_sourceal_start_thread
String ID: _al_load_ogg_vorbis_audio_stream_f$d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\acodec\ogg.c
API String ID: 481204574-2556912772
Opcode ID: d8b17082e7f8335b304009578dc7deea19ec060224dbdb998d404447e0a85b95
Instruction ID: eeebcd641500a98b95c367a418a00d58aa7fe1372d55fb829e37857bb5e61237
Opcode Fuzzy Hash: d8b17082e7f8335b304009578dc7deea19ec060224dbdb998d404447e0a85b95
Instruction Fuzzy Hash: 4F5100B00083658FD711AFA9D69939ABFE0FB95710F008A1DE8A88B780C774C844DF87

Function 646240B4 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 50COMMON

Download Yara Rule

APIs

al_free_with_context.MSIMG32(?,?,?,?,645C2184), ref: 646240EA
al_rest.MSIMG32(?,?,645C2184), ref: 64624103
EnterCriticalSection.KERNEL32(?,?,645C2184), ref: 6462411E
_al_cond_broadcast.MSIMG32(?,?,645C2184), ref: 64624131
LeaveCriticalSection.KERNEL32(?,?,645C2184), ref: 64624140
_al_mutex_destroy.MSIMG32(?,?,645C2184), ref: 6462414C
_al_thread_join.MSIMG32(?,?,645C2184), ref: 64624154

Strings

d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\threads.c, xrefs: 646240D7
al_destroy_thread, xrefs: 646240CF
MbP?, xrefs: 646240FB

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$EnterLeave_al_cond_broadcast_al_mutex_destroy_al_thread_joinal_free_with_contextal_rest
String ID: MbP?$al_destroy_thread$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\threads.c
API String ID: 4008011814-3206273515
Opcode ID: 25e710d398545ed77b4986feec4034abfd10ff25a9462be74ade1cfd0d4916fb
Instruction ID: 81883f11b144ffb83e9bfc54950c2e8a4b707522409b93df95eb0320884a7d80
Opcode Fuzzy Hash: 25e710d398545ed77b4986feec4034abfd10ff25a9462be74ade1cfd0d4916fb
Instruction Fuzzy Hash: 5C115EB1508700ABEB00EF24C9C5A6B7BE8AF65708F52895DD8859B306D774C484CF57

Function 6468E478 Relevance: 16.8, APIs: 11, Instructions: 290COMMON

Download Yara Rule

APIs

GetContextSuspended.MSIMG32 ref: 6468E48F

Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,?,?,?,?,6468D754), ref: 6469CD3B
Part of subcall function 6469CD30: TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6468D754), ref: 6469CD49
Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,6468D754), ref: 6469CD5C
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDA3
Part of subcall function 6469CD30: TlsSetValue.KERNEL32(?,00000000), ref: 6469CDB9
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDD2

LookupUIntMapKey.MSIMG32 ref: 6468E4A8
alSourcef.MSIMG32 ref: 6468E537
ChannelsFromFmt.MSIMG32 ref: 6468E654
BytesFromFmt.MSIMG32 ref: 6468E65E
alSetError.MSIMG32 ref: 6468E687
alSetError.MSIMG32 ref: 6468E7DF
alSetError.MSIMG32 ref: 6468E83F

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$Error$EnterFromLeaveValue$BytesChannelsContextLookupSourcefSuspended
String ID:
API String ID: 2004259826-0
Opcode ID: 737fc826e7e3f55f5eb2608276e2136542c4386826c11c5329349c975473a201
Instruction ID: f8b51237e0a83582b6689d91fae9ff267a27ef2043e32261b87d15f6b27fb5e9
Opcode Fuzzy Hash: 737fc826e7e3f55f5eb2608276e2136542c4386826c11c5329349c975473a201
Instruction Fuzzy Hash: C7C18275A09396CFEB20CF18D58439EBBE0AF96704F04452ED8949B251E375D889CBB3

Function 64699140 Relevance: 16.6, APIs: 8, Strings: 3, Instructions: 57COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 6469914F
EnterCriticalSection.KERNEL32(00000000), ref: 64699160
LeaveCriticalSection.KERNEL32(00000000,00000000), ref: 64699189
TlsSetValue.KERNEL32 ref: 646991A5
LeaveCriticalSection.KERNEL32 ref: 646991BA
LeaveCriticalSection.KERNEL32(00000000,00000000), ref: 646991D3
EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 646991E0
LeaveCriticalSection.KERNEL32(?,?,00000000,00000000), ref: 64699201

Strings

:-, xrefs: 646991E6
~-, xrefs: 64699166
g-, xrefs: 6469918F

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$Value
String ID: :-$g-$~-
API String ID: 720131773-3401727152
Opcode ID: 891b126cef89e03d30859b521bc8d730e9edef3879ab97b9a4e00a283347e2bf
Instruction ID: d5be058d851e134b769645f82f9e3a3c40080be2752087ff80f3d608b2ad9388
Opcode Fuzzy Hash: 891b126cef89e03d30859b521bc8d730e9edef3879ab97b9a4e00a283347e2bf
Instruction Fuzzy Hash: B61146B0109246DEDB50AF6585D991E7BE8BB2631CFC1596CD4D4A7301D770C44C9B63

Function 646834A8 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 230COMMON

Download Yara Rule

APIs

__PHYSFS_setError.MSIMG32 ref: 64683630
__PHYSFS_setError.MSIMG32 ref: 64683795

Strings

Insecure filename, xrefs: 646835F0
Out of memory, xrefs: 64683629
Invalid argument, xrefs: 6468378E
irectSoundCapture, xrefs: 64683615

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ErrorS_set
String ID: Insecure filename$Invalid argument$Out of memory$irectSoundCapture
API String ID: 1705320395-95673110
Opcode ID: bc6f176a45f27f7198c6a6f7f897b5061a3b586137d03c400e42e125dfa26614
Instruction ID: aaa1fa2928ab594c35f66289c4fff8ee0d10b063c32b0be3998ca2c63ca15c77
Opcode Fuzzy Hash: bc6f176a45f27f7198c6a6f7f897b5061a3b586137d03c400e42e125dfa26614
Instruction Fuzzy Hash: 15918EB4E052499FDF04CFA8D4847DDBBB2FF59324F108229E860AB781D7369885CB61

Function 646837B0 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 218COMMON

Download Yara Rule

APIs

__PHYSFS_setError.MSIMG32 ref: 6468391E
__PHYSFS_setError.MSIMG32 ref: 64683A55

Strings

Insecure filename, xrefs: 646838E8
Out of memory, xrefs: 64683917
Invalid argument, xrefs: 64683A4E
irectSoundCapture, xrefs: 64683906

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ErrorS_set
String ID: Insecure filename$Invalid argument$Out of memory$irectSoundCapture
API String ID: 1705320395-95673110
Opcode ID: c57c722776e9e73ef0a5c5781bbe7e5b3cb3b454258e2a57ac86db19e5a47e71
Instruction ID: 82a1dfcd47b7223e77cab9b5e356085e635aa16caf1c0ee4d5717fe84011f394
Opcode Fuzzy Hash: c57c722776e9e73ef0a5c5781bbe7e5b3cb3b454258e2a57ac86db19e5a47e71
Instruction Fuzzy Hash: 0A817EB1E042499FDF00CFA9D4847DEBBB2FF59314F148529D860AB741D7369885CBA1

Function 64682794 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 202COMMON

Download Yara Rule

APIs

__PHYSFS_platformGrabMutex.MSIMG32 ref: 64682894
__PHYSFS_platformReleaseMutex.MSIMG32 ref: 64682926
__PHYSFS_setError.MSIMG32 ref: 646829D2
__PHYSFS_setError.MSIMG32 ref: 646829E8

Strings

Insecure filename, xrefs: 64682980
Out of memory, xrefs: 646829CB
Invalid argument, xrefs: 646829E1
irectSoundCapture, xrefs: 6468299C

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ErrorMutexS_platformS_set$GrabRelease
String ID: Insecure filename$Invalid argument$Out of memory$irectSoundCapture
API String ID: 932224727-95673110
Opcode ID: cba36a6d695c289173a0914b4bdf19b08b6af0b7b9e649300089b9e563caf0b0
Instruction ID: b88c972a85321a289d33d75286f06e394d8a35b30ecf2fe234c6a7ca3764ec35
Opcode Fuzzy Hash: cba36a6d695c289173a0914b4bdf19b08b6af0b7b9e649300089b9e563caf0b0
Instruction Fuzzy Hash: 91719C75E092098FDF14CF6AE4806EEBBF2FF55320F148569E8A4A7381D7319845CBA1

Function 64607160 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 166COMMON

Download Yara Rule

APIs

_al_balloc.MSIMG32 ref: 646071FB
al_free_with_context.MSIMG32 ref: 64607241
al_free_with_context.MSIMG32 ref: 64607275
_al_bstrcpy.MSIMG32 ref: 64607387

Strings

d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\bstrlib.c, xrefs: 6460722E, 64607262, 6460732C, 64607360
_al_bdestroy, xrefs: 64607226, 6460725A, 64607324, 64607358

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_free_with_context$_al_balloc_al_bstrcpy
String ID: _al_bdestroy$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\bstrlib.c
API String ID: 539564494-4073986910
Opcode ID: 8973b1694c1a6e944bc0606161e5e75f4d128e12cac9933b97a14601cb08231d
Instruction ID: 9e1c20e4e35d9c319edc2712f87114be2b698483ac6b39ec3be85a352bf0b789
Opcode Fuzzy Hash: 8973b1694c1a6e944bc0606161e5e75f4d128e12cac9933b97a14601cb08231d
Instruction Fuzzy Hash: C1613B70608741CBD728EF69C78061EBBF5AF94B55F05C92CE9988B351E331E881CB42

Function 646A540C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 163COMMON

Download Yara Rule

APIs

GetContextSuspended.MSIMG32 ref: 646A541F

Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,?,?,?,?,6468D754), ref: 6469CD3B
Part of subcall function 6469CD30: TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6468D754), ref: 6469CD49
Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,6468D754), ref: 6469CD5C
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDA3
Part of subcall function 6469CD30: TlsSetValue.KERNEL32(?,00000000), ref: 6469CDB9
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDD2

LookupUIntMapKey.MSIMG32 ref: 646A543A
alSetError.MSIMG32 ref: 646A547F
alSetError.MSIMG32 ref: 646A553D
alSetError.MSIMG32 ref: 646A559F

Strings

X94<, xrefs: 646A5672
zT?, xrefs: 646A563A
B`;, xrefs: 646A564F

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$Error$EnterLeaveValue$ContextLookupSuspended
String ID: B`;$X94<$zT?
API String ID: 1516355843-2501761238
Opcode ID: efc9d9f8905f3fc96c167c8c29be76cb9a4ae1db48e48d054a2ca81ddbdf4857
Instruction ID: dc560f5b868d32c1b94dd6dae5ae80187be3aba7dfa43d4f22481f8a508e6968
Opcode Fuzzy Hash: efc9d9f8905f3fc96c167c8c29be76cb9a4ae1db48e48d054a2ca81ddbdf4857
Instruction Fuzzy Hash: EF6158B1A08B118FEB14DF18C194B5A7BA1FB92319F1685A9C4980F262C776CCC5CF86

Function 646056CC Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 158COMMON

Download Yara Rule

APIs

al_free_with_context.MSIMG32 ref: 646057A0
al_free_with_context.MSIMG32 ref: 646057D4
_al_balloc.MSIMG32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,64658D07), ref: 646057F9

Strings

d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\bstrlib.c, xrefs: 6460578D, 646057C1, 646058C6, 646058FA
_al_bdestroy, xrefs: 64605785, 646057B9, 646058BE, 646058F2

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_free_with_context$_al_balloc
String ID: _al_bdestroy$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\bstrlib.c
API String ID: 845421172-4073986910
Opcode ID: 04b2c790b51437380ecd03a6dd0293cd126dec1e8a128e1d64db2476d92e16c9
Instruction ID: bd4f0ed6c3db60a917f118a4af3eb8dda3155c98a19ba7a5abde9d89833e8c20
Opcode Fuzzy Hash: 04b2c790b51437380ecd03a6dd0293cd126dec1e8a128e1d64db2476d92e16c9
Instruction Fuzzy Hash: 58511370A087118BD728DF69D68061FFBE5BF94B24F14CA2DE8988B345D774D840CB96

Function 646866B8 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 137COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 646866E1
OpenProcessToken.ADVAPI32 ref: 646866F8
CloseHandle.KERNEL32 ref: 6468670A

Strings

Out of memory, xrefs: 6468686F

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: Process$CloseCurrentHandleOpenToken
String ID: Out of memory
API String ID: 4052875653-696950042
Opcode ID: 6d653440c3d66242d84771bc7f7266b74169a820e12a03f535a66bd0fd24cb37
Instruction ID: e72b64fedf22947401c54c714c2c38aa68b457048c0ab569d762d575a0ad0eb5
Opcode Fuzzy Hash: 6d653440c3d66242d84771bc7f7266b74169a820e12a03f535a66bd0fd24cb37
Instruction Fuzzy Hash: 7C5105B0A183058EEB009F69D99879EBBF4FF59354F00992DE499D7344E738C444CBA2

Function 646215AC Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

al_malloc_with_context.MSIMG32 ref: 6462160B
glGetIntegerv.OPENGL32 ref: 64621643
al_free_with_context.MSIMG32 ref: 646216F4
al_get_current_display.MSIMG32 ref: 64621704

Strings

S, xrefs: 64621728
_al_ogl_create_persistent_fbo, xrefs: 646215EC, 646216D9, 64621718
d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\opengl\ogl_display.c, xrefs: 646215F4, 646216E1, 64621720

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: Integerval_free_with_contextal_get_current_displayal_malloc_with_context
String ID: S$_al_ogl_create_persistent_fbo$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\opengl\ogl_display.c
API String ID: 436784367-406886240
Opcode ID: 872622f03bf37538292dfcea219571972c260a328a63b95d900a4d851b084e35
Instruction ID: ca6cd12a6b1b8f879303ddaf54f8c4444f063b9fa84ef392531b318eea04f89e
Opcode Fuzzy Hash: 872622f03bf37538292dfcea219571972c260a328a63b95d900a4d851b084e35
Instruction Fuzzy Hash: DB4114B05093009FE350AF68D68969EBFE0BB91344F40C92DE8DA8B345D7798894CF92

Function 6468114C Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 217COMMON

Download Yara Rule

APIs

__PHYSFS_setError.MSIMG32(?,?,?,?,?,?,?,?,?,?,002DD2AB,?,647FA06B,?,64681E3D), ref: 6468138D
__PHYSFS_setError.MSIMG32 ref: 646813A0

Part of subcall function 646808C4: __PHYSFS_platformGrabMutex.MSIMG32(?,?,?,64688219), ref: 646808DE
Part of subcall function 646808C4: __PHYSFS_platformGetThreadID.MSIMG32(?,?,?,64688219), ref: 646808ED
Part of subcall function 646808C4: __PHYSFS_platformReleaseMutex.MSIMG32(?,?,?,64688219), ref: 6468095C
Part of subcall function 646808C4: __PHYSFS_platformGetThreadID.MSIMG32 ref: 64680987
Part of subcall function 646808C4: __PHYSFS_platformGrabMutex.MSIMG32 ref: 6468099D

__PHYSFS_setError.MSIMG32(?,?,?,?,?,?,?,?,?,?,002DD2AB,?,647FA06B,?,64681E3D), ref: 646813DD

Strings

Insecure filename, xrefs: 646812C8
Out of memory, xrefs: 64681386, 64681399
Invalid argument, xrefs: 646813D6
irectSoundCapture, xrefs: 646812F6, 64681329, 646813B6, 646813C2, 646813CB

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: S_platform$ErrorMutexS_set$GrabThread$Release
String ID: Insecure filename$Invalid argument$Out of memory$irectSoundCapture
API String ID: 1919294830-95673110
Opcode ID: 1d8a46e3795a60a912eaa59d501e9a7a41103b983b253f1e5e8e2ad6d93ededb
Instruction ID: d6ef2f2690c07a379bf51160851bc8018042e8cd9a73396bf526845746a2d51b
Opcode Fuzzy Hash: 1d8a46e3795a60a912eaa59d501e9a7a41103b983b253f1e5e8e2ad6d93ededb
Instruction Fuzzy Hash: 9D71BF71A082498FDB00DFA9D4A82EDBFF1BF9A310F04856DD8A5DB381D7358885CB61

Function 6468650C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 127COMMON

Download Yara Rule

APIs

__PHYSFS_setError.MSIMG32 ref: 64686648
__PHYSFS_setError.MSIMG32(?,?,?,?,?,?,?,?,?,00000000,?,?,?,6468672D), ref: 64686669
__PHYSFS_setError.MSIMG32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 64686689

Strings

Out of memory, xrefs: 64686641, 646866A2
GetModuleFileName() had no dir, xrefs: 64686682
irectSoundCapture, xrefs: 64686623, 6468663B, 6468665B

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ErrorS_set
String ID: GetModuleFileName() had no dir$Out of memory$irectSoundCapture
API String ID: 1705320395-2404246056
Opcode ID: ae800c0285b7df4bff15c502b142a8d97d9c634f4aa5b46d72bff70de656de49
Instruction ID: ee940fbb04ad403ca1c009fb3d7cc090f261320f9e6067f3e042e9e01da58d9b
Opcode Fuzzy Hash: ae800c0285b7df4bff15c502b142a8d97d9c634f4aa5b46d72bff70de656de49
Instruction Fuzzy Hash: 004147B16293058EE700AF69D49935EBBE1EF95350F01992DE899C7380E7758880CBA7

Function 645D1700 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

GdipGetImageEncodersSize.GDIPLUS ref: 645D172C
al_malloc_with_context.MSIMG32 ref: 645D175B
GdipGetImageEncoders.GDIPLUS ref: 645D177D
al_free_with_context.MSIMG32 ref: 645D17D7
al_free_with_context.MSIMG32 ref: 645D1803

Strings

d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\image\gdiplus.cpp, xrefs: 645D1748, 645D17C4, 645D17F0
:, xrefs: 645D17F8
GetEncoderClsid, xrefs: 645D1740, 645D17BC, 645D17E8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: EncodersGdipImageal_free_with_context$Sizeal_malloc_with_context
String ID: :$GetEncoderClsid$d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\image\gdiplus.cpp
API String ID: 3011312513-2426040358
Opcode ID: 3e36843a846ed5a851c6167e5284dfe5ab9bf69bcd0ccb6423fab5b51c6ba559
Instruction ID: 843df0b373e0c8f219dd3a57ffd0ac9da0d7b59a3af3f3bc7c4e32e94d85ee29
Opcode Fuzzy Hash: 3e36843a846ed5a851c6167e5284dfe5ab9bf69bcd0ccb6423fab5b51c6ba559
Instruction Fuzzy Hash: 982123B0A083018FD700EF29D68465BBFE5AF84368F408A2DE9989B310E734C685DF46

Function 645C40B4 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 69COMMON

Download Yara Rule

APIs

Part of subcall function 645C3A9C: al_malloc_with_context.MSIMG32 ref: 645C3AC8
Part of subcall function 645C3A9C: al_fread.MSIMG32 ref: 645C3AFB
Part of subcall function 645C3A9C: al_free_with_context.MSIMG32 ref: 645C3B20

_al_count_to_channel_conf.MSIMG32 ref: 645C40D3
_al_word_size_to_depth_conf.MSIMG32 ref: 645C40F0
al_create_audio_stream.MSIMG32 ref: 645C4113
al_create_thread.MSIMG32 ref: 645C414A
al_start_thread.MSIMG32 ref: 645C419E

Strings

wav_close, xrefs: 645C41B4
d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\acodec\wav.c, xrefs: 645C41BC

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: _al_count_to_channel_conf_al_word_size_to_depth_confal_create_audio_streamal_create_threadal_freadal_free_with_contextal_malloc_with_contextal_start_thread
String ID: d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\acodec\wav.c$wav_close
API String ID: 142622304-3969514026
Opcode ID: fe96a049a4cf7bc525bac86ff92fc488d37df2b9b063c98fd120946c7f5b7211
Instruction ID: 30f1ebd062829ca825f17175b06fd819bef55f1081669fea216b735b3fb79c58
Opcode Fuzzy Hash: fe96a049a4cf7bc525bac86ff92fc488d37df2b9b063c98fd120946c7f5b7211
Instruction Fuzzy Hash: 623114B0508B059FD751EFA5D48179ABBE0ABA5704F04897DE8C88BB05E374D880AF93

Function 645CF0A9 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

al_restore_state.MSIMG32 ref: 645CF0AE

Part of subcall function 64625FF0: __emutls_get_address.MSIMG32 ref: 64626002

al_lock_bitmap.MSIMG32 ref: 645CF0F6
al_get_bitmap_height.MSIMG32 ref: 645CF11F
al_get_bitmap_width.MSIMG32 ref: 645CF129
al_unlock_bitmap.MSIMG32 ref: 645CF164
al_grab_font_from_bitmap.MSIMG32 ref: 645CF187
al_destroy_bitmap.MSIMG32 ref: 645CF193

Strings

, xrefs: 645CF0BB

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: __emutls_get_addressal_destroy_bitmapal_get_bitmap_heightal_get_bitmap_widthal_grab_font_from_bitmapal_lock_bitmapal_restore_stateal_unlock_bitmap
String ID:
API String ID: 315610881-3916222277
Opcode ID: dc4d33f8add4228ca0a80856c34c372d4ff258fd9ac540373f589b979753b75a
Instruction ID: b47bdb78319968bd8e4a2fd5a6f32281e4d978c77249afb20c665c0d28d51cf8
Opcode Fuzzy Hash: dc4d33f8add4228ca0a80856c34c372d4ff258fd9ac540373f589b979753b75a
Instruction Fuzzy Hash: E521AAB16087419FE300DF68C48436EBBF0AF8A358F119C2DE59A87251D77699899F43

Function 645CA6B0 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 49COMMON

Download Yara Rule

APIs

al_calloc_with_context.MSIMG32(?,?,?,?,?,?,?,?,?,00000000,00000000,645C1ECA), ref: 645CA6E8
_al_kcm_register_destructor.MSIMG32(?,?,?,?,?,?,?,?,?,00000000,00000000,645C1ECA), ref: 645CA723

Part of subcall function 645C5E6C: _al_register_destructor.MSIMG32 ref: 645C5E87

_al_set_error.MSIMG32(?,?,?,?,?,?,00000000,00000000,645C1ECA), ref: 645CA743
_al_set_error.MSIMG32(?,?,?,?,?,?,?,?,?,00000000,00000000,645C1ECA), ref: 645CA763

Strings

Out of memory allocating sample data object, xrefs: 645CA750
d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\audio\kcm_sample.c, xrefs: 645CA6C9
al_create_sample, xrefs: 645CA6C1
Invalid sample frequency, xrefs: 645CA734

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: _al_set_error$_al_kcm_register_destructor_al_register_destructoral_calloc_with_context
String ID: Invalid sample frequency$Out of memory allocating sample data object$al_create_sample$d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\audio\kcm_sample.c
API String ID: 2013244230-2190789962
Opcode ID: 1e1adb6fd332f7b61a359cd129a32da9d7ca92f5e4b6c2724af12f163b65a936
Instruction ID: 303c0c6940d376c59b0a1591d7c906a87046ee291a9ba5839ed1fa01e3cab862
Opcode Fuzzy Hash: 1e1adb6fd332f7b61a359cd129a32da9d7ca92f5e4b6c2724af12f163b65a936
Instruction Fuzzy Hash: 2411C0B05093008FD700DFAAD184A1BBBE0BF95714F05CA5DE8984B321D7B5D945AF83

Function 64624730 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 44COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 6462474D
_al_vector_find_and_delete.MSIMG32 ref: 64624762
LeaveCriticalSection.KERNEL32 ref: 6462478A
_al_thread_join.MSIMG32 ref: 64624797
al_free_with_context.MSIMG32 ref: 646247B7

Strings

al_stop_timer, xrefs: 6462479C
d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\timernu.c, xrefs: 646247A4

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$EnterLeave_al_thread_join_al_vector_find_and_deleteal_free_with_context
String ID: al_stop_timer$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\timernu.c
API String ID: 1930593762-999816394
Opcode ID: dfc047c5523bb95f66f3f69210d65f3520754fed430666b02a0e3118d6a574c5
Instruction ID: 90a7b781495d5ee31967f0ace6f858977f27c90cac318272cfe482cc926ec5c1
Opcode Fuzzy Hash: dfc047c5523bb95f66f3f69210d65f3520754fed430666b02a0e3118d6a574c5
Instruction Fuzzy Hash: 84111BB02183409FEB04AF64C68475EBBE8BB56708F45896CE4E88B341D778C445DF57

Function 645CC4C8 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 26COMMON

Download Yara Rule

APIs

_al_kcm_unregister_destructor.MSIMG32(?,?,?,?,00000000,645CACD1,?,?,?,?,?,645C45E9), ref: 645CC4D7

Part of subcall function 645C5E90: _al_unregister_destructor.MSIMG32(?,?,?,?,?,?,645C93B8,?,?,?,?,00000000,645CACC4), ref: 645C5EA3

al_detach_voice.MSIMG32(?,?,?,?,00000000,645CACD1,?,?,?,?,?,645C45E9), ref: 645CC4DF

Part of subcall function 645CC418: al_lock_mutex.MSIMG32(?,?,?,?,645CC4E4,?,?,?,?,00000000,645CACD1), ref: 645CC432
Part of subcall function 645CC418: _al_kcm_stream_set_mutex.MSIMG32 ref: 645CC454

al_destroy_mutex.MSIMG32(?,?,?,?,00000000,645CACD1,?,?,?,?,?,645C45E9), ref: 645CC4F3

Part of subcall function 64624234: _al_mutex_destroy.MSIMG32(?,?,?,?,?,645CC4F8,?,?,?,?,00000000,645CACD1), ref: 64624243
Part of subcall function 64624234: al_free_with_context.MSIMG32 ref: 64624263

al_destroy_cond.MSIMG32(?,?,?,?,00000000,645CACD1,?,?,?,?,?,645C45E9), ref: 645CC4FE

Part of subcall function 646242B0: _al_cond_destroy.MSIMG32(?,?,?,?,?,645CC503,?,?,?,?,00000000,645CACD1), ref: 646242BF
Part of subcall function 646242B0: al_free_with_context.MSIMG32 ref: 646242DF

al_free_with_context.MSIMG32 ref: 645CC51E

Strings

al_destroy_voice, xrefs: 645CC503
d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\audio\kcm_voice.c, xrefs: 645CC50B
p, xrefs: 645CC513

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_free_with_context$_al_cond_destroy_al_kcm_stream_set_mutex_al_kcm_unregister_destructor_al_mutex_destroy_al_unregister_destructoral_destroy_condal_destroy_mutexal_detach_voiceal_lock_mutex
String ID: al_destroy_voice$d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\audio\kcm_voice.c$p
API String ID: 88559167-406518065
Opcode ID: e53b2766d28e3b850a50c4d0d7898bbe307e88b28f4aba850f88726de295933a
Instruction ID: b8eb90c94d26b7fe84a46093f33590494703bf450e03eb39e6c321abba596dd5
Opcode Fuzzy Hash: e53b2766d28e3b850a50c4d0d7898bbe307e88b28f4aba850f88726de295933a
Instruction Fuzzy Hash: 82F0D4B45087008BDB00AFA4D5C462EBBE4BF44304F429D9CE8C54B302C738D4409F82

Function 6465A5F8 Relevance: 13.7, APIs: 9, Instructions: 178COMMON

Download Yara Rule

APIs

_al_d3d_render_to_texture_supported.MSIMG32 ref: 6465A627

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: _al_d3d_render_to_texture_supported
String ID:
API String ID: 1071710470-0
Opcode ID: 3547df95fe8c8a8a341917f7f8f3c4676ee7dd5d6ee42acef8720c441dfce262
Instruction ID: 78dc3d21b77f156c1a93da6eff25f1ddeb144187aba74d875e0a10498758577f
Opcode Fuzzy Hash: 3547df95fe8c8a8a341917f7f8f3c4676ee7dd5d6ee42acef8720c441dfce262
Instruction Fuzzy Hash: D49187B49097409FC708CF19C18064AFBE1BFC8354F50896EE8988B365E775E984CF96

Function 646A67E4 Relevance: 13.6, APIs: 9, Instructions: 87COMMON

Download Yara Rule

APIs

GetContextSuspended.MSIMG32 ref: 646A67F7

Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,?,?,?,?,6468D754), ref: 6469CD3B
Part of subcall function 6469CD30: TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6468D754), ref: 6469CD49
Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,6468D754), ref: 6469CD5C
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDA3
Part of subcall function 6469CD30: TlsSetValue.KERNEL32(?,00000000), ref: 6469CDB9
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDD2

LookupUIntMapKey.MSIMG32 ref: 646A6810
alSetError.MSIMG32 ref: 646A682D
GetContextSuspended.MSIMG32 ref: 646A684B
LookupUIntMapKey.MSIMG32 ref: 646A6860
alSetError.MSIMG32 ref: 646A689B
ProcessContext.MSIMG32 ref: 646A68A3
alSetError.MSIMG32 ref: 646A68CB

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$ContextError$EnterLeaveLookupSuspendedValue$Process
String ID:
API String ID: 3328862149-0
Opcode ID: 8b4da7f75d89409f7b918950dcdc69895b17264c2de2d927e691cf76f049505a
Instruction ID: 588c99cf1419cfbd54489fe31220814f0b8c8a59221f9bf4f4ed427d24bf4976
Opcode Fuzzy Hash: 8b4da7f75d89409f7b918950dcdc69895b17264c2de2d927e691cf76f049505a
Instruction Fuzzy Hash: C921E571608702CBE7006F28D9845AEBBE8EFC2354F01582ED9C547341D776C899CBA7

Function 645CA778 Relevance: 13.6, APIs: 9, Instructions: 66COMMON

Download Yara Rule

APIs

al_attach_sample_instance_to_mixer.MSIMG32 ref: 645CA7B1
_al_vector_ref.MSIMG32 ref: 645CA7D2
_al_vector_ref.MSIMG32 ref: 645CA7E4
al_destroy_sample_instance.MSIMG32 ref: 645CA7F4

Part of subcall function 645C62A4: _al_kcm_unregister_destructor.MSIMG32(?,?,?,?,00000000,645CAC96,?,?,?,?,?,645C45E9), ref: 645C62B3
Part of subcall function 645C62A4: _al_kcm_detach_from_parent.MSIMG32(?,?,?,?,00000000,645CAC96,?,?,?,?,?,645C45E9), ref: 645C62BB

al_create_sample_instance.MSIMG32 ref: 645CA800

Part of subcall function 645C62D4: al_calloc_with_context.MSIMG32 ref: 645C6305
Part of subcall function 645C62D4: _al_kcm_register_destructor.MSIMG32 ref: 645C63BD

_al_vector_ref.MSIMG32 ref: 645CA823
al_destroy_sample_instance.MSIMG32 ref: 645CA82D
_al_vector_free.MSIMG32 ref: 645CA842
_al_vector_free.MSIMG32 ref: 645CA84E

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: _al_vector_ref$_al_vector_freeal_destroy_sample_instance$_al_kcm_detach_from_parent_al_kcm_register_destructor_al_kcm_unregister_destructoral_attach_sample_instance_to_mixeral_calloc_with_contextal_create_sample_instance
String ID:
API String ID: 868697633-0
Opcode ID: 6483beae2a49b4504eef952b7cc8b4b71f5ef67cd8bf15053b4a18f838c92e7c
Instruction ID: f74092b421134fbeef777342442fad9c7ba9a898531565019310fe3f712aa700
Opcode Fuzzy Hash: 6483beae2a49b4504eef952b7cc8b4b71f5ef67cd8bf15053b4a18f838c92e7c
Instruction Fuzzy Hash: 4B2106B0A183018FEB40EFA4929465EBBE0FF96B48F55992CD1D887300E7358885EB57

Function 64699064 Relevance: 13.6, APIs: 8, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 64699073
EnterCriticalSection.KERNEL32(00000000), ref: 64699080
LeaveCriticalSection.KERNEL32(00000000,00000000), ref: 646990A9
LeaveCriticalSection.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 646990CF
LeaveCriticalSection.KERNEL32(00000000,00000000), ref: 646990E3
EnterCriticalSection.KERNEL32(00000000,00000000,00000000), ref: 646990F0
LeaveCriticalSection.KERNEL32(00000000,00000000,00000000,00000000), ref: 64699107
LeaveCriticalSection.KERNEL32(00000000,00000000,00000000,00000000), ref: 64699131

Strings

:-, xrefs: 64699086, 646990F6

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$Leave$Enter
String ID: :-
API String ID: 2978645861-2031694841
Opcode ID: d553cd6e6e2c8bd16b508bde1e29e189fcb4e909ca3a6ae21ed7d1401d1e4149
Instruction ID: 72bdd6487e29e25fcd268ad42f060cc30d8758ac5c89de56f92a97dda44f8d2d
Opcode Fuzzy Hash: d553cd6e6e2c8bd16b508bde1e29e189fcb4e909ca3a6ae21ed7d1401d1e4149
Instruction Fuzzy Hash: D41121B0109206EEEB51AF6484D9A5E7BE4AF3631CF8119ADD4A4A7301D775D08CCB23

Function 6469977C Relevance: 13.6, APIs: 8, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 6469978B
EnterCriticalSection.KERNEL32(00000000), ref: 64699798
LeaveCriticalSection.KERNEL32(00000000,00000000), ref: 646997C1
LeaveCriticalSection.KERNEL32(00000000,00000000), ref: 646997E3
EnterCriticalSection.KERNEL32(00000000,00000000,00000000), ref: 646997F0
LeaveCriticalSection.KERNEL32(00000000,00000000,00000000,00000000), ref: 64699807
LeaveCriticalSection.KERNEL32(00000000,00000000,00000000,00000000), ref: 64699831
LeaveCriticalSection.KERNEL32(?,00000000,00000000,00000000,00000000), ref: 64699845

Strings

:-, xrefs: 6469979E, 646997F6

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$Leave$Enter
String ID: :-
API String ID: 2978645861-2031694841
Opcode ID: 9adedc2c160b4eed5353a3d2517b3beedbde19aa452c9b8a06cc4bde7b1e9803
Instruction ID: 6807a91c4bd7709b8f73828df0c10da4f5bfddd7748c1a13e0d4c12b2b1c5b2e
Opcode Fuzzy Hash: 9adedc2c160b4eed5353a3d2517b3beedbde19aa452c9b8a06cc4bde7b1e9803
Instruction Fuzzy Hash: F6114FB0209206DEE760AF648595A1E3BE8AB2631CFC519ADD494AA301DB75D08C8F23

Function 6469A59C Relevance: 13.5, APIs: 7, Strings: 2, Instructions: 48COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 6469A5AB
EnterCriticalSection.KERNEL32(00000000), ref: 6469A5B8
LeaveCriticalSection.KERNEL32(00000000,00000000), ref: 6469A5E1
LeaveCriticalSection.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 6469A5F8
LeaveCriticalSection.KERNEL32(00000000,00000000), ref: 6469A60F
EnterCriticalSection.KERNEL32(?,00000000,00000000), ref: 6469A61C
LeaveCriticalSection.KERNEL32(00000000,?,00000000,00000000), ref: 6469A63C

Strings

:-, xrefs: 6469A622
~-, xrefs: 6469A5BE

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$Leave$Enter
String ID: :-$~-
API String ID: 2978645861-2644123043
Opcode ID: a1169fce780838fa713408c75ad0e2c721ab948e97409b7715c29458c3fbd023
Instruction ID: 2463adf9d323e8e23635eaad89391b42e9ca26cfd9825bc1009b9b72aa1841e7
Opcode Fuzzy Hash: a1169fce780838fa713408c75ad0e2c721ab948e97409b7715c29458c3fbd023
Instruction Fuzzy Hash: 9901EDB07092469FD790EF6985D9E1E77E8AB29218FC16968E4D4E7301DB70D48C8B23

Function 645C348C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

ov_open_callbacks.MSIMG32 ref: 645C3520
al_malloc_with_context.MSIMG32 ref: 645C358D
_al_count_to_channel_conf.MSIMG32 ref: 645C3602
_al_word_size_to_depth_conf.MSIMG32 ref: 645C3610
al_create_sample.MSIMG32 ref: 645C3638

Strings

d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\acodec\ogg.c, xrefs: 645C357A, 645C3664

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: _al_count_to_channel_conf_al_word_size_to_depth_confal_create_sampleal_malloc_with_contextov_open_callbacks
String ID: d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\acodec\ogg.c
API String ID: 4103308943-2603835114
Opcode ID: affe482a0ae41d0ab7bc66e035e82a2ff17c66be869981347f9b5beb729b19d9
Instruction ID: 3b7a9125db74275e2ad79cf3a961d340a6ad51e61ab58ef6bc8c014c1b52b495
Opcode Fuzzy Hash: affe482a0ae41d0ab7bc66e035e82a2ff17c66be869981347f9b5beb729b19d9
Instruction Fuzzy Hash: F5510EB41083659FE701EFA5D69825ABFE4FB89358F008A2DE4988B780D374C585DF87

Function 6460901C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 78COMMON

Download Yara Rule

APIs

al_free_with_context.MSIMG32 ref: 64609093
al_free_with_context.MSIMG32 ref: 646090C7
al_free_with_context.MSIMG32 ref: 64609113
al_free_with_context.MSIMG32 ref: 6460913A

Strings

d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\bstrlib.c, xrefs: 64609080, 646090B4, 64609100, 64609127
_al_bstrListDestroy, xrefs: 646090F8, 6460911F
_al_bdestroy, xrefs: 64609078, 646090AC

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_free_with_context
String ID: _al_bdestroy$_al_bstrListDestroy$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\bstrlib.c
API String ID: 3891110267-2776418772
Opcode ID: 26be1b7f32a3e5940ba9f52f0cc517671d08a7995cb682b3cb816ecd0f9563ca
Instruction ID: 02b9d5703a617d4d940e3701c7df5f0e096e6d9ef20ce474f3114b7c8291013f
Opcode Fuzzy Hash: 26be1b7f32a3e5940ba9f52f0cc517671d08a7995cb682b3cb816ecd0f9563ca
Instruction Fuzzy Hash: 243107B0605702DBE7159F15D68071AFBA2FF91B18F11CA1CE1A94B784C335E48ACF82

Function 64609710 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 64COMMON

Download Yara Rule

APIs

al_malloc_with_context.MSIMG32 ref: 6460975C
al_malloc_with_context.MSIMG32 ref: 64609791
al_free_with_context.MSIMG32 ref: 646097FF

Part of subcall function 6460488C: al_realloc_with_context.MSIMG32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,646097BE), ref: 6460493D
Part of subcall function 6460488C: _al_blk2bstr.MSIMG32 ref: 6460499D

_al_bstrListDestroy.MSIMG32 ref: 646097D3

Strings

d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\bstrlib.c, xrefs: 64609745, 6460977A, 646097EC
d, xrefs: 646097F4
_al_bsplit, xrefs: 6460973D, 64609772, 646097E4

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_malloc_with_context$DestroyList_al_blk2bstr_al_bstral_free_with_contextal_realloc_with_context
String ID: _al_bsplit$d$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\bstrlib.c
API String ID: 2019787591-580047089
Opcode ID: ae9c75e00e2663fe9034f11385e600cdbccc4a4e28db68620f9362904cc35485
Instruction ID: 05e9c2c2d94e62a621fd889d114d500dc4e288f003ab6ecb9918a84f729119e9
Opcode Fuzzy Hash: ae9c75e00e2663fe9034f11385e600cdbccc4a4e28db68620f9362904cc35485
Instruction Fuzzy Hash: 772147B6609301CFE718CF25D68076ABBE5AF91B58F05C92DE4988B345D334C888DB53

Function 645C6068 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 50COMMON

Download Yara Rule

APIs

al_free_with_context.MSIMG32 ref: 645C6098
_al_vector_ref.MSIMG32 ref: 645C60D7
_al_vector_free.MSIMG32 ref: 645C60EE
al_free_with_context.MSIMG32 ref: 645C6118

Strings

d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\audio\kcm_instance.c, xrefs: 645C6085, 645C6105
Z, xrefs: 645C610D
stream_free, xrefs: 645C607D, 645C60FD

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_free_with_context$_al_vector_free_al_vector_ref
String ID: Z$d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\audio\kcm_instance.c$stream_free
API String ID: 2480609427-2598952541
Opcode ID: 0657c705081dcc619bf29eabf46b6f840c3861b7cef9b0ffe102e369f4f0f3f7
Instruction ID: 6c35204fb0a559a366bd2074a32e2cc6673d0c9194cf1ae216423eb15612bde4
Opcode Fuzzy Hash: 0657c705081dcc619bf29eabf46b6f840c3861b7cef9b0ffe102e369f4f0f3f7
Instruction Fuzzy Hash: 211148B0108B408EE711AF64D684B6ABBE0EF80704F00D95DE09DAB242D734D544EF57

Function 645C6524 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49COMMON

Download Yara Rule

APIs

al_lock_mutex.MSIMG32 ref: 645C655E

Part of subcall function 646241FC: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,645C6454), ref: 6462420C

al_unlock_mutex.MSIMG32 ref: 645C6581

Part of subcall function 64624218: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,645C6454), ref: 64624228

al_set_voice_playing.MSIMG32 ref: 645C659B
_al_set_error.MSIMG32 ref: 645C65CF
_al_set_error.MSIMG32 ref: 645C65E7

Strings

Sample has no data, xrefs: 645C65D8
Sample has no parent, xrefs: 645C65C0

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection_al_set_error$EnterLeaveal_lock_mutexal_set_voice_playingal_unlock_mutex
String ID: Sample has no data$Sample has no parent
API String ID: 4017192464-3856121315
Opcode ID: a1cb93d5d10784607f6539c84152cb6a69064921c1776071c2001fd084ef944a
Instruction ID: c997a7fb5d609e4e45ca31fe0e6b1099aefaa4c21e4785038d2a9514e9fc21c2
Opcode Fuzzy Hash: a1cb93d5d10784607f6539c84152cb6a69064921c1776071c2001fd084ef944a
Instruction Fuzzy Hash: B6113CB06043009EEB009FB4848476A77E46B62204F9998ACDC8C5F34AE775C544ABA3

Function 645C6474 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 47COMMON

Download Yara Rule

APIs

al_lock_mutex.MSIMG32 ref: 645C64A6

Part of subcall function 646241FC: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,645C6454), ref: 6462420C

al_unlock_mutex.MSIMG32 ref: 645C64BF

Part of subcall function 64624218: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,645C6454), ref: 64624228

al_set_voice_playing.MSIMG32 ref: 645C64D7
_al_set_error.MSIMG32 ref: 645C6503
_al_set_error.MSIMG32 ref: 645C651B

Strings

Sample has no data, xrefs: 645C650C
Sample has no parent, xrefs: 645C64F4

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection_al_set_error$EnterLeaveal_lock_mutexal_set_voice_playingal_unlock_mutex
String ID: Sample has no data$Sample has no parent
API String ID: 4017192464-3856121315
Opcode ID: 8c81e4c1a9d3670fe94a6ce5a422845ed849ea5fdf6f4e4bcdcc86975c8d4643
Instruction ID: f5416118011f99139fe70bc53ccbf5814f1189bc876857c98a5bf910051eb8e1
Opcode Fuzzy Hash: 8c81e4c1a9d3670fe94a6ce5a422845ed849ea5fdf6f4e4bcdcc86975c8d4643
Instruction Fuzzy Hash: B41117B06053409AEB00AFB885C576977D46F51304F4858ACDC8C9F342E776D584EB63

Function 645FF594 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 43COMMON

Download Yara Rule

APIs

al_get_new_file_interface.MSIMG32 ref: 645FF599

Part of subcall function 64626290: __emutls_get_address.MSIMG32(?,?,?,?,645FF59E), ref: 6462629C

al_malloc_with_context.MSIMG32(?,?,?,?,?,?,645C1F54), ref: 645FF5C5
al_set_errno.MSIMG32(?,?,?,?,?,?,645C1F54), ref: 645FF603
al_free_with_context.MSIMG32(?,?,?,?,?,?,645C1F54), ref: 645FF62B

Strings

3, xrefs: 645FF620
al_fopen_interface, xrefs: 645FF5A6, 645FF610
d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\file.c, xrefs: 645FF5AE, 645FF618

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: __emutls_get_addressal_free_with_contextal_get_new_file_interfaceal_malloc_with_contextal_set_errno
String ID: 3$al_fopen_interface$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\file.c
API String ID: 2632256726-3238006543
Opcode ID: bf1b038792944079f878072c2c85357ece34146228293767a8ceaec21bf8c2b8
Instruction ID: fd965a2951e9dede70e1eeb57e7c1864b99e67a659ed82d186ed5520e7454543
Opcode Fuzzy Hash: bf1b038792944079f878072c2c85357ece34146228293767a8ceaec21bf8c2b8
Instruction Fuzzy Hash: 40014CB02083019FE741AF68D68471ABBE0AF44314F11896DE8888B340D774D441DF67

Function 64624680 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 43COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 6462469D
_al_vector_alloc_back.MSIMG32 ref: 646246BD
LeaveCriticalSection.KERNEL32 ref: 646246D6
al_malloc_with_context.MSIMG32 ref: 64624703
_al_thread_create.MSIMG32 ref: 64624725

Strings

d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\timernu.c, xrefs: 646246EC
al_start_timer, xrefs: 646246E4

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$EnterLeave_al_thread_create_al_vector_alloc_backal_malloc_with_context
String ID: al_start_timer$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\timernu.c
API String ID: 2738339651-3916641779
Opcode ID: 2774270b95775e76cb4cd5f68954d1d4431e2e9d76bd4b1ee0d3f6095c357d4a
Instruction ID: 27bea70490656b405c2368baea55051da4487f3d6c86dec8e3859edde17150be
Opcode Fuzzy Hash: 2774270b95775e76cb4cd5f68954d1d4431e2e9d76bd4b1ee0d3f6095c357d4a
Instruction Fuzzy Hash: 07111BB0608344DFEB40AF64C58875A7BE4BB55704F4488ACD9C88B341D7798494DF67

Function 6471F024 Relevance: 12.2, APIs: 8, Instructions: 192COMMON

Download Yara Rule

APIs

_ve_envelope_clear.MSIMG32(?,?,?,?,?,?,?,?,?,?,6471BA1E), ref: 6471F065

Part of subcall function 64727790: mdct_clear.MSIMG32(?,?,?,?,6471F06A,?,?,?,?,?,?,?,?,?,?,6471BA1E), ref: 6472779F

mdct_clear.MSIMG32(?,?,?,?,?,?,?,?,?,?,6471BA1E), ref: 6471F080
mdct_clear.MSIMG32(?,?,?,?,?,?,?,?,?,?,6471BA1E), ref: 6471F0A9
_vp_psy_clear.MSIMG32(?,?,?,?,?,?,?,?,?,?,6471BA1E), ref: 6471F15D
_vp_global_free.MSIMG32(?,?,?,?,?,?,?,?,?,?,6471BA1E), ref: 6471F180
vorbis_bitrate_clear.MSIMG32(?,?,?,?,?,?,?,?,?,?,6471BA1E), ref: 6471F18B
drft_clear.MSIMG32(?,?,?,?,?,?,?,?,?,?,6471BA1E), ref: 6471F196
drft_clear.MSIMG32(?,?,?,?,?,?,?,?,?,?,6471BA1E), ref: 6471F1A1

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: mdct_clear$drft_clear$_ve_envelope_clear_vp_global_free_vp_psy_clearvorbis_bitrate_clear
String ID:
API String ID: 2338102968-0
Opcode ID: d21255bdc10205f20b1c0e8a097a2b4ef1f141b4740e0a5ab482f3e36c21c6e6
Instruction ID: db1d6089747d0e63d4786953decb49b341d3768fb901868d9b0ec1498b628a67
Opcode Fuzzy Hash: d21255bdc10205f20b1c0e8a097a2b4ef1f141b4740e0a5ab482f3e36c21c6e6
Instruction Fuzzy Hash: C8710578608B418FEB14EF65C6C4A2AB7F2FF85604B158A2CC9D58B714DB31F942DB81

Function 646024C8 Relevance: 12.1, APIs: 8, Instructions: 133COMMON

Download Yara Rule

APIs

al_set_errno.MSIMG32 ref: 646024FB
al_get_errno.MSIMG32 ref: 64602580
al_set_errno.MSIMG32 ref: 64602590
al_set_errno.MSIMG32 ref: 646025B7

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_set_errno$al_get_errno
String ID:
API String ID: 517874856-0
Opcode ID: 523e6d7e5988bd0a4757c6649e0c70e83378e232a554c0a894b3eef9b68625ec
Instruction ID: 51b57bb7ed058ee8dec8a140b132b7628b7bd230447421c628165028acaf2788
Opcode Fuzzy Hash: 523e6d7e5988bd0a4757c6649e0c70e83378e232a554c0a894b3eef9b68625ec
Instruction Fuzzy Hash: 61412471B0C2029BE75E6F58DB443DB77A4EF82B90F119929D890572D4EB34CC858B8A

Function 6468F758 Relevance: 12.1, APIs: 8, Instructions: 128COMMON

Download Yara Rule

APIs

GetContextSuspended.MSIMG32 ref: 6468F76B

Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,?,?,?,?,6468D754), ref: 6469CD3B
Part of subcall function 6469CD30: TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6468D754), ref: 6469CD49
Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,6468D754), ref: 6469CD5C
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDA3
Part of subcall function 6469CD30: TlsSetValue.KERNEL32(?,00000000), ref: 6469CDB9
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDD2

LookupUIntMapKey.MSIMG32 ref: 6468F788
alGetSourcei.MSIMG32 ref: 6468F7CF
ProcessContext.MSIMG32 ref: 6468F7D7
alSetError.MSIMG32 ref: 6468F827
alSetError.MSIMG32 ref: 6468F8E7
alSetError.MSIMG32 ref: 6468F953

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$Error$ContextEnterLeaveValue$LookupProcessSourceiSuspended
String ID:
API String ID: 4105881591-0
Opcode ID: 206cc4cc1f6e49bc7c215a309cd8e327e175cc87fa3579e3f686b16ec8900b05
Instruction ID: 61e278167b2915494ab26888f5e6e3c0c0f48e8b1051c984a283ae4a56ee7c39
Opcode Fuzzy Hash: 206cc4cc1f6e49bc7c215a309cd8e327e175cc87fa3579e3f686b16ec8900b05
Instruction Fuzzy Hash: 12418C70A083049EE708AF19D18029EB7F3BF99714F41892EE4D887294D37989D5CB6B

Function 646987E8 Relevance: 12.1, APIs: 8, Instructions: 119COMMON

Download Yara Rule

APIs

GetContextSuspended.MSIMG32 ref: 6469881B

Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,?,?,?,?,6468D754), ref: 6469CD3B
Part of subcall function 6469CD30: TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6468D754), ref: 6469CD49
Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,6468D754), ref: 6469CD5C
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDA3
Part of subcall function 6469CD30: TlsSetValue.KERNEL32(?,00000000), ref: 6469CDB9
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDD2

LookupUIntMapKey.MSIMG32 ref: 6469884D
alSetError.MSIMG32 ref: 6469887A
alSetError.MSIMG32 ref: 6469892B

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$EnterErrorLeaveValue$ContextLookupSuspended
String ID:
API String ID: 65270113-0
Opcode ID: 3e4803054498152b0bca268a620cdc80c9afd25d844c939d679dfe534be82d70
Instruction ID: e5679ce3ec96ca33cdc900f61b8cfd3c2e760f2621a19ecd60b2abcd8c252ffe
Opcode Fuzzy Hash: 3e4803054498152b0bca268a620cdc80c9afd25d844c939d679dfe534be82d70
Instruction Fuzzy Hash: 024117756183028FD700DF29C68061EBBE0FF99798F04492EE9889B321D7B5D845DB97

Function 6468F0EC Relevance: 12.1, APIs: 8, Instructions: 103COMMON

Download Yara Rule

APIs

GetContextSuspended.MSIMG32 ref: 6468F0FF

Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,?,?,?,?,6468D754), ref: 6469CD3B
Part of subcall function 6469CD30: TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6468D754), ref: 6469CD49
Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,6468D754), ref: 6469CD5C
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDA3
Part of subcall function 6469CD30: TlsSetValue.KERNEL32(?,00000000), ref: 6469CDB9
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDD2

LookupUIntMapKey.MSIMG32 ref: 6468F11C
alGetSourcef.MSIMG32 ref: 6468F15F
ProcessContext.MSIMG32 ref: 6468F167
alGetSource3f.MSIMG32 ref: 6468F1AD
alSetError.MSIMG32 ref: 6468F1D3
alSetError.MSIMG32 ref: 6468F233
alSetError.MSIMG32 ref: 6468F26F

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$Error$ContextEnterLeaveValue$LookupProcessSource3fSourcefSuspended
String ID:
API String ID: 2269007991-0
Opcode ID: 9b39fb4610e86d76dda3ca929290727c65897f3ff4b8b3a840775c86acf5671a
Instruction ID: 9a49e9864aff9e4de87270d6e0387365e521595b657e373202593a344493eefb
Opcode Fuzzy Hash: 9b39fb4610e86d76dda3ca929290727c65897f3ff4b8b3a840775c86acf5671a
Instruction Fuzzy Hash: AE415A71A08344DFE7049F59C1C069EBBE6BF8A714F01896EE4C887240D778D599CB6B

Function 6468C794 Relevance: 12.1, APIs: 8, Instructions: 94COMMON

Download Yara Rule

APIs

InterlockedIncrement.KERNEL32 ref: 6468C7F5
InterlockedDecrement.KERNEL32 ref: 6468C81D
ReleaseSemaphore.KERNEL32 ref: 6468C83F

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: Interlocked$DecrementIncrementReleaseSemaphore
String ID:
API String ID: 2723166867-0
Opcode ID: 96b2c4c63cfd44d92206f450387d056d4e13820f6d3a8d9c172c108163361e15
Instruction ID: 57ff0cca69f315a3ae0912699707af5bc1f4c5637564e1e76d0ce86546c99eaa
Opcode Fuzzy Hash: 96b2c4c63cfd44d92206f450387d056d4e13820f6d3a8d9c172c108163361e15
Instruction Fuzzy Hash: 453180B0A083058FEB40EF29C59971A7BF8EB56324F00866DD8949B395E334D044DFA3

Function 646A56F4 Relevance: 12.1, APIs: 8, Instructions: 87COMMON

Download Yara Rule

APIs

GetContextSuspended.MSIMG32 ref: 646A5707

Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,?,?,?,?,6468D754), ref: 6469CD3B
Part of subcall function 6469CD30: TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6468D754), ref: 6469CD49
Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,6468D754), ref: 6469CD5C
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDA3
Part of subcall function 6469CD30: TlsSetValue.KERNEL32(?,00000000), ref: 6469CDB9
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDD2

LookupUIntMapKey.MSIMG32 ref: 646A5722
alSetError.MSIMG32 ref: 646A575E
alEffecti.MSIMG32 ref: 646A5793
alEffecti.MSIMG32 ref: 646A57B2
alEffecti.MSIMG32 ref: 646A57D3
alEffecti.MSIMG32 ref: 646A57EE
alSetError.MSIMG32 ref: 646A580F

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalEffectiSection$EnterErrorLeaveValue$ContextLookupSuspended
String ID:
API String ID: 1306911495-0
Opcode ID: 7529d5019de1abf019a5b921a1b0f39f70ec520cc868f261e130d9cdad90a8f4
Instruction ID: 30d1743f6365d49b7c3d8c4dd1332951fdd7d2ac4f156f9a2d989670d70f1230
Opcode Fuzzy Hash: 7529d5019de1abf019a5b921a1b0f39f70ec520cc868f261e130d9cdad90a8f4
Instruction Fuzzy Hash: 51314875608B51DBE700EF18D4C06AEBBE4FB91354F14882EE8889B212D775DC85CB9A

Function 646A7494 Relevance: 12.1, APIs: 8, Instructions: 75COMMON

Download Yara Rule

APIs

GetContextSuspended.MSIMG32 ref: 646A74AB

Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,?,?,?,?,6468D754), ref: 6469CD3B
Part of subcall function 6469CD30: TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6468D754), ref: 6469CD49
Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,6468D754), ref: 6469CD5C
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDA3
Part of subcall function 6469CD30: TlsSetValue.KERNEL32(?,00000000), ref: 6469CDB9
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDD2

LookupUIntMapKey.MSIMG32 ref: 646A74CA
GetContextSuspended.MSIMG32 ref: 646A74D3
LookupUIntMapKey.MSIMG32 ref: 646A74EE
alSetError.MSIMG32 ref: 646A7507
ProcessContext.MSIMG32 ref: 646A750F
alSetError.MSIMG32 ref: 646A754F
alSetError.MSIMG32 ref: 646A757B

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$ContextError$EnterLeaveLookupSuspendedValue$Process
String ID:
API String ID: 3328862149-0
Opcode ID: c6d92cba03a81536ea2256a11e41ef27028e3436782e542167135ceea83c8c4f
Instruction ID: cb52ae08ef95ae311a3ae287e26d795c36f90accf84437fd5d43c212cf573afb
Opcode Fuzzy Hash: c6d92cba03a81536ea2256a11e41ef27028e3436782e542167135ceea83c8c4f
Instruction Fuzzy Hash: 0B214FB16087028FD700AF29D48455EBBF0EF82359F05486EE9848B311DB75DC95DB96

Function 645FB6D0 Relevance: 12.0, APIs: 8, Instructions: 49COMMON

Download Yara Rule

APIs

al_get_current_display.MSIMG32 ref: 645FB6E4

Part of subcall function 64625244: __emutls_get_address.MSIMG32(?,?,00000000,?,645FB784,?,?,6462691A), ref: 64625250

al_get_current_transform.MSIMG32 ref: 645FB71F
al_use_transform.MSIMG32 ref: 645FB727
al_get_current_transform.MSIMG32 ref: 645FB738
al_copy_transform.MSIMG32 ref: 645FB748
al_identity_transform.MSIMG32 ref: 645FB754
al_use_transform.MSIMG32 ref: 645FB75C
al_use_transform.MSIMG32 ref: 645FB76B

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_use_transform$al_get_current_transform$__emutls_get_addressal_copy_transformal_get_current_displayal_identity_transform
String ID:
API String ID: 1619067368-0
Opcode ID: dce76539f2edd4dc86eaea921814819f86037d2c258329faeeb118805f867628
Instruction ID: a1058f9028e8ff204ecb1c25ca6773773e5abb91d4f7196462e90cdd1ecf5395
Opcode Fuzzy Hash: dce76539f2edd4dc86eaea921814819f86037d2c258329faeeb118805f867628
Instruction Fuzzy Hash: AB01AD719093909FE7226B34B4843AFBBD0AF91318F4505BAD8D40B252DB394085CB9B

Function 6468778C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 105memoryCOMMON

Download Yara Rule

APIs

__PHYSFS_initSmallAlloc.MSIMG32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,64687949), ref: 646877CD
PHYSFS_utf8FromUcs2.MSIMG32 ref: 64687864
__PHYSFS_smallFree.MSIMG32 ref: 6468789B
__PHYSFS_setError.MSIMG32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,64687949), ref: 646878EB

Strings

Out of memory, xrefs: 646878E4, 646878F4

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: AllocErrorFreeFromS_initS_setS_smallS_utf8SmallUcs2
String ID: Out of memory
API String ID: 1887214166-696950042
Opcode ID: 02522474011c869d53438d4c5203429a7f279189be81d88ceb0aaa96566b869c
Instruction ID: 9011f64c7bc3e15c8c45df91caa7640e85664d9d90e6cc3a82928fe19e663c10
Opcode Fuzzy Hash: 02522474011c869d53438d4c5203429a7f279189be81d88ceb0aaa96566b869c
Instruction Fuzzy Hash: C84159B1A083098ED704AF78C8857AEBBF1FF95311F10893DE09987390E7789044CBA2

Function 64604750 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92COMMON

Download Yara Rule

APIs

al_malloc_with_context.MSIMG32 ref: 6460478D
al_malloc_with_context.MSIMG32 ref: 646047F7
al_malloc_with_context.MSIMG32 ref: 6460487C

Strings

d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\bstrlib.c, xrefs: 64604776, 646047E4, 64604834, 64604865
_al_blk2bstr, xrefs: 6460476E, 646047DC, 6460482C, 6460485D

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_malloc_with_context
String ID: _al_blk2bstr$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\bstrlib.c
API String ID: 1952898122-3285517334
Opcode ID: cd6ac7c0952d5c3e0c5a2b7b50f9205084b77d815b2dc9581a93b42de27f7f7e
Instruction ID: ac892be43b0a21e3556144c7337a2934d3dbb40c5968261feba2f270616ee3c9
Opcode Fuzzy Hash: cd6ac7c0952d5c3e0c5a2b7b50f9205084b77d815b2dc9581a93b42de27f7f7e
Instruction Fuzzy Hash: CF3193B0B083418BE7198F59D64132EBBE2ABD1700F15CA6CD4D98F744DBB4D8418B57

Function 645C6790 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

al_lock_mutex.MSIMG32 ref: 645C67E8

Part of subcall function 646241FC: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,645C6454), ref: 6462420C

al_unlock_mutex.MSIMG32 ref: 645C6869
_al_set_error.MSIMG32 ref: 645C6899
_al_set_error.MSIMG32 ref: 645C68CD

Strings

Could not set voice playback speed, xrefs: 645C68BE
Attempted to set zero speed, xrefs: 645C688A

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: _al_set_error$CriticalEnterSectional_lock_mutexal_unlock_mutex
String ID: Attempted to set zero speed$Could not set voice playback speed
API String ID: 1817510636-3151016178
Opcode ID: 9802c7040a6e2d86312d3bf70c7733a1b265df04cbf26391fb5a02bb825cd7cf
Instruction ID: 6aff644f31a81e1966f9f48b41090ae4753119600c7064a8c95d4f9e4981ca0a
Opcode Fuzzy Hash: 9802c7040a6e2d86312d3bf70c7733a1b265df04cbf26391fb5a02bb825cd7cf
Instruction Fuzzy Hash: E631ADB4A0D3028BDB009F91E8807A67BE0FF85350F4559BDEC985A349E33189959FA3

Function 645C3488 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 79COMMON

Download Yara Rule

APIs

ov_open_callbacks.MSIMG32 ref: 645C3520
al_malloc_with_context.MSIMG32 ref: 645C358D
_al_count_to_channel_conf.MSIMG32 ref: 645C3602
_al_word_size_to_depth_conf.MSIMG32 ref: 645C3610
al_create_sample.MSIMG32 ref: 645C3638

Strings

d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\acodec\ogg.c, xrefs: 645C357A

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: _al_count_to_channel_conf_al_word_size_to_depth_confal_create_sampleal_malloc_with_contextov_open_callbacks
String ID: d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\acodec\ogg.c
API String ID: 4103308943-2603835114
Opcode ID: 48fefe24730289fb7770c7a87ac4bf6132f53898f9bf32f08b070b769f45550d
Instruction ID: 7539503e41691184be5a67cac3e3b2416664df80e04bd1f35b396180ebcd2001
Opcode Fuzzy Hash: 48fefe24730289fb7770c7a87ac4bf6132f53898f9bf32f08b070b769f45550d
Instruction Fuzzy Hash: 63311FB40087608FD700AF65D69925EBFE0FB99314F018A2DE9988B380D334C945DF87

Function 646884F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76memoryCOMMON

Download Yara Rule

APIs

__PHYSFS_initSmallAlloc.MSIMG32 ref: 6468852A
PHYSFS_utf8ToUcs2.MSIMG32 ref: 6468854C
__PHYSFS_smallFree.MSIMG32(?), ref: 64688578
__PHYSFS_setError.MSIMG32 ref: 646885C7

Strings

Out of memory, xrefs: 646885C0

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: AllocErrorFreeS_initS_setS_smallS_utf8SmallUcs2
String ID: Out of memory
API String ID: 2087461672-696950042
Opcode ID: 1b6b8e492b4437da10cfecea7a82fc56cb44e43dfb778fa7e5c0c567f87f37c3
Instruction ID: 06e106d196bd1116756ec52f2d2494958e25a85e9ec35800343b2966cbe5d0a9
Opcode Fuzzy Hash: 1b6b8e492b4437da10cfecea7a82fc56cb44e43dfb778fa7e5c0c567f87f37c3
Instruction Fuzzy Hash: 0E21D7729097059FDB40AF79D88459EBBF4EF42364F01492DE554C7290E730D440CBA3

Function 645C2698 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

al_fopen.MSIMG32 ref: 645C26AD

Part of subcall function 645FF594: al_get_new_file_interface.MSIMG32 ref: 645FF599
Part of subcall function 645FF594: al_malloc_with_context.MSIMG32(?,?,?,?,?,?,645C1F54), ref: 645FF5C5

_al_add_exit_func.MSIMG32 ref: 645C26D8

Part of subcall function 645FF32C: al_malloc_with_context.MSIMG32(?,?,?,?,?,?,?,645C49EF,?,?,?,?,?,?,645C1275), ref: 645FF36F

register_dumbfile_system.MSIMG32 ref: 645C2799
al_fclose.MSIMG32 ref: 645C27FB

Strings

shutdown_libdumb, xrefs: 645C26C9
Xl, xrefs: 645C275F

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_malloc_with_context$_al_add_exit_funcal_fcloseal_fopenal_get_new_file_interfaceregister_dumbfile_system
String ID: Xl$shutdown_libdumb
API String ID: 2861647191-4230594647
Opcode ID: 0a2f5e75dcadabb27014b1af7f680ceb0446674dc3bbe4e9ccf8eb4584979bd1
Instruction ID: d4f745552542d5e535cf6636909608702d92f0db1f3d6398d62317f1563d79fb
Opcode Fuzzy Hash: 0a2f5e75dcadabb27014b1af7f680ceb0446674dc3bbe4e9ccf8eb4584979bd1
Instruction Fuzzy Hash: A631D0B490D2B08ADB12EF64A6BA79E7FA0E762344F40291DE5448BB01C731C844EF93

Function 64669714 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 64669759
al_malloc_with_context.MSIMG32 ref: 64669786
WideCharToMultiByte.KERNEL32 ref: 646697C4
al_free_with_context.MSIMG32 ref: 646697F7

Strings

?, xrefs: 646697EC
_al_win_utf8, xrefs: 6466976B, 646697DC

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ByteCharMultiWide$al_free_with_contextal_malloc_with_context
String ID: ?$_al_win_utf8
API String ID: 2230065822-3254848808
Opcode ID: b3c11de906062f1a3d35c1d8a6cddde61ad6a28a78d8f692965bff427d6df6d0
Instruction ID: 16a7686b4b29bf26aae273ad5da382c2031cd8266d2d0c771e4732d677032df6
Opcode Fuzzy Hash: b3c11de906062f1a3d35c1d8a6cddde61ad6a28a78d8f692965bff427d6df6d0
Instruction Fuzzy Hash: C921FCB05093029EE750AF6AD99931BFFE4AB90364F10892DE4E44B390D779C589CF93

Function 64669640 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 53COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 64669675
al_malloc_with_context.MSIMG32 ref: 646696A5
MultiByteToWideChar.KERNEL32 ref: 646696D3
al_free_with_context.MSIMG32 ref: 64669703

Strings

', xrefs: 646696F8
_al_win_utf16, xrefs: 64669687, 646696E8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ByteCharMultiWide$al_free_with_contextal_malloc_with_context
String ID: '$_al_win_utf16
API String ID: 2230065822-1927691106
Opcode ID: f3f500cdee23bbdd4dc3671e9bb0a85751a9fea9cfc85412768836555e5487bb
Instruction ID: 5b8d5217c8cfe5d723d2053fa85676cdbb45549a8f21a71b17677c2d064b7dab
Opcode Fuzzy Hash: f3f500cdee23bbdd4dc3671e9bb0a85751a9fea9cfc85412768836555e5487bb
Instruction Fuzzy Hash: 7E11FBB05093029EE350AF69D95835BBFE4EF95364F50CA2DE4A48B390D379C449CB93

Function 645FF634 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42COMMON

Download Yara Rule

APIs

al_malloc_with_context.MSIMG32 ref: 645FF662
al_set_errno.MSIMG32 ref: 645FF69F
al_free_with_context.MSIMG32 ref: 645FF6C7

Strings

3, xrefs: 645FF6BC
al_fopen_interface, xrefs: 645FF643, 645FF6AC
d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\file.c, xrefs: 645FF64B, 645FF6B4

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_free_with_contextal_malloc_with_contextal_set_errno
String ID: 3$al_fopen_interface$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\file.c
API String ID: 2503516971-3238006543
Opcode ID: 1fce6c0d248180c7a66a6d3cab482d734c5865eae4adc60869e89cf3c901b7d3
Instruction ID: 21105ea8febbd5c311f2c8d09d308a935983e5afa09ed66cc611c95ad1b6ccc5
Opcode Fuzzy Hash: 1fce6c0d248180c7a66a6d3cab482d734c5865eae4adc60869e89cf3c901b7d3
Instruction Fuzzy Hash: 750125B02083018FE741AF68D58031ABBE1AF99314F11892DE8C88B350DB78C442DF67

Function 6466006C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 24COMMON

Download Yara Rule

APIs

_al_vector_ref.MSIMG32 ref: 64660087
al_free_with_context.MSIMG32 ref: 646600A9
_al_vector_free.MSIMG32 ref: 646600BE

Strings

d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\win\d3d_display_formats.cpp, xrefs: 64660094
_al_d3d_destroy_display_format_list, xrefs: 6466008C
*, xrefs: 6466009C

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: _al_vector_free_al_vector_refal_free_with_context
String ID: *$_al_d3d_destroy_display_format_list$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\win\d3d_display_formats.cpp
API String ID: 3539229777-1920393612
Opcode ID: 590aa27b05c21f825d2c900503d4e9a941301901490ad62e2e433d48ab77605c
Instruction ID: 24e226471946f42317c5e3279235aa0ce8850e089fa0d5e0bb8d8291ccccc25d
Opcode Fuzzy Hash: 590aa27b05c21f825d2c900503d4e9a941301901490ad62e2e433d48ab77605c
Instruction Fuzzy Hash: 69F039B0509700AFD701AF658A95A1EFBA4EB27704F80C82CE18997B01D730C885DB87

Function 64690034 Relevance: 9.2, APIs: 6, Instructions: 177COMMON

Download Yara Rule

APIs

GetContextSuspended.MSIMG32 ref: 64690054
LookupUIntMapKey.MSIMG32 ref: 64690077
LookupUIntMapKey.MSIMG32 ref: 646900F8
alSetError.MSIMG32 ref: 64690130

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: Lookup$ContextErrorSuspended
String ID:
API String ID: 4013880882-0
Opcode ID: 2d6b268f0938de56630d8616861258255a1e4392e239e65767f53198eda85a78
Instruction ID: 71c3d020ba6559898c3db4faf597587a68a6a04bc8aa2d275f6e9ea423e2cd71
Opcode Fuzzy Hash: 2d6b268f0938de56630d8616861258255a1e4392e239e65767f53198eda85a78
Instruction Fuzzy Hash: 67616874608302CFD704DF59C184A5AF7E0BF9A708F158A6EE8989B311E7B5D842CF82

Function 6468D73C Relevance: 9.1, APIs: 6, Instructions: 137COMMON

Download Yara Rule

APIs

GetContextSuspended.MSIMG32 ref: 6468D74F

Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,?,?,?,?,6468D754), ref: 6469CD3B
Part of subcall function 6469CD30: TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6468D754), ref: 6469CD49
Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,6468D754), ref: 6469CD5C
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDA3
Part of subcall function 6469CD30: TlsSetValue.KERNEL32(?,00000000), ref: 6469CDB9
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDD2

LookupUIntMapKey.MSIMG32 ref: 6468D78B
alSetError.MSIMG32 ref: 6468D7A3
LookupUIntMapKey.MSIMG32 ref: 6468D7DA
RemoveUIntMapKey.MSIMG32 ref: 6468D8B7
alSetError.MSIMG32 ref: 6468D906

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$EnterErrorLeaveLookupValue$ContextRemoveSuspended
String ID:
API String ID: 2096200023-0
Opcode ID: 02ab453cb6b64ebe27ce8c92167721aeda32dab85f116078ec291812af26c02b
Instruction ID: 6767d16666be790e8322a30fd3c10d23166ff85dc84ae11256297dda809eab1b
Opcode Fuzzy Hash: 02ab453cb6b64ebe27ce8c92167721aeda32dab85f116078ec291812af26c02b
Instruction Fuzzy Hash: F251E4B46083068FEB00DF29C480A5AB7F5FF99354F15896EE9988B315E731D845CBB2

Function 645CF5CC Relevance: 9.1, APIs: 6, Instructions: 101COMMON

Download Yara Rule

APIs

al_ref_cstr.MSIMG32 ref: 645CF5FA
al_get_current_transform.MSIMG32 ref: 645CF658
al_copy_transform.MSIMG32 ref: 645CF66C
al_invert_transform.MSIMG32 ref: 645CF674
al_transform_coordinates.MSIMG32 ref: 645CF694
al_transform_coordinates.MSIMG32 ref: 645CF6D4

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_transform_coordinates$al_copy_transformal_get_current_transformal_invert_transformal_ref_cstr
String ID:
API String ID: 1862433415-0
Opcode ID: 248f4c220bb38c264c4dc5581139c4e44a9ef9628ad8ff5a5a2fcbd3f74a7d78
Instruction ID: 407a9ccb338f5d3a1058b622e64e4ed0025f81547c73291126a6d2f5dc57ebbe
Opcode Fuzzy Hash: 248f4c220bb38c264c4dc5581139c4e44a9ef9628ad8ff5a5a2fcbd3f74a7d78
Instruction Fuzzy Hash: 4041C8B1609380DFD310AF24D48865EFBE0BF89304F018C6EEAC967290D77198A4DB86

Function 646A600C Relevance: 9.1, APIs: 6, Instructions: 84COMMON

Download Yara Rule

APIs

GetContextSuspended.MSIMG32 ref: 646A601F

Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,?,?,?,?,6468D754), ref: 6469CD3B
Part of subcall function 6469CD30: TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6468D754), ref: 6469CD49
Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,6468D754), ref: 6469CD5C
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDA3
Part of subcall function 6469CD30: TlsSetValue.KERNEL32(?,00000000), ref: 6469CDB9
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDD2

LookupUIntMapKey.MSIMG32 ref: 646A6066
alSetError.MSIMG32 ref: 646A607E
alSetError.MSIMG32 ref: 646A6107

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$EnterErrorLeaveValue$ContextLookupSuspended
String ID:
API String ID: 65270113-0
Opcode ID: f122347653aab74a856587db05d926947e9096e9a24eca05b30c8b02fae0b1a8
Instruction ID: ed7ba48982240401907fa0b33e326af7067c635332dfc82b73f5d78220ab721b
Opcode Fuzzy Hash: f122347653aab74a856587db05d926947e9096e9a24eca05b30c8b02fae0b1a8
Instruction Fuzzy Hash: 323103B4608B028FD700DF6DD68465ABBE0EF99744F01582DEAC4C7311E776E8868B96

Function 645C5570 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 113COMMON

Download Yara Rule

APIs

al_create_thread.MSIMG32 ref: 645C5676
al_start_thread.MSIMG32 ref: 645C5681

Strings

_dsound_start_voice, xrefs: 645C56E0
d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\audio\dsound.cpp, xrefs: 645C56E8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_create_threadal_start_thread
String ID: _dsound_start_voice$d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\audio\dsound.cpp
API String ID: 2677644387-904969650
Opcode ID: 310fc15f9a5a2650b9fb37305613b910a52a856d578b2166a836030399305892
Instruction ID: 02526a07ff728320991418ba388ad4deb84cbf11d1b0db02d4f5b93b7f20b0d2
Opcode Fuzzy Hash: 310fc15f9a5a2650b9fb37305613b910a52a856d578b2166a836030399305892
Instruction Fuzzy Hash: EA4106755183008FDB44EF68D18865ABBF0FF88314F5489ADE9888B35AE779D484DF82

Function 6469D070 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 104COMMON

Download Yara Rule

APIs

GetContextSuspended.MSIMG32 ref: 6469D07B

Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,?,?,?,?,6468D754), ref: 6469CD3B
Part of subcall function 6469CD30: TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6468D754), ref: 6469CD49
Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,6468D754), ref: 6469CD5C
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDA3
Part of subcall function 6469CD30: TlsSetValue.KERNEL32(?,00000000), ref: 6469CDB9
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDD2

ProcessContext.MSIMG32 ref: 6469D120
alSetError.MSIMG32 ref: 6469D1AF
ProcessContext.MSIMG32 ref: 6469D1BB

Strings

, xrefs: 6469D101

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$Context$EnterLeaveProcessValue$ErrorSuspended
String ID:
API String ID: 4098443732-3916222277
Opcode ID: abe3e383d09cc5924e0bc7fd902ae91db06e212f127b8af80f769097380a6bee
Instruction ID: b6673ce304477d424a2a7cad7f1853412226c0b1caa4406c1f6d98493e120c33
Opcode Fuzzy Hash: abe3e383d09cc5924e0bc7fd902ae91db06e212f127b8af80f769097380a6bee
Instruction Fuzzy Hash: 1731A2766097028FE7019F29C98022EBBF4EF97358F14443DD9A48B350DBB9D886CB52

Function 64684510 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 102COMMON

Download Yara Rule

APIs

__PHYSFS_setError.MSIMG32 ref: 646845FB

Strings

buffer must fit in 32-bits, xrefs: 646845F4
Out of memory, xrefs: 6468463E
irectSoundCapture, xrefs: 64684585

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ErrorS_set
String ID: Out of memory$buffer must fit in 32-bits$irectSoundCapture
API String ID: 1705320395-256789618
Opcode ID: feb8ae9751845b60e5e53c580cdc39674abdd6f0f11723a0f37744f0b7f5e105
Instruction ID: c366ad9aad5208326a7384dff36ad45041c82977370162e229bb6509388d275b
Opcode Fuzzy Hash: feb8ae9751845b60e5e53c580cdc39674abdd6f0f11723a0f37744f0b7f5e105
Instruction Fuzzy Hash: A94115B06097008FD7209F29D48471ABBF5EF98350F518D2DE48687B50E7B5E888CBA2

Function 64604610 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 99COMMON

Download Yara Rule

APIs

al_malloc_with_context.MSIMG32 ref: 64604661
al_malloc_with_context.MSIMG32 ref: 6460469C

Strings

_al_bfromcstralloc, xrefs: 64604642, 64604681, 6460472C
d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\bstrlib.c, xrefs: 6460464A, 64604689, 64604734

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_malloc_with_context
String ID: _al_bfromcstralloc$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\bstrlib.c
API String ID: 1952898122-3067120074
Opcode ID: d522d639e18a3cb2a9340868b64b12ce8b5adf08e844e4c19da6951009e611ac
Instruction ID: cffc143020630218978676aa4aee6e6ea57944c2c5c87e5caccb11f86f654876
Opcode Fuzzy Hash: d522d639e18a3cb2a9340868b64b12ce8b5adf08e844e4c19da6951009e611ac
Instruction Fuzzy Hash: BC31C375B197009BD3589E6D965022E7BD5EBE0B50F16CA7CF98CDB340E6B1C842CB82

Function 646044E4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 95COMMON

Download Yara Rule

APIs

al_malloc_with_context.MSIMG32 ref: 64604531
al_malloc_with_context.MSIMG32 ref: 6460455C
al_free_with_context.MSIMG32 ref: 64604607

Strings

d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\bstrlib.c, xrefs: 6460451A, 64604549, 646045F4
_al_bfromcstr, xrefs: 64604512, 64604541, 646045EC

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_malloc_with_context$al_free_with_context
String ID: _al_bfromcstr$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\bstrlib.c
API String ID: 1085489009-1792728968
Opcode ID: 3b43a1f6d4ac6c4cf9770303adc51d86303df3eaa7ceb963196401992796ae60
Instruction ID: e31944e371e84bdfceaa5557782e724ae8d63d503476af568554842e7d1254b0
Opcode Fuzzy Hash: 3b43a1f6d4ac6c4cf9770303adc51d86303df3eaa7ceb963196401992796ae60
Instruction Fuzzy Hash: C021F871A087055BE35A9F59968062EBBD1EBD0710F16CA3DF5488B340E6F1CC41C7D2

Function 6466B6DC Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 81COMMON

Download Yara Rule

APIs

al_get_new_display_option.MSIMG32 ref: 6466B7E7

Part of subcall function 645FB84C: _al_get_new_display_settings.MSIMG32 ref: 645FB853

Strings

, xrefs: 6466B830
", xrefs: 6466B78B
Allegro, xrefs: 6466B73B
ALEX, xrefs: 6466B743

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: _al_get_new_display_settingsal_get_new_display_option
String ID: $"$ALEX$Allegro
API String ID: 1153838339-1571640283
Opcode ID: 51c772d99913ba27fa29e130b244430e262478b4d8f64a95ba4da03403f9b4bf
Instruction ID: 911e063c90327327af9e180a53d4ba0bc99f0aab805b0abbad494ebfeb621113
Opcode Fuzzy Hash: 51c772d99913ba27fa29e130b244430e262478b4d8f64a95ba4da03403f9b4bf
Instruction Fuzzy Hash: 184171B45083419FD360EF29C54878BBBE4AB88754F108E2DE9D887350D7B99549CF93

Function 64600450 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 78COMMON

Download Yara Rule

APIs

al_malloc_with_context.MSIMG32 ref: 64600486
al_ftell.MSIMG32 ref: 646004ED

Strings

al_fopen_slice, xrefs: 64600467
E, xrefs: 64600544
d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\file_slice.c, xrefs: 6460046F

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_ftellal_malloc_with_context
String ID: E$al_fopen_slice$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\file_slice.c
API String ID: 1735643697-551937708
Opcode ID: 55fc3383ebd7e48b39954726490a0838b29dc54702dd8b47b0c27431b50c8de8
Instruction ID: ea68ab9af56913872d5ac05113bdae6103b9f25cbe78b9705687dcff6502ddc9
Opcode Fuzzy Hash: 55fc3383ebd7e48b39954726490a0838b29dc54702dd8b47b0c27431b50c8de8
Instruction Fuzzy Hash: AF212BB0108701DBE7059F26D78421FBBE0EF96B58F00882DE9888B342D776D946DF56

Function 6460A5FC Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 69COMMON

Download Yara Rule

APIs

al_free_with_context.MSIMG32 ref: 6460A6B9

Strings

_al_list_destroy, xrefs: 6460A69E
list_destroy_item, xrefs: 6460A67A
d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\list.c, xrefs: 6460A682, 6460A6A6

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_free_with_context
String ID: _al_list_destroy$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\list.c$list_destroy_item
API String ID: 3891110267-271976259
Opcode ID: 897d0c079ac501582bc442a37a97a957a24027ec61a6aa6d2b918eb36b6bdd99
Instruction ID: f07e5302cca8606b0e5601e928654b6009301e898b55f51977a67fe0cfb0ae74
Opcode Fuzzy Hash: 897d0c079ac501582bc442a37a97a957a24027ec61a6aa6d2b918eb36b6bdd99
Instruction Fuzzy Hash: 3C21F4B4719B008FD728DF19C680A26BBF1EFA4B50B15CA5DD8A98B305D730E841CB91

Function 6460B0D8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 67COMMON

Download Yara Rule

APIs

al_realloc_with_context.MSIMG32 ref: 6460B15B
al_malloc_with_context.MSIMG32 ref: 6460B18D

Strings

_al_vector_alloc_back, xrefs: 6460B170
d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\vector.c, xrefs: 6460B13C, 6460B178
_al_vector_alloc_mid, xrefs: 6460B134

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_malloc_with_contextal_realloc_with_context
String ID: _al_vector_alloc_back$_al_vector_alloc_mid$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\vector.c
API String ID: 4147073182-356497922
Opcode ID: ebc9d49817974f9e4c9f7164b7f9daed55b44dae252eca22386e43f3d0acffb3
Instruction ID: ac52a98304ce2298337bc43a9e86de2002d66f506b1cee62121457a1e6b43780
Opcode Fuzzy Hash: ebc9d49817974f9e4c9f7164b7f9daed55b44dae252eca22386e43f3d0acffb3
Instruction Fuzzy Hash: 7821C3B1A08201CFDB08CF29DAC1A16BBE5FF95B50B18D999D8488F35AD734D841CF96

Function 645C15D8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 63COMMON

Download Yara Rule

APIs

al_calloc_with_context.MSIMG32 ref: 645C1660
al_free_with_context.MSIMG32 ref: 645C16F5

Strings

`, xrefs: 645C1651
d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\acodec\flac.c, xrefs: 645C1641, 645C16E2
flac_open, xrefs: 645C1639, 645C16DA

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_calloc_with_contextal_free_with_context
String ID: `$d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\acodec\flac.c$flac_open
API String ID: 973425427-426841044
Opcode ID: 40df35ef6592c260781039ac677211449201703d14853ffeeb2f57e28940635f
Instruction ID: ba26c47c379fb7d2d5ba9719a4f983f2f37f34eee6505b5edadeadaf03ef7f17
Opcode Fuzzy Hash: 40df35ef6592c260781039ac677211449201703d14853ffeeb2f57e28940635f
Instruction Fuzzy Hash: E131C4B450A3A48BDB02AF61D6A934E7FE0FB56B80F00891CE8989B704C334C484DF87

Function 645C50C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63COMMON

Download Yara Rule

APIs

_al_vector_ref.MSIMG32 ref: 645C5124
_al_stricmp.MSIMG32 ref: 645C5132
_al_add_exit_func.MSIMG32 ref: 645C517A

Strings

., xrefs: 645C50DF
acodec_shutdown, xrefs: 645C516B

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: _al_add_exit_func_al_stricmp_al_vector_ref
String ID: .$acodec_shutdown
API String ID: 4245070873-720399051
Opcode ID: 6fa2c650e2d6998e3d61c4856f703c9ca02deeeccd721bef5472e1b023b433c1
Instruction ID: b2b6dd1ddb57554d7466888fd0ff9111f307fe49de98efea83614bf586885594
Opcode Fuzzy Hash: 6fa2c650e2d6998e3d61c4856f703c9ca02deeeccd721bef5472e1b023b433c1
Instruction Fuzzy Hash: 2A1164706087548BD700EFAAD58865BBBE0EBC6658F01892EE5C887300E731D885EB83

Function 6468204C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

__PHYSFS_platformGrabMutex.MSIMG32 ref: 64682086

Part of subcall function 64688614: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,646809A2), ref: 64688626

__PHYSFS_platformReleaseMutex.MSIMG32 ref: 646820C0
__PHYSFS_setError.MSIMG32 ref: 64682100

Strings

Out of memory, xrefs: 646820F9

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: MutexS_platform$ErrorGrabObjectReleaseS_setSingleWait
String ID: Out of memory
API String ID: 4004297999-696950042
Opcode ID: 395208507816f49d549842d9df3f1f3f0a9ac621409b507020f32f6332c44b36
Instruction ID: bed0d783951b6779f89bd8df5287af8a6f12418c27e5bdedafc5faf84f225c08
Opcode Fuzzy Hash: 395208507816f49d549842d9df3f1f3f0a9ac621409b507020f32f6332c44b36
Instruction Fuzzy Hash: 9F1104B03083018FEB40DF69E484A5EB7E1AF95714F41482CE9809B385DB35D889CBB6

Function 64687098 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 61memoryCOMMON

Download Yara Rule

APIs

__PHYSFS_initSmallAlloc.MSIMG32 ref: 646870D2
PHYSFS_utf8ToUcs2.MSIMG32 ref: 646870F0
__PHYSFS_smallFree.MSIMG32(?), ref: 6468710B
__PHYSFS_setError.MSIMG32 ref: 6468713B

Strings

Out of memory, xrefs: 64687134

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: AllocErrorFreeS_initS_setS_smallS_utf8SmallUcs2
String ID: Out of memory
API String ID: 2087461672-696950042
Opcode ID: 0dbbefa2757a1c44c7c5f82434e398cddd55d5321d966a52e417237dd9133ca1
Instruction ID: 4a26cd994aba04fe432e01acc8946878451e15378281964ddcfb3aaed6657a42
Opcode Fuzzy Hash: 0dbbefa2757a1c44c7c5f82434e398cddd55d5321d966a52e417237dd9133ca1
Instruction Fuzzy Hash: E9119472A047049EDB00AF79DC8559EBBE8EF81365F014A2EE5A4C7290D774D445CBA2

Function 646245E8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30COMMON

Download Yara Rule

APIs

al_malloc_with_context.MSIMG32 ref: 64624613
_al_event_source_init.MSIMG32 ref: 64624621

Part of subcall function 645FEFE0: _al_mutex_init.MSIMG32 ref: 645FEFF7
Part of subcall function 645FEFE0: _al_vector_init.MSIMG32 ref: 645FF00A

_al_register_destructor.MSIMG32 ref: 64624673

Part of subcall function 645FE3A4: _al_tls_get_dtor_owner_count.MSIMG32(?,?,?,?,?,645C5E8C), ref: 645FE3AC

Strings

d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\timernu.c, xrefs: 646245FC
al_create_timer, xrefs: 646245F4

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: _al_event_source_init_al_mutex_init_al_register_destructor_al_tls_get_dtor_owner_count_al_vector_inital_malloc_with_context
String ID: al_create_timer$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\timernu.c
API String ID: 2371000205-3630854620
Opcode ID: d32324399cd6067c781734d9cffe170a7c6591e961e1b4ec7d0ae3061f50e873
Instruction ID: 12e71efe603e4ba1e867d6355af1c0b7c8c7c6d36667abccbad3f20c575cbc85
Opcode Fuzzy Hash: d32324399cd6067c781734d9cffe170a7c6591e961e1b4ec7d0ae3061f50e873
Instruction Fuzzy Hash: 9501FBB0108701DAEB409F20C5C970A7EE0FB94348F4488ACE8C84F346CB758499DF53

Function 646230C8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28COMMON

Download Yara Rule

APIs

al_ustr_size.MSIMG32 ref: 646230D7
al_ustr_rfind_chr.MSIMG32 ref: 646230EE

Part of subcall function 646594F4: _al_binstrr.MSIMG32(?,?,?,?,?,?,?,?,?,?,?,?,?,646230F3), ref: 64659553

al_cstr.MSIMG32 ref: 64623100
al_ustr_size.MSIMG32 ref: 64623116

Strings

., xrefs: 646230DC

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_ustr_size$_al_binstrral_cstral_ustr_rfind_chr
String ID: .
API String ID: 4211488118-248832578
Opcode ID: 2ee6556b46f8a9c5dd249f93e2503360b82d93a9dee90bc3885ed7e984111f22
Instruction ID: 3c98133e1c1605b12bcb46be8c03744fe8768e4bcef272e0500fa98abac29a1c
Opcode Fuzzy Hash: 2ee6556b46f8a9c5dd249f93e2503360b82d93a9dee90bc3885ed7e984111f22
Instruction Fuzzy Hash: 81F012B5914310DFDB00EF39D5C844ABFE0AF04258F058958D8889B765E734DC90CF65

Function 6466C464 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 22COMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(?,?,?,?,?,645FF18C), ref: 6466C475
al_malloc_with_context.MSIMG32 ref: 6466C49F

Strings

d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\win\wxthread.c, xrefs: 6466C488
_al_mutex_init, xrefs: 6466C480
f, xrefs: 6466C490

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalInitializeSectional_malloc_with_context
String ID: _al_mutex_init$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\win\wxthread.c$f
API String ID: 4127386434-2618818230
Opcode ID: 53e9c64cc499b68ac0a3a5eea8c82b4d8f75ed19ef0ed175feeaa13124f607a4
Instruction ID: 0ee3e290270acd2f148187933e311fa4f290726cf12b5d3d9c8f9545d3bd089a
Opcode Fuzzy Hash: 53e9c64cc499b68ac0a3a5eea8c82b4d8f75ed19ef0ed175feeaa13124f607a4
Instruction Fuzzy Hash: 79E01AB00193059BEB41AFB8CA8461A7BE8AF61208F40895CD8C59B305E739C1449BA3

Function 6466C4B0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 22COMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,645FF18C), ref: 6466C4C1
al_malloc_with_context.MSIMG32 ref: 6466C4EB

Strings

f, xrefs: 6466C4DC
d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\win\wxthread.c, xrefs: 6466C4D4
_al_mutex_init, xrefs: 6466C4CC

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalInitializeSectional_malloc_with_context
String ID: _al_mutex_init$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\win\wxthread.c$f
API String ID: 4127386434-2618818230
Opcode ID: 53e9c64cc499b68ac0a3a5eea8c82b4d8f75ed19ef0ed175feeaa13124f607a4
Instruction ID: 1a2c0d5c1378ef3dd9c14e06c50fc6e1a6c378bea06fdec159e96c854a2fcb73
Opcode Fuzzy Hash: 53e9c64cc499b68ac0a3a5eea8c82b4d8f75ed19ef0ed175feeaa13124f607a4
Instruction Fuzzy Hash: 66E04FF00083069BFB41AFB8CA8471E7BE4AFA1308F40895CD8C59B305E739C1449B53

Function 645FF6D0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20COMMON

Download Yara Rule

APIs

al_malloc_with_context.MSIMG32 ref: 645FF6F2
al_set_errno.MSIMG32 ref: 645FF71F

Strings

al_create_file_handle, xrefs: 645FF6D3
F, xrefs: 645FF6E3
d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\file.c, xrefs: 645FF6DB

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_malloc_with_contextal_set_errno
String ID: F$al_create_file_handle$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\file.c
API String ID: 560788752-3692454634
Opcode ID: a1a82cb90c3dcea3fec6556b1654aa62103f2d56094898dc44ca1cdd02a29d5a
Instruction ID: afc02bf3cb9c212be2abc832d78c587167c053ffade1c413d436581b4f182bcc
Opcode Fuzzy Hash: a1a82cb90c3dcea3fec6556b1654aa62103f2d56094898dc44ca1cdd02a29d5a
Instruction Fuzzy Hash: C6F09BB450A7019FE704DF26D280B1ABBE1AF85304F41C95DE8984B351E379C946DF97

Function 6466C4FC Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 19COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32 ref: 6466C50D
al_free_with_context.MSIMG32 ref: 6466C530

Strings

d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\win\wxthread.c, xrefs: 6466C51B
|, xrefs: 6466C523
_al_mutex_destroy, xrefs: 6466C513

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalDeleteSectional_free_with_context
String ID: _al_mutex_destroy$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\win\wxthread.c$|
API String ID: 2052458369-1944867315
Opcode ID: ea80ab4f821c9d1023ac4385b507300ffeaf75c3bb584d914e5295b34b7b1c64
Instruction ID: 6063474122988094ebbcfc51a350cd95a43ffb94eebd33cd828d77762a28d7a5
Opcode Fuzzy Hash: ea80ab4f821c9d1023ac4385b507300ffeaf75c3bb584d914e5295b34b7b1c64
Instruction Fuzzy Hash: 85E04FF4408700CFEB41AF68CAC470A7BE4AF65304F40884CE4889B301D338D4418F43

Function 6468F5A0 Relevance: 7.6, APIs: 5, Instructions: 134COMMON

Download Yara Rule

APIs

GetContextSuspended.MSIMG32 ref: 6468F5C3

Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,?,?,?,?,6468D754), ref: 6469CD3B
Part of subcall function 6469CD30: TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6468D754), ref: 6469CD49
Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,6468D754), ref: 6469CD5C
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDA3
Part of subcall function 6469CD30: TlsSetValue.KERNEL32(?,00000000), ref: 6469CDB9
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDD2

LookupUIntMapKey.MSIMG32 ref: 6468F5EC
alSetError.MSIMG32 ref: 6468F62A
alSetError.MSIMG32 ref: 6468F64B
alSetError.MSIMG32 ref: 6468F74B

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$Error$EnterLeaveValue$ContextLookupSuspended
String ID:
API String ID: 1516355843-0
Opcode ID: 19c8a128bfa9176c9e106066565036aac622642101812f0c772f1c581bc9613d
Instruction ID: 5a6585a5051ffc830e82982d7063a9282958e17fd6404a0e380eafcdad9ccc20
Opcode Fuzzy Hash: 19c8a128bfa9176c9e106066565036aac622642101812f0c772f1c581bc9613d
Instruction Fuzzy Hash: A441037120D302CFD7409F16D1441ABBBF0FF89711F91492EE9E48A654E37688A8CBA6

Function 646976A8 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

GetContextSuspended.MSIMG32 ref: 646976BB

Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,?,?,?,?,6468D754), ref: 6469CD3B
Part of subcall function 6469CD30: TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6468D754), ref: 6469CD49
Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,6468D754), ref: 6469CD5C
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDA3
Part of subcall function 6469CD30: TlsSetValue.KERNEL32(?,00000000), ref: 6469CDB9
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDD2

LookupUIntMapKey.MSIMG32 ref: 646976E2
alSetError.MSIMG32 ref: 64697718
alSetError.MSIMG32 ref: 646977AF
alSetError.MSIMG32 ref: 646977D7

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$Error$EnterLeaveValue$ContextLookupSuspended
String ID:
API String ID: 1516355843-0
Opcode ID: 0a4d086c3b7cc4a537b2038b92d6001679619ba62a591179617dfa1d1d013bcf
Instruction ID: 3e48dea3bef13eede47c3b5a12e214c6cddc00889fa61956fa3f53d2fa598e23
Opcode Fuzzy Hash: 0a4d086c3b7cc4a537b2038b92d6001679619ba62a591179617dfa1d1d013bcf
Instruction Fuzzy Hash: 5B31BC76708302CBE740AF2CE4C459EBBE0EB82766F48086EE8858F311D3B5D445CB92

Function 6468D614 Relevance: 7.6, APIs: 5, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e06e290566814414e9994de84d5af9e817499cfa26b6aca0bfe62dd2ee828f65
Instruction ID: 2fb9fc55804237e5229d44d46818fda6d38166c2dcf66ddc043640b3b6f26e45
Opcode Fuzzy Hash: e06e290566814414e9994de84d5af9e817499cfa26b6aca0bfe62dd2ee828f65
Instruction Fuzzy Hash: 0A31C2717082058FD704DF29D48065AB7E2EFD8324F15892ED8AD8B350D731D894CB72

Function 646A70F4 Relevance: 7.6, APIs: 5, Instructions: 89COMMON

Download Yara Rule

APIs

GetContextSuspended.MSIMG32 ref: 646A710A

Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,?,?,?,?,6468D754), ref: 6469CD3B
Part of subcall function 6469CD30: TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6468D754), ref: 6469CD49
Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,6468D754), ref: 6469CD5C
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDA3
Part of subcall function 6469CD30: TlsSetValue.KERNEL32(?,00000000), ref: 6469CDB9
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDD2

LookupUIntMapKey.MSIMG32 ref: 646A7125
alSetError.MSIMG32 ref: 646A7144
alSetError.MSIMG32 ref: 646A71E3

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$EnterErrorLeaveValue$ContextLookupSuspended
String ID:
API String ID: 65270113-0
Opcode ID: 4afd77ac52fba55cb0c3f6fb56a3fc6adc2014bad698ae2ade18b67e0dfb7700
Instruction ID: 7bb0294c5058421756add6d8866ad2fedc3ab823406dbad6524a64b03156abb8
Opcode Fuzzy Hash: 4afd77ac52fba55cb0c3f6fb56a3fc6adc2014bad698ae2ade18b67e0dfb7700
Instruction Fuzzy Hash: C421D371B08703DAD7013F18DD8868ABBE0FB82396F195999D89127395E331CCD58BDA

Function 645CF460 Relevance: 7.6, APIs: 5, Instructions: 86COMMON

Download Yara Rule

APIs

al_get_current_transform.MSIMG32 ref: 645CF496

Part of subcall function 64626940: al_get_target_bitmap.MSIMG32(?,?,645CF49B), ref: 64626943

al_copy_transform.MSIMG32 ref: 645CF4AA
al_invert_transform.MSIMG32 ref: 645CF4B2
al_transform_coordinates.MSIMG32 ref: 645CF4D4
al_transform_coordinates.MSIMG32 ref: 645CF51C

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_transform_coordinates$al_copy_transformal_get_current_transformal_get_target_bitmapal_invert_transform
String ID:
API String ID: 3087772260-0
Opcode ID: a8c18f36245a4239c6b98c99f791a6dc67deed6fe3a7777e7c31b01b148fc1f8
Instruction ID: 77c9e8e45bdb2f6c9e0211a8363fc332e70c0f8fa4b5aa34e33f26388d5c6d07
Opcode Fuzzy Hash: a8c18f36245a4239c6b98c99f791a6dc67deed6fe3a7777e7c31b01b148fc1f8
Instruction Fuzzy Hash: 7D31DBB5A09380DFC3209F24D58469ABBE1FFCA304F028C5CE9C86B250C7309965DB9B

Function 6466861C Relevance: 7.6, APIs: 5, Instructions: 77COMMON

Download Yara Rule

APIs

_al_event_source_needs_to_generate_event.MSIMG32 ref: 64668696

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: _al_event_source_needs_to_generate_event
String ID:
API String ID: 2335762959-0
Opcode ID: a6cc658ecc96b138cf8a2d6b9dbedfb077d4eabe46e5bd262b747a8f3b6bf554
Instruction ID: f632b2a0d392b02205ed2ec0556de24fcaaae8a4ef214692fc528b1296874514
Opcode Fuzzy Hash: a6cc658ecc96b138cf8a2d6b9dbedfb077d4eabe46e5bd262b747a8f3b6bf554
Instruction Fuzzy Hash: 293136B59193508FDB90DF29C45424EBBE4FB8A368F505A1EEAA893360C3719409CF97

Function 646A6704 Relevance: 7.6, APIs: 5, Instructions: 71COMMON

Download Yara Rule

APIs

GetContextSuspended.MSIMG32 ref: 646A671A

Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,?,?,?,?,6468D754), ref: 6469CD3B
Part of subcall function 6469CD30: TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6468D754), ref: 6469CD49
Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,6468D754), ref: 6469CD5C
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDA3
Part of subcall function 6469CD30: TlsSetValue.KERNEL32(?,00000000), ref: 6469CDB9
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDD2

LookupUIntMapKey.MSIMG32 ref: 646A6733
alSetError.MSIMG32 ref: 646A6752
alSetError.MSIMG32 ref: 646A6797
alSetError.MSIMG32 ref: 646A67D7

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$Error$EnterLeaveValue$ContextLookupSuspended
String ID:
API String ID: 1516355843-0
Opcode ID: 9ee60b5097aa22b4cd2e0b937702028f932a5fd10edb6e1e7956258ab4ace7dd
Instruction ID: 7f0c75f259fd525a4e567f46544b018a47fe693f6c38e24d052012bb15ce8345
Opcode Fuzzy Hash: 9ee60b5097aa22b4cd2e0b937702028f932a5fd10edb6e1e7956258ab4ace7dd
Instruction Fuzzy Hash: 9611B471A18702DAE7015F18D9C069EBBE0FFC23A4F10692EE8C117381D375C895CB86

Function 64668424 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_al_event_source_needs_to_generate_event.MSIMG32 ref: 64668471

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: _al_event_source_needs_to_generate_event
String ID:
API String ID: 2335762959-0
Opcode ID: 78764b4065b3845d468bb556c1aed12b8ffabeb41969f1a18ec50c377717fced
Instruction ID: f0970e8fc7bbadb9f848b21eacf45ae967e4918d1a0247aea0ca8e4919de22a2
Opcode Fuzzy Hash: 78764b4065b3845d468bb556c1aed12b8ffabeb41969f1a18ec50c377717fced
Instruction Fuzzy Hash: CC21F2B54183408FDB90DF15D49434EBBE8FB86368F40592EEA8897220C7759449DF93

Function 64668520 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_al_event_source_needs_to_generate_event.MSIMG32 ref: 6466856D

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: _al_event_source_needs_to_generate_event
String ID:
API String ID: 2335762959-0
Opcode ID: a5a7c3cd4bc33a189cc3ae86af24d858a2ac790895f873f3fc8a36f33f39a28c
Instruction ID: 90113ee67edd42e52f47528f9a1c6838a4e83e95cdb2885cd074e3b7c435af90
Opcode Fuzzy Hash: a5a7c3cd4bc33a189cc3ae86af24d858a2ac790895f873f3fc8a36f33f39a28c
Instruction Fuzzy Hash: 9E2114B59193408FDB90DF15D49474EBBE4FB86368F40992EEA8893320C3729809DF93

Function 6469755C Relevance: 7.6, APIs: 5, Instructions: 58COMMON

Download Yara Rule

APIs

GetContextSuspended.MSIMG32 ref: 64697577

Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,?,?,?,?,6468D754), ref: 6469CD3B
Part of subcall function 6469CD30: TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6468D754), ref: 6469CD49
Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,6468D754), ref: 6469CD5C
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDA3
Part of subcall function 6469CD30: TlsSetValue.KERNEL32(?,00000000), ref: 6469CDB9
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDD2

LookupUIntMapKey.MSIMG32 ref: 646975A2
alSetError.MSIMG32 ref: 646975B6
alSetError.MSIMG32 ref: 646975D7
alSetError.MSIMG32 ref: 646975FF

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$Error$EnterLeaveValue$ContextLookupSuspended
String ID:
API String ID: 1516355843-0
Opcode ID: 70029fe7c92b590330737125c102664b2a05c8d32466926101b61a7edb50f6d8
Instruction ID: 4c29e95dba83bbae5d074fd2d3212f86c40cea1d94f8d52252531153a231fc31
Opcode Fuzzy Hash: 70029fe7c92b590330737125c102664b2a05c8d32466926101b61a7edb50f6d8
Instruction Fuzzy Hash: 82117072608746CBD680AF25D88466FBBF0EFC1725F04492ED9844B301D7B6D845CB96

Function 646977E4 Relevance: 7.6, APIs: 5, Instructions: 58COMMON

Download Yara Rule

APIs

GetContextSuspended.MSIMG32 ref: 646977FF

Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,?,?,?,?,6468D754), ref: 6469CD3B
Part of subcall function 6469CD30: TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6468D754), ref: 6469CD49
Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,6468D754), ref: 6469CD5C
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDA3
Part of subcall function 6469CD30: TlsSetValue.KERNEL32(?,00000000), ref: 6469CDB9
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDD2

LookupUIntMapKey.MSIMG32 ref: 6469782A
alSetError.MSIMG32 ref: 6469783E
alSetError.MSIMG32 ref: 6469785F
alSetError.MSIMG32 ref: 64697887

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$Error$EnterLeaveValue$ContextLookupSuspended
String ID:
API String ID: 1516355843-0
Opcode ID: 70029fe7c92b590330737125c102664b2a05c8d32466926101b61a7edb50f6d8
Instruction ID: 6eb5db7ca5d9d10838b89ad6202c61062cf6c495079f704de60c6d76c837b79e
Opcode Fuzzy Hash: 70029fe7c92b590330737125c102664b2a05c8d32466926101b61a7edb50f6d8
Instruction Fuzzy Hash: 13119A726083068FE300AF19D58465EBBE0EFC2354F00496ED9898B301D3B2D849CB82

Function 6466C618 Relevance: 7.6, APIs: 5, Instructions: 56COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 6466C628
LeaveCriticalSection.KERNEL32(00000000,00000000), ref: 6466C649
ReleaseSemaphore.KERNEL32(?), ref: 6466C661
EnterCriticalSection.KERNEL32(00000000), ref: 6466C67D
LeaveCriticalSection.KERNEL32(00000000), ref: 6466C6A3

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$EnterLeave$ReleaseSemaphore
String ID:
API String ID: 1930678883-0
Opcode ID: de3bbfdc7d5ced9ed7315ffa156e9c2b9310bacbb8962f843a745b77f6457249
Instruction ID: 8eef87a8b8c840b046c06ec023403dd9d7cae7a6bd74305a1187ea938b47c524
Opcode Fuzzy Hash: de3bbfdc7d5ced9ed7315ffa156e9c2b9310bacbb8962f843a745b77f6457249
Instruction Fuzzy Hash: 78113CB16046209BEF40AF28D9C872ABBE8FF44714F458599E889DF309D334D844CBA3

Function 646A6668 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

GetContextSuspended.MSIMG32 ref: 646A667B

Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,?,?,?,?,6468D754), ref: 6469CD3B
Part of subcall function 6469CD30: TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6468D754), ref: 6469CD49
Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,6468D754), ref: 6469CD5C
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDA3
Part of subcall function 6469CD30: TlsSetValue.KERNEL32(?,00000000), ref: 6469CDB9
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDD2

LookupUIntMapKey.MSIMG32 ref: 646A6690
alSetError.MSIMG32 ref: 646A66AE
alAuxiliaryEffectSloti.MSIMG32 ref: 646A66D2
alSetError.MSIMG32 ref: 646A66FB

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$EnterErrorLeaveValue$AuxiliaryContextEffectLookupSlotiSuspended
String ID:
API String ID: 1044099641-0
Opcode ID: 24656d8d30873f7e769e9205cc9366330c41e9af7f7374bbe6357332235344cb
Instruction ID: 4f342753ea5a960fd19e4244934ab869adba47fb2da32dd26d6340f07e6b68c1
Opcode Fuzzy Hash: 24656d8d30873f7e769e9205cc9366330c41e9af7f7374bbe6357332235344cb
Instruction Fuzzy Hash: 190184726097419BD700AF1CD98049EBBE4EEC1354F48682EE9C487311D375D885DB93

Function 6466C6B0 Relevance: 7.6, APIs: 5, Instructions: 53COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 6466C6BF
LeaveCriticalSection.KERNEL32(00000000), ref: 6466C6DC
ReleaseSemaphore.KERNEL32(00000000), ref: 6466C6F8
EnterCriticalSection.KERNEL32 ref: 6466C715
LeaveCriticalSection.KERNEL32 ref: 6466C73B

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$EnterLeave$ReleaseSemaphore
String ID:
API String ID: 1930678883-0
Opcode ID: 06d423469d71e9f9510d47be472ae358e389256df6cc8bc6cc94237068db6a07
Instruction ID: 7520fce4c299e10973f8fd2362adbaab20ebfdd3ac8060a444a3bf80e9e066be
Opcode Fuzzy Hash: 06d423469d71e9f9510d47be472ae358e389256df6cc8bc6cc94237068db6a07
Instruction Fuzzy Hash: 0811FAB05046109BEF40EF28D5C875ABBE4FF55308F558499E8898F309D735D985CBA3

Function 646974BC Relevance: 7.6, APIs: 5, Instructions: 51COMMON

Download Yara Rule

APIs

GetContextSuspended.MSIMG32 ref: 646974CA

Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,?,?,?,?,6468D754), ref: 6469CD3B
Part of subcall function 6469CD30: TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6468D754), ref: 6469CD49
Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,6468D754), ref: 6469CD5C
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDA3
Part of subcall function 6469CD30: TlsSetValue.KERNEL32(?,00000000), ref: 6469CDB9
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDD2

LookupUIntMapKey.MSIMG32 ref: 646974E9
alSetError.MSIMG32 ref: 646974FD
alSetError.MSIMG32 ref: 6469751F
alSetError.MSIMG32 ref: 6469753F

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$Error$EnterLeaveValue$ContextLookupSuspended
String ID:
API String ID: 1516355843-0
Opcode ID: f649f4490f7878ac4973a38af9d16156600eba018c8dab068eeae2c25ff35dd3
Instruction ID: 9dfcb17e3381fe23e40cf3db89b7750f79980d909f53582991fcc128bda6ae19
Opcode Fuzzy Hash: f649f4490f7878ac4973a38af9d16156600eba018c8dab068eeae2c25ff35dd3
Instruction Fuzzy Hash: 3B0180726093418BE700AF18E88019EBBE0FF81768F540A6ED8844B202D7B9D845DB86

Function 64697608 Relevance: 7.6, APIs: 5, Instructions: 51COMMON

Download Yara Rule

APIs

GetContextSuspended.MSIMG32 ref: 64697616

Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,?,?,?,?,6468D754), ref: 6469CD3B
Part of subcall function 6469CD30: TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6468D754), ref: 6469CD49
Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,6468D754), ref: 6469CD5C
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDA3
Part of subcall function 6469CD30: TlsSetValue.KERNEL32(?,00000000), ref: 6469CDB9
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDD2

LookupUIntMapKey.MSIMG32 ref: 64697635
alSetError.MSIMG32 ref: 64697649
alSetError.MSIMG32 ref: 6469766B
alSetError.MSIMG32 ref: 6469768B

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$Error$EnterLeaveValue$ContextLookupSuspended
String ID:
API String ID: 1516355843-0
Opcode ID: f649f4490f7878ac4973a38af9d16156600eba018c8dab068eeae2c25ff35dd3
Instruction ID: b002ce0ece7808a7733a82be363d062ce0fd600ba934baac2b76bf597f4ca960
Opcode Fuzzy Hash: f649f4490f7878ac4973a38af9d16156600eba018c8dab068eeae2c25ff35dd3
Instruction Fuzzy Hash: FC0169726093428BE7006F1CD88059EBBE0FF81768F540A2ED8884B202D3B9D4459BC6

Function 64668144 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

_al_event_source_needs_to_generate_event.MSIMG32 ref: 6466818B
_al_event_source_lock.MSIMG32 ref: 6466819B
al_get_time.MSIMG32 ref: 646681A8
_al_event_source_emit_event.MSIMG32 ref: 64668208
_al_event_source_unlock.MSIMG32 ref: 64668214

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: _al_event_source_emit_event_al_event_source_lock_al_event_source_needs_to_generate_event_al_event_source_unlockal_get_time
String ID:
API String ID: 3964795395-0
Opcode ID: 8e04ef3764d65e90e2796b8b4e0d02adeac48fc56ab1b2a9b85284d3ee69cdf4
Instruction ID: 4e49e2cfc0ef89bacfb47d23bdd638dcac7e909f9e932997a9570f093d610759
Opcode Fuzzy Hash: 8e04ef3764d65e90e2796b8b4e0d02adeac48fc56ab1b2a9b85284d3ee69cdf4
Instruction Fuzzy Hash: C811D6B08193408FDB90DF25C46870EBBE4FB86768F40691EEA9856360C7759449CF97

Function 6469A650 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 48COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 6469A698
LeaveCriticalSection.KERNEL32 ref: 6469A6DF

Strings

:-, xrefs: 6469A69E
ALC_INVALID, xrefs: 6469A65D

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: :-$ALC_INVALID
API String ID: 3168844106-773629073
Opcode ID: 518bd2bea2430fefef528496fadf8275fd0a8fb3b24bc88037d85f9996abc20a
Instruction ID: 40b42a064ceb81dc64e152ae2273a96916976424afabfad1978b171943b41cf2
Opcode Fuzzy Hash: 518bd2bea2430fefef528496fadf8275fd0a8fb3b24bc88037d85f9996abc20a
Instruction Fuzzy Hash: E20156B0B192479FD750AF2D898891A77E4BF66758F820A6DE484D7300E774D444CB53

Function 647D25E8 Relevance: 7.5, APIs: 5, Instructions: 47COMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32 ref: 647D2630
InitializeCriticalSection.KERNEL32(?,?,?,?,?,?,?,647D27C9), ref: 647D2643
InitializeCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,647D27C9), ref: 647D2650
EnterCriticalSection.KERNEL32(?,?,?,?,?,647D27C9), ref: 647D2679

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$Initialize$EnterExchangeInterlocked
String ID:
API String ID: 33273390-0
Opcode ID: ed05b28e7f7e6a5b06719bf020d927c88a5a2381bb755a831bda42fa2a49f1ac
Instruction ID: 6816b1c9386aa1c033d707e979f003d3a8d77d01169ef34e021b2041fe6e086a
Opcode Fuzzy Hash: ed05b28e7f7e6a5b06719bf020d927c88a5a2381bb755a831bda42fa2a49f1ac
Instruction Fuzzy Hash: C901A2F05187048ADB10BF68CF9E69D36F8DB43308F8109A8D484C7712E335A199CBA3

Function 6467C44C Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 289COMMON

Download Yara Rule

APIs

SzReadPackInfo.MSIMG32 ref: 6467C6A5

Strings

, xrefs: 6467C4F0

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: InfoPackRead
String ID:
API String ID: 2329571848-3916222277
Opcode ID: 4c26cff3042437837f2ea14a2b70cefb7eb7a90b3fa293b1cc2b66068202ee88
Instruction ID: fee1cbb9bf87763e28c14b759cacbe17779a173fb97effe531bbe0c499810ac2
Opcode Fuzzy Hash: 4c26cff3042437837f2ea14a2b70cefb7eb7a90b3fa293b1cc2b66068202ee88
Instruction Fuzzy Hash: 92D1E0B46087818FE360CF19C08065AFBE1BFCA348F14992DE9E98B215E776D545CB92

Function 64621770 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 57COMMON

Download Yara Rule

APIs

al_malloc_with_context.MSIMG32 ref: 646217F3

Strings

_al_ogl_persist_fbo, xrefs: 646217D4
z, xrefs: 646217E4
d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\opengl\ogl_display.c, xrefs: 646217DC

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_malloc_with_context
String ID: _al_ogl_persist_fbo$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\opengl\ogl_display.c$z
API String ID: 1952898122-3537748329
Opcode ID: d27d03f2364d636bd05497285b407ab2c2b83af366b14ac7f37a5c1f5579d9cb
Instruction ID: b3b084c18573229d71cb58ab6dee43137b3d8bb181311c4792d30034ea5c5fe3
Opcode Fuzzy Hash: d27d03f2364d636bd05497285b407ab2c2b83af366b14ac7f37a5c1f5579d9cb
Instruction Fuzzy Hash: 9D112E701043059FE708CF49D4C4BDA7BA2BBE0714FA9C5B4D4590FA56E3B799988F81

Function 6460A548 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON

Download Yara Rule

APIs

al_malloc_with_context.MSIMG32 ref: 6460A57F

Strings

list_do_create, xrefs: 6460A559
n, xrefs: 6460A569
d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\list.c, xrefs: 6460A561

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_malloc_with_context
String ID: d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\list.c$list_do_create$n
API String ID: 1952898122-3791741500
Opcode ID: b77d6d8cf33febdfc0b983e3ac3765af55de53107f6867ce279f15efac67cb42
Instruction ID: caf6ac53243247c9c95184a2ac91fa3e1b9c1e0bd1c221c1f0f7f5e92492ec82
Opcode Fuzzy Hash: b77d6d8cf33febdfc0b983e3ac3765af55de53107f6867ce279f15efac67cb42
Instruction Fuzzy Hash: E511F0B09053018FD709CF18E288B56BBE0BB54714F06C6AEC4494F262E379C985CBA2

Function 645C3024 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMON

Download Yara Rule

APIs

_al_add_exit_func.MSIMG32 ref: 645C305A

Part of subcall function 645FF32C: al_malloc_with_context.MSIMG32(?,?,?,?,?,?,?,645C49EF,?,?,?,?,?,?,645C1275), ref: 645FF36F

register_dumbfile_system.MSIMG32 ref: 645C311B

Strings

shutdown_libdumb, xrefs: 645C3043
Xl, xrefs: 645C30E1

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: _al_add_exit_funcal_malloc_with_contextregister_dumbfile_system
String ID: Xl$shutdown_libdumb
API String ID: 1547552505-4230594647
Opcode ID: c814d9a5d352a530c2c6051a3e69ff669a1a87b704753781f2802cc242212b19
Instruction ID: 406b8f49e590636e0e7ef2f79ade6d978c1ec3f52cc4d38e581803231dea327b
Opcode Fuzzy Hash: c814d9a5d352a530c2c6051a3e69ff669a1a87b704753781f2802cc242212b19
Instruction Fuzzy Hash: AF21BBB491D3B08ADB12EF54A6BA79E7FA1E7A2354F50290DE5444BB01C3318444EF93

Function 6460B034 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

al_realloc_with_context.MSIMG32(?,?,?,?,?,?,?,?,?,00000000,?,645C4998), ref: 6460B08B
al_malloc_with_context.MSIMG32(?,?,?,?,?,?,?,?,00000000,?,645C4998), ref: 6460B0BD

Strings

_al_vector_alloc_back, xrefs: 6460B064, 6460B0A0
d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\vector.c, xrefs: 6460B06C, 6460B0A8

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_malloc_with_contextal_realloc_with_context
String ID: _al_vector_alloc_back$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\vector.c
API String ID: 4147073182-1904331329
Opcode ID: 9bb11b0155e851343474237aaeaf45c598d58df8045a08a546a837729836b08e
Instruction ID: 2b6346b1aabc8bb4ed0993bf196785f72872739013765aaeb75e764284504407
Opcode Fuzzy Hash: 9bb11b0155e851343474237aaeaf45c598d58df8045a08a546a837729836b08e
Instruction Fuzzy Hash: 431116B0609201CFDB08CF15C6C1A1ABBA0AFA4B00B04C65DD8598F349D735D880CFA2

Function 645C502C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

_al_add_exit_func.MSIMG32 ref: 645C50AE

Strings

acodec_shutdown, xrefs: 645C509F

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: _al_add_exit_func
String ID: acodec_shutdown
API String ID: 3389651410-2554684679
Opcode ID: 4e0b76da569842078f21319d1c85612e9ff12bdd4c7b3c105ae29db3461fa3a0
Instruction ID: 39bd6b171352cc8bbc542c7a825a971ae9cc98d132b72aaff57e7370605d01ef
Opcode Fuzzy Hash: 4e0b76da569842078f21319d1c85612e9ff12bdd4c7b3c105ae29db3461fa3a0
Instruction Fuzzy Hash: FB01B53160E3648BD740AFE9958469ABBE0FF82714F80493EE988E7300D3319448E7D3

Function 645CB604 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

al_lock_mutex.MSIMG32 ref: 645CB61A

Part of subcall function 646241FC: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,645C6454), ref: 6462420C

_al_set_error.MSIMG32 ref: 645CB65B
al_unlock_mutex.MSIMG32 ref: 645CB679

Strings

Attempted to set a stream buffer with a full pending list, xrefs: 645CB64C

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalEnterSection_al_set_erroral_lock_mutexal_unlock_mutex
String ID: Attempted to set a stream buffer with a full pending list
API String ID: 2140769180-402962720
Opcode ID: b105e0565aefb36017b25aa0cdd18da2b1af02e199da800a180d122896bcedd8
Instruction ID: 1d1100d8217d64c39a43cc9a99ebf603faea071ac93e69c85bb034b43653927e
Opcode Fuzzy Hash: b105e0565aefb36017b25aa0cdd18da2b1af02e199da800a180d122896bcedd8
Instruction Fuzzy Hash: D0018F70B057018FEB00EFE5E480B6AB7E4BFA1308F15882CD49A5B310D731E881EB12

Function 6460B608 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

al_get_system_driver.MSIMG32 ref: 6460B620
al_get_system_driver.MSIMG32 ref: 6460B62E

Strings

al_uninstall_mouse, xrefs: 6460B654

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_get_system_driver
String ID: al_uninstall_mouse
API String ID: 1341023863-2041781395
Opcode ID: 2c347ee49c03d4323db83c17969c5c257fff7dc945b0d626a46b8781e1e8bd6d
Instruction ID: e0cbc91c8f361ba97807215817e83507823105a8313af5a58d9a211110667962
Opcode Fuzzy Hash: 2c347ee49c03d4323db83c17969c5c257fff7dc945b0d626a46b8781e1e8bd6d
Instruction Fuzzy Hash: A4F058B4B653028FEB08AFB482A861A3BA0FB62F05F45D89CC8504B725CB30D405DF96

Function 64602048 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

al_get_system_driver.MSIMG32 ref: 64602060
al_get_system_driver.MSIMG32 ref: 6460206E

Strings

al_uninstall_keyboard, xrefs: 64602094

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_get_system_driver
String ID: al_uninstall_keyboard
API String ID: 1341023863-2368255855
Opcode ID: abc0cd504c3122a6d90dd2dcffdee012a97f0b53d1b8e6d111cbda16e01e0cfa
Instruction ID: 5b3cc521f56de48836ca14c332f0dd1e26ff914de32c69c7dddb880c4a69535c
Opcode Fuzzy Hash: abc0cd504c3122a6d90dd2dcffdee012a97f0b53d1b8e6d111cbda16e01e0cfa
Instruction Fuzzy Hash: 35F08234244311CFEB489F74C2A869A37A4FF62B46B41C45DC8424B711CB31D845DB96

Function 6462145C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON

Download Yara Rule

APIs

_al_ogl_reset_fbo_info.MSIMG32 ref: 646214A0
al_free_with_context.MSIMG32 ref: 646214CF

Strings

al_remove_opengl_fbo, xrefs: 646214B4
d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\opengl\ogl_bitmap.c, xrefs: 646214BC

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: _al_ogl_reset_fbo_infoal_free_with_context
String ID: al_remove_opengl_fbo$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\opengl\ogl_bitmap.c
API String ID: 4148522327-144059565
Opcode ID: f6eca4f28b05606c42f65e8f5505631cc118fdec73fd541851d46ea8ce50a99b
Instruction ID: e867aea86596b187fcb39a324631e2a1fb18aa6891dbc98e297c8d171829be93
Opcode Fuzzy Hash: f6eca4f28b05606c42f65e8f5505631cc118fdec73fd541851d46ea8ce50a99b
Instruction Fuzzy Hash: 6FF032B19097009BEB80AF24C68978ABFE5AF51314F49C8ACD88C4F352D7398084CF63

Function 6460A4C4 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 27COMMON

Download Yara Rule

APIs

al_malloc_with_context.MSIMG32 ref: 6460A4E6

Strings

list_do_create, xrefs: 6460A4C7
n, xrefs: 6460A4D7
d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\list.c, xrefs: 6460A4CF

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_malloc_with_context
String ID: d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\list.c$list_do_create$n
API String ID: 1952898122-3791741500
Opcode ID: 93bbb9746d1e2876b9def7bff9e67122de862617ef887ae968cd142e0117dabf
Instruction ID: 9a891155fabcf612c4c5db10d9fb86f1f32c5d0f0e3d9b518431940f72e8650c
Opcode Fuzzy Hash: 93bbb9746d1e2876b9def7bff9e67122de862617ef887ae968cd142e0117dabf
Instruction Fuzzy Hash: 9C0149B04013418EE709DF05C258B16BEE0BF94318F46C698C4484F2B2E3BAC548CF96

Function 645FF72C Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 16COMMON

Download Yara Rule

APIs

al_free_with_context.MSIMG32(?,?,?,?,?,?,00000000,645C1F6E), ref: 645FF75B

Strings

Z, xrefs: 645FF750
al_fclose, xrefs: 645FF740
d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\file.c, xrefs: 645FF748

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_free_with_context
String ID: Z$al_fclose$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\file.c
API String ID: 3891110267-2780915165
Opcode ID: a60ec66eae86d10742619f0db1c9cd4867d5a795c8a1404be735fc773e4ef3ee
Instruction ID: e6db915b36a5815888a8a5fae08da547e8ea76096e31be4bd16732b91c87b37c
Opcode Fuzzy Hash: a60ec66eae86d10742619f0db1c9cd4867d5a795c8a1404be735fc773e4ef3ee
Instruction Fuzzy Hash: 4CE0E2B51087048FD700AF24CAC5A2ABBE4AF95706F41C95CE5991B302D339D4458F43

Function 6462416C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15COMMON

Download Yara Rule

APIs

al_malloc_with_context.MSIMG32(?,?,?,?,?,?,?,?,?,645CBF68), ref: 6462418E
_al_mutex_init.MSIMG32(?,?,?,?,?,?,?,?,?,645CBF68), ref: 646241A4

Part of subcall function 6466C464: InitializeCriticalSection.KERNEL32(?,?,?,?,?,645FF18C), ref: 6466C475

Strings

d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\threads.c, xrefs: 64624177
al_create_mutex, xrefs: 6462416F

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalInitializeSection_al_mutex_inital_malloc_with_context
String ID: al_create_mutex$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\threads.c
API String ID: 1876999276-983446473
Opcode ID: 71ae4cb9aa60639c8403ab5cc20f37b813379760fe911796c8bd6b6592fc648f
Instruction ID: 1bfd3f29e66cf6a865e7195e84b73827b81c510baf58b59cfa42d3668cbbe2bf
Opcode Fuzzy Hash: 71ae4cb9aa60639c8403ab5cc20f37b813379760fe911796c8bd6b6592fc648f
Instruction Fuzzy Hash: 77E0B6B04087019EEB05DF26D98131ABBE0AF90744F41C81CE4948B345D779C149CF47

Function 647D4670 Relevance: 6.1, APIs: 4, Instructions: 114COMMON

Download Yara Rule

APIs

_Unwind_GetRegionStart.MSIMG32(?,?,?,?,?,?,?,?,?,?,647D5A2D), ref: 647D468A
_Unwind_GetDataRelBase.MSIMG32(?,?,?,?,?,?,?,?,?,?,647D5A2D), ref: 647D46DD

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: Unwind_$BaseDataRegionStart
String ID:
API String ID: 1729040362-0
Opcode ID: f5ae3ec762c2a2afc9b70da09c811eb4c602040e15e1ffbd46ecde8e5eff9298
Instruction ID: 3e62480add65a856f3dc60cf2e06fa12017a7dfdc7771c199748a40efba546ad
Opcode Fuzzy Hash: f5ae3ec762c2a2afc9b70da09c811eb4c602040e15e1ffbd46ecde8e5eff9298
Instruction Fuzzy Hash: 3531F6716182018FD308CF39C59036ABBEBAFD6364F15896ED4E98B391DB36C44ADB41

Function 64622480 Relevance: 6.1, APIs: 4, Instructions: 99COMMON

Download Yara Rule

APIs

al_get_separate_blender.MSIMG32 ref: 646224D9

Part of subcall function 64625844: __emutls_get_address.MSIMG32(?,?,?,?,?,?,646028EB), ref: 6462585A

glEnable.OPENGL32 ref: 64622511
glBlendFunc.OPENGL32(00000000), ref: 6462252E
glEnable.OPENGL32 ref: 64622543

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: Enable$BlendFunc__emutls_get_addressal_get_separate_blender
String ID:
API String ID: 1456100686-0
Opcode ID: 219d46cc05f4a93b1cc36d46775d1a10bec7a25a18e12a1ce3a79a407bcba6a3
Instruction ID: 7ad37ef06012697a28275b5d847b5e75c5d2eb4ad6e270af4debfa16791c411a
Opcode Fuzzy Hash: 219d46cc05f4a93b1cc36d46775d1a10bec7a25a18e12a1ce3a79a407bcba6a3
Instruction Fuzzy Hash: AB418B766093409FC740EF68E18888EFBF4BB88715F50992EF9A4C7314E631E944CB82

Function 645FE4E4 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 645FE4FD
_al_cond_timedwait.MSIMG32 ref: 645FE522
_al_vector_ref.MSIMG32 ref: 645FE544
LeaveCriticalSection.KERNEL32(?), ref: 645FE572

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$EnterLeave_al_cond_timedwait_al_vector_ref
String ID:
API String ID: 4261550731-0
Opcode ID: 716e76f4f33016b6ba7f91e0f182b1a9aba197964ba7554f2ae5617817c6053b
Instruction ID: 301f0d55eecff1c56995216cc2601143ba4cd9d73105e9f8f38774fca7527d6f
Opcode Fuzzy Hash: 716e76f4f33016b6ba7f91e0f182b1a9aba197964ba7554f2ae5617817c6053b
Instruction Fuzzy Hash: EB1160B06083018BDB44DF2998C065A7BE5EF89344F118969E8988B205E730EC46DF93

Function 645CC62C Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

al_lock_mutex.MSIMG32 ref: 645CC656
al_unlock_mutex.MSIMG32 ref: 645CC66E
al_lock_mutex.MSIMG32 ref: 645CC685
al_unlock_mutex.MSIMG32 ref: 645CC6AA

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_lock_mutexal_unlock_mutex
String ID:
API String ID: 2451852483-0
Opcode ID: eba26191b8e5e882f9321618bc31f5cd50f84c3a51b6ff5725c4400db657c72b
Instruction ID: aaf06af8bd1122f1cb1aaabeba6d8146d6460b12c8d953e596c1eda73935668e
Opcode Fuzzy Hash: eba26191b8e5e882f9321618bc31f5cd50f84c3a51b6ff5725c4400db657c72b
Instruction Fuzzy Hash: 091125B420A3819FCB05DFB985C456ABFE0AF59204F45688DECD48B312D335C499DFA2

Function 646970CC Relevance: 6.0, APIs: 4, Instructions: 35COMMON

Download Yara Rule

APIs

GetContextSuspended.MSIMG32 ref: 646970D5

Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,?,?,?,?,6468D754), ref: 6469CD3B
Part of subcall function 6469CD30: TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6468D754), ref: 6469CD49
Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,6468D754), ref: 6469CD5C
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDA3
Part of subcall function 6469CD30: TlsSetValue.KERNEL32(?,00000000), ref: 6469CDB9
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDD2

LookupUIntMapKey.MSIMG32 ref: 646970F0
alSetError.MSIMG32 ref: 64697104
alSetError.MSIMG32 ref: 6469712B

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$EnterErrorLeaveValue$ContextLookupSuspended
String ID:
API String ID: 65270113-0
Opcode ID: bab3da4ffe5dbb8b93d47ecdf7ce71128e69a3095a96e0dfa2adc238dc004c97
Instruction ID: 074ef16ee910a4bfb6013da3be91bdb070a5056dc18250bbfcec4e03192aeeed
Opcode Fuzzy Hash: bab3da4ffe5dbb8b93d47ecdf7ce71128e69a3095a96e0dfa2adc238dc004c97
Instruction Fuzzy Hash: 53F054B15093428BE700BF28988518FBBE0BF45318F494A7ED8C95B302D7B9D445D7D6

Function 64697140 Relevance: 6.0, APIs: 4, Instructions: 35COMMON

Download Yara Rule

APIs

GetContextSuspended.MSIMG32 ref: 64697149

Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,?,?,?,?,6468D754), ref: 6469CD3B
Part of subcall function 6469CD30: TlsGetValue.KERNEL32(00000000,?,?,?,?,?,6468D754), ref: 6469CD49
Part of subcall function 6469CD30: EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,?,6468D754), ref: 6469CD5C
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDA3
Part of subcall function 6469CD30: TlsSetValue.KERNEL32(?,00000000), ref: 6469CDB9
Part of subcall function 6469CD30: LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,?,?,?,?,6468D754), ref: 6469CDD2

LookupUIntMapKey.MSIMG32 ref: 64697164
alSetError.MSIMG32 ref: 64697178
alSetError.MSIMG32 ref: 6469719F

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalSection$EnterErrorLeaveValue$ContextLookupSuspended
String ID:
API String ID: 65270113-0
Opcode ID: bab3da4ffe5dbb8b93d47ecdf7ce71128e69a3095a96e0dfa2adc238dc004c97
Instruction ID: e981748186afd8d278ef74dc59c4548347b3a8bd90ab12af77d19c10d11bb6e8
Opcode Fuzzy Hash: bab3da4ffe5dbb8b93d47ecdf7ce71128e69a3095a96e0dfa2adc238dc004c97
Instruction Fuzzy Hash: F9F030B15093428BE700BF28988418EBBE0BF45318F49497ED8C94B202D7B9D445D796

Function 646694E0 Relevance: 6.0, APIs: 4, Instructions: 32timeCOMMON

Download Yara Rule

APIs

_al_mutex_init.MSIMG32 ref: 646694FE

Part of subcall function 6466C464: InitializeCriticalSection.KERNEL32(?,?,?,?,?,645FF18C), ref: 6466C475

QueryPerformanceFrequency.KERNEL32 ref: 6466950A
QueryPerformanceCounter.KERNEL32 ref: 64669537
timeGetTime.WINMM ref: 6466955E

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: PerformanceQuery$CounterCriticalFrequencyInitializeSectionTime_al_mutex_inittime
String ID:
API String ID: 919568344-0
Opcode ID: c0c7b7efee7bf35bd0bfcca0e62630ee600daff1bb751c27d2312bd683008aa6
Instruction ID: 7325077a2ce053db72ad62e19ad911d6d12d72d221a10dc8b49d65e74c0faa38
Opcode Fuzzy Hash: c0c7b7efee7bf35bd0bfcca0e62630ee600daff1bb751c27d2312bd683008aa6
Instruction Fuzzy Hash: 6C0172F4408712CBEB40DF6DC1A97597BE4EB69628F40181DE898A7301E3349189CFA3

Function 645CE641 Relevance: 6.0, APIs: 4, Instructions: 26COMMON

Download Yara Rule

APIs

_al_vector_ref_back.MSIMG32 ref: 645CE65F
_al_vector_delete_at.MSIMG32 ref: 645CE67F
_al_vector_free.MSIMG32 ref: 645CE694

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: _al_vector_delete_at_al_vector_free_al_vector_ref_back
String ID:
API String ID: 3763777568-0
Opcode ID: 943e79eed26ae0ceab7b726c479973ff21cd3ae0fcb2067619e10c5a2855e01a
Instruction ID: 926ec68432e546a21eebca6e97e7dd31b93f789a6683265501b73da0f7730482
Opcode Fuzzy Hash: 943e79eed26ae0ceab7b726c479973ff21cd3ae0fcb2067619e10c5a2855e01a
Instruction Fuzzy Hash: 96F05EB85386508FDB51EFACA1A115CBFE0EB26704F81492CD284C7721D7309556EB97

Function 645CF064 Relevance: 6.0, APIs: 4, Instructions: 16COMMON

Download Yara Rule

APIs

al_store_state.MSIMG32 ref: 645CF07D

Part of subcall function 64625D6C: __emutls_get_address.MSIMG32 ref: 64625D82

al_set_new_bitmap_flags.MSIMG32 ref: 645CF089

Part of subcall function 64625A40: __emutls_get_address.MSIMG32 ref: 64625A51

al_set_new_bitmap_format.MSIMG32 ref: 645CF095

Part of subcall function 64625978: __emutls_get_address.MSIMG32 ref: 64625984

al_load_bitmap.MSIMG32 ref: 645CF0A4

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: __emutls_get_address$al_load_bitmapal_set_new_bitmap_flagsal_set_new_bitmap_formatal_store_state
String ID:
API String ID: 1278721789-0
Opcode ID: cfa58cd8a80f06395766928dbdeafced68ef1e3ded010a25acf7c7a4ea158a5d
Instruction ID: b1c8036d4e5ece54fff24ae394037d8ff83f56cb1b2536d4e6efe70b3be1a8b3
Opcode Fuzzy Hash: cfa58cd8a80f06395766928dbdeafced68ef1e3ded010a25acf7c7a4ea158a5d
Instruction Fuzzy Hash: C2E0ECB0409750ABE3206F60C44976FBEE8AF41748F010C0CA4C847245C77854458B9B

Function 645C1718 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 231COMMON

Download Yara Rule

APIs

al_realloc_with_context.MSIMG32 ref: 645C1787

Strings

d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\acodec\flac.c, xrefs: 645C176B
write_callback, xrefs: 645C1763

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_realloc_with_context
String ID: d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\acodec\flac.c$write_callback
API String ID: 3259472294-332495956
Opcode ID: c73fe7831f11a9184b7ced93dc4ba2ef567865fef24fe93ff5946f94bfc68af7
Instruction ID: cdd90a2170d2a85ee914c281c7185bf531e34309a9d9dd71ea0dde9277dadb92
Opcode Fuzzy Hash: c73fe7831f11a9184b7ced93dc4ba2ef567865fef24fe93ff5946f94bfc68af7
Instruction Fuzzy Hash: E4A11E35A083458FCB14CF59C58099ABBE2FF89358F558A6DF88AA7311D330E951CF82

Function 645C570C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON

Download Yara Rule

APIs

al_free_with_context.MSIMG32 ref: 645C58A3

Strings

_dsound_load_voice, xrefs: 645C5888
d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\audio\dsound.cpp, xrefs: 645C5890

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_free_with_context
String ID: _dsound_load_voice$d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\audio\dsound.cpp
API String ID: 3891110267-4045805578
Opcode ID: a6f65c24fce3d4c104d2a533c97624ace96a43e8b8d4f8528df676ca6af7a397
Instruction ID: 23d4868becd82f12cfba38a5881a082659cb7ba014b6b74bb6920b0392e4c802
Opcode Fuzzy Hash: a6f65c24fce3d4c104d2a533c97624ace96a43e8b8d4f8528df676ca6af7a397
Instruction Fuzzy Hash: 9E5103B56083008FD708DF69D18465ABBE0FF88314F048A6EE8899B355E775E948CF86

Function 6468714C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON

Download Yara Rule

Strings

/, xrefs: 64687204
Out of memory, xrefs: 6468723E

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID:
String ID: /$Out of memory
API String ID: 0-4188590783
Opcode ID: 6e4329ee63dd591d4c191b6c2e3c0f17dcb2645e43b9d4bb32126cd5a0f44465
Instruction ID: 4138c8e4f24be1984ffb92626855395c41b538dd5c3f40eaaa69c61779b34122
Opcode Fuzzy Hash: 6e4329ee63dd591d4c191b6c2e3c0f17dcb2645e43b9d4bb32126cd5a0f44465
Instruction Fuzzy Hash: C121CF717197408FE340AFB98E9462EBBE1EF85325F15492CF894C7781DB31C8419BA2

Function 64604454 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

al_realloc_with_context.MSIMG32 ref: 646044A9

Strings

_al_ballocmin, xrefs: 6460448A
d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\bstrlib.c, xrefs: 64604492

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_realloc_with_context
String ID: _al_ballocmin$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\bstrlib.c
API String ID: 3259472294-3235366453
Opcode ID: ad0cd588fac4691eb1fc00d7f8fb875435daaa3c4e282b4eac84209d80f2d266
Instruction ID: ac9d00e4f061fbf107edf3927f0f9cebd97e87bfbc7246a28376baf6a3e367be
Opcode Fuzzy Hash: ad0cd588fac4691eb1fc00d7f8fb875435daaa3c4e282b4eac84209d80f2d266
Instruction Fuzzy Hash: E911E5715083114BEB28AE15A6C026A77D0EBB1B24F1AC75DE8689F244D3B0C8D0CB92

Function 6460A750 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

al_malloc_with_context.MSIMG32 ref: 6460A7B6

Strings

list_create_item, xrefs: 6460A798
d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\list.c, xrefs: 6460A7A0

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_malloc_with_context
String ID: d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\list.c$list_create_item
API String ID: 1952898122-1382902512
Opcode ID: a0e5e94efcc9d716c4706adf3afbd5016accb0d829eee7b3f5938119101ae063
Instruction ID: be60a3961ca04509adedaec9c6219fa01ba488a30bf49f0c57cd27bb04ac3c94
Opcode Fuzzy Hash: a0e5e94efcc9d716c4706adf3afbd5016accb0d829eee7b3f5938119101ae063
Instruction Fuzzy Hash: F40190B86057008FDB08DF19D284A16BBF4FF98754B19CA9DD8998B326D330E841CF92

Function 6460A6E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON

Download Yara Rule

APIs

al_malloc_with_context.MSIMG32 ref: 6460A746

Strings

list_create_item, xrefs: 6460A728
d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\list.c, xrefs: 6460A730

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_malloc_with_context
String ID: d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\list.c$list_create_item
API String ID: 1952898122-1382902512
Opcode ID: 65ec21784a4fb4f3eb1da1f7eb777cced725470788596bc6b9fd9b250d9feb3e
Instruction ID: d1a455518a6eeae5ed75c2fd3ec7cad520c4ddab69bb94f29c44ba1bd68a0971
Opcode Fuzzy Hash: 65ec21784a4fb4f3eb1da1f7eb777cced725470788596bc6b9fd9b250d9feb3e
Instruction Fuzzy Hash: 5201AEB86057008FDB04DF19D284A07BBF4BF98744B1ACA9DD8984B31AD330E841CF92

Function 6460A7C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON

Download Yara Rule

APIs

al_malloc_with_context.MSIMG32 ref: 6460A826

Strings

list_create_item, xrefs: 6460A808
d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\list.c, xrefs: 6460A810

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_malloc_with_context
String ID: d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\list.c$list_create_item
API String ID: 1952898122-1382902512
Opcode ID: 1b45beb5f4d006d4bd6189ae8e180cdd5aca486e5964f400b11f31723f9e49e7
Instruction ID: 13844e91bb1ffe68fa010b098c77fb5ce20ed5957ca9c90b815001eedc968354
Opcode Fuzzy Hash: 1b45beb5f4d006d4bd6189ae8e180cdd5aca486e5964f400b11f31723f9e49e7
Instruction Fuzzy Hash: 0A01A2B46057018FDB14DF19D684A06BBE4FF98754B16CA99D8988B326D330E841CF91

Function 646846C4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

__PHYSFS_setError.MSIMG32 ref: 64684717

Strings

Already initialized, xrefs: 64684710
ctSound8, xrefs: 646846F4

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: ErrorS_set
String ID: Already initialized$ctSound8
API String ID: 1705320395-1688943339
Opcode ID: 1307332c5f85a5f8e09a8c2f4533936c070dff77c1a896e7fad90897377c6c2d
Instruction ID: 2dd49b2b33a6c63b4d1da9f32953d53826089691c82cb0da82474d73ca39297e
Opcode Fuzzy Hash: 1307332c5f85a5f8e09a8c2f4533936c070dff77c1a896e7fad90897377c6c2d
Instruction Fuzzy Hash: 6BF065A3B0516147DF41AA2DB81128F3391DB91225F8B05B9E845DB748F665C8C1DBE2

Function 646884B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 646884BD
__PHYSFS_setError.MSIMG32 ref: 646884E4

Strings

irectSoundCapture, xrefs: 646884CA

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CloseErrorHandleS_set
String ID: irectSoundCapture
API String ID: 3715666886-4189381426
Opcode ID: 7dda15599011f63b213752b47126f2f82bd68824eaa3766037603912e5e816fe
Instruction ID: 73dcec4594e41c8f51987a8b85b35d3f79f241e6f92805f6de15d423d82f1c9b
Opcode Fuzzy Hash: 7dda15599011f63b213752b47126f2f82bd68824eaa3766037603912e5e816fe
Instruction Fuzzy Hash: 16E0ECF151670A4FDB007F7888D851E7BE4AF45245F810C9CE88487342E73980908BA6

Function 6460B42C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON

Download Yara Rule

APIs

al_free_with_context.MSIMG32 ref: 6460B456

Strings

d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\vector.c, xrefs: 6460B443
_al_vector_free, xrefs: 6460B43B

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_free_with_context
String ID: _al_vector_free$d:\Libraries\build\allegro\src\allegro-git\allegro-git\src\misc\vector.c
API String ID: 3891110267-501157153
Opcode ID: c25dc08dce8457cfd33bcfc512d42d1d109220699860616a21e6ab7eb62ef5fe
Instruction ID: b97eed7535136df4fed3a77349134c1b7bed51c8029776dec47709e45326220d
Opcode Fuzzy Hash: c25dc08dce8457cfd33bcfc512d42d1d109220699860616a21e6ab7eb62ef5fe
Instruction Fuzzy Hash: A6E0B6F0504300DBEB009F14CAD571ABBE4BB90709F45C58CD8884F346D379C4448FA6

Function 645C5538 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13COMMON

Download Yara Rule

APIs

al_free_with_context.MSIMG32 ref: 645C555E

Strings

d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\audio\dsound.cpp, xrefs: 645C5548
_dsound_deallocate_voice, xrefs: 645C5540

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_free_with_context
String ID: _dsound_deallocate_voice$d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\audio\dsound.cpp
API String ID: 3891110267-3731721041
Opcode ID: 28927d8042de5e4806c5bc53fbf28f7e6b36f03ce72f995022d82fe95bef4869
Instruction ID: 486168d7388c85e39e35adbd9132b0623272262885e37b2c1cb3f0a22497ad92
Opcode Fuzzy Hash: 28927d8042de5e4806c5bc53fbf28f7e6b36f03ce72f995022d82fe95bef4869
Instruction Fuzzy Hash: 69D017F45083008BC700AF14D5C570A7BF0AB58318F618A4CE8880B306D334C4949FC2

Function 645CC7DC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13COMMON

Download Yara Rule

APIs

al_free_with_context.MSIMG32 ref: 645CC802

Strings

_openal_deallocate_voice, xrefs: 645CC7E4
d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\audio\openal.c, xrefs: 645CC7EC

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: al_free_with_context
String ID: _openal_deallocate_voice$d:\Libraries\build\allegro\src\allegro-git\allegro-git\addons\audio\openal.c
API String ID: 3891110267-1465153062
Opcode ID: 613ffe57799bd63da45c6f47dccb8222fdc94faecef7ac681f613eabb4a8cb90
Instruction ID: ac8d5e34146807a966b69afd112f47d0c5fe2a70945cf6b593c7b46b4c851953
Opcode Fuzzy Hash: 613ffe57799bd63da45c6f47dccb8222fdc94faecef7ac681f613eabb4a8cb90
Instruction Fuzzy Hash: 24D067F44047449BDB01AF94DAC571A7BE4BB98319F918A4CE8880B346D335D495CF8A

Function 646245C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 8COMMON

Download Yara Rule

APIs

_al_mutex_init.MSIMG32 ref: 646245CA

Part of subcall function 6466C464: InitializeCriticalSection.KERNEL32(?,?,?,?,?,645FF18C), ref: 6466C475

_al_add_exit_func.MSIMG32 ref: 646245DE

Part of subcall function 645FF32C: al_malloc_with_context.MSIMG32(?,?,?,?,?,?,?,645C49EF,?,?,?,?,?,?,645C1275), ref: 645FF36F

Strings

shutdown_timers, xrefs: 646245CF

Memory Dump Source

Source File: 00000000.00000002.1847851213.00000000645C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 645C0000, based on PE: true

Associated: 00000000.00000002.1847831521.00000000645C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848012522.00000000647DA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848030857.00000000647E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848088957.0000000064871000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848116974.0000000064877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848135612.0000000064878000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848153998.000000006487A000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848182422.00000000648A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848199717.00000000648A1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.00000000648B7000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.000000006493E000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1848220258.0000000064979000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_645c0000_loaddll32.jbxd

Similarity

API ID: CriticalInitializeSection_al_add_exit_func_al_mutex_inital_malloc_with_context
String ID: shutdown_timers
API String ID: 1272870373-3975819185
Opcode ID: bf667e19e445fa3572d3cf26f1f084003c35b23e040c441d6c0238d592b6cbcc
Instruction ID: 604ffd586f1e502460bbbe4563e1ef61e7605f3ddd4e4a76dad24c3004dbd4b7
Opcode Fuzzy Hash: bf667e19e445fa3572d3cf26f1f084003c35b23e040c441d6c0238d592b6cbcc
Instruction Fuzzy Hash: D5C08CB1404B009ACA42BF94451212DB960AD60604FD5584CC88007305D6308609DB27

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report msimg32.dll

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Network Behavior

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: loaddll32.exePID: 7824, Parent PID: 4084

General

Chronological Activities

Analysis Process: conhost.exePID: 7832, Parent PID: 7824

General

Chronological Activities

Windows Analysis Report
msimg32.dll

Function 645DC217 Relevance: 69.0, APIs: 1, Strings: 38, Instructions: 710
COMMON

Function 645DC147 Relevance: 68.9, APIs: 1, Strings: 38, Instructions: 693
COMMON

Function 645DC295 Relevance: 65.4, APIs: 1, Strings: 36, Instructions: 618
COMMON

Function 645DC0B5 Relevance: 65.4, APIs: 1, Strings: 36, Instructions: 615
COMMON

Function 645DC579 Relevance: 47.9, APIs: 1, Strings: 26, Instructions: 604
COMMON

Function 645DCC48 Relevance: 47.8, APIs: 1, Strings: 26, Instructions: 579
COMMON

Function 645DC773 Relevance: 46.1, APIs: 1, Strings: 25, Instructions: 619
COMMON

Function 645DC695 Relevance: 46.1, APIs: 1, Strings: 25, Instructions: 606
COMMON

Function 645DCD4C Relevance: 44.4, APIs: 1, Strings: 24, Instructions: 628
COMMON

Function 645DCD5C Relevance: 44.4, APIs: 1, Strings: 24, Instructions: 627
COMMON

Function 645DD0B9 Relevance: 44.3, APIs: 1, Strings: 24, Instructions: 595
COMMON

Function 645DD1CC Relevance: 44.3, APIs: 1, Strings: 24, Instructions: 560
COMMON

Function 645DC505 Relevance: 44.3, APIs: 1, Strings: 24, Instructions: 537
COMMON

Function 645DCD37 Relevance: 44.3, APIs: 1, Strings: 24, Instructions: 530
COMMON

Function 645DCB9A Relevance: 44.3, APIs: 1, Strings: 24, Instructions: 528
COMMON